The SIEM app is now a part of the Elastic Security solution. Click here to view SIEM documentation for previous releases.
« Import timelines and timeline templates Create case »
Elastic Docs Elastic Security Solution [7.9] Elastic Security APIs

Cases API

edit

Cases API

edit

This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features.

You can create, manage, configure, and send cases to external systems with these APIs:

  • Cases API: Used to open and manage security action items.
  • Actions API: Used to send cases to external systems. Create connector stores the data required to interface with third-party systems, and Create or update an external incident sends Elastic Security cases to external systems.
« Import timelines and timeline templates Create case »