diff --git a/docs/en/siem/cases-api-add-comment.asciidoc b/docs/en/siem/cases-api-add-comment.asciidoc new file mode 100644 index 000000000..97722b150 --- /dev/null +++ b/docs/en/siem/cases-api-add-comment.asciidoc @@ -0,0 +1,70 @@ +[[cases-api-add-comment]] +=== Add comment + +Adds a comment to an existing case. + +==== Request URL + +`POST /api/cases//comment` + +===== URL parts + +The URL must include the `case ID` of the case to which you are adding a +comment. + +==== Request body + +A JSON object with a `comment` field: + +[width="100%",options="header"] +|============================================== +|Name |Type |Description |Required + +|`comment` |String |The case's new comment. |Yes +|============================================== + +===== Example request + +Adds a comment to case ID `0a0fa050-20e4-11ea-8f80-690fedc74682`: + +[source,js] +-------------------------------------------------- +POST api/cases/0a0fa050-20e4-11ea-8f80-690fedc74682/comment +{ + "comment": "Start operation bubblegum immediately!" +} +-------------------------------------------------- +// KIBANA + +==== Response code + +`200`:: + Indicates a successful call. + +==== Response payload + +[source,json] +-------------------------------------------------- +{ + "type": "case-workflow-comment", + "id": "669364c0-2174-11ea-87ed-69e2fb63d9ed", + "attributes": { + "comment": "Start operation bubblegum immediately!", + "created_at": 1576659440694, + "created_by": { + "full_name": "Classified", + "username": "M" + } + }, + "references": [ + { + "type": "case-workflow", + "name": "associated-case-workflow", + "id": "0a0fa050-20e4-11ea-8f80-690fedc74682" + } + ], + "updated_at": "2019-12-18T08:57:20.908Z", + "version": "WzI3LDFd" +} + +-------------------------------------------------- \ No newline at end of file diff --git a/docs/en/siem/cases-api-create.asciidoc b/docs/en/siem/cases-api-create.asciidoc index 16d6d4d5b..13aa8b860 100644 --- a/docs/en/siem/cases-api-create.asciidoc +++ b/docs/en/siem/cases-api-create.asciidoc @@ -15,10 +15,10 @@ A JSON object with these fields: |============================================== |Name |Type |Description |Required -|title |String |The case's title. |Yes -|description |String |The case's description. |Yes -|case_type |String |The type of case. For example, `security`. |Yes -|state |String a|Indicates whether the case is open or closed. Valid values +|`title` |String |The case's title. |Yes +|`description` |String |The case's description. |Yes +|`case_type` |String |The type of case. For example, `security`. |Yes +|`state` |String a|Indicates whether the case is open or closed. Valid values are: * `open` @@ -35,7 +35,7 @@ object. |No, defaults to an empty array. -|tags |String[] |String array containing words and phrases that help categorize +|`tags` |String[] |String array containing words and phrases that help categorize cases. |No, defaults to an empty array. |============================================== diff --git a/docs/en/siem/cases-api-update.asciidoc b/docs/en/siem/cases-api-update.asciidoc new file mode 100644 index 000000000..f9bfd7ae7 --- /dev/null +++ b/docs/en/siem/cases-api-update.asciidoc @@ -0,0 +1,86 @@ +[[cases-api-update]] +=== Update case + +Updates an existing case. + +==== Request URL + +`POST /api/cases/` + +===== URL parts + +The URL must include the `case ID` of the case you are updating. + +==== Request body + +A JSON object with the fields you are updating: + +[width="100%",options="header"] +|============================================== +|Name |Type |Description + +|`title` |String |The case's title. +|`description` |String |The case's description. +|`case_type` |String |The type of case. For example, `security`. +|`state` |String a|Indicates whether the case is open or closed. Valid values +are: + +* `open` +* `closed` + +|assignees |Object[] a|Object containing string arrays for the names of people +assigned to the case: + +* `username` (String, required) - The username of the person assigned to the +case. +* `full_name` (String, optional) - The full name of the person assigned to the +object. + +|`tags` |String[] |String array containing words and phrases that help categorize +cases. +|============================================== + +===== Example request + +Updates the `description` and `tags` fields of case ID +`0a0fa050-20e4-11ea-8f80-690fedc74682`: + +[source,js] +-------------------------------------------------- +POST api/cases/0a0fa050-20e4-11ea-8f80-690fedc74682 +{ + "description": "Ms Moneypenny clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants. Operation bubblegum is active. Repeat - operation bubblegum is now active", + "tags": [ + "phishing", + "social engineering", + "bubblegum" + ] +} +-------------------------------------------------- +// KIBANA + +==== Response code + +`200`:: + Indicates a successful call. + +==== Response payload + +[source,json] +-------------------------------------------------- +{ + "id": "0a0fa050-20e4-11ea-8f80-690fedc74682", + "type": "case-workflow", + "updated_at": "2019-12-18T10:31:36.609Z", + "version": "WzQwLDFd", + "attributes": { + "description": "Ms Moneypenny clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants. Operation bubblegum is active. Repeat - operation bubblegum is now active", + "tags": [ + "phishing", + "social engineering", + "bubblegum" + ] + } +} + +-------------------------------------------------- \ No newline at end of file diff --git a/docs/en/siem/index.asciidoc b/docs/en/siem/index.asciidoc index 9a97e7283..8b678d577 100644 --- a/docs/en/siem/index.asciidoc +++ b/docs/en/siem/index.asciidoc @@ -22,4 +22,8 @@ include::tune-anomaly-results.asciidoc[] include::cases-api.asciidoc[] -include::cases-api-create.asciidoc[] \ No newline at end of file +include::cases-api-create.asciidoc[] + +include::cases-api-add-comment.asciidoc[] + +include::cases-api-update.asciidoc[] \ No newline at end of file