GET /api/cases/alerts/{alertId}
Api key auth Basic auth

Spaces method and path for this operation:

get /s/{space_id}/api/cases/alerts/{alertId}

Refer to Spaces for more information.

You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're seeking.

Path parameters

  • alertId string Required

    An identifier for the alert.

Query parameters

  • owner string | array[string]

    A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read.

    Values are cases, observability, or securitySolution.

Responses

  • 200 application/json

    Indicates a successful call.

    Hide response attributes Show response attributes object
    • createdAt string(date-time) Required

      When the case was created.

    • description string Required

      The case description.

    • id string Required

      The case identifier.

    • status string Required

      The status of the case.

      Values are closed, in-progress, or open.

    • title string Required

      The case title.

    • totals object Required

      Counts of alerts, events, and user comments attached to a case.

      Hide totals attributes Show totals attributes object
      • alerts integer Required

        Number of alert attachments on the case.

      • events integer Required

        Number of event attachments on the case.

      • userComments integer Required

        Number of user comment attachments on the case.
  • 401 application/json

    Authorization information is missing or invalid.

    Hide response attributes Show response attributes object
    • error string
    • message string
    • statusCode integer
GET /api/cases/alerts/{alertId} 
curl \
 --request GET 'https://localhost:5601/api/cases/alerts/09f0c261e39e36351d75995b78bb83673774d1bc2cca9df2d15f0e5c0a99a540' \
 --header "Authorization: $API_KEY"
Response examples (200) 
[
  {
    "createdAt": "2020-02-19T23:06:33.798Z",
    "description": "Investigating suspicious activity",
    "id": "06116b80-e1c3-11ec-be9b-9b1838238ee6",
    "status": "open",
    "title": "security_case",
    "totals": {
      "alerts": 1,
      "events": 0,
      "userComments": 0
    }
  }
]
Response examples (401) 
{
  "error": "Unauthorized",
  "message": "Unable to authenticate with the provided credentials.",
  "statusCode": 401
}