The SIEM app is now a part of the Elastic Security solution.
Click
here to view SIEM documentation for previous releases.
Get case
editGet case
editReturns the specified case.
Request URL
editGET <kibana host>:<port>/api/cases/<case ID>
URL parts
editThe URL must include the case ID
of the case you are retrieving. Call
Find cases to retrieve case IDs.
URL query parameters
editName | Type | Description | Required |
---|---|---|---|
|
Boolean |
Determines whether case comments are returned. |
No, defaults to |
Example request
editReturns case ID a18b38a0-71b0-11ea-a0b2-c51ea50a58e2
without comments:
GET api/cases/a18b38a0-71b0-11ea-a0b2-c51ea50a58e2?includeComments=false
Response code
edit-
200
- Indicates a successful call.
Response payload
editThe requested case JSON object.
Response example
edit{ "id": "a18b38a0-71b0-11ea-a0b2-c51ea50a58e2", "version": "Wzk4LDFd", "comments": [], "totalComment": 0, "closed_at": null, "closed_by": null, "created_at": "2020-03-29T11:30:02.658Z", "created_by": { "email": "[email protected]", "full_name": "Alan Hunley", "username": "ahunley" }, "external_service": null, "updated_at": "2020-03-29T12:01:50.244Z", "updated_by": { "full_name": "Classified", "email": "[email protected]", "username": "M" }, "description": "James Bond clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants. Operation bubblegum is active. Repeat - operation bubblegum is now active!", "title": "This case will self-destruct in 5 seconds", "status": "open", "tags": [ "phishing", "social engineering", "bubblegum" ] }