Case APIsedit
This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
Access
- APIKey KeyParamName:ApiKey KeyInQuery:false KeyInHeader:true
- HTTP Basic Authentication
Methods
[ Jump to Models ]Table of Contents
Cases
post /s/{spaceId}/api/cases/{caseId}/commentspost /api/cases/{caseId}/commentspost /s/{spaceId}/api/casespost /api/casesdelete /s/{spaceId}/api/casesdelete /s/{spaceId}/api/cases/{caseId}/comments/{commentId}delete /api/cases/{caseId}/comments/{commentId}delete /s/{spaceId}/api/cases/{caseId}/commentsdelete /api/cases/{caseId}/commentsdelete /api/casesget /s/{spaceId}/api/cases/{caseId}/user_actions/_findget /api/cases/{caseId}/user_actions/_findget /s/{spaceId}/api/cases/{caseId}/comments/_findget /s/{spaceId}/api/cases/configure/connectors/_findget /api/cases/configure/connectors/_findget /s/{spaceId}/api/cases/_findget /api/cases/_findget /s/{spaceId}/api/cases/{caseId}/commentsget /api/cases/{caseId}/commentsget /s/{spaceId}/api/cases/{caseId}get /s/{spaceId}/api/cases/{caseId}/user_actionsget /api/cases/{caseId}/user_actionsget /s/{spaceId}/api/cases/{caseId}/alertsget /api/cases/{caseId}/alertsget /s/{spaceId}/api/cases/{caseId}/comments/{commentId}get /api/cases/{caseId}/comments/{commentId}get /s/{spaceId}/api/cases/configureget /api/cases/configureget /api/cases/{caseId}get /s/{spaceId}/api/cases/reportersget /api/cases/reportersget /s/{spaceId}/api/cases/statusget /api/cases/statusget /s/{spaceId}/api/cases/tagsget /api/cases/tagsget /s/{spaceId}/api/cases/alerts/{alertId}get /api/cases/alerts/{alertId}post /s/{spaceId}/api/cases/{caseId}/connector/{connectorId}/_pushpost /api/cases/{caseId}/connector/{connectorId}/_pushpost /s/{spaceId}/api/cases/configurepost /api/cases/configurepatch /s/{spaceId}/api/casespatch /s/{spaceId}/api/cases/{caseId}/commentspatch /api/cases/{caseId}/commentspatch /s/{spaceId}/api/cases/configure/{configurationId}patch /api/cases/configure/{configurationId}patch /api/cases
Cases
Up
post /s/{spaceId}/api/cases/{caseId}/commentsAdds a comment or alert to a case. (addCaseComment)
You must have
all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're creating. NOTE: Each case can have a maximum of 1,000 alerts.Path parameters
caseId (required)
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
spaceId (required)
Path Parameter — An identifier for the space. If
/s/ and the identifier are omitted from the path, the default space is used. default: null Consumes
This API call consumes the following media types via the Content-Type request header:application/json
Request body
add_case_comment_request add_case_comment_request (required)
Body Parameter —
Request headers
kbn-xsrf (required)
Header Parameter — Cross-site request forgery protection default: null
Return type
Example data
Content-Type: application/json
{
"owner" : "cases",
"totalComment" : 0,
"settings" : {
"syncAlerts" : true
},
"totalAlerts" : 0,
"closed_at" : "2000-01-23T04:56:07.000+00:00",
"comments" : [ null, null, null, null, null ],
"assignees" : [ {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
} ],
"created_at" : "2022-05-13T09:16:17.416Z",
"description" : "A case description.",
"title" : "Case title 1",
"created_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"version" : "WzUzMiwxXQ==",
"closed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"tags" : [ "tag-1" ],
"duration" : 120,
"updated_at" : "2000-01-23T04:56:07.000+00:00",
"updated_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
"external_service" : {
"external_title" : "external_title",
"pushed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"external_url" : "external_url",
"pushed_at" : "2000-01-23T04:56:07.000+00:00",
"connector_id" : "connector_id",
"external_id" : "external_id",
"connector_name" : "connector_name"
}
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call. case_response_properties401
Authorization information is missing or invalid. 4xx_response
Up
post /api/cases/{caseId}/commentsAdds a comment or alert to a case in the default space. (addCaseCommentDefaultSpace)
You must have
all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're creating. NOTE: Each case can have a maximum of 1,000 alerts.Path parameters
caseId (required)
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
Consumes
This API call consumes the following media types via the Content-Type request header:application/json
Request body
add_case_comment_request add_case_comment_request (required)
Body Parameter —
Request headers
kbn-xsrf (required)
Header Parameter — Cross-site request forgery protection default: null
Return type
Example data
Content-Type: application/json
{
"owner" : "cases",
"totalComment" : 0,
"settings" : {
"syncAlerts" : true
},
"totalAlerts" : 0,
"closed_at" : "2000-01-23T04:56:07.000+00:00",
"comments" : [ null, null, null, null, null ],
"assignees" : [ {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
} ],
"created_at" : "2022-05-13T09:16:17.416Z",
"description" : "A case description.",
"title" : "Case title 1",
"created_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"version" : "WzUzMiwxXQ==",
"closed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"tags" : [ "tag-1" ],
"duration" : 120,
"updated_at" : "2000-01-23T04:56:07.000+00:00",
"updated_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
"external_service" : {
"external_title" : "external_title",
"pushed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"external_url" : "external_url",
"pushed_at" : "2000-01-23T04:56:07.000+00:00",
"connector_id" : "connector_id",
"external_id" : "external_id",
"connector_name" : "connector_name"
}
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call. case_response_properties401
Authorization information is missing or invalid. 4xx_response
Up
post /s/{spaceId}/api/casesCreates a case. (createCase)
You must have
all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're creating.Path parameters
spaceId (required)
Path Parameter — An identifier for the space. If
/s/ and the identifier are omitted from the path, the default space is used. default: null Consumes
This API call consumes the following media types via the Content-Type request header:application/json
Request body
create_case_request create_case_request (required)
Body Parameter —
Request headers
kbn-xsrf (required)
Header Parameter — Cross-site request forgery protection default: null
Return type
Example data
Content-Type: application/json
{
"owner" : "cases",
"totalComment" : 0,
"settings" : {
"syncAlerts" : true
},
"totalAlerts" : 0,
"closed_at" : "2000-01-23T04:56:07.000+00:00",
"comments" : [ null, null, null, null, null ],
"assignees" : [ {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
} ],
"created_at" : "2022-05-13T09:16:17.416Z",
"description" : "A case description.",
"title" : "Case title 1",
"created_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"version" : "WzUzMiwxXQ==",
"closed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"tags" : [ "tag-1" ],
"duration" : 120,
"updated_at" : "2000-01-23T04:56:07.000+00:00",
"updated_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
"external_service" : {
"external_title" : "external_title",
"pushed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"external_url" : "external_url",
"pushed_at" : "2000-01-23T04:56:07.000+00:00",
"connector_id" : "connector_id",
"external_id" : "external_id",
"connector_name" : "connector_name"
}
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call. case_response_properties401
Authorization information is missing or invalid. 4xx_response
Up
post /api/casesCreates a case in the default space. (createCaseDefaultSpace)
You must have
all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're creating.Consumes
This API call consumes the following media types via the Content-Type request header:application/json
Request body
create_case_request create_case_request (required)
Body Parameter —
Request headers
kbn-xsrf (required)
Header Parameter — Cross-site request forgery protection default: null
Return type
Example data
Content-Type: application/json
{
"owner" : "cases",
"totalComment" : 0,
"settings" : {
"syncAlerts" : true
},
"totalAlerts" : 0,
"closed_at" : "2000-01-23T04:56:07.000+00:00",
"comments" : [ null, null, null, null, null ],
"assignees" : [ {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
} ],
"created_at" : "2022-05-13T09:16:17.416Z",
"description" : "A case description.",
"title" : "Case title 1",
"created_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"version" : "WzUzMiwxXQ==",
"closed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"tags" : [ "tag-1" ],
"duration" : 120,
"updated_at" : "2000-01-23T04:56:07.000+00:00",
"updated_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
"external_service" : {
"external_title" : "external_title",
"pushed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"external_url" : "external_url",
"pushed_at" : "2000-01-23T04:56:07.000+00:00",
"connector_id" : "connector_id",
"external_id" : "external_id",
"connector_name" : "connector_name"
}
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call. case_response_properties401
Authorization information is missing or invalid. 4xx_response
Up
delete /s/{spaceId}/api/casesDeletes one or more cases. (deleteCase)
You must have
read or all privileges and the delete sub-feature privilege for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're deleting.Path parameters
spaceId (required)
Path Parameter — An identifier for the space. If
/s/ and the identifier are omitted from the path, the default space is used. default: null Request headers
kbn-xsrf (required)
Header Parameter — Cross-site request forgery protection default: null
Query parameters
ids (required)
Query Parameter — The cases that you want to removed. All non-ASCII characters must be URL encoded. default: null
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
204
Indicates a successful call.401
Authorization information is missing or invalid. 4xx_response
Up
delete /s/{spaceId}/api/cases/{caseId}/comments/{commentId}Deletes a comment or alert from a case. (deleteCaseComment)
You must have
all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're deleting.Path parameters
caseId (required)
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
commentId (required)
Path Parameter — The identifier for the comment. To retrieve comment IDs, use the get case or find cases APIs. default: null
spaceId (required)
Path Parameter — An identifier for the space. If
/s/ and the identifier are omitted from the path, the default space is used. default: null Request headers
kbn-xsrf (required)
Header Parameter — Cross-site request forgery protection default: null
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
204
Indicates a successful call.401
Authorization information is missing or invalid. 4xx_response
Up
delete /api/cases/{caseId}/comments/{commentId}Deletes a comment or alert from a case in the default space. (deleteCaseCommentDefaultSpace)
You must have
all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're deleting.Path parameters
caseId (required)
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
commentId (required)
Path Parameter — The identifier for the comment. To retrieve comment IDs, use the get case or find cases APIs. default: null
Request headers
kbn-xsrf (required)
Header Parameter — Cross-site request forgery protection default: null
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
204
Indicates a successful call.401
Authorization information is missing or invalid. 4xx_response
Up
delete /s/{spaceId}/api/cases/{caseId}/commentsDeletes all comments and alerts from a case. (deleteCaseComments)
You must have
all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're deleting.Path parameters
caseId (required)
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
spaceId (required)
Path Parameter — An identifier for the space. If
/s/ and the identifier are omitted from the path, the default space is used. default: null Request headers
kbn-xsrf (required)
Header Parameter — Cross-site request forgery protection default: null
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
204
Indicates a successful call.401
Authorization information is missing or invalid. 4xx_response
Up
delete /api/cases/{caseId}/commentsDeletes all comments and alerts from a case in the default space. (deleteCaseCommentsDefaultSpace)
You must have
all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're deleting.Path parameters
caseId (required)
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
Request headers
kbn-xsrf (required)
Header Parameter — Cross-site request forgery protection default: null
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
204
Indicates a successful call.401
Authorization information is missing or invalid. 4xx_response
Up
delete /api/casesDeletes one or more cases in the default space. (deleteCaseDefaultSpace)
You must have
read or all privileges and the delete sub-feature privilege for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're deleting.Request headers
kbn-xsrf (required)
Header Parameter — Cross-site request forgery protection default: null
Query parameters
ids (required)
Query Parameter — The cases that you want to removed. All non-ASCII characters must be URL encoded. default: null
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
204
Indicates a successful call.401
Authorization information is missing or invalid. 4xx_response
Up
get /s/{spaceId}/api/cases/{caseId}/user_actions/_findFinds user activity for a case. (findCaseActivity)
You must have
read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're seeking.Path parameters
caseId (required)
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
spaceId (required)
Path Parameter — An identifier for the space. If
/s/ and the identifier are omitted from the path, the default space is used. default: null Query parameters
page (optional)
Query Parameter — The page number to return. default: 1
perPage (optional)
Query Parameter — The number of items to return. Limited to 100 items. default: 20
sortOrder (optional)
Query Parameter — Determines the sort order. default: desc
types (optional)
Query Parameter — Determines the types of user actions to return. default: null
Return type
Example data
Content-Type: application/json
{
"userActions" : [ {
"owner" : "cases",
"action" : "create",
"created_at" : "2022-05-13T09:16:17.416Z",
"id" : "22fd3e30-03b1-11ed-920c-974bfa104448",
"comment_id" : "578608d0-03b1-11ed-920c-974bfa104448",
"type" : "create_case",
"created_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"version" : "WzM1ODg4LDFd"
}, {
"owner" : "cases",
"action" : "create",
"created_at" : "2022-05-13T09:16:17.416Z",
"id" : "22fd3e30-03b1-11ed-920c-974bfa104448",
"comment_id" : "578608d0-03b1-11ed-920c-974bfa104448",
"type" : "create_case",
"created_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"version" : "WzM1ODg4LDFd"
} ],
"total" : 1,
"perPage" : 6,
"page" : 0
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call. findCaseActivity_200_response401
Authorization information is missing or invalid. 4xx_response
Up
get /api/cases/{caseId}/user_actions/_findFinds user activity for a case in the default space. (findCaseActivityDefaultSpace)
You must have
read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're seeking.Path parameters
caseId (required)
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
Query parameters
page (optional)
Query Parameter — The page number to return. default: 1
perPage (optional)
Query Parameter — The number of items to return. Limited to 100 items. default: 20
sortOrder (optional)
Query Parameter — Determines the sort order. default: desc
types (optional)
Query Parameter — Determines the types of user actions to return. default: null
Return type
Example data
Content-Type: application/json
{
"userActions" : [ {
"owner" : "cases",
"action" : "create",
"created_at" : "2022-05-13T09:16:17.416Z",
"id" : "22fd3e30-03b1-11ed-920c-974bfa104448",
"comment_id" : "578608d0-03b1-11ed-920c-974bfa104448",
"type" : "create_case",
"created_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"version" : "WzM1ODg4LDFd"
}, {
"owner" : "cases",
"action" : "create",
"created_at" : "2022-05-13T09:16:17.416Z",
"id" : "22fd3e30-03b1-11ed-920c-974bfa104448",
"comment_id" : "578608d0-03b1-11ed-920c-974bfa104448",
"type" : "create_case",
"created_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"version" : "WzM1ODg4LDFd"
}, {
"owner" : "cases",
"action" : "create",
"created_at" : "2022-05-13T09:16:17.416Z",
"id" : "22fd3e30-03b1-11ed-920c-974bfa104448",
"comment_id" : "578608d0-03b1-11ed-920c-974bfa104448",
"type" : "create_case",
"created_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"version" : "WzM1ODg4LDFd"
}, {
"owner" : "cases",
"action" : "create",
"created_at" : "2022-05-13T09:16:17.416Z",
"id" : "22fd3e30-03b1-11ed-920c-974bfa104448",
"comment_id" : "578608d0-03b1-11ed-920c-974bfa104448",
"type" : "create_case",
"created_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"version" : "WzM1ODg4LDFd"
}, {
"owner" : "cases",
"action" : "create",
"created_at" : "2022-05-13T09:16:17.416Z",
"id" : "22fd3e30-03b1-11ed-920c-974bfa104448",
"comment_id" : "578608d0-03b1-11ed-920c-974bfa104448",
"type" : "create_case",
"created_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"version" : "WzM1ODg4LDFd"
} ],
"total" : 1,
"perPage" : 6,
"page" : 0
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call. findCaseActivityDefaultSpace_200_response401
Authorization information is missing or invalid. 4xx_response
Up
get /s/{spaceId}/api/cases/{caseId}/comments/_findRetrieves all the user comments from a case. (findCaseComments)
You must have
read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.Path parameters
caseId (required)
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
spaceId (required)
Path Parameter — An identifier for the space. If
/s/ and the identifier are omitted from the path, the default space is used. default: null Query parameters
page (optional)
Query Parameter — The page number to return. default: 1
perPage (optional)
Query Parameter — The number of items to return. Limited to 100 items. default: 20
sortOrder (optional)
Query Parameter — Determines the sort order. default: desc
Return type
Example data
Content-Type: application/json
{
"owner" : "cases",
"totalComment" : 0,
"settings" : {
"syncAlerts" : true
},
"totalAlerts" : 0,
"closed_at" : "2000-01-23T04:56:07.000+00:00",
"comments" : [ null, null, null, null, null ],
"assignees" : [ {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
} ],
"created_at" : "2022-05-13T09:16:17.416Z",
"description" : "A case description.",
"title" : "Case title 1",
"created_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"version" : "WzUzMiwxXQ==",
"closed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"tags" : [ "tag-1" ],
"duration" : 120,
"updated_at" : "2000-01-23T04:56:07.000+00:00",
"updated_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
"external_service" : {
"external_title" : "external_title",
"pushed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"external_url" : "external_url",
"pushed_at" : "2000-01-23T04:56:07.000+00:00",
"connector_id" : "connector_id",
"external_id" : "external_id",
"connector_name" : "connector_name"
}
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call. case_response_properties401
Authorization information is missing or invalid. 4xx_response
Up
get /s/{spaceId}/api/cases/configure/connectors/_findRetrieves information about connectors. (findCaseConnectors)
In particular, only the connectors that are supported for use in cases are returned. You must have
read privileges for the Actions and Connectors feature in the Management section of the Kibana feature privileges.Path parameters
spaceId (required)
Path Parameter — An identifier for the space. If
/s/ and the identifier are omitted from the path, the default space is used. default: null Return type
Example data
Content-Type: application/json
{
"isPreconfigured" : true,
"isDeprecated" : true,
"actionTypeId" : ".none",
"referencedByCount" : 0,
"name" : "name",
"id" : "id",
"config" : {
"projectKey" : "projectKey",
"apiUrl" : "apiUrl"
},
"isMissingSecrets" : true
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call.401
Authorization information is missing or invalid. 4xx_response
Up
get /api/cases/configure/connectors/_findRetrieves information about connectors in the default space. (findCaseConnectorsDefaultSpace)
In particular, only the connectors that are supported for use in cases are returned. You must have
read privileges for the Actions and Connectors feature in the Management section of the Kibana feature privileges.Return type
Example data
Content-Type: application/json
{
"isPreconfigured" : true,
"isDeprecated" : true,
"actionTypeId" : ".none",
"referencedByCount" : 0,
"name" : "name",
"id" : "id",
"config" : {
"projectKey" : "projectKey",
"apiUrl" : "apiUrl"
},
"isMissingSecrets" : true
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call.401
Authorization information is missing or invalid. 4xx_response
Up
get /s/{spaceId}/api/cases/_findRetrieves a paginated subset of cases. (findCases)
You must have
read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're seeking.Path parameters
spaceId (required)
Path Parameter — An identifier for the space. If
/s/ and the identifier are omitted from the path, the default space is used. default: null Query parameters
assignees (optional)
Query Parameter — Filters the returned cases by assignees. Valid values are
none or unique identifiers for the user profiles. These identifiers can be found by using the suggest user profile API. default: null category (optional)
Query Parameter — Filters the returned cases by category. default: null
defaultSearchOperator (optional)
Query Parameter — he default operator to use for the simple_query_string. default: OR
from (optional)
Query Parameter — [preview] Returns only cases that were created after a specific date. The date must be specified as a KQL data range or date match expression. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. default: null
owner (optional)
Query Parameter — A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read. default: null
page (optional)
Query Parameter — The page number to return. default: 1
perPage (optional)
Query Parameter — The number of items to return. Limited to 100 items. default: 20
reporters (optional)
Query Parameter — Filters the returned cases by the user name of the reporter. default: null
search (optional)
Query Parameter — An Elasticsearch simple_query_string query that filters the objects in the response. default: null
searchFields (optional)
Query Parameter — The fields to perform the simple_query_string parsed query against. default: null
severity (optional)
Query Parameter — The severity of the case. default: null
sortField (optional)
Query Parameter — Determines which field is used to sort the results. default: createdAt
sortOrder (optional)
Query Parameter — Determines the sort order. default: desc
status (optional)
Query Parameter — Filters the returned cases by state. default: null
tags (optional)
Query Parameter — Filters the returned cases by tags. default: null
to (optional)
Query Parameter — [preview] Returns only cases that were created before a specific date. The date must be specified as a KQL data range or date match expression. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. default: null
Return type
Example data
Content-Type: application/json
{
"count_in_progress_cases" : 6,
"per_page" : 5,
"total" : 2,
"cases" : [ {
"owner" : "cases",
"totalComment" : 0,
"settings" : {
"syncAlerts" : true
},
"totalAlerts" : 0,
"closed_at" : "2000-01-23T04:56:07.000+00:00",
"comments" : [ null, null, null, null, null ],
"assignees" : [ {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
} ],
"created_at" : "2022-05-13T09:16:17.416Z",
"description" : "A case description.",
"title" : "Case title 1",
"created_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"version" : "WzUzMiwxXQ==",
"closed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"tags" : [ "tag-1" ],
"duration" : 120,
"updated_at" : "2000-01-23T04:56:07.000+00:00",
"updated_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
"external_service" : {
"external_title" : "external_title",
"pushed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"external_url" : "external_url",
"pushed_at" : "2000-01-23T04:56:07.000+00:00",
"connector_id" : "connector_id",
"external_id" : "external_id",
"connector_name" : "connector_name"
}
}, {
"owner" : "cases",
"totalComment" : 0,
"settings" : {
"syncAlerts" : true
},
"totalAlerts" : 0,
"closed_at" : "2000-01-23T04:56:07.000+00:00",
"comments" : [ null, null, null, null, null ],
"assignees" : [ {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
} ],
"created_at" : "2022-05-13T09:16:17.416Z",
"description" : "A case description.",
"title" : "Case title 1",
"created_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"version" : "WzUzMiwxXQ==",
"closed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"tags" : [ "tag-1" ],
"duration" : 120,
"updated_at" : "2000-01-23T04:56:07.000+00:00",
"updated_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
"external_service" : {
"external_title" : "external_title",
"pushed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"external_url" : "external_url",
"pushed_at" : "2000-01-23T04:56:07.000+00:00",
"connector_id" : "connector_id",
"external_id" : "external_id",
"connector_name" : "connector_name"
}
} ],
"count_open_cases" : 1,
"count_closed_cases" : 0,
"page" : 5
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call. findCases_200_response401
Authorization information is missing or invalid. 4xx_response
Up
get /api/cases/_findRetrieves a paginated subset of cases in the default space. (findCasesDefaultSpace)
You must have
read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're seeking.Query parameters
assignees (optional)
Query Parameter — Filters the returned cases by assignees. Valid values are
none or unique identifiers for the user profiles. These identifiers can be found by using the suggest user profile API. default: null category (optional)
Query Parameter — Filters the returned cases by category. default: null
defaultSearchOperator (optional)
Query Parameter — he default operator to use for the simple_query_string. default: OR
from (optional)
Query Parameter — [preview] Returns only cases that were created after a specific date. The date must be specified as a KQL data range or date match expression. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. default: null
owner (optional)
Query Parameter — A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read. default: null
page (optional)
Query Parameter — The page number to return. default: 1
perPage (optional)
Query Parameter — The number of items to return. Limited to 100 items. default: 20
reporters (optional)
Query Parameter — Filters the returned cases by the user name of the reporter. default: null
search (optional)
Query Parameter — An Elasticsearch simple_query_string query that filters the objects in the response. default: null
searchFields (optional)
Query Parameter — The fields to perform the simple_query_string parsed query against. default: null
severity (optional)
Query Parameter — The severity of the case. default: null
sortField (optional)
Query Parameter — Determines which field is used to sort the results. default: createdAt
sortOrder (optional)
Query Parameter — Determines the sort order. default: desc
status (optional)
Query Parameter — Filters the returned cases by state. default: null
tags (optional)
Query Parameter — Filters the returned cases by tags. default: null
to (optional)
Query Parameter — [preview] Returns only cases that were created before a specific date. The date must be specified as a KQL data range or date match expression. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. default: null
Return type
Example data
Content-Type: application/json
{
"count_in_progress_cases" : 6,
"per_page" : 5,
"total" : 2,
"cases" : [ {
"owner" : "cases",
"totalComment" : 0,
"settings" : {
"syncAlerts" : true
},
"totalAlerts" : 0,
"closed_at" : "2000-01-23T04:56:07.000+00:00",
"comments" : [ null, null, null, null, null ],
"assignees" : [ {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
} ],
"created_at" : "2022-05-13T09:16:17.416Z",
"description" : "A case description.",
"title" : "Case title 1",
"created_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"version" : "WzUzMiwxXQ==",
"closed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"tags" : [ "tag-1" ],
"duration" : 120,
"updated_at" : "2000-01-23T04:56:07.000+00:00",
"updated_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
"external_service" : {
"external_title" : "external_title",
"pushed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"external_url" : "external_url",
"pushed_at" : "2000-01-23T04:56:07.000+00:00",
"connector_id" : "connector_id",
"external_id" : "external_id",
"connector_name" : "connector_name"
}
}, {
"owner" : "cases",
"totalComment" : 0,
"settings" : {
"syncAlerts" : true
},
"totalAlerts" : 0,
"closed_at" : "2000-01-23T04:56:07.000+00:00",
"comments" : [ null, null, null, null, null ],
"assignees" : [ {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
} ],
"created_at" : "2022-05-13T09:16:17.416Z",
"description" : "A case description.",
"title" : "Case title 1",
"created_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"version" : "WzUzMiwxXQ==",
"closed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"tags" : [ "tag-1" ],
"duration" : 120,
"updated_at" : "2000-01-23T04:56:07.000+00:00",
"updated_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
"external_service" : {
"external_title" : "external_title",
"pushed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"external_url" : "external_url",
"pushed_at" : "2000-01-23T04:56:07.000+00:00",
"connector_id" : "connector_id",
"external_id" : "external_id",
"connector_name" : "connector_name"
}
}, {
"owner" : "cases",
"totalComment" : 0,
"settings" : {
"syncAlerts" : true
},
"totalAlerts" : 0,
"closed_at" : "2000-01-23T04:56:07.000+00:00",
"comments" : [ null, null, null, null, null ],
"assignees" : [ {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
} ],
"created_at" : "2022-05-13T09:16:17.416Z",
"description" : "A case description.",
"title" : "Case title 1",
"created_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"version" : "WzUzMiwxXQ==",
"closed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"tags" : [ "tag-1" ],
"duration" : 120,
"updated_at" : "2000-01-23T04:56:07.000+00:00",
"updated_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
"external_service" : {
"external_title" : "external_title",
"pushed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"external_url" : "external_url",
"pushed_at" : "2000-01-23T04:56:07.000+00:00",
"connector_id" : "connector_id",
"external_id" : "external_id",
"connector_name" : "connector_name"
}
}, {
"owner" : "cases",
"totalComment" : 0,
"settings" : {
"syncAlerts" : true
},
"totalAlerts" : 0,
"closed_at" : "2000-01-23T04:56:07.000+00:00",
"comments" : [ null, null, null, null, null ],
"assignees" : [ {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
} ],
"created_at" : "2022-05-13T09:16:17.416Z",
"description" : "A case description.",
"title" : "Case title 1",
"created_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"version" : "WzUzMiwxXQ==",
"closed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"tags" : [ "tag-1" ],
"duration" : 120,
"updated_at" : "2000-01-23T04:56:07.000+00:00",
"updated_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
"external_service" : {
"external_title" : "external_title",
"pushed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"external_url" : "external_url",
"pushed_at" : "2000-01-23T04:56:07.000+00:00",
"connector_id" : "connector_id",
"external_id" : "external_id",
"connector_name" : "connector_name"
}
}, {
"owner" : "cases",
"totalComment" : 0,
"settings" : {
"syncAlerts" : true
},
"totalAlerts" : 0,
"closed_at" : "2000-01-23T04:56:07.000+00:00",
"comments" : [ null, null, null, null, null ],
"assignees" : [ {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
} ],
"created_at" : "2022-05-13T09:16:17.416Z",
"description" : "A case description.",
"title" : "Case title 1",
"created_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"version" : "WzUzMiwxXQ==",
"closed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"tags" : [ "tag-1" ],
"duration" : 120,
"updated_at" : "2000-01-23T04:56:07.000+00:00",
"updated_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
"external_service" : {
"external_title" : "external_title",
"pushed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"external_url" : "external_url",
"pushed_at" : "2000-01-23T04:56:07.000+00:00",
"connector_id" : "connector_id",
"external_id" : "external_id",
"connector_name" : "connector_name"
}
} ],
"count_open_cases" : 1,
"count_closed_cases" : 0,
"page" : 5
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call. findCasesDefaultSpace_200_response401
Authorization information is missing or invalid. 4xx_response
Up
get /s/{spaceId}/api/cases/{caseId}/commentsRetrieves all the comments from a case. (getAllCaseComments)
Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; instead, use the get case comment API, which requires a comment identifier in the path. You must have
read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.Path parameters
caseId (required)
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
spaceId (required)
Path Parameter — An identifier for the space. If
/s/ and the identifier are omitted from the path, the default space is used. default: null Return type
Example data
Content-Type: application/json
{
"owner" : "cases",
"totalComment" : 0,
"settings" : {
"syncAlerts" : true
},
"totalAlerts" : 0,
"closed_at" : "2000-01-23T04:56:07.000+00:00",
"comments" : [ null, null, null, null, null ],
"assignees" : [ {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
} ],
"created_at" : "2022-05-13T09:16:17.416Z",
"description" : "A case description.",
"title" : "Case title 1",
"created_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"version" : "WzUzMiwxXQ==",
"closed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"tags" : [ "tag-1" ],
"duration" : 120,
"updated_at" : "2000-01-23T04:56:07.000+00:00",
"updated_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
"external_service" : {
"external_title" : "external_title",
"pushed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"external_url" : "external_url",
"pushed_at" : "2000-01-23T04:56:07.000+00:00",
"connector_id" : "connector_id",
"external_id" : "external_id",
"connector_name" : "connector_name"
}
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call. case_response_properties401
Authorization information is missing or invalid. 4xx_response
Up
get /api/cases/{caseId}/commentsRetrieves all the comments from a case in the default space. (getAllCaseCommentsDefaultSpace)
Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; instead, use the get case comment API, which requires a comment identifier in the path. You must have
read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.Path parameters
caseId (required)
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
Return type
Example data
Content-Type: application/json
{
"owner" : "cases",
"totalComment" : 0,
"settings" : {
"syncAlerts" : true
},
"totalAlerts" : 0,
"closed_at" : "2000-01-23T04:56:07.000+00:00",
"comments" : [ null, null, null, null, null ],
"assignees" : [ {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
} ],
"created_at" : "2022-05-13T09:16:17.416Z",
"description" : "A case description.",
"title" : "Case title 1",
"created_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"version" : "WzUzMiwxXQ==",
"closed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"tags" : [ "tag-1" ],
"duration" : 120,
"updated_at" : "2000-01-23T04:56:07.000+00:00",
"updated_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
"external_service" : {
"external_title" : "external_title",
"pushed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"external_url" : "external_url",
"pushed_at" : "2000-01-23T04:56:07.000+00:00",
"connector_id" : "connector_id",
"external_id" : "external_id",
"connector_name" : "connector_name"
}
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call. case_response_properties401
Authorization information is missing or invalid. 4xx_response
Up
get /s/{spaceId}/api/cases/{caseId}Retrieves information about a case. (getCase)
You must have
read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're seeking.Path parameters
caseId (required)
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
spaceId (required)
Path Parameter — An identifier for the space. If
/s/ and the identifier are omitted from the path, the default space is used. default: null Query parameters
includeComments (optional)
Query Parameter — Deprecated in 8.1.0. This parameter is deprecated and will be removed in a future release. It determines whether case comments are returned. default: true
Return type
Example data
Content-Type: application/json
{
"owner" : "cases",
"totalComment" : 0,
"settings" : {
"syncAlerts" : true
},
"totalAlerts" : 0,
"closed_at" : "2000-01-23T04:56:07.000+00:00",
"comments" : [ null, null, null, null, null ],
"assignees" : [ {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
} ],
"created_at" : "2022-05-13T09:16:17.416Z",
"description" : "A case description.",
"title" : "Case title 1",
"created_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"version" : "WzUzMiwxXQ==",
"closed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"tags" : [ "tag-1" ],
"duration" : 120,
"updated_at" : "2000-01-23T04:56:07.000+00:00",
"updated_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
"external_service" : {
"external_title" : "external_title",
"pushed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"external_url" : "external_url",
"pushed_at" : "2000-01-23T04:56:07.000+00:00",
"connector_id" : "connector_id",
"external_id" : "external_id",
"connector_name" : "connector_name"
}
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call. case_response_properties401
Authorization information is missing or invalid. 4xx_response
Up
get /s/{spaceId}/api/cases/{caseId}/user_actionsReturns all user activity for a case. (getCaseActivity)
Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; use the find user actions API instead. You must have
read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're seeking.Path parameters
caseId (required)
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
spaceId (required)
Path Parameter — An identifier for the space. If
/s/ and the identifier are omitted from the path, the default space is used. default: null Return type
Example data
Content-Type: application/json
{
"owner" : "cases",
"action_id" : "22fd3e30-03b1-11ed-920c-974bfa104448",
"case_id" : "22df07d0-03b1-11ed-920c-974bfa104448",
"action" : "create",
"created_at" : "2022-05-13T09:16:17.416Z",
"comment_id" : "578608d0-03b1-11ed-920c-974bfa104448",
"type" : "create_case",
"created_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
}
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call.401
Authorization information is missing or invalid. 4xx_response
Up
get /api/cases/{caseId}/user_actionsReturns all user activity for a case in the default space. (getCaseActivityDefaultSpace)
Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; use the find user actions API instead. You must have
read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're seeking.Path parameters
caseId (required)
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
Return type
Example data
Content-Type: application/json
{
"owner" : "cases",
"action_id" : "22fd3e30-03b1-11ed-920c-974bfa104448",
"case_id" : "22df07d0-03b1-11ed-920c-974bfa104448",
"action" : "create",
"created_at" : "2022-05-13T09:16:17.416Z",
"comment_id" : "578608d0-03b1-11ed-920c-974bfa104448",
"type" : "create_case",
"created_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
}
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call.401
Authorization information is missing or invalid. 4xx_response
Up
get /s/{spaceId}/api/cases/{caseId}/alertsGets all alerts attached to a case. (getCaseAlerts)
You must have
read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're seeking.Path parameters
caseId (required)
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
spaceId (required)
Path Parameter — An identifier for the space. If
/s/ and the identifier are omitted from the path, the default space is used. default: null Return type
array[alert_response_properties]
Example data
Content-Type: application/json
{
"index" : "index",
"id" : "id",
"attached_at" : "2000-01-23T04:56:07.000+00:00"
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call.401
Authorization information is missing or invalid. 4xx_response
Up
get /api/cases/{caseId}/alertsGets all alerts attached to a case in the default space. (getCaseAlertsDefaultSpace)
You must have
read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're seeking.Path parameters
caseId (required)
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
Return type
array[alert_response_properties]
Example data
Content-Type: application/json
{
"index" : "index",
"id" : "id",
"attached_at" : "2000-01-23T04:56:07.000+00:00"
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call.401
Authorization information is missing or invalid. 4xx_response
Up
get /s/{spaceId}/api/cases/{caseId}/comments/{commentId}Retrieves a comment from a case. (getCaseComment)
You must have
read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.Path parameters
caseId (required)
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
commentId (required)
Path Parameter — The identifier for the comment. To retrieve comment IDs, use the get case or find cases APIs. default: null
spaceId (required)
Path Parameter — An identifier for the space. If
/s/ and the identifier are omitted from the path, the default space is used. default: null Return type
Example data
Content-Type: application/json
nullProduces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call. getCaseCommentDefaultSpace_200_response401
Authorization information is missing or invalid. 4xx_response
Up
get /api/cases/{caseId}/comments/{commentId}Retrieves a comment from a case in the default space. (getCaseCommentDefaultSpace)
You must have
read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.Path parameters
caseId (required)
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
commentId (required)
Path Parameter — The identifier for the comment. To retrieve comment IDs, use the get case or find cases APIs. default: null
Return type
Example data
Content-Type: application/json
nullProduces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call. getCaseCommentDefaultSpace_200_response401
Authorization information is missing or invalid. 4xx_response
Up
get /s/{spaceId}/api/cases/configureRetrieves external connection details, such as the closure type and default connector for cases. (getCaseConfiguration)
You must have
read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case configuration.Path parameters
spaceId (required)
Path Parameter — An identifier for the space. If
/s/ and the identifier are omitted from the path, the default space is used. default: null Query parameters
owner (optional)
Query Parameter — A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read. default: null
Return type
Example data
Content-Type: application/json
{
"closure_type" : "close-by-user",
"owner" : "cases",
"mappings" : [ {
"action_type" : "overwrite",
"source" : "title",
"target" : "summary"
}, {
"action_type" : "overwrite",
"source" : "title",
"target" : "summary"
} ],
"connector" : {
"name" : "none",
"id" : "none",
"fields" : "{}",
"type" : ".none"
},
"updated_at" : "2022-06-01T19:58:48.169Z",
"updated_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"created_at" : "2022-06-01T17:07:17.767Z",
"id" : "4a97a440-e1cd-11ec-be9b-9b1838238ee6",
"error" : "error",
"created_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"version" : "WzIwNzMsMV0="
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call.401
Authorization information is missing or invalid. 4xx_response
Up
get /api/cases/configureRetrieves external connection details, such as the closure type and default connector for cases in the default space. (getCaseConfigurationDefaultSpace)
You must have
read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case configuration.Query parameters
owner (optional)
Query Parameter — A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read. default: null
Return type
Example data
Content-Type: application/json
{
"closure_type" : "close-by-user",
"owner" : "cases",
"mappings" : [ {
"action_type" : "overwrite",
"source" : "title",
"target" : "summary"
}, {
"action_type" : "overwrite",
"source" : "title",
"target" : "summary"
} ],
"connector" : {
"name" : "none",
"id" : "none",
"fields" : "{}",
"type" : ".none"
},
"updated_at" : "2022-06-01T19:58:48.169Z",
"updated_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"created_at" : "2022-06-01T17:07:17.767Z",
"id" : "4a97a440-e1cd-11ec-be9b-9b1838238ee6",
"error" : "error",
"created_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"version" : "WzIwNzMsMV0="
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call.401
Authorization information is missing or invalid. 4xx_response
Up
get /api/cases/{caseId}Retrieves information about a case in the default space. (getCaseDefaultSpace)
You must have
read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're seeking.Path parameters
caseId (required)
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
Query parameters
includeComments (optional)
Query Parameter — Deprecated in 8.1.0. This parameter is deprecated and will be removed in a future release. It determines whether case comments are returned. default: true
Return type
Example data
Content-Type: application/json
{
"owner" : "cases",
"totalComment" : 0,
"settings" : {
"syncAlerts" : true
},
"totalAlerts" : 0,
"closed_at" : "2000-01-23T04:56:07.000+00:00",
"comments" : [ null, null, null, null, null ],
"assignees" : [ {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
} ],
"created_at" : "2022-05-13T09:16:17.416Z",
"description" : "A case description.",
"title" : "Case title 1",
"created_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"version" : "WzUzMiwxXQ==",
"closed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"tags" : [ "tag-1" ],
"duration" : 120,
"updated_at" : "2000-01-23T04:56:07.000+00:00",
"updated_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
"external_service" : {
"external_title" : "external_title",
"pushed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"external_url" : "external_url",
"pushed_at" : "2000-01-23T04:56:07.000+00:00",
"connector_id" : "connector_id",
"external_id" : "external_id",
"connector_name" : "connector_name"
}
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call. case_response_properties401
Authorization information is missing or invalid. 4xx_response
Up
get /s/{spaceId}/api/cases/reportersReturns information about the users who opened cases. (getCaseReporters)
You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases. The API returns information about the users as they existed at the time of the case creation, including their name, full name, and email address. If any of those details change thereafter or if a user is deleted, the information returned by this API is unchanged.
Path parameters
spaceId (required)
Path Parameter — An identifier for the space. If
/s/ and the identifier are omitted from the path, the default space is used. default: null Query parameters
owner (optional)
Query Parameter — A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read. default: null
Return type
Example data
Content-Type: application/json
{
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call.401
Authorization information is missing or invalid. 4xx_response
Up
get /api/cases/reportersReturns information about the users who opened cases in the default space. (getCaseReportersDefaultSpace)
You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases. The API returns information about the users as they existed at the time of the case creation, including their name, full name, and email address. If any of those details change thereafter or if a user is deleted, the information returned by this API is unchanged.
Query parameters
owner (optional)
Query Parameter — A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read. default: null
Return type
Example data
Content-Type: application/json
{
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call.401
Authorization information is missing or invalid. 4xx_response
Up
get /s/{spaceId}/api/cases/statusReturns the number of cases that are open, closed, and in progress. (getCaseStatus)
Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; use the find cases API instead. You must have
read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're seeking.Path parameters
spaceId (required)
Path Parameter — An identifier for the space. If
/s/ and the identifier are omitted from the path, the default space is used. default: null Query parameters
owner (optional)
Query Parameter — A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read. default: null
Return type
Example data
Content-Type: application/json
{
"count_in_progress_cases" : 6,
"count_open_cases" : 1,
"count_closed_cases" : 0
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call. getCaseStatusDefaultSpace_200_response401
Authorization information is missing or invalid. 4xx_response
Up
get /api/cases/statusReturns the number of cases that are open, closed, and in progress in the default space. (getCaseStatusDefaultSpace)
Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; use the find cases API instead. You must have
read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're seeking.Query parameters
owner (optional)
Query Parameter — A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read. default: null
Return type
Example data
Content-Type: application/json
{
"count_in_progress_cases" : 6,
"count_open_cases" : 1,
"count_closed_cases" : 0
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call. getCaseStatusDefaultSpace_200_response401
Authorization information is missing or invalid. 4xx_response
Up
get /s/{spaceId}/api/cases/tagsAggregates and returns a list of case tags. (getCaseTags)
You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're seeking.
Path parameters
spaceId (required)
Path Parameter — An identifier for the space. If
/s/ and the identifier are omitted from the path, the default space is used. default: null Query parameters
owner (optional)
Query Parameter — A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read. default: null
Return type
array[String]
Example data
Content-Type: application/json
""Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call.401
Authorization information is missing or invalid. 4xx_response
Up
get /api/cases/tagsAggregates and returns a list of case tags in the default space. (getCaseTagsDefaultSpace)
You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're seeking.
Query parameters
owner (optional)
Query Parameter — A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read. default: null
Return type
array[String]
Example data
Content-Type: application/json
""Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call.401
Authorization information is missing or invalid. 4xx_response
Up
get /s/{spaceId}/api/cases/alerts/{alertId}Returns the cases associated with a specific alert. (getCasesByAlert)
You must have
read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're seeking.Path parameters
alertId (required)
Path Parameter — An identifier for the alert. default: null
spaceId (required)
Path Parameter — An identifier for the space. If
/s/ and the identifier are omitted from the path, the default space is used. default: null Query parameters
owner (optional)
Query Parameter — A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read. default: null
Return type
Example data
Content-Type: application/json
[ {
"id" : "06116b80-e1c3-11ec-be9b-9b1838238ee6",
"title" : "security_case"
} ]Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call.401
Authorization information is missing or invalid. 4xx_response
Up
get /api/cases/alerts/{alertId}Returns the cases associated with a specific alert in the default space. (getCasesByAlertDefaultSpace)
You must have
read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're seeking.Path parameters
alertId (required)
Path Parameter — An identifier for the alert. default: null
Query parameters
owner (optional)
Query Parameter — A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read. default: null
Return type
Example data
Content-Type: application/json
[ {
"id" : "06116b80-e1c3-11ec-be9b-9b1838238ee6",
"title" : "security_case"
} ]Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call.401
Authorization information is missing or invalid. 4xx_response
Up
post /s/{spaceId}/api/cases/{caseId}/connector/{connectorId}/_pushPushes a case to an external service. (pushCase)
You must have
all privileges for the Actions and Connectors feature in the Management section of the Kibana feature privileges. You must also have all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're pushing.Path parameters
caseId (required)
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
connectorId (required)
Path Parameter — An identifier for the connector. To retrieve connector IDs, use the find connectors API. default: null
spaceId (required)
Path Parameter — An identifier for the space. If
/s/ and the identifier are omitted from the path, the default space is used. default: null Consumes
This API call consumes the following media types via the Content-Type request header:application/json
Request body
body object (optional)
Body Parameter —
Request headers
kbn-xsrf (required)
Header Parameter — Cross-site request forgery protection default: null
Return type
Example data
Content-Type: application/json
{
"owner" : "cases",
"totalComment" : 0,
"settings" : {
"syncAlerts" : true
},
"totalAlerts" : 0,
"closed_at" : "2000-01-23T04:56:07.000+00:00",
"comments" : [ null, null, null, null, null ],
"assignees" : [ {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
} ],
"created_at" : "2022-05-13T09:16:17.416Z",
"description" : "A case description.",
"title" : "Case title 1",
"created_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"version" : "WzUzMiwxXQ==",
"closed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"tags" : [ "tag-1" ],
"duration" : 120,
"updated_at" : "2000-01-23T04:56:07.000+00:00",
"updated_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
"external_service" : {
"external_title" : "external_title",
"pushed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"external_url" : "external_url",
"pushed_at" : "2000-01-23T04:56:07.000+00:00",
"connector_id" : "connector_id",
"external_id" : "external_id",
"connector_name" : "connector_name"
}
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call. case_response_properties401
Authorization information is missing or invalid. 4xx_response
Up
post /api/cases/{caseId}/connector/{connectorId}/_pushPushes a case in the default space to an external service. (pushCaseDefaultSpace)
You must have
all privileges for the Actions and Connectors feature in the Management section of the Kibana feature privileges. You must also have all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're pushing.Path parameters
caseId (required)
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
connectorId (required)
Path Parameter — An identifier for the connector. To retrieve connector IDs, use the find connectors API. default: null
Consumes
This API call consumes the following media types via the Content-Type request header:application/json
Request body
body object (optional)
Body Parameter —
Request headers
kbn-xsrf (required)
Header Parameter — Cross-site request forgery protection default: null
Return type
Example data
Content-Type: application/json
{
"owner" : "cases",
"totalComment" : 0,
"settings" : {
"syncAlerts" : true
},
"totalAlerts" : 0,
"closed_at" : "2000-01-23T04:56:07.000+00:00",
"comments" : [ null, null, null, null, null ],
"assignees" : [ {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
} ],
"created_at" : "2022-05-13T09:16:17.416Z",
"description" : "A case description.",
"title" : "Case title 1",
"created_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"version" : "WzUzMiwxXQ==",
"closed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"tags" : [ "tag-1" ],
"duration" : 120,
"updated_at" : "2000-01-23T04:56:07.000+00:00",
"updated_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
"external_service" : {
"external_title" : "external_title",
"pushed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"external_url" : "external_url",
"pushed_at" : "2000-01-23T04:56:07.000+00:00",
"connector_id" : "connector_id",
"external_id" : "external_id",
"connector_name" : "connector_name"
}
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call. case_response_properties401
Authorization information is missing or invalid. 4xx_response
Up
post /s/{spaceId}/api/cases/configureSets external connection details, such as the closure type and default connector for cases. (setCaseConfiguration)
You must have
all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case configuration. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. Refer to the add connectors API. If you set a default connector, it is automatically selected when you create cases in Kibana. If you use the create case API, however, you must still specify all of the connector details.Path parameters
spaceId (required)
Path Parameter — An identifier for the space. If
/s/ and the identifier are omitted from the path, the default space is used. default: null Consumes
This API call consumes the following media types via the Content-Type request header:application/json
Request body
set_case_configuration_request set_case_configuration_request (optional)
Body Parameter —
Request headers
kbn-xsrf (required)
Header Parameter — Cross-site request forgery protection default: null
Return type
Example data
Content-Type: application/json
{
"closure_type" : "close-by-user",
"owner" : "cases",
"mappings" : [ {
"action_type" : "overwrite",
"source" : "title",
"target" : "summary"
}, {
"action_type" : "overwrite",
"source" : "title",
"target" : "summary"
} ],
"connector" : {
"name" : "none",
"id" : "none",
"fields" : "{}",
"type" : ".none"
},
"updated_at" : "2022-06-01T19:58:48.169Z",
"updated_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"created_at" : "2022-06-01T17:07:17.767Z",
"id" : "4a97a440-e1cd-11ec-be9b-9b1838238ee6",
"error" : "error",
"created_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"version" : "WzIwNzMsMV0="
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call. getCaseConfigurationDefaultSpace_200_response_inner401
Authorization information is missing or invalid. 4xx_response
Up
post /api/cases/configureSets external connection details, such as the closure type and default connector for cases in the default space. (setCaseConfigurationDefaultSpace)
You must have
all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case configuration. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. Refer to the add connectors API. If you set a default connector, it is automatically selected when you create cases in Kibana. If you use the create case API, however, you must still specify all of the connector details.Consumes
This API call consumes the following media types via the Content-Type request header:application/json
Request body
set_case_configuration_request set_case_configuration_request (optional)
Body Parameter —
Request headers
kbn-xsrf (required)
Header Parameter — Cross-site request forgery protection default: null
Return type
Example data
Content-Type: application/json
{
"closure_type" : "close-by-user",
"owner" : "cases",
"mappings" : [ {
"action_type" : "overwrite",
"source" : "title",
"target" : "summary"
}, {
"action_type" : "overwrite",
"source" : "title",
"target" : "summary"
} ],
"connector" : {
"name" : "none",
"id" : "none",
"fields" : "{}",
"type" : ".none"
},
"updated_at" : "2022-06-01T19:58:48.169Z",
"updated_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"created_at" : "2022-06-01T17:07:17.767Z",
"id" : "4a97a440-e1cd-11ec-be9b-9b1838238ee6",
"error" : "error",
"created_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"version" : "WzIwNzMsMV0="
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call. getCaseConfigurationDefaultSpace_200_response_inner401
Authorization information is missing or invalid. 4xx_response
Up
patch /s/{spaceId}/api/casesUpdates one or more cases. (updateCase)
You must have
all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're updating.Path parameters
spaceId (required)
Path Parameter — An identifier for the space. If
/s/ and the identifier are omitted from the path, the default space is used. default: null Consumes
This API call consumes the following media types via the Content-Type request header:application/json
Request body
update_case_request update_case_request (optional)
Body Parameter —
Request headers
kbn-xsrf (required)
Header Parameter — Cross-site request forgery protection default: null
Return type
array[case_response_properties]
Example data
Content-Type: application/json
{
"owner" : "cases",
"totalComment" : 0,
"settings" : {
"syncAlerts" : true
},
"totalAlerts" : 0,
"closed_at" : "2000-01-23T04:56:07.000+00:00",
"comments" : [ null, null, null, null, null ],
"assignees" : [ {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
} ],
"created_at" : "2022-05-13T09:16:17.416Z",
"description" : "A case description.",
"title" : "Case title 1",
"created_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"version" : "WzUzMiwxXQ==",
"closed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"tags" : [ "tag-1" ],
"duration" : 120,
"updated_at" : "2000-01-23T04:56:07.000+00:00",
"updated_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
"external_service" : {
"external_title" : "external_title",
"pushed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"external_url" : "external_url",
"pushed_at" : "2000-01-23T04:56:07.000+00:00",
"connector_id" : "connector_id",
"external_id" : "external_id",
"connector_name" : "connector_name"
}
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call.401
Authorization information is missing or invalid. 4xx_response
Up
patch /s/{spaceId}/api/cases/{caseId}/commentsUpdates a comment or alert in a case. (updateCaseComment)
You must have
all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're updating. NOTE: You cannot change the comment type or the owner of a comment.Path parameters
caseId (required)
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
spaceId (required)
Path Parameter — An identifier for the space. If
/s/ and the identifier are omitted from the path, the default space is used. default: null Consumes
This API call consumes the following media types via the Content-Type request header:application/json
Request body
update_case_comment_request update_case_comment_request (required)
Body Parameter —
Request headers
kbn-xsrf (required)
Header Parameter — Cross-site request forgery protection default: null
Return type
Example data
Content-Type: application/json
{
"owner" : "cases",
"totalComment" : 0,
"settings" : {
"syncAlerts" : true
},
"totalAlerts" : 0,
"closed_at" : "2000-01-23T04:56:07.000+00:00",
"comments" : [ null, null, null, null, null ],
"assignees" : [ {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
} ],
"created_at" : "2022-05-13T09:16:17.416Z",
"description" : "A case description.",
"title" : "Case title 1",
"created_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"version" : "WzUzMiwxXQ==",
"closed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"tags" : [ "tag-1" ],
"duration" : 120,
"updated_at" : "2000-01-23T04:56:07.000+00:00",
"updated_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
"external_service" : {
"external_title" : "external_title",
"pushed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"external_url" : "external_url",
"pushed_at" : "2000-01-23T04:56:07.000+00:00",
"connector_id" : "connector_id",
"external_id" : "external_id",
"connector_name" : "connector_name"
}
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call. case_response_properties401
Authorization information is missing or invalid. 4xx_response
Up
patch /api/cases/{caseId}/commentsUpdates a comment or alert in a case in the default space. (updateCaseCommentDefaultSpace)
You must have
all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're updating. NOTE: You cannot change the comment type or the owner of a comment.Path parameters
caseId (required)
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
Consumes
This API call consumes the following media types via the Content-Type request header:application/json
Request body
update_case_comment_request update_case_comment_request (required)
Body Parameter —
Request headers
kbn-xsrf (required)
Header Parameter — Cross-site request forgery protection default: null
Return type
Example data
Content-Type: application/json
{
"owner" : "cases",
"totalComment" : 0,
"settings" : {
"syncAlerts" : true
},
"totalAlerts" : 0,
"closed_at" : "2000-01-23T04:56:07.000+00:00",
"comments" : [ null, null, null, null, null ],
"assignees" : [ {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
} ],
"created_at" : "2022-05-13T09:16:17.416Z",
"description" : "A case description.",
"title" : "Case title 1",
"created_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"version" : "WzUzMiwxXQ==",
"closed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"tags" : [ "tag-1" ],
"duration" : 120,
"updated_at" : "2000-01-23T04:56:07.000+00:00",
"updated_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
"external_service" : {
"external_title" : "external_title",
"pushed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"external_url" : "external_url",
"pushed_at" : "2000-01-23T04:56:07.000+00:00",
"connector_id" : "connector_id",
"external_id" : "external_id",
"connector_name" : "connector_name"
}
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call. case_response_properties401
Authorization information is missing or invalid. 4xx_response
Up
patch /s/{spaceId}/api/cases/configure/{configurationId}Updates external connection details, such as the closure type and default connector for cases. (updateCaseConfiguration)
You must have
all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case configuration. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. Refer to the add connectors API.Path parameters
configurationId (required)
Path Parameter — An identifier for the configuration. default: null
spaceId (required)
Path Parameter — An identifier for the space. If
/s/ and the identifier are omitted from the path, the default space is used. default: null Consumes
This API call consumes the following media types via the Content-Type request header:application/json
Request body
update_case_configuration_request update_case_configuration_request (optional)
Body Parameter —
Request headers
kbn-xsrf (required)
Header Parameter — Cross-site request forgery protection default: null
Return type
Example data
Content-Type: application/json
{
"closure_type" : "close-by-user",
"owner" : "cases",
"mappings" : [ {
"action_type" : "overwrite",
"source" : "title",
"target" : "summary"
}, {
"action_type" : "overwrite",
"source" : "title",
"target" : "summary"
} ],
"connector" : {
"name" : "none",
"id" : "none",
"fields" : "{}",
"type" : ".none"
},
"updated_at" : "2022-06-01T19:58:48.169Z",
"updated_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"created_at" : "2022-06-01T17:07:17.767Z",
"id" : "4a97a440-e1cd-11ec-be9b-9b1838238ee6",
"error" : "error",
"created_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"version" : "WzIwNzMsMV0="
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call.401
Authorization information is missing or invalid. 4xx_response
Up
patch /api/cases/configure/{configurationId}Updates external connection details, such as the closure type and default connector for cases in the default space. (updateCaseConfigurationDefaultSpace)
You must have
all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case configuration. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. Refer to the add connectors API.Path parameters
configurationId (required)
Path Parameter — An identifier for the configuration. default: null
Consumes
This API call consumes the following media types via the Content-Type request header:application/json
Request body
update_case_configuration_request update_case_configuration_request (optional)
Body Parameter —
Request headers
kbn-xsrf (required)
Header Parameter — Cross-site request forgery protection default: null
Return type
Example data
Content-Type: application/json
{
"closure_type" : "close-by-user",
"owner" : "cases",
"mappings" : [ {
"action_type" : "overwrite",
"source" : "title",
"target" : "summary"
}, {
"action_type" : "overwrite",
"source" : "title",
"target" : "summary"
} ],
"connector" : {
"name" : "none",
"id" : "none",
"fields" : "{}",
"type" : ".none"
},
"updated_at" : "2022-06-01T19:58:48.169Z",
"updated_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"created_at" : "2022-06-01T17:07:17.767Z",
"id" : "4a97a440-e1cd-11ec-be9b-9b1838238ee6",
"error" : "error",
"created_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"version" : "WzIwNzMsMV0="
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call.401
Authorization information is missing or invalid. 4xx_response
Up
patch /api/casesUpdates one or more cases in the default space. (updateCaseDefaultSpace)
You must have
all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're updating.Consumes
This API call consumes the following media types via the Content-Type request header:application/json
Request body
update_case_request update_case_request (optional)
Body Parameter —
Request headers
kbn-xsrf (required)
Header Parameter — Cross-site request forgery protection default: null
Return type
array[case_response_properties]
Example data
Content-Type: application/json
{
"owner" : "cases",
"totalComment" : 0,
"settings" : {
"syncAlerts" : true
},
"totalAlerts" : 0,
"closed_at" : "2000-01-23T04:56:07.000+00:00",
"comments" : [ null, null, null, null, null ],
"assignees" : [ {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
}, {
"uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
} ],
"created_at" : "2022-05-13T09:16:17.416Z",
"description" : "A case description.",
"title" : "Case title 1",
"created_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"version" : "WzUzMiwxXQ==",
"closed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"tags" : [ "tag-1" ],
"duration" : 120,
"updated_at" : "2000-01-23T04:56:07.000+00:00",
"updated_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
"external_service" : {
"external_title" : "external_title",
"pushed_by" : {
"full_name" : "full_name",
"profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
"email" : "email",
"username" : "elastic"
},
"external_url" : "external_url",
"pushed_at" : "2000-01-23T04:56:07.000+00:00",
"connector_id" : "connector_id",
"external_id" : "external_id",
"connector_name" : "connector_name"
}
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call.401
Authorization information is missing or invalid. 4xx_responseModels
[ Jump to Methods ]Table of Contents
4xx_response- Unsuccessful cases API responseCase_response_properties_for_comments_inner-Case_response_properties_for_connectors- Case response properties for connectorsaction_types-actions-add_alert_comment_request_properties- Add case comment request properties for alertsadd_case_comment_request- Add case comment requestadd_user_comment_request_properties- Add case comment request properties for user commentsalert_comment_response_properties- Add case comment response properties for alertsalert_comment_response_properties_rule-alert_identifiers- Alert identifiersalert_indices- Alert indicesalert_response_properties-assignees_inner-case_response_closed_by_properties- Case response properties for closed_bycase_response_created_by_properties- Case response properties for created_bycase_response_properties- Case response propertiescase_response_pushed_by_properties- Case response properties for pushed_bycase_response_updated_by_properties- Case response properties for updated_byclosure_types-connector_properties_cases_webhook- Create or upate case request properties for Cases Webhook connectorconnector_properties_jira- Create or update case request properties for a Jira connectorconnector_properties_jira_fields-connector_properties_none- Create or update case request properties for no connectorconnector_properties_resilient- Create case request properties for a IBM Resilient connectorconnector_properties_resilient_fields-connector_properties_servicenow- Create case request properties for a ServiceNow ITSM connectorconnector_properties_servicenow_fields-connector_properties_servicenow_sir- Create case request properties for a ServiceNow SecOps connectorconnector_properties_servicenow_sir_fields-connector_properties_swimlane- Create case request properties for a Swimlane connectorconnector_properties_swimlane_fields-connector_types-create_case_request- Create case requestcreate_case_request_connector-external_service-findCaseActivityDefaultSpace_200_response-findCaseActivity_200_response-findCaseConnectorsDefaultSpace_200_response_inner-findCaseConnectorsDefaultSpace_200_response_inner_config-findCasesDefaultSpace_200_response-findCasesDefaultSpace_assignees_parameter-findCasesDefaultSpace_owner_parameter-findCasesDefaultSpace_searchFields_parameter-findCases_200_response-getCaseCommentDefaultSpace_200_response-getCaseConfigurationDefaultSpace_200_response_inner-getCaseConfigurationDefaultSpace_200_response_inner_connector-getCaseConfigurationDefaultSpace_200_response_inner_created_by-getCaseConfigurationDefaultSpace_200_response_inner_mappings_inner-getCaseConfigurationDefaultSpace_200_response_inner_updated_by-getCaseStatusDefaultSpace_200_response-getCasesByAlertDefaultSpace_200_response_inner-owners-payload_alert_comment-payload_alert_comment_comment-payload_alert_comment_comment_alertId-payload_alert_comment_comment_index-payload_assignees-payload_connector-payload_connector_connector-payload_connector_connector_fields-payload_create_case-payload_description-payload_pushed-payload_settings-payload_severity-payload_status-payload_tags-payload_title-payload_user_comment-payload_user_comment_comment-rule- Alerting rulesearchFieldsType-set_case_configuration_request- Set case configuration requestset_case_configuration_request_connector-set_case_configuration_request_settings-settings-severity_property-status-update_alert_comment_request_properties- Update case comment request properties for alertsupdate_case_comment_request- Update case comment requestupdate_case_configuration_request- Update case configuration requestupdate_case_request- Update case requestupdate_case_request_cases_inner-update_user_comment_request_properties- Update case comment request properties for user commentsuser_actions_find_response_properties-user_actions_response_properties-user_actions_response_properties_created_by-user_actions_response_properties_payload-user_comment_response_properties- Case response properties for user comments
Case_response_properties_for_comments_inner - Up
alertId (optional)
created_at (optional)
Date format: date-time
created_by (optional)
id (optional)
index (optional)
owner (optional)
pushed_at (optional)
Date format: date-time
pushed_by (optional)
rule (optional)
type
Enum:
user
updated_at (optional)
Date format: date-time
updated_by (optional)
version (optional)
comment (optional)
Case_response_properties_for_connectors - Case response properties for connectors Up
add_alert_comment_request_properties - Add case comment request properties for alerts Up
Defines properties for case comment requests when type is alert.
add_case_comment_request - Add case comment request Up
The add comment to case API request body varies depending on whether you are adding an alert or a comment.
add_user_comment_request_properties - Add case comment request properties for user comments Up
Defines properties for case comment requests when type is user.
alert_comment_response_properties - Add case comment response properties for alerts Up
alertId (optional)
created_at (optional)
Date format: date-time
created_by (optional)
id (optional)
index (optional)
owner (optional)
pushed_at (optional)
Date format: date-time
pushed_by (optional)
rule (optional)
type
Enum:
alert
updated_at (optional)
Date format: date-time
updated_by (optional)
version (optional)
alert_identifiers - Alert identifiers Up
The alert identifiers. It is required only when
type is alert. You can use an array of strings to add multiple alerts to a case, provided that they all relate to the same rule; index must also be an array with the same length or number of elements. Adding multiple alerts in this manner is recommended rather than calling the API multiple times. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.alert_indices - Alert indices Up
The alert indices. It is required only when
type is alert. If you are adding multiple alerts to a case, use an array of strings; the position of each index name in the array must match the position of the corresponding alert identifier in the alertId array. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.assignees_inner - Up
uid
String A unique identifier for the user profile. These identifiers can be found by using the suggest user profile API.
case_response_properties - Case response properties Up
assignees (optional)
array[assignees_inner] An array containing users that are assigned to the case.
closed_at
Date format: date-time
closed_by
comments
array[Case_response_properties_for_comments_inner] An array of comment objects for the case.
connector
created_at
Date format: date-time
created_by
description
duration
Integer The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero.
external_service
id
owner
settings
severity
status
tags
title
totalAlerts
totalComment
updated_at
Date format: date-time
updated_by
version
closure_types - Up
Indicates whether a case is automatically closed when it is pushed to external systems (
close-by-pushing) or not automatically closed (close-by-user).connector_properties_cases_webhook - Create or upate case request properties for Cases Webhook connector Up
Defines properties for connectors when type is
.cases-webhook.connector_properties_jira - Create or update case request properties for a Jira connector Up
Defines properties for connectors when type is
.jira.connector_properties_jira_fields - Up
An object containing the connector fields. If you want to omit any individual field, specify null as its value.
connector_properties_none - Create or update case request properties for no connector Up
Defines properties for connectors when type is
.none.fields
String An object containing the connector fields. To create a case without a connector, specify null. To update a case to remove the connector, specify null.
id
String The identifier for the connector. To create a case without a connector, use
none. To update a case to remove the connector, specify none. name
String The name of the connector. To create a case without a connector, use
none. To update a case to remove the connector, specify none. type
String The type of connector. To create a case without a connector, use
.none. To update a case to remove the connector, specify .none. Enum:
.none
connector_properties_resilient - Create case request properties for a IBM Resilient connector Up
Defines properties for connectors when type is
.resilient.connector_properties_resilient_fields - Up
An object containing the connector fields. If you want to omit any individual field, specify null as its value.
issueTypes
array[String] The type of incident.
severityCode
String The severity code of the incident.
connector_properties_servicenow - Create case request properties for a ServiceNow ITSM connector Up
Defines properties for connectors when type is
.servicenow.connector_properties_servicenow_fields - Up
An object containing the connector fields. If you want to omit any individual field, specify null as its value.
connector_properties_servicenow_sir - Create case request properties for a ServiceNow SecOps connector Up
Defines properties for connectors when type is
.servicenow-sir.connector_properties_servicenow_sir_fields - Up
An object containing the connector fields. If you want to omit any individual field, specify null as its value.
category
String The category of the incident.
destIp
Boolean Indicates whether cases will send a comma-separated list of destination IPs.
malwareHash
Boolean Indicates whether cases will send a comma-separated list of malware hashes.
malwareUrl
Boolean Indicates whether cases will send a comma-separated list of malware URLs.
priority
String The priority of the issue.
sourceIp
Boolean Indicates whether cases will send a comma-separated list of source IPs.
subcategory
String The subcategory of the incident.
connector_properties_swimlane - Create case request properties for a Swimlane connector Up
Defines properties for connectors when type is
.swimlane.connector_properties_swimlane_fields - Up
An object containing the connector fields. If you want to omit any individual field, specify null as its value.
caseId
String The case identifier for Swimlane connectors.
create_case_request - Create case request Up
The create case API request body varies depending on the type of connector.
assignees (optional)
array[assignees_inner] An array containing users that are assigned to the case.
connector
description
String The description for the case.
owner
settings
severity (optional)
tags
array[String] The words and phrases that help categorize cases. It can be an empty array.
category (optional)
String Category for the case. It could be a word or a phrase to categorize the case.
title
String A title for the case.
create_case_request_connector - Up
findCaseActivityDefaultSpace_200_response - Up
page (optional)
perPage (optional)
total (optional)
userActions (optional)
findCaseActivity_200_response - Up
page (optional)
perPage (optional)
total (optional)
userActions (optional)
findCaseConnectorsDefaultSpace_200_response_inner - Up
actionTypeId (optional)
config (optional)
id (optional)
isDeprecated (optional)
isMissingSecrets (optional)
isPreconfigured (optional)
name (optional)
referencedByCount (optional)
getCaseCommentDefaultSpace_200_response - Up
alertId (optional)
created_at (optional)
Date format: date-time
created_by (optional)
id (optional)
index (optional)
owner (optional)
pushed_at (optional)
Date format: date-time
pushed_by (optional)
rule (optional)
type
Enum:
user
updated_at (optional)
Date format: date-time
updated_by (optional)
version (optional)
comment (optional)
getCaseConfigurationDefaultSpace_200_response_inner - Up
getCaseConfigurationDefaultSpace_200_response_inner_connector - Up
fields (optional)
Object The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to
null. id (optional)
String The identifier for the connector. If you do not want a default connector, use
none. To retrieve connector IDs, use the find connectors API. name (optional)
String The name of the connector. If you do not want a default connector, use
none. To retrieve connector names, use the find connectors API. type (optional)
owners - Up
The application that owns the cases: Stack Management, Observability, or Elastic Security.
payload_alert_comment - Up
comment (optional)
payload_alert_comment_comment - Up
alertId (optional)
index (optional)
owner (optional)
rule (optional)
type (optional)
Enum:
alert
payload_assignees - Up
assignees (optional)
array[assignees_inner] An array containing users that are assigned to the case.
payload_connector - Up
connector (optional)
payload_connector_connector - Up
payload_connector_connector_fields - Up
An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.
caseId (optional)
String The case identifier for Swimlane connectors.
category (optional)
String The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.
destIp (optional)
Boolean Indicates whether cases will send a comma-separated list of destination IPs for ServiceNow SecOps connectors.
impact (optional)
String The effect an incident had on business for ServiceNow ITSM connectors.
issueType (optional)
String The type of issue for Jira connectors.
issueTypes (optional)
array[String] The type of incident for IBM Resilient connectors.
malwareHash (optional)
Boolean Indicates whether cases will send a comma-separated list of malware hashes for ServiceNow SecOps connectors.
malwareUrl (optional)
Boolean Indicates whether cases will send a comma-separated list of malware URLs for ServiceNow SecOps connectors.
parent (optional)
String The key of the parent issue, when the issue type is sub-task for Jira connectors.
priority (optional)
String The priority of the issue for Jira and ServiceNow SecOps connectors.
severity (optional)
String The severity of the incident for ServiceNow ITSM connectors.
severityCode (optional)
String The severity code of the incident for IBM Resilient connectors.
sourceIp (optional)
Boolean Indicates whether cases will send a comma-separated list of source IPs for ServiceNow SecOps connectors.
subcategory (optional)
String The subcategory of the incident for ServiceNow ITSM connectors.
urgency (optional)
String The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.
payload_create_case - Up
assignees (optional)
array[assignees_inner] An array containing users that are assigned to the case.
connector (optional)
description (optional)
owner (optional)
settings (optional)
severity (optional)
status (optional)
tags (optional)
title (optional)
payload_description - Up
description (optional)
payload_pushed - Up
externalService (optional)
payload_settings - Up
settings (optional)
payload_severity - Up
severity (optional)
payload_status - Up
status (optional)
payload_tags - Up
tags (optional)
payload_title - Up
title (optional)
payload_user_comment - Up
comment (optional)
rule - Alerting rule Up
The rule that is associated with the alerts. It is required only when
type is alert. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.set_case_configuration_request - Set case configuration request Up
External connection details, such as the closure type and default connector for cases.
closure_type
connector
owner
settings (optional)
set_case_configuration_request_connector - Up
An object that contains the connector configuration.
fields
Object The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to
null. id
String The identifier for the connector. If you do not want a default connector, use
none. To retrieve connector IDs, use the find connectors API. name
String The name of the connector. If you do not want a default connector, use
none. To retrieve connector names, use the find connectors API. type
set_case_configuration_request_settings - Up
An object that contains the case settings.
syncAlerts
Boolean Turns alert syncing on or off.
settings - Up
An object that contains the case settings.
syncAlerts
Boolean Turns alert syncing on or off.
update_alert_comment_request_properties - Update case comment request properties for alerts Up
Defines properties for case comment requests when type is alert.
update_case_comment_request - Update case comment request Up
The update case comment API request body varies depending on whether you are updating an alert or a comment.
update_case_configuration_request - Update case configuration request Up
External connection details, such as the closure type and default connector for cases.
closure_type (optional)
connector (optional)
version
String The version of the connector. To retrieve the version value, use the get configuration API.
update_case_request - Update case request Up
The update case API request body varies depending on the type of connector.
cases
array[update_case_request_cases_inner] An array containing one or more case objects.
update_case_request_cases_inner - Up
assignees (optional)
array[assignees_inner] An array containing users that are assigned to the case.
connector (optional)
description (optional)
String An updated description for the case.
id
String The identifier for the case.
settings (optional)
severity (optional)
status (optional)
tags (optional)
array[String] The words and phrases that help categorize cases.
category (optional)
String Category for the case. It could be a word or a phrase to categorize the case.
title (optional)
String A title for the case.
version
String The current version of the case. To determine this value, use the get case or find cases APIs.
update_user_comment_request_properties - Update case comment request properties for user comments Up
Defines properties for case comment requests when type is user.
user_actions_find_response_properties - Up
user_actions_response_properties - Up
user_actions_response_properties_payload - Up
comment (optional)
assignees (optional)
array[assignees_inner] An array containing users that are assigned to the case.
connector (optional)
description (optional)
owner (optional)
settings (optional)
severity (optional)
status (optional)
tags (optional)
title (optional)
externalService (optional)