Case#
Model definition#
Required attributes:
- title
(text) : title of the case
- description
(text) : description of the case
- severity
(number) : severity of the case (1: low; 2: medium; 3: high) default=2
- startDate
(date) : date and time of the begin of the case default=now
- owner
(string) : user to whom the case has been assigned default=use who create the case
- flag
(boolean) : flag of the case default=false
- tlp
(number) : TLP (0
: white
; 1
: green
; 2: amber
;
3: red
) default=2
- tags
(multi-string) : case tags default=empty
Optional attributes:
- resolutionStatus
(caseResolutionStatus) : resolution status of the case (Indeterminate, FalsePositive,
TruePositive, Other or Duplicated)
- impactStatus
(caseImpactStatus) : impact status of the case (NoImpact, WithImpact or NotApplicable)
- summary
(text) : summary of the case, to be provided when closing a case
- endDate
(date) : resolution date
- metrics
(metrics) : list of metrics
Attributes generated by the backend:
- status
(caseStatus) : status of the case (Open, Resolved or Deleted) default=Open
- caseId
(number) : Id of the case (auto-generated)
- mergeInto
(string) : ID of the case created by the merge
- mergeFrom
(multi-string) : IDs of the cases that were merged
Case Manipulation#
Case methods#
HTTP Method | URI | Action |
---|---|---|
GET | /api/case | List cases |
POST | /api/case/_search | Find cases |
PATCH | /api/case/_bulk | Update cases in bulk |
POST | /api/case/_stats | Compute stats on cases |
POST | /api/case | Create a case |
GET | /api/case/:caseId | Get a case |
PATCH | /api/case/:caseId | Update a case |
DELETE | /api/case/:caseId | Remove a case |
GET | /api/case/:caseId/links | Get list of cases linked to this case |
POST | /api/case/:caseId1/_merge/:caseId2 | Merge two cases |
Create a Case#
A case can be created using the following url :
POST /api/case
This call returns attributes of the created case.
Examples#
Creation of a simple case:
curl -XPOST -H 'Authorization: Bearer ***API*KEY***' -H 'Content-Type: application/json' http://127.0.0.1:9000/api/case -d '{
"title": "My first case",
"description": "This case has been created by my custom script"
}'
{
"severity": 3,
"createdBy": "myuser",
"createdAt": 1488918582777,
"caseId": 1,
"title": "My first case",
"startDate": 1488918582836,
"owner": "myuser",
"status": "Open",
"description": "This case has been created by my custom script",
"user": "myuser",
"tlp": 2,
"flag": false,
"id": "AVqqdpY2yQ6w1DNC8aDh",
"_id": "AVqqdpY2yQ6w1DNC8aDh",
"_type":"case"
}
Creation of another case:
curl -XPOST -H 'Authorization: Bearer ***API*KEY***' -H 'Content-Type: application/json' http://127.0.0.1:9000/api/case -d '{
"title": "My second case",
"description": "This case has been created by my custom script, its severity is high, tlp is red and it contains tags",
"severity": 3,
"tlp": 3,
"tags": ["automatic", "creation"]
}'
Creating a case with Tasks & Customfields:
curl -XPOST -H 'Authorization: Bearer ***API*KEY***' -H 'Content-Type: application/json' http://127.0.0.1:9000/api/case -d '{
"title": "My first case",
"description": "This case has been created by my custom script"
"tasks": [{
"title": "mytask",
"description": "description of my task"
}],
"customFields": {
"cvss": {
"number": 9,
},
"businessImpact": {
"string": "HIGH"
}
}
}'
customFields
object, the attribute names should correspond to the ExternalReference
(cvss and businessImpact in the example above) not to the name of custom fields.