The SIEM app is now a part of the Elastic Security solution.
Click
here to view the current documentation.
IMPORTANT: No additional bug fixes or documentation updates will be released for this version.
IMPORTANT: No additional bug fixes or documentation updates will be released for this version.
Create case
editCreate case
editCreates a new case.
Request URL
editPOST <kibana host>:<port>/api/cases
Request body
editA JSON object with these fields:
| Name | Type | Description | Required |
|---|---|---|---|
|
String |
The case’s title. |
Yes |
|
String |
The case’s description. |
Yes |
|
String[] |
String array containing words and phrases that help categorize cases. |
Yes, can be an empty array. |
Example request
editPOST api/cases
{
"description": "James Bond clicked on a highly suspicious email
banner advertising cheap holidays for underpaid civil servants.",
"title": "This case will self-destruct in 5 seconds",
"tags": [
"phishing",
"social engineering"
]
}
Response code
edit-
200 - Indicates a successful call.
Response payload
editA JSON object that includes the user who created the case and the case’s ID, version, and creation time.
Example response
edit{
"id": "66b9aa00-94fa-11ea-9f74-e7e108796192",
"version": "WzUzMiwxXQ==",
"comments": [],
"totalComment": 0,
"connector_id": "05da469f-1fde-4058-99a3-91e4807e2de8",
"title": "This case will self-destruct in 5 seconds",
"description": "James Bond clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants. Operation bubblegum is active. Repeat - operation bubblegum is now active",
"tags": [
"phishing",
"social engineering",
"bubblegum"
],
"closed_at": null,
"closed_by": null,
"created_at": "2020-05-13T09:16:17.416Z",
"created_by": {
"email": "ahunley@imf.usa.gov",
"full_name": "Alan Hunley",
"username": "ahunley"
},
"external_service": null,
"status": "open",
"updated_at": null,
"updated_by": null
}
|
The default connector ID used to push cases to external services (see Set default SIEM UI connector). |
|
|
The |