IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
Elastic Docs Elastic Security Solution [8.0] Elastic Security APIs Cases API
« Push case Find All Alerts Attached to a Case »

Find cases by alertedit

Uses an alert ID (alert id) to retrieve the case IDs of any cases the alert is attached to.

The case ID is identical to the case’s saved object ID.

Console supports only Elasticsearch APIs. Console doesn’t allow interactions with Kibana APIs. You must use curl or another HTTP tool instead. For more information, refer to Run Elasticsearch API requests.

Request URLedit

GET <kibana host>:<port>/api/cases/alerts/<alert id>

URL partsedit

The URL must include the alert ID, which is used to retrieve any cases the alert is attached to.

URL query parametersedit

Name Type Description Required

owner

String or String[]

A filter to limit the retrieved case IDs to a specific set of applications. If you omit this parameter, the response will contain every case ID that the user has read access to.

No

Example requestedit

Returns case IDs with the alert ID 293f1bc0-74f6-11ea-b83a-553aecdb28b6 attached to them:

GET api/cases/alerts/293f1bc0-74f6-11ea-b83a-553aecdb28b6

Response codeedit

200
Indicates a successful call.

Response payloadedit

A JSON array containing any case IDs associated with the specified alert. Case titles are also retrieved.

Example responseedit

[
    {
        "id": "8af6ac20-74f6-11ea-b83a-553aecdb28b6",
        "title": "Test 1"
    },
    {
        "id": "a18b38a0-71b0-11ea-a0b2-c51ea50a58e2",
        "title": "Test 2"
    }
]
« Push case Find All Alerts Attached to a Case »