IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Get all case activity
editGet all case activity
editReturns all user activity for the specified case.
Console supports only Elasticsearch APIs. Console doesn’t allow interactions with Kibana APIs. You must use curl
or another HTTP tool instead. For more information, refer to Run Elasticsearch API requests.
This endpoint is deprecated and will be removed in a future release.
Request URL
editGET <kibana host>:<port>/api/cases/<case ID>/user_actions
URL parts
editThe URL must include the case ID
of the case for which you are retrieving
activity. Call Find cases to retrieve case IDs.
Example request
editGets all activity for case ID a18b38a0-71b0-11ea-a0b2-c51ea50a58e2
:
GET api/cases/a18b38a0-71b0-11ea-a0b2-c51ea50a58e2/user_actions
Response code
edit-
200
- Indicates a successful call.
Response payload
editA JSON array containing all user activity for the specified case.
Response example
edit[ { "action": "create", "action_id": "5275af50-5e7d-11ec-9ee9-cd64f0b77b3c", "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c", "comment_id": null, "created_at": "2021-12-16T14:34:48.709Z", "created_by": { "email": "", "full_name": "", "username": "elastic" }, "owner": "securitySolution", "payload": { "connector": { "fields": null, "id": "none", "name": "none", "type": ".none" }, "description": "migrating user actions", "settings": { "syncAlerts": true }, "status": "open", "tags": [ "user", "actions" ], "title": "User actions", "owner": "securitySolution" }, "sub_case_id": "", "type": "create_case" }, { "action": "create", "action_id": "72e73240-5e7d-11ec-9ee9-cd64f0b77b3c", "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c", "comment_id": "72a03e30-5e7d-11ec-9ee9-cd64f0b77b3c", "created_at": "2021-12-16T14:35:42.872Z", "created_by": { "email": "", "full_name": "", "username": "elastic" }, "owner": "securitySolution", "payload": { "comment": { "comment": "a comment", "owner": "securitySolution", "type": "user" } }, "sub_case_id": "", "type": "comment" }, { "action": "update", "action_id": "7685b5c0-5e7d-11ec-9ee9-cd64f0b77b3c", "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c", "comment_id": null, "created_at": "2021-12-16T14:35:48.826Z", "created_by": { "email": "", "full_name": "", "username": "elastic" }, "owner": "securitySolution", "payload": { "title": "User actions!" }, "sub_case_id": "", "type": "title" }, { "action": "update", "action_id": "7a2d8810-5e7d-11ec-9ee9-cd64f0b77b3c", "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c", "comment_id": null, "created_at": "2021-12-16T14:35:55.421Z", "created_by": { "email": "", "full_name": "", "username": "elastic" }, "owner": "securitySolution", "payload": { "description": "migrating user actions and update!" }, "sub_case_id": "", "type": "description" }, { "action": "update", "action_id": "7f942160-5e7d-11ec-9ee9-cd64f0b77b3c", "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c", "comment_id": "72a03e30-5e7d-11ec-9ee9-cd64f0b77b3c", "created_at": "2021-12-16T14:36:04.120Z", "created_by": { "email": "", "full_name": "", "username": "elastic" }, "owner": "securitySolution", "payload": { "comment": { "comment": "a comment updated!", "owner": "securitySolution", "type": "user" } }, "sub_case_id": "", "type": "comment" }, { "action": "add", "action_id": "8591a380-5e7d-11ec-9ee9-cd64f0b77b3c", "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c", "comment_id": null, "created_at": "2021-12-16T14:36:13.840Z", "created_by": { "email": "", "full_name": "", "username": "elastic" }, "owner": "securitySolution", "payload": { "tags": [ "migration" ] }, "sub_case_id": "", "type": "tags" }, { "action": "delete", "action_id": "8591a381-5e7d-11ec-9ee9-cd64f0b77b3c", "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c", "comment_id": null, "created_at": "2021-12-16T14:36:13.840Z", "created_by": { "email": "", "full_name": "", "username": "elastic" }, "owner": "securitySolution", "payload": { "tags": [ "user" ] }, "sub_case_id": "", "type": "tags" }, { "action": "update", "action_id": "87fadb50-5e7d-11ec-9ee9-cd64f0b77b3c", "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c", "comment_id": null, "created_at": "2021-12-16T14:36:17.764Z", "created_by": { "email": "", "full_name": "", "username": "elastic" }, "owner": "securitySolution", "payload": { "settings": { "syncAlerts": false } }, "sub_case_id": "", "type": "settings" }, { "action": "update", "action_id": "89ca4420-5e7d-11ec-9ee9-cd64f0b77b3c", "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c", "comment_id": null, "created_at": "2021-12-16T14:36:21.509Z", "created_by": { "email": "", "full_name": "", "username": "elastic" }, "owner": "securitySolution", "payload": { "status": "in-progress" }, "sub_case_id": "", "type": "status" }, { "action": "update", "action_id": "9060aae0-5e7d-11ec-9ee9-cd64f0b77b3c", "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c", "comment_id": null, "created_at": "2021-12-16T14:36:32.716Z", "created_by": { "email": "", "full_name": "", "username": "elastic" }, "owner": "securitySolution", "payload": { "connector": { "fields": { "issueType": "10001", "parent": null, "priority": "High" }, "id": "6773fba0-5e7d-11ec-9ee9-cd64f0b77b3c", "name": "Jira", "type": ".jira" } }, "sub_case_id": "", "type": "connector" }, { "action": "push_to_service", "action_id": "988579d0-5e7d-11ec-9ee9-cd64f0b77b3c", "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c", "comment_id": null, "created_at": "2021-12-16T14:36:46.443Z", "created_by": { "email": "", "full_name": "", "username": "elastic" }, "owner": "securitySolution", "payload": { "externalService": { "connector_id": "6773fba0-5e7d-11ec-9ee9-cd64f0b77b3c", "connector_name": "Jira", "external_id": "26225", "external_title": "CASES-229", "external_url": "https://example.com/browse/CASES-229", "pushed_at": "2021-12-16T14:36:46.443Z", "pushed_by": { "email": "", "full_name": "", "username": "elastic" } } }, "sub_case_id": "", "type": "pushed" }, { "action": "update", "action_id": "bcb76020-5e7d-11ec-9ee9-cd64f0b77b3c", "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c", "comment_id": null, "created_at": "2021-12-16T14:37:46.863Z", "created_by": { "email": "", "full_name": "", "username": "elastic" }, "owner": "securitySolution", "payload": { "connector": { "fields": { "incidentTypes": [ "17", "4" ], "severityCode": "5" }, "id": "b3214df0-5e7d-11ec-9ee9-cd64f0b77b3c", "name": "IBM", "type": ".resilient" } }, "sub_case_id": "", "type": "connector" }, { "action": "push_to_service", "action_id": "c0338e90-5e7d-11ec-9ee9-cd64f0b77b3c", "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c", "comment_id": null, "created_at": "2021-12-16T14:37:53.016Z", "created_by": { "email": "", "full_name": "", "username": "elastic" }, "owner": "securitySolution", "payload": { "externalService": { "connector_id": "b3214df0-5e7d-11ec-9ee9-cd64f0b77b3c", "connector_name": "IBM", "external_id": "17574", "external_title": "17574", "external_url": "https://example.com/#incidents/17574", "pushed_at": "2021-12-16T14:37:53.016Z", "pushed_by": { "email": "", "full_name": "", "username": "elastic" } } }, "sub_case_id": "", "type": "pushed" }, { "action": "update", "action_id": "c5b6d7a0-5e7d-11ec-9ee9-cd64f0b77b3c", "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c", "comment_id": null, "created_at": "2021-12-16T14:38:01.895Z", "created_by": { "email": "", "full_name": "", "username": "elastic" }, "owner": "securitySolution", "payload": { "connector": { "fields": { "issueType": "10001", "parent": null, "priority": "Lowest" }, "id": "6773fba0-5e7d-11ec-9ee9-cd64f0b77b3c", "name": "Jira", "type": ".jira" } }, "sub_case_id": "", "type": "connector" }, { "action": "create", "action_id": "ca8f61c0-5e7d-11ec-9ee9-cd64f0b77b3c", "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c", "comment_id": "ca1d17f0-5e7d-11ec-9ee9-cd64f0b77b3c", "created_at": "2021-12-16T14:38:09.649Z", "created_by": { "email": "", "full_name": "", "username": "elastic" }, "owner": "securitySolution", "payload": { "comment": { "comment": "and another comment!", "owner": "securitySolution", "type": "user" } }, "sub_case_id": "", "type": "comment" } ]