From 5efb4b1cf62be06ce7a24361050f03208fc0bfb1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Istv=C3=A1n=20Zolt=C3=A1n=20Szab=C3=B3?= Date: Tue, 29 Mar 2022 17:22:27 +0200 Subject: [PATCH] [DOCS] Adds GET case API docs (#128606) --- docs/api/cases.asciidoc | 4 +- docs/api/cases/cases-api-get-case.asciidoc | 100 +++++++++++++++++++++ 2 files changed, 103 insertions(+), 1 deletion(-) create mode 100644 docs/api/cases/cases-api-get-case.asciidoc diff --git a/docs/api/cases.asciidoc b/docs/api/cases.asciidoc index 5aa837d35676e..273f3a0b51cc2 100644 --- a/docs/api/cases.asciidoc +++ b/docs/api/cases.asciidoc @@ -14,7 +14,7 @@ these APIs: * <> * {security-guide}/cases-api-get-case-activity.html[Get all case activity] * {security-guide}/cases-api-get-all-case-comments.html[Get all case comments] -* {security-guide}/cases-api-get-case.html[Get case] +* <> * {security-guide}/cases-api-get-comment.html[Get comment] * {security-guide}/cases-get-connector.html[Get current connector] * {security-guide}/cases-api-get-reporters.html[Get reporters] @@ -34,5 +34,7 @@ include::cases/cases-api-delete-comments.asciidoc[leveloffset=+1] //FIND include::cases/cases-api-find-cases.asciidoc[leveloffset=+1] include::cases/cases-api-find-connectors.asciidoc[leveloffset=+1] +//GET +include::cases/cases-api-get-case.asciidoc[leveloffset=+1] //UPDATE include::cases/cases-api-update.asciidoc[leveloffset=+1] diff --git a/docs/api/cases/cases-api-get-case.asciidoc b/docs/api/cases/cases-api-get-case.asciidoc new file mode 100644 index 0000000000000..6bd255f6f8326 --- /dev/null +++ b/docs/api/cases/cases-api-get-case.asciidoc @@ -0,0 +1,100 @@ +[[cases-api-get-case]] +== Get case API +++++ +Get case +++++ + +Returns a specified case. + +=== Request + +`GET :/api/cases/` + +`GET :/s//api/cases/` + +=== Prerequisite + +You must have `read` privileges for the *Cases* feature in the *Management*, +*{observability}*, or *Security* section of the +<>, depending on the +`owner` of the cases you're seeking. + +=== Path parameters + +``:: +(Required, string) An identifier for the case to retrieve. Use +<> to retrieve case IDs. + +``:: +(Optional, string) An identifier for the space. If it is not specified, the +default space is used. + +=== Query parameters + +`includeComments`:: +(Optional, boolean) Determines whether case comments are returned. Defaults to +`true`. deprecated:[8.1.0, "The `includeComments` query parameter is deprecated and will be removed in a future release."] + + +==== Response code + +`200`:: + Indicates a successful call. + +==== Example + +Returns case ID `a18b38a0-71b0-11ea-a0b2-c51ea50a58e2` without comments: + +[source,sh] +-------------------------------------------------- +GET api/cases/a18b38a0-71b0-11ea-a0b2-c51ea50a58e2 +-------------------------------------------------- +// KIBANA + +The API returns a JSON object with the retrieved case. For example: + +[source,json] +-------------------------------------------------- +{ + "id": "a18b38a0-71b0-11ea-a0b2-c51ea50a58e2", + "version": "Wzk4LDFd", + "comments": [], + "totalComment": 0, + "closed_at": null, + "closed_by": null, + "created_at": "2020-03-29T11:30:02.658Z", + "created_by": { + "email": "ahunley@imf.usa.gov", + "full_name": "Alan Hunley", + "username": "ahunley" + }, + "external_service": null, + "updated_at": "2020-03-29T12:01:50.244Z", + "updated_by": { + "full_name": "Classified", + "email": "classified@hms.oo.gov.uk", + "username": "M" + }, + "description": "James Bond clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants. Operation bubblegum is active. Repeat - operation bubblegum is now active!", + "title": "This case will self-destruct in 5 seconds", + "status": "open", + "connector": { + "id": "131d4448-abe0-4789-939d-8ef60680b498", + "name": "My connector", + "type": ".jira", + "fields": { + "issueType": "10006", + "priority": "High", + } + }, + "settings": { + "syncAlerts": true + }, + "owner": "securitySolution", + "tags": [ + "phishing", + "social engineering", + "bubblegum" + ] +} +-------------------------------------------------- \ No newline at end of file