IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« Create case Update case »
Elastic Docs Elastic Security Solution [7.16] Elastic Security APIs Cases API

Add comment

edit

Add comment

edit

Adds a comment to an existing case.

Console supports only Elasticsearch APIs. Console doesn’t allow interactions with Kibana APIs. You must use curl or another HTTP tool instead. For more information, refer to Run Elasticsearch API requests.

Request URL

edit

POST <kibana host>:<port>/api/cases/<case ID>/comments

URL parts

edit

The URL must include the case ID of the case to which you are adding a comment. Call Find cases to retrieve case IDs.

Request body

edit

A JSON object with a comment field:

Name Type Description Required

type

String

The comment type, which can be user or alert.

Yes

comment

String

The case’s new comment.

Yes, only when type is user.

alertId

String

The alert id.

Yes, only when type is alert.

index

String

The alert index.

Yes, only when type is alert.

Only alerts (signals) of Elastic Security are supported.

Example request

edit

Adds a comment to case ID 293f1bc0-74f6-11ea-b83a-553aecdb28b6:

POST api/cases/293f1bc0-74f6-11ea-b83a-553aecdb28b6/comments
{
  "type": "user",
  "comment": "That is nothing - Ethan Hunt answered a targeted social
  media campaign promoting phishy pension schemes to IMF operatives.",
  "owner": "securitySolution"
}

Response code

edit
200
Indicates a successful call.

Response payload

edit

The updated JSON case object with the new comment, the user who created the comment, and the comment’s ID, version, and creation time.

Example response

edit
  "id": "293f1bc0-74f6-11ea-b83a-553aecdb28b6",
  "version": "WzIwNDMyLDFd",
  "comments": [
    {
      "id": "8af6ac20-74f6-11ea-b83a-553aecdb28b6",
      "version": "WzIwNDMxLDFd",
      "type": "user",
      "comment": "That is nothing - Ethan Hunt answered a targeted social media campaign promoting phishy pension schemes to IMF operatives.",
      "created_at": "2020-04-02T15:28:03.034Z",
      "created_by": {
        "email": "[email protected]",
        "full_name": "Ms Moneypenny",
        "username": "moneypenny"
      },
      "pushed_at": null,
      "pushed_by": null,
      "updated_at": null,
      "updated_by": null
    }
  ],
  "totalComment": 1,
  "title": "This case will self-destruct in 5 seconds",
  "tags": [
    "phishing",
    "social engineering"
  ],
  "description": "James Bond clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants.",
  "closed_at": null,
  "closed_by": null,
  "created_at": "2020-04-02T15:25:19.088Z",
  "created_by": {
    "email": "[email protected]",
    "full_name": "Alan Hunley",
    "username": "ahunley"
  },
  "external_service": null,
  "owner": "securitySolution",
  "status": "open",
  "updated_at": "2020-04-02T15:28:03.034Z",
  "updated_by": {
    "email": "[email protected]",
    "full_name": "Ms Moneypenny",
    "username": "moneypenny"
  }
}
« Create case Update case »