Get all case activity

edit

Returns all user activity for the specified case.

Console supports only Elasticsearch APIs. Console doesn’t allow interactions with Kibana APIs. You must use curl or another HTTP tool instead. For more information, refer to Run Elasticsearch API requests.

This endpoint is deprecated and will be removed in a future release.

Request URL

edit

GET <kibana host>:<port>/api/cases/<case ID>/user_actions

URL parts

edit

The URL must include the case ID of the case for which you are retrieving activity. Call Find cases to retrieve case IDs.

Example request

edit

Gets all activity for case ID a18b38a0-71b0-11ea-a0b2-c51ea50a58e2:

GET api/cases/a18b38a0-71b0-11ea-a0b2-c51ea50a58e2/user_actions

Response code

edit
200
Indicates a successful call.

Response payload

edit

A JSON array containing all user activity for the specified case.

Response example

edit
[
    {
      "action": "create",
      "action_id": "5275af50-5e7d-11ec-9ee9-cd64f0b77b3c",
      "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
      "comment_id": null,
      "created_at": "2021-12-16T14:34:48.709Z",
      "created_by": {
        "email": "",
        "full_name": "",
        "username": "elastic"
      },
      "owner": "securitySolution",
      "payload": {
        "connector": {
          "fields": null,
          "id": "none",
          "name": "none",
          "type": ".none"
        },
        "description": "migrating user actions",
        "settings": {
          "syncAlerts": true
        },
        "status": "open",
        "tags": [
          "user",
          "actions"
        ],
        "title": "User actions",
        "owner": "securitySolution"
      },
      "sub_case_id": "",
      "type": "create_case"
    },
    {
      "action": "create",
      "action_id": "72e73240-5e7d-11ec-9ee9-cd64f0b77b3c",
      "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
      "comment_id": "72a03e30-5e7d-11ec-9ee9-cd64f0b77b3c",
      "created_at": "2021-12-16T14:35:42.872Z",
      "created_by": {
        "email": "",
        "full_name": "",
        "username": "elastic"
      },
      "owner": "securitySolution",
      "payload": {
        "comment": {
          "comment": "a comment",
          "owner": "securitySolution",
          "type": "user"
        }
      },
      "sub_case_id": "",
      "type": "comment"
    },
    {
      "action": "update",
      "action_id": "7685b5c0-5e7d-11ec-9ee9-cd64f0b77b3c",
      "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
      "comment_id": null,
      "created_at": "2021-12-16T14:35:48.826Z",
      "created_by": {
        "email": "",
        "full_name": "",
        "username": "elastic"
      },
      "owner": "securitySolution",
      "payload": {
        "title": "User actions!"
      },
      "sub_case_id": "",
      "type": "title"
    },
    {
      "action": "update",
      "action_id": "7a2d8810-5e7d-11ec-9ee9-cd64f0b77b3c",
      "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
      "comment_id": null,
      "created_at": "2021-12-16T14:35:55.421Z",
      "created_by": {
        "email": "",
        "full_name": "",
        "username": "elastic"
      },
      "owner": "securitySolution",
      "payload": {
        "description": "migrating user actions and update!"
      },
      "sub_case_id": "",
      "type": "description"
    },
    {
      "action": "update",
      "action_id": "7f942160-5e7d-11ec-9ee9-cd64f0b77b3c",
      "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
      "comment_id": "72a03e30-5e7d-11ec-9ee9-cd64f0b77b3c",
      "created_at": "2021-12-16T14:36:04.120Z",
      "created_by": {
        "email": "",
        "full_name": "",
        "username": "elastic"
      },
      "owner": "securitySolution",
      "payload": {
        "comment": {
          "comment": "a comment updated!",
          "owner": "securitySolution",
          "type": "user"
        }
      },
      "sub_case_id": "",
      "type": "comment"
    },
    {
      "action": "add",
      "action_id": "8591a380-5e7d-11ec-9ee9-cd64f0b77b3c",
      "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
      "comment_id": null,
      "created_at": "2021-12-16T14:36:13.840Z",
      "created_by": {
        "email": "",
        "full_name": "",
        "username": "elastic"
      },
      "owner": "securitySolution",
      "payload": {
        "tags": [
          "migration"
        ]
      },
      "sub_case_id": "",
      "type": "tags"
    },
    {
      "action": "delete",
      "action_id": "8591a381-5e7d-11ec-9ee9-cd64f0b77b3c",
      "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
      "comment_id": null,
      "created_at": "2021-12-16T14:36:13.840Z",
      "created_by": {
        "email": "",
        "full_name": "",
        "username": "elastic"
      },
      "owner": "securitySolution",
      "payload": {
        "tags": [
          "user"
        ]
      },
      "sub_case_id": "",
      "type": "tags"
    },
    {
      "action": "update",
      "action_id": "87fadb50-5e7d-11ec-9ee9-cd64f0b77b3c",
      "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
      "comment_id": null,
      "created_at": "2021-12-16T14:36:17.764Z",
      "created_by": {
        "email": "",
        "full_name": "",
        "username": "elastic"
      },
      "owner": "securitySolution",
      "payload": {
        "settings": {
          "syncAlerts": false
        }
      },
      "sub_case_id": "",
      "type": "settings"
    },
    {
      "action": "update",
      "action_id": "89ca4420-5e7d-11ec-9ee9-cd64f0b77b3c",
      "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
      "comment_id": null,
      "created_at": "2021-12-16T14:36:21.509Z",
      "created_by": {
        "email": "",
        "full_name": "",
        "username": "elastic"
      },
      "owner": "securitySolution",
      "payload": {
        "status": "in-progress"
      },
      "sub_case_id": "",
      "type": "status"
    },
    {
      "action": "update",
      "action_id": "9060aae0-5e7d-11ec-9ee9-cd64f0b77b3c",
      "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
      "comment_id": null,
      "created_at": "2021-12-16T14:36:32.716Z",
      "created_by": {
        "email": "",
        "full_name": "",
        "username": "elastic"
      },
      "owner": "securitySolution",
      "payload": {
        "connector": {
          "fields": {
            "issueType": "10001",
            "parent": null,
            "priority": "High"
          },
          "id": "6773fba0-5e7d-11ec-9ee9-cd64f0b77b3c",
          "name": "Jira",
          "type": ".jira"
        }
      },
      "sub_case_id": "",
      "type": "connector"
    },
    {
      "action": "push_to_service",
      "action_id": "988579d0-5e7d-11ec-9ee9-cd64f0b77b3c",
      "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
      "comment_id": null,
      "created_at": "2021-12-16T14:36:46.443Z",
      "created_by": {
        "email": "",
        "full_name": "",
        "username": "elastic"
      },
      "owner": "securitySolution",
      "payload": {
        "externalService": {
          "connector_id": "6773fba0-5e7d-11ec-9ee9-cd64f0b77b3c",
          "connector_name": "Jira",
          "external_id": "26225",
          "external_title": "CASES-229",
          "external_url": "https://example.com/browse/CASES-229",
          "pushed_at": "2021-12-16T14:36:46.443Z",
          "pushed_by": {
            "email": "",
            "full_name": "",
            "username": "elastic"
          }
        }
      },
      "sub_case_id": "",
      "type": "pushed"
    },
    {
      "action": "update",
      "action_id": "bcb76020-5e7d-11ec-9ee9-cd64f0b77b3c",
      "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
      "comment_id": null,
      "created_at": "2021-12-16T14:37:46.863Z",
      "created_by": {
        "email": "",
        "full_name": "",
        "username": "elastic"
      },
      "owner": "securitySolution",
      "payload": {
        "connector": {
          "fields": {
            "incidentTypes": [
              "17",
              "4"
            ],
            "severityCode": "5"
          },
          "id": "b3214df0-5e7d-11ec-9ee9-cd64f0b77b3c",
          "name": "IBM",
          "type": ".resilient"
        }
      },
      "sub_case_id": "",
      "type": "connector"
    },
    {
      "action": "push_to_service",
      "action_id": "c0338e90-5e7d-11ec-9ee9-cd64f0b77b3c",
      "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
      "comment_id": null,
      "created_at": "2021-12-16T14:37:53.016Z",
      "created_by": {
        "email": "",
        "full_name": "",
        "username": "elastic"
      },
      "owner": "securitySolution",
      "payload": {
        "externalService": {
          "connector_id": "b3214df0-5e7d-11ec-9ee9-cd64f0b77b3c",
          "connector_name": "IBM",
          "external_id": "17574",
          "external_title": "17574",
          "external_url": "https://example.com/#incidents/17574",
          "pushed_at": "2021-12-16T14:37:53.016Z",
          "pushed_by": {
            "email": "",
            "full_name": "",
            "username": "elastic"
          }
        }
      },
      "sub_case_id": "",
      "type": "pushed"
    },
    {
      "action": "update",
      "action_id": "c5b6d7a0-5e7d-11ec-9ee9-cd64f0b77b3c",
      "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
      "comment_id": null,
      "created_at": "2021-12-16T14:38:01.895Z",
      "created_by": {
        "email": "",
        "full_name": "",
        "username": "elastic"
      },
      "owner": "securitySolution",
      "payload": {
        "connector": {
          "fields": {
            "issueType": "10001",
            "parent": null,
            "priority": "Lowest"
          },
          "id": "6773fba0-5e7d-11ec-9ee9-cd64f0b77b3c",
          "name": "Jira",
          "type": ".jira"
        }
      },
      "sub_case_id": "",
      "type": "connector"
    },
    {
      "action": "create",
      "action_id": "ca8f61c0-5e7d-11ec-9ee9-cd64f0b77b3c",
      "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
      "comment_id": "ca1d17f0-5e7d-11ec-9ee9-cd64f0b77b3c",
      "created_at": "2021-12-16T14:38:09.649Z",
      "created_by": {
        "email": "",
        "full_name": "",
        "username": "elastic"
      },
      "owner": "securitySolution",
      "payload": {
        "comment": {
          "comment": "and another comment!",
          "owner": "securitySolution",
          "type": "user"
        }
      },
      "sub_case_id": "",
      "type": "comment"
    }
  ]