IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
Elastic Docs Elastic Security Solution [8.0] Elastic Security APIs Cases API
« Find cases by alert Actions API (for pushing cases to external systems) »

Find All Alerts Attached to a Caseedit

Retrieves all alerts attached to a case.

Console supports only Elasticsearch APIs. Console doesn’t allow interactions with Kibana APIs. You must use curl or another HTTP tool instead. For more information, refer to Run Elasticsearch API requests.

Request URLedit

GET <kibana host>:<port>/api/cases/<case ID>/alerts

URL partsedit

The URL must include the case ID of the case that you are interested in retrieving the associated alerts that are attached to it. Call Find cases to retrieve case IDs.

Example requestedit

Returns all alerts attached to case 293f1bc0-74f6-11ea-b83a-553aecdb28b6:

GET api/cases/293f1bc0-74f6-11ea-b83a-553aecdb28b6/alerts

Response codeedit

200
Indicates a successful call.

Response payloadedit

A JSON array listing the retrieved alert comments.

Example responseedit

[
   {
      "id":"9241255e1e761ff068768671f6971bcbef869862b02188971036ed4ebba842f1",
      "index":".siem-signals-siem-estc-dev-default-000028",
      "attached_at": "2020-03-31T07:52:46.702Z",
   }
]
« Find cases by alert Actions API (for pushing cases to external systems) »