adds more calls

elastic · Dec 18, 2019 · afbc1a8 · afbc1a8
1 parent 198e2f2
commit afbc1a8
Show file tree

Hide file tree

Showing 4 changed files with 166 additions and 6 deletions.
diff --git a/docs/en/siem/cases-api-add-comment.asciidoc b/docs/en/siem/cases-api-add-comment.asciidoc
@@ -0,0 +1,70 @@
+[[cases-api-add-comment]]
+=== Add comment
+
+Adds a comment to an existing case.
+
+==== Request URL
+
+`POST /api/cases/<case ID>/comment`
+
+===== URL parts
+
+The URL must include the `case ID` of the case to which you are adding a 
+comment.
+
+==== Request body
+
+A JSON object with a `comment` field:
+
+[width="100%",options="header"]
+|==============================================
+|Name |Type |Description |Required
+
+|`comment` |String |The case's new comment. |Yes
+|==============================================
+
+===== Example request
+
+Adds a comment to case ID `0a0fa050-20e4-11ea-8f80-690fedc74682`:
+
+[source,js]
+--------------------------------------------------
+POST api/cases/0a0fa050-20e4-11ea-8f80-690fedc74682/comment
+{
+  "comment": "Start operation bubblegum immediately!"
+}
+--------------------------------------------------
+// KIBANA
+
+==== Response code
+
+`200`:: 
+   Indicates a successful call.
+
+==== Response payload
+
+[source,json]
+--------------------------------------------------
+{
+  "type": "case-workflow-comment",
+  "id": "669364c0-2174-11ea-87ed-69e2fb63d9ed",
+  "attributes": {
+    "comment": "Start operation bubblegum immediately!",
+    "created_at": 1576659440694,
+    "created_by": {
+      "full_name": "Classified",
+      "username": "M"
+    }
+  },
+  "references": [
+    {
+      "type": "case-workflow",
+      "name": "associated-case-workflow",
+      "id": "0a0fa050-20e4-11ea-8f80-690fedc74682"
+    }
+  ],
+  "updated_at": "2019-12-18T08:57:20.908Z",
+  "version": "WzI3LDFd"
+}
+
+--------------------------------------------------
diff --git a/docs/en/siem/cases-api-create.asciidoc b/docs/en/siem/cases-api-create.asciidoc
@@ -15,10 +15,10 @@ A JSON object with these fields:
 |==============================================
 |Name |Type |Description |Required
 
-|title |String |The case's title. |Yes
-|description |String |The case's description. |Yes
-|case_type |String |The type of case. For example, `security`. |Yes
-|state |String a|Indicates whether the case is open or closed. Valid values 
+|`title` |String |The case's title. |Yes
+|`description` |String |The case's description. |Yes
+|`case_type` |String |The type of case. For example, `security`. |Yes
+|`state` |String a|Indicates whether the case is open or closed. Valid values 
 are:
 
 * `open`
@@ -35,7 +35,7 @@ object.
 
 |No, defaults to an empty array.
 
-|tags |String[] |String array containing words and phrases that help categorize 
+|`tags` |String[] |String array containing words and phrases that help categorize 
 cases. |No, defaults to an empty array.
 |==============================================
 

diff --git a/docs/en/siem/cases-api-update.asciidoc b/docs/en/siem/cases-api-update.asciidoc
@@ -0,0 +1,86 @@
+[[cases-api-update]]
+=== Update case
+
+Updates an existing case.
+
+==== Request URL
+
+`POST /api/cases/<case ID>`
+
+===== URL parts
+
+The URL must include the `case ID` of the case you are updating.
+
+==== Request body
+
+A JSON object with the fields you are updating:
+
+[width="100%",options="header"]
+|==============================================
+|Name |Type |Description
+
+|`title` |String |The case's title.
+|`description` |String |The case's description.
+|`case_type` |String |The type of case. For example, `security`.
+|`state` |String a|Indicates whether the case is open or closed. Valid values 
+are:
+
+* `open`
+* `closed`
+
+|assignees |Object[] a|Object containing string arrays for the names of people 
+assigned to the case:
+
+* `username` (String, required) - The username of the person assigned to the 
+case.
+* `full_name` (String, optional) - The full name of the person assigned to the 
+object.
+
+|`tags` |String[] |String array containing words and phrases that help categorize 
+cases.
+|==============================================
+
+===== Example request
+
+Updates the `description` and `tags` fields of case ID
+`0a0fa050-20e4-11ea-8f80-690fedc74682`:
+
+[source,js]
+--------------------------------------------------
+POST api/cases/0a0fa050-20e4-11ea-8f80-690fedc74682
+{
+  "description": "Ms Moneypenny clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants. Operation bubblegum is active. Repeat - operation bubblegum is now active",
+  "tags": [
+    "phishing",
+    "social engineering",
+    "bubblegum"
+  ]
+}
+--------------------------------------------------
+// KIBANA
+
+==== Response code
+
+`200`:: 
+   Indicates a successful call.
+
+==== Response payload
+
+[source,json]
+--------------------------------------------------
+{
+  "id": "0a0fa050-20e4-11ea-8f80-690fedc74682",
+  "type": "case-workflow",
+  "updated_at": "2019-12-18T10:31:36.609Z",
+  "version": "WzQwLDFd",
+  "attributes": {
+    "description": "Ms Moneypenny clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants. Operation bubblegum is active. Repeat - operation bubblegum is now active",
+    "tags": [
+      "phishing",
+      "social engineering",
+      "bubblegum"
+    ]
+  }
+}
+
+--------------------------------------------------
diff --git a/docs/en/siem/index.asciidoc b/docs/en/siem/index.asciidoc
@@ -22,4 +22,8 @@ include::tune-anomaly-results.asciidoc[]
 
 include::cases-api.asciidoc[]
 
-include::cases-api-create.asciidoc[]
+include::cases-api-create.asciidoc[]
+
+include::cases-api-add-comment.asciidoc[]
+
+include::cases-api-update.asciidoc[]