IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Get all case activity
editGet all case activity
editReturns all user activity for the specified case.
Console supports only Elasticsearch APIs. Console doesn’t allow interactions with Kibana APIs. You must use curl
or another HTTP tool instead. For more information, refer to Run Elasticsearch API requests.
Request URL
editGET <kibana host>:<port>/api/cases/<case ID>/user_actions
URL parts
editThe URL must include the case ID
of the case for which you are retrieving
activity. Call Find cases to retrieve case IDs.
Example request
editGets all comments for case ID a18b38a0-71b0-11ea-a0b2-c51ea50a58e2
:
GET api/cases/a18b38a0-71b0-11ea-a0b2-c51ea50a58e2/user_actions
Response code
edit-
200
- Indicates a successful call.
Response payload
editA JSON array containing all user activity for the specified case.
Response example
edit[ { "action_field": [ "description", "status", "tags", "title", "connector", "settings" ], "action": "create", "action_at": "2020-04-02T15:25:19.088Z", "action_by": { "email": "[email protected]", "full_name": "Alan Hunley", "username": "ahunley" }, "new_value": "{\"title\":\"This case will self-destruct in 5 seconds\",\"tags\":[\"phishing\",\"social engineering\"],\"description\":\"James Bond clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants.\"},\"connector\":{\"id\":\"none\",\"name\":\"none\",\"type\":\".none\",\"fields\":null},\"settings\":{\"syncAlerts\":true}", "old_value": null, "action_id": "29ce6370-74f6-11ea-b83a-553aecdb28b6", "case_id": "293f1bc0-74f6-11ea-b83a-553aecdb28b6", "comment_id": null, "owner": "securitySolution", }, { "action_field": [ "comment" ], "action": "create", "action_at": "2020-04-02T15:28:03.034Z", "action_by": { "email": "[email protected]", "full_name": "Ms Moneypenny", "username": "moneypenny" }, "new_value": "That is nothing - Ethan Hunt answered a targeted social media campaign promoting phishy pension schemes to IMF operatives.", "old_value": null, "action_id": "8b0d6870-74f6-11ea-b83a-553aecdb28b6", "case_id": "293f1bc0-74f6-11ea-b83a-553aecdb28b6", "comment_id": "8af6ac20-74f6-11ea-b83a-553aecdb28b6", "owner": "securitySolution", }, { "action_field": [ "comment" ], "action": "update", "action_at": "2020-04-02T15:34:01.118Z", "action_by": { "email": "[email protected]", "full_name": "James Bond", "username": "_007" }, "new_value": "That is nothing - Ethan Hunt answered a targeted social media campaign promoting phishy pension schemes to IMF operatives. Even worse, he likes baked beans.", "old_value": "That is nothing - Ethan Hunt answered a targeted social media campaign promoting phishy pension schemes to IMF operatives.", "action_id": "60dafd50-74f7-11ea-b83a-553aecdb28b6", "case_id": "293f1bc0-74f6-11ea-b83a-553aecdb28b6", "comment_id": "8af6ac20-74f6-11ea-b83a-553aecdb28b6", "owner": "securitySolution", }, { "action_field": [ "comment" ], "action": "create", "action_at": "2020-04-02T17:48:16.293Z", "action_by": { "email": "[email protected]", "full_name": "Classified", "username": "M" }, "new_value": "I'm on it.", "old_value": null, "action_id": "223f7bd0-750a-11ea-b83a-553aecdb28b6", "case_id": "293f1bc0-74f6-11ea-b83a-553aecdb28b6", "comment_id": "21a844e0-750a-11ea-b83a-553aecdb28b6", "owner": "securitySolution", }, { "action_field":[ "connector" ], "action":"update", "action_at":"2020-10-12T16:03:34.940Z", "action_by":{ "email":"[email protected]", "full_name":"Classified", "username":"M" }, "new_value":"{\"id\":\"18bc18cf-bd5d-4c88-bcdd-c7bb52a692cd\",\"name\":\"Resilient\",\"type\":\".resilient\",\"fields\":{\"incidentTypes\":[\"1001\"],\"severityCode\":\"5\"}}", "old_value":"{\"id\":\"72b9fa3a-b081-487d-9358-61d5da2968c1\",\"name\":\"Jira\",\"type\":\".jira\",\"fields\":{\"issueType\":\"10006\",\"parent\":null,\"priority\":\"Medium\"}}", "action_id":"7c326760-0ca4-11eb-8a58-a3c589db8483", "case_id":"7498ae50-0c8c-11eb-aefc-797bf7d42db4", "comment_id":null, "owner": "securitySolution", }, { "action_field":[ "settings" ], "action":"update", "action_at":"2020-10-12T16:03:34.940Z", "action_by":{ "email":"[email protected]", "full_name":"Classified", "username":"M" }, "new_value":"{\"syncAlerts\":false}", "old_value":"{\"syncAlerts\":true}", "action_id":"6c326760-0ca4-21eb-8a58-a3c589db8483", "case_id":"4498ae50-0c8c-11eb-eefc-797bf7d42db4", "comment_id":null, "owner": "securitySolution", } ]