Skip to content


Promote an Alert as a new Case.


POST /api/alert/{id}/createCase


  • id: id of the Alert to promote

Request Body example#

Specify a Case template applied with Case creation:

  "caseTemplate": "SIEM_Alert"

The following fields are optional:

  • caseTemplate: (String)


Status codes#

  • 201: if Case is successfully created
  • 401: Authentication error

ResponseBody Example#

  "_id": "~907709843",
  "id": "~907709843",
  "createdBy": "[email protected]",
  "updatedBy": null,
  "createdAt": 1630416621805,
  "updatedAt": null,
  "_type": "case",
  "caseId": 126,
  "title": "User posted information on known phishing URL",
  "description": "SIEM automated alert: the user [email protected] has posted information on a known phishing url. ",
  "severity": 2,
  "startDate": 1630416621797,
  "endDate": null,
  "impactStatus": null,
  "resolutionStatus": null,
  "tags": [
  "flag": false,
  "tlp": 3,
  "pap": 2,
  "status": "Open",
  "summary": null,
  "owner": "[email protected]",
  "customFields": {
    "businessUnit": {
      "string": "Finance",
      "order": 0
    "location": {
      "string": "Sydney",
      "order": 1
  "stats": {},
  "permissions": [

Last update: September 6, 2021 05:39:12