IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Get all case activityedit
Returns all user activity for the specified case.
Console supports only Elasticsearch APIs. Console doesn’t allow interactions with Kibana APIs. You must use curl or another HTTP tool instead. For more information, refer to Run Elasticsearch API requests.
This endpoint is deprecated and will be removed in a future release.
Request URLedit
GET <kibana host>:<port>/api/cases/<case ID>/user_actions
URL partsedit
The URL must include the case ID of the case for which you are retrieving
activity. Call Find cases to retrieve case IDs.
Example requestedit
Gets all activity for case ID a18b38a0-71b0-11ea-a0b2-c51ea50a58e2:
GET api/cases/a18b38a0-71b0-11ea-a0b2-c51ea50a58e2/user_actions
Response codeedit
-
200 - Indicates a successful call.
Response payloadedit
A JSON array containing all user activity for the specified case.
Response exampleedit
[
{
"action": "create",
"action_id": "5275af50-5e7d-11ec-9ee9-cd64f0b77b3c",
"case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
"comment_id": null,
"created_at": "2021-12-16T14:34:48.709Z",
"created_by": {
"email": "",
"full_name": "",
"username": "elastic"
},
"owner": "securitySolution",
"payload": {
"connector": {
"fields": null,
"id": "none",
"name": "none",
"type": ".none"
},
"description": "migrating user actions",
"settings": {
"syncAlerts": true
},
"status": "open",
"tags": [
"user",
"actions"
],
"title": "User actions",
"owner": "securitySolution"
},
"sub_case_id": "",
"type": "create_case"
},
{
"action": "create",
"action_id": "72e73240-5e7d-11ec-9ee9-cd64f0b77b3c",
"case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
"comment_id": "72a03e30-5e7d-11ec-9ee9-cd64f0b77b3c",
"created_at": "2021-12-16T14:35:42.872Z",
"created_by": {
"email": "",
"full_name": "",
"username": "elastic"
},
"owner": "securitySolution",
"payload": {
"comment": {
"comment": "a comment",
"owner": "securitySolution",
"type": "user"
}
},
"sub_case_id": "",
"type": "comment"
},
{
"action": "update",
"action_id": "7685b5c0-5e7d-11ec-9ee9-cd64f0b77b3c",
"case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
"comment_id": null,
"created_at": "2021-12-16T14:35:48.826Z",
"created_by": {
"email": "",
"full_name": "",
"username": "elastic"
},
"owner": "securitySolution",
"payload": {
"title": "User actions!"
},
"sub_case_id": "",
"type": "title"
},
{
"action": "update",
"action_id": "7a2d8810-5e7d-11ec-9ee9-cd64f0b77b3c",
"case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
"comment_id": null,
"created_at": "2021-12-16T14:35:55.421Z",
"created_by": {
"email": "",
"full_name": "",
"username": "elastic"
},
"owner": "securitySolution",
"payload": {
"description": "migrating user actions and update!"
},
"sub_case_id": "",
"type": "description"
},
{
"action": "update",
"action_id": "7f942160-5e7d-11ec-9ee9-cd64f0b77b3c",
"case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
"comment_id": "72a03e30-5e7d-11ec-9ee9-cd64f0b77b3c",
"created_at": "2021-12-16T14:36:04.120Z",
"created_by": {
"email": "",
"full_name": "",
"username": "elastic"
},
"owner": "securitySolution",
"payload": {
"comment": {
"comment": "a comment updated!",
"owner": "securitySolution",
"type": "user"
}
},
"sub_case_id": "",
"type": "comment"
},
{
"action": "add",
"action_id": "8591a380-5e7d-11ec-9ee9-cd64f0b77b3c",
"case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
"comment_id": null,
"created_at": "2021-12-16T14:36:13.840Z",
"created_by": {
"email": "",
"full_name": "",
"username": "elastic"
},
"owner": "securitySolution",
"payload": {
"tags": [
"migration"
]
},
"sub_case_id": "",
"type": "tags"
},
{
"action": "delete",
"action_id": "8591a381-5e7d-11ec-9ee9-cd64f0b77b3c",
"case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
"comment_id": null,
"created_at": "2021-12-16T14:36:13.840Z",
"created_by": {
"email": "",
"full_name": "",
"username": "elastic"
},
"owner": "securitySolution",
"payload": {
"tags": [
"user"
]
},
"sub_case_id": "",
"type": "tags"
},
{
"action": "update",
"action_id": "87fadb50-5e7d-11ec-9ee9-cd64f0b77b3c",
"case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
"comment_id": null,
"created_at": "2021-12-16T14:36:17.764Z",
"created_by": {
"email": "",
"full_name": "",
"username": "elastic"
},
"owner": "securitySolution",
"payload": {
"settings": {
"syncAlerts": false
}
},
"sub_case_id": "",
"type": "settings"
},
{
"action": "update",
"action_id": "89ca4420-5e7d-11ec-9ee9-cd64f0b77b3c",
"case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
"comment_id": null,
"created_at": "2021-12-16T14:36:21.509Z",
"created_by": {
"email": "",
"full_name": "",
"username": "elastic"
},
"owner": "securitySolution",
"payload": {
"status": "in-progress"
},
"sub_case_id": "",
"type": "status"
},
{
"action": "update",
"action_id": "9060aae0-5e7d-11ec-9ee9-cd64f0b77b3c",
"case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
"comment_id": null,
"created_at": "2021-12-16T14:36:32.716Z",
"created_by": {
"email": "",
"full_name": "",
"username": "elastic"
},
"owner": "securitySolution",
"payload": {
"connector": {
"fields": {
"issueType": "10001",
"parent": null,
"priority": "High"
},
"id": "6773fba0-5e7d-11ec-9ee9-cd64f0b77b3c",
"name": "Jira",
"type": ".jira"
}
},
"sub_case_id": "",
"type": "connector"
},
{
"action": "push_to_service",
"action_id": "988579d0-5e7d-11ec-9ee9-cd64f0b77b3c",
"case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
"comment_id": null,
"created_at": "2021-12-16T14:36:46.443Z",
"created_by": {
"email": "",
"full_name": "",
"username": "elastic"
},
"owner": "securitySolution",
"payload": {
"externalService": {
"connector_id": "6773fba0-5e7d-11ec-9ee9-cd64f0b77b3c",
"connector_name": "Jira",
"external_id": "26225",
"external_title": "CASES-229",
"external_url": "https://example.com/browse/CASES-229",
"pushed_at": "2021-12-16T14:36:46.443Z",
"pushed_by": {
"email": "",
"full_name": "",
"username": "elastic"
}
}
},
"sub_case_id": "",
"type": "pushed"
},
{
"action": "update",
"action_id": "bcb76020-5e7d-11ec-9ee9-cd64f0b77b3c",
"case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
"comment_id": null,
"created_at": "2021-12-16T14:37:46.863Z",
"created_by": {
"email": "",
"full_name": "",
"username": "elastic"
},
"owner": "securitySolution",
"payload": {
"connector": {
"fields": {
"incidentTypes": [
"17",
"4"
],
"severityCode": "5"
},
"id": "b3214df0-5e7d-11ec-9ee9-cd64f0b77b3c",
"name": "IBM",
"type": ".resilient"
}
},
"sub_case_id": "",
"type": "connector"
},
{
"action": "push_to_service",
"action_id": "c0338e90-5e7d-11ec-9ee9-cd64f0b77b3c",
"case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
"comment_id": null,
"created_at": "2021-12-16T14:37:53.016Z",
"created_by": {
"email": "",
"full_name": "",
"username": "elastic"
},
"owner": "securitySolution",
"payload": {
"externalService": {
"connector_id": "b3214df0-5e7d-11ec-9ee9-cd64f0b77b3c",
"connector_name": "IBM",
"external_id": "17574",
"external_title": "17574",
"external_url": "https://example.com/#incidents/17574",
"pushed_at": "2021-12-16T14:37:53.016Z",
"pushed_by": {
"email": "",
"full_name": "",
"username": "elastic"
}
}
},
"sub_case_id": "",
"type": "pushed"
},
{
"action": "update",
"action_id": "c5b6d7a0-5e7d-11ec-9ee9-cd64f0b77b3c",
"case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
"comment_id": null,
"created_at": "2021-12-16T14:38:01.895Z",
"created_by": {
"email": "",
"full_name": "",
"username": "elastic"
},
"owner": "securitySolution",
"payload": {
"connector": {
"fields": {
"issueType": "10001",
"parent": null,
"priority": "Lowest"
},
"id": "6773fba0-5e7d-11ec-9ee9-cd64f0b77b3c",
"name": "Jira",
"type": ".jira"
}
},
"sub_case_id": "",
"type": "connector"
},
{
"action": "create",
"action_id": "ca8f61c0-5e7d-11ec-9ee9-cd64f0b77b3c",
"case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
"comment_id": "ca1d17f0-5e7d-11ec-9ee9-cd64f0b77b3c",
"created_at": "2021-12-16T14:38:09.649Z",
"created_by": {
"email": "",
"full_name": "",
"username": "elastic"
},
"owner": "securitySolution",
"payload": {
"comment": {
"comment": "and another comment!",
"owner": "securitySolution",
"type": "user"
}
},
"sub_case_id": "",
"type": "comment"
}
]