Create case
editCreate case
editCreates a new case.
Request URL
editPOST <kibana host>:<port>/api/cases
Request body
editA JSON object with these fields:
| Name | Type | Description | Required |
|---|---|---|---|
|
String |
The case’s title. |
Yes |
|
String |
The case’s description. |
Yes |
|
String[] |
String array containing words and phrases that help categorize cases. |
Yes, can be an empty array. |
Example request
editPOST api/cases
{
"description": "James Bond clicked on a highly suspicious email
banner advertising cheap holidays for underpaid civil servants.",
"title": "This case will self-destruct in 5 seconds",
"tags": [
"phishing",
"social engineering"
]
}
Response code
edit-
200 - Indicates a successful call.
Response payload
editA JSON object that includes the user who created the case and the case’s ID,
version, and creation time. The case’s ID is also its saved object ID
(savedObjectId), used when pushing cases to
external systems.
Example response
edit{
"id": "66b9aa00-94fa-11ea-9f74-e7e108796192",
"version": "WzUzMiwxXQ==",
"comments": [],
"totalComment": 0,
"connector_id": "05da469f-1fde-4058-99a3-91e4807e2de8",
"title": "This case will self-destruct in 5 seconds",
"description": "James Bond clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants. Operation bubblegum is active. Repeat - operation bubblegum is now active",
"tags": [
"phishing",
"social engineering",
"bubblegum"
],
"closed_at": null,
"closed_by": null,
"created_at": "2020-05-13T09:16:17.416Z",
"created_by": {
"email": "[email protected]",
"full_name": "Alan Hunley",
"username": "ahunley"
},
"external_service": null,
"status": "open",
"updated_at": null,
"updated_by": null
}
|
The default connector ID used to push cases to external services (see Set default Elastic Security UI connector). |
|
|
The |