Update caseedit
Updates existing cases.
Console supports only Elasticsearch APIs. Console doesn’t allow interactions with Kibana APIs. You must use curl
or another HTTP tool instead. For more information, refer to Run Elasticsearch API requests.
Request URLedit
PATCH <kibana host>:<port>/api/cases
Request bodyedit
A JSON array containing one or more case objects with updated field values:
Name | Type | Description | Required |
---|---|---|---|
|
Array containing one or more case objects. |
Yes |
cases
schemaedit
Name | Type | Description | Required |
---|---|---|---|
|
String |
The ID of the case being updated. |
Yes |
|
Object containing the connector’s configuration. |
No |
|
|
String |
The updated case description. |
No |
|
Object containing the case’s settings. |
No |
|
|
String |
The updated case status, which can be:
|
No |
|
String[] |
The updated case tags. |
No |
|
String |
The updated case title. |
No |
|
String |
The current case version (returned when calling Get case or Find cases). |
Yes |
The Case owner
field cannot be updated.
Name | Type | Description | Required |
---|---|---|---|
|
String |
ID of the connector used for pushing case updates to external systems (returned when calling Find connectors). |
Yes |
|
String |
The connector name. |
Yes |
|
String |
The type of the connector. Must be one of these:
|
Yes |
|
Object |
Object containing the connector’s fields. For ServiceNow connectors:
For ServiceNow SecOps connectors:
For Jira connectors:
For IBM Resilient connectors:
For Swimlane connectors:
|
Yes |
Name | Type | Description | Required |
---|---|---|---|
|
Boolean |
Turn on or off synching with alerts. |
Yes |
Example requestedit
Updates the description, tags, and connector of case ID
a18b38a0-71b0-11ea-a0b2-c51ea50a58e2
:
PATCH api/cases { "cases": [ { "connector": { "id": "131d4448-abe0-4789-939d-8ef60680b498", "name": "My connector", "type": ".jira", "fields": { "issueType": "10006", "priority": null, } }, "id": "a18b38a0-71b0-11ea-a0b2-c51ea50a58e2", "description": "James Bond clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants. Operation bubblegum is active. Repeat - operation bubblegum is now active!", "tags": [ "phishing", "social engineering", "bubblegum" ], "settings": { "syncAlerts": true } "version": "WzIzLDFd" } ] }
Response codeedit
-
200
- Indicates a successful call.
Response payloadedit
The updated case with a new version
value.
Example responseedit
[ { "id": "66b9aa00-94fa-11ea-9f74-e7e108796192", "version": "WzU0OCwxXQ==", "comments": [], "totalComment": 0, "connector": { "id": "131d4448-abe0-4789-939d-8ef60680b498", "name": "My connector", "type": ".jira", "fields": { "issueType": "10006", "priority": null, } }, "title": "This case will self-destruct in 5 seconds", "description": "James Bond clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants. Operation bubblegum is active. Repeat - operation bubblegum is now active!", "tags": [ "phishing", "social engineering", "bubblegum" ], "settings": { "syncAlerts": true } "closed_at": null, "closed_by": null, "created_at": "2020-05-13T09:16:17.416Z", "created_by": { "email": "ahunley@imf.usa.gov", "full_name": "Alan Hunley", "username": "ahunley" }, "external_service": { "external_title": "IS-4", "pushed_by": { "full_name": "Classified", "email": "classified@hms.oo.gov.uk", "username": "M" }, "external_url": "https://hms.atlassian.net/browse/IS-4", "pushed_at": "2020-05-13T09:20:40.672Z", "connector_id": "05da469f-1fde-4058-99a3-91e4807e2de8", "external_id": "10003", "connector_name": "Jira" }, "owner": "securitySolution", "status": "open", "updated_at": "2020-05-13T09:48:33.043Z", "updated_by": { "email": "classified@hms.oo.gov.uk", "full_name": "Classified", "username": "M" } } ]