intial case api docs

elastic · Feb 18, 2020 · b8470ad · b8470ad
1 parent f81633e
commit b8470ad
Show file tree

Hide file tree

Showing 14 changed files with 719 additions and 1 deletion.
diff --git a/docs/en/siem/cases-api-add-comment.asciidoc b/docs/en/siem/cases-api-add-comment.asciidoc
@@ -0,0 +1,69 @@
+[[cases-api-add-comment]]
+=== Add comment
+
+Adds a comment to an existing case.
+
+==== Request URL
+
+`POST /api/cases/<case ID>/comment`
+
+===== URL parts
+
+The URL must include the `case ID` of the case to which you are adding a 
+comment.
+
+==== Request body
+
+A JSON object with a `comment` field:
+
+[width="100%",options="header"]
+|==============================================
+|Name |Type |Description |Required
+
+|`comment` |String |The case's new comment. |Yes
+|==============================================
+
+===== Example request
+
+Adds a comment to case ID `7125e150-2fb7-11ea-a3be-f96a1b9531f4`:
+
+[source,js]
+--------------------------------------------------
+POST api/cases/7125e150-2fb7-11ea-a3be-f96a1b9531f4/comment
+{
+  "comment": "Start operation bubblegum immediately!"
+}
+--------------------------------------------------
+// KIBANA
+
+==== Response code
+
+`200`:: 
+   Indicates a successful call.
+
+==== Response payload
+
+[source,json]
+--------------------------------------------------
+{
+  "type": "case-workflow-comment",
+  "id": "0aa70f70-2fb8-11ea-a3be-f96a1b9531f4",
+  "attributes": {
+    "comment": "Start operation bubblegum immediately!",
+    "created_at": 1578227808536,
+    "created_by": {
+      "full_name": "Classified",
+      "username": "M"
+    }
+  },
+  "references": [
+    {
+      "type": "case-workflow",
+      "name": "associated-case-workflow",
+      "id": "7125e150-2fb7-11ea-a3be-f96a1b9531f4"
+    }
+  ],
+  "updated_at": "2020-01-05T12:36:48.743Z",
+  "version": "WzQyLDFd"
+}
+--------------------------------------------------
diff --git a/docs/en/siem/cases-api-create.asciidoc b/docs/en/siem/cases-api-create.asciidoc
@@ -0,0 +1,85 @@
+[[cases-api-create]]
+=== Create case
+
+Creates a new case.
+
+==== Request URL
+
+`POST /api/cases`
+
+==== Request body
+
+A JSON object with these fields:
+
+include::shared-content/case-schema.asciidoc[tag=cases-api-json-schema]
+
+===== Example request
+
+[source,sh]
+--------------------------------------------------
+POST api/cases
+{
+  "description": "James Bond clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants",
+  "title": "Urgent phishing case - signal id #dd4fa2d4bd-804743795894438",
+  "state": "open",
+  "tags": [
+    "phishing",
+    "social engineering"
+  ],
+  "case_type": "security",
+  "assignees": [
+    {
+      "username": "M",
+      "full_name": "Classified"
+    },
+    {
+      "username": "Q",
+      "full_name": "Quality Gadgets"
+    }
+  ]
+}
+--------------------------------------------------
+// KIBANA
+
+==== Response code
+
+`200`:: 
+   Indicates a successful call.
+
+==== Response payload
+
+[source,json]
+--------------------------------------------------
+{
+  "type": "case-workflow",
+  "id": "7125e150-2fb7-11ea-a3be-f96a1b9531f4",
+  "attributes": {
+    "created_at": 1578227551012,
+    "created_by": {
+      "full_name": "Ms Moneypenny",
+      "username": "Moneypenny"
+    },
+    "description": "James Bond clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants",
+    "title": "Urgent phishing case - signal id #dd4fa2d4bd-804743795894438",
+    "state": "open",
+    "tags": [
+      "phishing",
+      "social engineering"
+    ],
+    "case_type": "security",
+    "assignees": [
+      {
+        "username": "M",
+        "full_name": "Classified"
+      },
+      {
+        "username": "Q",
+        "full_name": "Quality Gadgets"
+      }
+    ]
+  },
+  "references": [],
+  "updated_at": "2020-01-05T12:32:31.205Z",
+  "version": "WzQxLDFd"
+}
+--------------------------------------------------
diff --git a/docs/en/siem/cases-api-delete-case.asciidoc b/docs/en/siem/cases-api-delete-case.asciidoc
@@ -0,0 +1,27 @@
+[[cases-api-delete-case]]
+=== Delete case
+
+Deletes the specified case and all associated comments.
+
+==== Request URL
+
+`DELETE /api/cases/<case ID>`
+
+===== URL parts
+
+The URL must include the `case ID` of the case you are deleting. 
+
+===== Example request
+
+Deletes case ID `0a0fa050-20e4-11ea-8f80-690fedc74682`:
+
+[source,js]
+--------------------------------------------------
+DELETE api/cases/0a0fa050-20e4-11ea-8f80-690fedc74682
+--------------------------------------------------
+// KIBANA
+
+==== Response code
+
+`200`:: 
+   Indicates a successful call.
diff --git a/docs/en/siem/cases-api-delete-comment.asciidoc b/docs/en/siem/cases-api-delete-comment.asciidoc
@@ -0,0 +1,27 @@
+[[cases-api-delete-comment]]
+=== Delete comment
+
+Deletes the specified comment.
+
+==== Request URL
+
+`DELETE /api/cases/comments/<comment ID>`
+
+===== URL parts
+
+The URL must include the `comment ID` of the comment you are deleting. 
+
+===== Example request
+
+Deletes comment ID `669364c0-2174-11ea-87ed-69e2fb63d9ed`:
+
+[source,js]
+--------------------------------------------------
+DELETE api/cases/comments/669364c0-2174-11ea-87ed-69e2fb63d9ed
+--------------------------------------------------
+// KIBANA
+
+==== Response code
+
+`200`:: 
+   Indicates a successful call.
diff --git a/docs/en/siem/cases-api-get-all-cases.asciidoc b/docs/en/siem/cases-api-get-all-cases.asciidoc
@@ -0,0 +1,70 @@
+[[cases-api-get-all-cases]]
+=== Get all cases
+
+Returns all cases.
+
+==== Request URL
+
+`GET /api/cases`
+
+===== Example request
+
+[source,js]
+--------------------------------------------------
+GET api/cases
+--------------------------------------------------
+// KIBANA
+
+==== Response code
+
+`200`:: 
+   Indicates a successful call.
+
+==== Response payload
+
+A JSON object listing all cases:
+
+[source,json]
+--------------------------------------------------
+{
+  "page": 1,
+  "per_page": 20,
+  "total": 007,
+  "saved_objects": [
+    {
+      "type": "case-workflow",
+      "id": "7125e150-2fb7-11ea-a3be-f96a1b9531f4",
+      "attributes": {
+        "created_at": 1578227551012,
+        "created_by": {
+          "full_name": "Ms Moneypenny",
+          "username": "Moneypenny"
+        },
+        "description": "James Bond clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants. Operation bubblegum is active. Repeat - operation bubblegum is now active",
+        "title": "Urgent phishing case - signal id #dd4fa2d4bd-804743795894438",
+        "state": "open",
+        "tags": [
+          "phishing",
+          "social engineering",
+          "bubblegum"
+        ],
+        "case_type": "security",
+        "assignees": [
+          {
+            "username": "M",
+            "full_name": "Classified"
+          },
+          {
+            "username": "Q",
+            "full_name": "Quality Gadgets"
+          }
+        ]
+      },
+      "references": [],
+      "updated_at": "2020-01-05T13:13:58.167Z",
+      "version": "WzQ1LDFd"
+    },
+    ...
+  ]
+}
+--------------------------------------------------
diff --git a/docs/en/siem/cases-api-get-case-comments.asciidoc b/docs/en/siem/cases-api-get-case-comments.asciidoc
@@ -0,0 +1,85 @@
+[[cases-api-get-all-case-comments]]
+=== Get all case comments
+
+Returns all comments for the specified case.
+
+==== Request URL
+
+`GET /api/cases/<case ID>/comments`
+
+===== URL parts
+
+The URL must include the `case ID` of the case for which you are retrieving 
+comments.
+
+===== Example request
+
+Gets all comments for case ID `7125e150-2fb7-11ea-a3be-f96a1b9531f4`:
+
+[source,js]
+--------------------------------------------------
+GET api/cases/7125e150-2fb7-11ea-a3be-f96a1b9531f4/comments
+--------------------------------------------------
+// KIBANA
+
+==== Response code
+
+`200`:: 
+   Indicates a successful call.
+
+==== Response payload
+
+A JSON object listing all comments for the specified case:
+
+[source,json]
+--------------------------------------------------
+{
+  "page": 1,
+  "per_page": 20,
+  "total": 2,
+  "saved_objects": [
+    {
+      "type": "case-workflow-comment",
+      "id": "0aa70f70-2fb8-11ea-a3be-f96a1b9531f4",
+      "attributes": {
+        "comment": "Start operation bubblegum immediately! And chew fast!",
+        "created_at": 1578227808536,
+        "created_by": {
+          "full_name": "Classified",
+          "username": "M"
+        }
+      },
+      "references": [
+        {
+          "type": "case-workflow",
+          "name": "associated-case-workflow",
+          "id": "7125e150-2fb7-11ea-a3be-f96a1b9531f4"
+        }
+      ],
+      "updated_at": "2020-01-05T12:58:54.109Z",
+      "version": "WzQ0LDFd"
+    },
+    {
+      "type": "case-workflow-comment",
+      "id": "0b5174b0-2fc2-11ea-a3be-f96a1b9531f4",
+      "attributes": {
+        "comment": "Started chewing.",
+        "created_at": 1578232104629,
+        "created_by": {
+          "full_name": "Ms Moneypenny",
+          "username": "Moneypenny"
+        }
+      },
+      "references": [
+        {
+          "type": "case-workflow",
+          "name": "associated-case-workflow",
+          "id": "7125e150-2fb7-11ea-a3be-f96a1b9531f4"
+        }
+      ],
+      "updated_at": "2020-01-05T13:48:24.827Z",
+      "version": "WzQ2LDFd"
+    }
+  ]
+}
+--------------------------------------------------