Case#
Model definition#
Required attributes:
- title (text) : title of the case
- description (text) : description of the case
- severity (number) : severity of the case (1: low; 2: medium; 3: high) default=2
- startDate (date) : date and time of the begin of the case default=now
- owner (string) : user to whom the case has been assigned default=use who create the case
- flag (boolean) : flag of the case default=false
- tlp (number) : TLP (0: white; 1: green; 2: amber;
3: red) default=2
- tags (multi-string) : case tags default=empty
Optional attributes:
- resolutionStatus (caseResolutionStatus) : resolution status of the case (Indeterminate, FalsePositive,
TruePositive, Other or Duplicated)
- impactStatus (caseImpactStatus) : impact status of the case (NoImpact, WithImpact or NotApplicable)
- summary (text) : summary of the case, to be provided when closing a case
- endDate (date) : resolution date
- metrics (metrics) : list of metrics
Attributes generated by the backend:
- status (caseStatus) : status of the case (Open, Resolved or Deleted) default=Open
- caseId (number) : Id of the case (auto-generated)
- mergeInto (string) : ID of the case created by the merge
- mergeFrom (multi-string) : IDs of the cases that were merged
Case Manipulation#
Case methods#
| HTTP Method | URI | Action |
|---|---|---|
| GET | /api/case | List cases |
| POST | /api/case/_search | Find cases |
| PATCH | /api/case/_bulk | Update cases in bulk |
| POST | /api/case/_stats | Compute stats on cases |
| POST | /api/case | Create a case |
| GET | /api/case/:caseId | Get a case |
| PATCH | /api/case/:caseId | Update a case |
| DELETE | /api/case/:caseId | Remove a case |
| GET | /api/case/:caseId/links | Get list of cases linked to this case |
| POST | /api/case/:caseId1/_merge/:caseId2 | Merge two cases |
Create a Case#
A case can be created using the following url :
POST /api/case
This call returns attributes of the created case.
Examples#
Creation of a simple case:
curl -XPOST -H 'Authorization: Bearer ***API*KEY***' -H 'Content-Type: application/json' http://127.0.0.1:9000/api/case -d '{
"title": "My first case",
"description": "This case has been created by my custom script"
}'
{
"severity": 3,
"createdBy": "myuser",
"createdAt": 1488918582777,
"caseId": 1,
"title": "My first case",
"startDate": 1488918582836,
"owner": "myuser",
"status": "Open",
"description": "This case has been created by my custom script",
"user": "myuser",
"tlp": 2,
"flag": false,
"id": "AVqqdpY2yQ6w1DNC8aDh",
"_id": "AVqqdpY2yQ6w1DNC8aDh",
"_type":"case"
}
Creation of another case:
curl -XPOST -H 'Authorization: Bearer ***API*KEY***' -H 'Content-Type: application/json' http://127.0.0.1:9000/api/case -d '{
"title": "My second case",
"description": "This case has been created by my custom script, its severity is high, tlp is red and it contains tags",
"severity": 3,
"tlp": 3,
"tags": ["automatic", "creation"]
}'
Creating a case with Tasks & Customfields:
curl -XPOST -H 'Authorization: Bearer ***API*KEY***' -H 'Content-Type: application/json' http://127.0.0.1:9000/api/case -d '{
"title": "My first case",
"description": "This case has been created by my custom script"
"tasks": [{
"title": "mytask",
"description": "description of my task"
}],
"customFields": {
"cvss": {
"number": 9,
},
"businessImpact": {
"string": "HIGH"
}
}
}'
customFields object, the attribute names should correspond to the ExternalReference (cvss and businessImpact in the example above) not to the name of custom fields.