The SIEM app is now a part of the Elastic Security solution. Click here to view SIEM documentation for previous releases.
Elastic Docs Elastic Security Solution [7.9] Elastic Security APIs
« Import timelines and timeline templates Create case »

Cases APIedit

This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features.

You can create, manage, configure, and send cases to external systems with these APIs:

  • Cases API: Used to open and manage security action items.
  • Actions API: Used to send cases to external systems. Create connector stores the data required to interface with third-party systems, and Create or update an external incident sends Elastic Security cases to external systems.
« Import timelines and timeline templates Create case »