The SIEM app is now a part of the Elastic Security solution.
Click
here to view SIEM documentation for previous releases.
Get case
editGet case
editReturns the specified case.
Request URL
editGET <kibana host>:<port>/api/cases/<case ID>
URL parts
editThe URL must include the case ID of the case you are retrieving. Call
Find cases to retrieve case IDs.
URL query parameters
edit| Name | Type | Description | Required |
|---|---|---|---|
|
Boolean |
Determines whether case comments are returned. |
No, defaults to |
Example request
editReturns case ID a18b38a0-71b0-11ea-a0b2-c51ea50a58e2 without comments:
GET api/cases/a18b38a0-71b0-11ea-a0b2-c51ea50a58e2?includeComments=false
Response code
edit-
200 - Indicates a successful call.
Response payload
editThe requested case JSON object.
Response example
edit{
"id": "a18b38a0-71b0-11ea-a0b2-c51ea50a58e2",
"version": "Wzk4LDFd",
"comments": [],
"totalComment": 0,
"closed_at": null,
"closed_by": null,
"created_at": "2020-03-29T11:30:02.658Z",
"created_by": {
"email": "[email protected]",
"full_name": "Alan Hunley",
"username": "ahunley"
},
"external_service": null,
"updated_at": "2020-03-29T12:01:50.244Z",
"updated_by": {
"full_name": "Classified",
"email": "[email protected]",
"username": "M"
},
"description": "James Bond clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants. Operation bubblegum is active. Repeat - operation bubblegum is now active!",
"title": "This case will self-destruct in 5 seconds",
"status": "open",
"tags": [
"phishing",
"social engineering",
"bubblegum"
]
}