Create caseedit
Creates a new case.
Request URLedit
POST <kibana host>:<port>/api/cases
Request bodyedit
A JSON object with these fields:
Name | Type | Description | Required |
---|---|---|---|
|
String |
The case’s title. |
Yes |
|
String |
The case’s description. |
Yes |
|
String[] |
String array containing words and phrases that help categorize cases. |
Yes, can be an empty array. |
Example requestedit
POST api/cases { "description": "James Bond clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants.", "title": "This case will self-destruct in 5 seconds", "tags": [ "phishing", "social engineering" ] }
Response codeedit
-
200
- Indicates a successful call.
Response payloadedit
A JSON object that includes the user who created the case and the case’s ID,
version, and creation time. The case’s ID is also its saved object ID
(savedObjectId
), used when pushing cases to
external systems.
Example responseedit
{ "id": "66b9aa00-94fa-11ea-9f74-e7e108796192", "version": "WzUzMiwxXQ==", "comments": [], "totalComment": 0, "connector_id": "05da469f-1fde-4058-99a3-91e4807e2de8", "title": "This case will self-destruct in 5 seconds", "description": "James Bond clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants. Operation bubblegum is active. Repeat - operation bubblegum is now active", "tags": [ "phishing", "social engineering", "bubblegum" ], "closed_at": null, "closed_by": null, "created_at": "2020-05-13T09:16:17.416Z", "created_by": { "email": "ahunley@imf.usa.gov", "full_name": "Alan Hunley", "username": "ahunley" }, "external_service": null, "status": "open", "updated_at": null, "updated_by": null }
The default connector ID used to push cases to external services (see Set default Elastic Security UI connector). |
|
The |