From 5348e39a366ce2c3ba65dcab0d5b5dbac2189a0d Mon Sep 17 00:00:00 2001 From: Lisa Cawley Date: Mon, 14 Nov 2022 18:19:40 -0800 Subject: [PATCH] [DOCS] Automate final case APIs (#145007) --- .../cases/case-apis-passthru.asciidoc | 719 ++- docs/api/cases/cases-api-find-cases.asciidoc | 6 + .../cases/cases-api-find-connectors.asciidoc | 6 + docs/api/cases/cases-api-get-alerts.asciidoc | 6 + .../cases-api-get-case-activity.asciidoc | 6 + .../cases/docs/openapi/bundled-min.json | 3440 ------------- .../cases/docs/openapi/bundled-min.yaml | 2389 --------- .../plugins/cases/docs/openapi/bundled.json | 4350 ++++++----------- .../plugins/cases/docs/openapi/bundled.yaml | 4111 +++++----------- .../examples/get_case_activity_response.yaml | 107 +- .../openapi/components/schemas/assignees.yaml | 12 + .../case_configure_response_properties.yaml | 24 +- .../schemas/case_response_properties.yaml | 13 +- .../schemas/create_case_request.yaml | 13 +- .../components/schemas/payload_assignees.yaml | 7 +- .../schemas/payload_create_case.yaml | 2 + .../components/schemas/payload_delete.yaml | 3 + .../schemas/payload_user_comment.yaml | 2 +- .../schemas/update_case_request.yaml | 13 +- .../user_actions_response_properties.yaml | 19 +- .../cases/docs/openapi/entrypoint-min.yaml | 59 - .../paths/s@{spaceid}@api@cases@_find.yaml | 2 +- ...@api@cases@configure@connectors@_find.yaml | 2 +- ...s@{spaceid}@api@cases@{caseid}@alerts.yaml | 2 +- ...ceid}@api@cases@{caseid}@user_actions.yaml | 2 +- 25 files changed, 3566 insertions(+), 11749 deletions(-) delete mode 100644 x-pack/plugins/cases/docs/openapi/bundled-min.json delete mode 100644 x-pack/plugins/cases/docs/openapi/bundled-min.yaml create mode 100644 x-pack/plugins/cases/docs/openapi/components/schemas/assignees.yaml create mode 100644 x-pack/plugins/cases/docs/openapi/components/schemas/payload_delete.yaml delete mode 100644 x-pack/plugins/cases/docs/openapi/entrypoint-min.yaml diff --git a/docs/api-generated/cases/case-apis-passthru.asciidoc b/docs/api-generated/cases/case-apis-passthru.asciidoc index 13f84c1e85cc3..b90c15ba05981 100644 --- a/docs/api-generated/cases/case-apis-passthru.asciidoc +++ b/docs/api-generated/cases/case-apis-passthru.asciidoc @@ -25,11 +25,15 @@ Any modifications made to this file will be overwritten.
  • delete /s/{spaceId}/api/cases/{caseId}/comments
  • get /s/{spaceId}/api/cases/{caseId}/comments
  • get /s/{spaceId}/api/cases/{caseId}
  • +
  • get /s/{spaceId}/api/cases/{caseId}/user_actions
  • +
  • get /s/{spaceId}/api/cases/{caseId}/alerts
  • get /s/{spaceId}/api/cases/{caseId}/comments/{commentId}
  • get /s/{spaceId}/api/cases/configure
  • +
  • get /s/{spaceId}/api/cases/configure/connectors/_find
  • get /s/{spaceId}/api/cases/reporters
  • get /s/{spaceId}/api/cases/status
  • get /s/{spaceId}/api/cases/tags
  • +
  • get /s/{spaceId}/api/cases/_find
  • get /s/{spaceId}/api/cases/alerts/{alertId}
  • post /s/{spaceId}/api/cases/{caseId}/connector/{connectorId}/_push
  • post /s/{spaceId}/api/cases/configure
  • @@ -604,6 +608,116 @@ Any modifications made to this file will be overwritten. case_response_properties
    +
    +
    + Up +
    get /s/{spaceId}/api/cases/{caseId}/user_actions
    +
    Returns all user activity for a case. (getCaseActivity)
    +
    You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're seeking.
    + +

    Path parameters

    +
    +
    caseId (required)
    + +
    Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
    spaceId (required)
    + +
    Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
    +
    + + + + + + +

    Return type

    + + + + +

    Example data

    +
    Content-Type: application/json
    +
    {
    +  "owner" : "cases",
    +  "action_id" : "22fd3e30-03b1-11ed-920c-974bfa104448",
    +  "case_id" : "22df07d0-03b1-11ed-920c-974bfa104448",
    +  "action" : "create",
    +  "created_at" : "2022-05-13T09:16:17.416Z",
    +  "comment_id" : "578608d0-03b1-11ed-920c-974bfa104448",
    +  "type" : "create_case",
    +  "created_by" : {
    +    "full_name" : "full_name",
    +    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
    +    "email" : "email",
    +    "username" : "elastic"
    +  }
    +}
    + +

    Produces

    + This API call produces the following media types according to the Accept request header; + the media type will be conveyed by the Content-Type response header. + + +

    Responses

    +

    200

    + Indicates a successful call. + +
    +
    +
    +
    + Up +
    get /s/{spaceId}/api/cases/{caseId}/alerts
    +
    Gets all alerts attached to a case. (getCaseAlerts)
    +
    You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're seeking.
    + +

    Path parameters

    +
    +
    caseId (required)
    + +
    Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
    spaceId (required)
    + +
    Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
    +
    + + + + + + +

    Return type

    + + + + +

    Example data

    +
    Content-Type: application/json
    +
    {
    +  "index" : "index",
    +  "id" : "id",
    +  "attached_at" : "2000-01-23T04:56:07.000+00:00"
    +}
    + +

    Produces

    + This API call produces the following media types according to the Accept request header; + the media type will be conveyed by the Content-Type response header. + + +

    Responses

    +

    200

    + Indicates a successful call. + +
    +
    Up @@ -708,6 +822,7 @@ Any modifications made to this file will be overwritten. "updated_at" : "2022-06-01T19:58:48.169Z", "updated_by" : { "full_name" : "full_name", + "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0", "email" : "email", "username" : "elastic" }, @@ -716,6 +831,7 @@ Any modifications made to this file will be overwritten. "error" : "error", "created_by" : { "full_name" : "full_name", + "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0", "email" : "email", "username" : "elastic" }, @@ -733,6 +849,62 @@ Any modifications made to this file will be overwritten.

    200

    Indicates a successful call. +
    +
    +
    +
    + Up +
    get /s/{spaceId}/api/cases/configure/connectors/_find
    +
    Retrieves information about connectors. (getCaseConnectors)
    +
    In particular, only the connectors that are supported for use in cases are returned. You must have read privileges for the Actions and Connectors feature in the Management section of the Kibana feature privileges.
    + +

    Path parameters

    +
    +
    spaceId (required)
    + +
    Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
    +
    + + + + + + +

    Return type

    + + + + +

    Example data

    +
    Content-Type: application/json
    +
    {
    +  "isPreconfigured" : true,
    +  "isDeprecated" : true,
    +  "actionTypeId" : ".none",
    +  "referencedByCount" : 0,
    +  "name" : "name",
    +  "id" : "id",
    +  "config" : {
    +    "projectKey" : "projectKey",
    +    "apiUrl" : "apiUrl"
    +  },
    +  "isMissingSecrets" : true
    +}
    + +

    Produces

    + This API call produces the following media types according to the Accept request header; + the media type will be conveyed by the Content-Type response header. +
      +
    • application/json
    • +
    + +

    Responses

    +

    200

    + Indicates a successful call. +


    +
    +
    + Up +
    get /s/{spaceId}/api/cases/_find
    +
    Retrieves a paginated subset of cases. (getCases)
    +
    You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're seeking.
    + +

    Path parameters

    +
    +
    spaceId (required)
    + +
    Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
    +
    + + + + +

    Query parameters

    +
    +
    defaultSearchOperator (optional)
    + +
    Query Parameter — The default operator to use for the simple_query_string. default: OR
    fields (optional)
    + +
    Query Parameter — The fields in the entity to return in the response. default: null
    from (optional)
    + +
    Query Parameter — [preview] Returns only cases that were created after a specific date. The date must be specified as a KQL data range or date match expression. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. default: null
    owner (optional)
    + +
    Query Parameter — A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read. default: null
    page (optional)
    + +
    Query Parameter — The page number to return. default: 1
    perPage (optional)
    + +
    Query Parameter — The number of rules to return per page. default: 20
    reporters (optional)
    + +
    Query Parameter — Filters the returned cases by the user name of the reporter. default: null
    search (optional)
    + +
    Query Parameter — An Elasticsearch simple_query_string query that filters the objects in the response. default: null
    searchFields (optional)
    + +
    Query Parameter — The fields to perform the simple_query_string parsed query against. default: null
    severity (optional)
    + +
    Query Parameter — The severity of the case. default: null
    sortField (optional)
    + +
    Query Parameter — Determines which field is used to sort the results. default: createdAt
    sortOrder (optional)
    + +
    Query Parameter — Determines the sort order. default: desc
    status (optional)
    + +
    Query Parameter — Filters the returned cases by state. default: null
    tags (optional)
    + +
    Query Parameter — Filters the returned cases by tags. default: null
    to (optional)
    + +
    Query Parameter — [preview] Returns only cases that were created before a specific date. The date must be specified as a KQL data range or date match expression. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. default: null
    +
    + + +

    Return type

    + + + + +

    Example data

    +
    Content-Type: application/json
    +
    {
    +  "count_in_progress_cases" : 6,
    +  "per_page" : 5,
    +  "total" : 2,
    +  "cases" : [ {
    +    "owner" : "cases",
    +    "totalComment" : 0,
    +    "settings" : {
    +      "syncAlerts" : true
    +    },
    +    "totalAlerts" : 0,
    +    "closed_at" : "2000-01-23T04:56:07.000+00:00",
    +    "comments" : [ null, null ],
    +    "assignees" : [ {
    +      "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
    +    }, {
    +      "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
    +    } ],
    +    "created_at" : "2022-05-13T09:16:17.416Z",
    +    "description" : "A case description.",
    +    "title" : "Case title 1",
    +    "created_by" : {
    +      "full_name" : "full_name",
    +      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
    +      "email" : "email",
    +      "username" : "elastic"
    +    },
    +    "version" : "WzUzMiwxXQ==",
    +    "closed_by" : {
    +      "full_name" : "full_name",
    +      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
    +      "email" : "email",
    +      "username" : "elastic"
    +    },
    +    "tags" : [ "tag-1" ],
    +    "duration" : 120,
    +    "updated_at" : "2000-01-23T04:56:07.000+00:00",
    +    "updated_by" : {
    +      "full_name" : "full_name",
    +      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
    +      "email" : "email",
    +      "username" : "elastic"
    +    },
    +    "id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
    +    "external_service" : {
    +      "external_title" : "external_title",
    +      "pushed_by" : {
    +        "full_name" : "full_name",
    +        "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
    +        "email" : "email",
    +        "username" : "elastic"
    +      },
    +      "external_url" : "external_url",
    +      "pushed_at" : "2000-01-23T04:56:07.000+00:00",
    +      "connector_id" : "connector_id",
    +      "external_id" : "external_id",
    +      "connector_name" : "connector_name"
    +    }
    +  }, {
    +    "owner" : "cases",
    +    "totalComment" : 0,
    +    "settings" : {
    +      "syncAlerts" : true
    +    },
    +    "totalAlerts" : 0,
    +    "closed_at" : "2000-01-23T04:56:07.000+00:00",
    +    "comments" : [ null, null ],
    +    "assignees" : [ {
    +      "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
    +    }, {
    +      "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
    +    } ],
    +    "created_at" : "2022-05-13T09:16:17.416Z",
    +    "description" : "A case description.",
    +    "title" : "Case title 1",
    +    "created_by" : {
    +      "full_name" : "full_name",
    +      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
    +      "email" : "email",
    +      "username" : "elastic"
    +    },
    +    "version" : "WzUzMiwxXQ==",
    +    "closed_by" : {
    +      "full_name" : "full_name",
    +      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
    +      "email" : "email",
    +      "username" : "elastic"
    +    },
    +    "tags" : [ "tag-1" ],
    +    "duration" : 120,
    +    "updated_at" : "2000-01-23T04:56:07.000+00:00",
    +    "updated_by" : {
    +      "full_name" : "full_name",
    +      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
    +      "email" : "email",
    +      "username" : "elastic"
    +    },
    +    "id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
    +    "external_service" : {
    +      "external_title" : "external_title",
    +      "pushed_by" : {
    +        "full_name" : "full_name",
    +        "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
    +        "email" : "email",
    +        "username" : "elastic"
    +      },
    +      "external_url" : "external_url",
    +      "pushed_at" : "2000-01-23T04:56:07.000+00:00",
    +      "connector_id" : "connector_id",
    +      "external_id" : "external_id",
    +      "connector_name" : "connector_name"
    +    }
    +  } ],
    +  "count_open_cases" : 1,
    +  "count_closed_cases" : 0,
    +  "page" : 5
    +}
    + +

    Produces

    + This API call produces the following media types according to the Accept request header; + the media type will be conveyed by the Content-Type response header. +
      +
    • application/json
    • +
    + +

    Responses

    +

    200

    + Indicates a successful call. + getCases_200_response +
    +
    Up @@ -1139,6 +1505,7 @@ Any modifications made to this file will be overwritten. "updated_at" : "2022-06-01T19:58:48.169Z", "updated_by" : { "full_name" : "full_name", + "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0", "email" : "email", "username" : "elastic" }, @@ -1147,6 +1514,7 @@ Any modifications made to this file will be overwritten. "error" : "error", "created_by" : { "full_name" : "full_name", + "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0", "email" : "email", "username" : "elastic" }, @@ -1473,6 +1841,7 @@ Any modifications made to this file will be overwritten. "updated_at" : "2022-06-01T19:58:48.169Z", "updated_by" : { "full_name" : "full_name", + "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0", "email" : "email", "username" : "elastic" }, @@ -1481,6 +1850,7 @@ Any modifications made to this file will be overwritten. "error" : "error", "created_by" : { "full_name" : "full_name", + "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0", "email" : "email", "username" : "elastic" }, @@ -1508,18 +1878,20 @@ Any modifications made to this file will be overwritten.
    1. Case_response_properties_for_comments_inner -
    2. Case_response_properties_for_connectors - Case response properties for connectors
    3. +
    4. action_types -
    5. +
    6. actions -
    7. add_alert_comment_request_properties - Add case comment request properties for alerts
    8. add_case_comment_request - Add case comment request
    9. add_user_comment_request_properties - Add case comment request properties for user comments
    10. alert_comment_response_properties - Add case comment response properties for alerts
    11. -
    12. alert_comment_response_properties_pushed_by -
    13. alert_comment_response_properties_rule -
    14. alert_identifiers - Alert identifiers
    15. alert_indices - Alert indices
    16. +
    17. alert_response_properties -
    18. +
    19. assignees_inner -
    20. case_response_closed_by_properties - Case response properties for closed_by
    21. case_response_created_by_properties - Case response properties for created_by
    22. case_response_properties - Case response properties
    23. -
    24. case_response_properties_assignees_inner -
    25. case_response_pushed_by_properties - Case response properties for pushed_by
    26. case_response_updated_by_properties - Case response properties for updated_by
    27. closure_types -
    28. @@ -1537,7 +1909,6 @@ Any modifications made to this file will be overwritten.
    29. connector_properties_swimlane_fields -
    30. connector_types -
    31. create_case_request - Create case request
    32. -
    33. create_case_request_assignees_inner -
    34. create_case_request_connector -
    35. external_service -
    36. getCaseComment_200_response -
    37. @@ -1546,11 +1917,32 @@ Any modifications made to this file will be overwritten.
    38. getCaseConfiguration_200_response_inner_created_by -
    39. getCaseConfiguration_200_response_inner_mappings_inner -
    40. getCaseConfiguration_200_response_inner_updated_by -
    41. -
    42. getCaseReporters_200_response_inner -
    43. +
    44. getCaseConnectors_200_response_inner -
    45. +
    46. getCaseConnectors_200_response_inner_config -
    47. getCaseStatus_200_response -
    48. getCasesByAlert_200_response_inner -
    49. -
    50. getCasesByAlert_owner_parameter -
    51. +
    52. getCases_200_response -
    53. +
    54. getCases_owner_parameter -
    55. +
    56. getCases_reporters_parameter -
    57. owners -
    58. +
    59. payload_alert_comment -
    60. +
    61. payload_alert_comment_comment -
    62. +
    63. payload_alert_comment_comment_alertId -
    64. +
    65. payload_alert_comment_comment_index -
    66. +
    67. payload_assignees -
    68. +
    69. payload_connector -
    70. +
    71. payload_connector_connector -
    72. +
    73. payload_connector_connector_fields -
    74. +
    75. payload_create_case -
    76. +
    77. payload_description -
    78. +
    79. payload_pushed -
    80. +
    81. payload_settings -
    82. +
    83. payload_severity -
    84. +
    85. payload_status -
    86. +
    87. payload_tags -
    88. +
    89. payload_title -
    90. +
    91. payload_user_comment -
    92. +
    93. payload_user_comment_comment -
    94. rule - Alerting rule
    95. setCaseConfiguration_request -
    96. setCaseConfiguration_request_connector -
    97. @@ -1564,6 +1956,9 @@ Any modifications made to this file will be overwritten.
    98. update_case_request - Update case request
    99. update_case_request_cases_inner -
    100. update_user_comment_request_properties - Update case comment request properties for user comments
    101. +
    102. user_actions_response_properties -
    103. +
    104. user_actions_response_properties_created_by -
    105. +
    106. user_actions_response_properties_payload -
    107. user_comment_response_properties - Case response properties for user comments
    @@ -1601,6 +1996,18 @@ Any modifications made to this file will be overwritten.
    .swimlane
    +
    +

    action_types - Up

    +
    The type of action.
    +
    +
    +
    +
    +

    actions - Up

    +
    +
    +
    +

    add_alert_comment_request_properties - Add case comment request properties for alerts Up

    Defines properties for case comment requests when type is alert.
    @@ -1645,31 +2052,21 @@ Any modifications made to this file will be overwritten.
    alertId (optional)
    created_at (optional)
    Date format: date-time
    -
    created_by (optional)
    +
    created_by (optional)
    id (optional)
    index (optional)
    owner (optional)
    pushed_at (optional)
    Date format: date-time
    -
    pushed_by (optional)
    +
    pushed_by (optional)
    rule (optional)
    type
    Enum:
    alert
    updated_at (optional)
    Date format: date-time
    -
    updated_by (optional)
    +
    updated_by (optional)
    version (optional)
    -
    -

    alert_comment_response_properties_pushed_by - Up

    -
    -
    -
    email (optional)
    -
    full_name (optional)
    -
    username (optional)
    -
    profile_uid (optional)
    -
    -

    alert_comment_response_properties_rule - Up

    @@ -1690,6 +2087,22 @@ Any modifications made to this file will be overwritten.
    +
    +

    alert_response_properties - Up

    +
    +
    +
    attached_at (optional)
    Date format: date-time
    +
    id (optional)
    String The alert identifier.
    +
    index (optional)
    String The alert index.
    +
    +
    +
    +

    assignees_inner - Up

    +
    +
    +
    uid
    String A unique identifier for the user profile. These identifiers can be found by using the suggest user profile API.
    +
    +

    case_response_closed_by_properties - Case response properties for closed_by Up

    @@ -1714,7 +2127,7 @@ Any modifications made to this file will be overwritten.

    case_response_properties - Case response properties Up

    -
    assignees (optional)
    array[case_response_properties_assignees_inner] An array containing users that are assigned to the case.
    +
    assignees (optional)
    array[assignees_inner] An array containing users that are assigned to the case.
    closed_at
    Date format: date-time
    closed_by
    comments
    array[Case_response_properties_for_comments_inner] An array of comment objects for the case.
    @@ -1738,13 +2151,6 @@ Any modifications made to this file will be overwritten.
    version
    -
    -

    case_response_properties_assignees_inner - Up

    -
    -
    -
    uid
    String A unique identifier for the user profile. You can use the get user profile API to retrieve more details.
    -
    -

    case_response_pushed_by_properties - Case response properties for pushed_by Up

    @@ -1913,7 +2319,7 @@ Any modifications made to this file will be overwritten.

    create_case_request - Create case request Up

    The create case API request body varies depending on the type of connector.
    -
    assignees (optional)
    array[create_case_request_assignees_inner] An array containing users that are assigned to the case.
    +
    assignees (optional)
    array[assignees_inner] An array containing users that are assigned to the case.
    connector
    description
    String The description for the case.
    owner
    @@ -1923,13 +2329,6 @@ Any modifications made to this file will be overwritten.
    title
    String A title for the case.
    -
    -

    create_case_request_assignees_inner - Up

    -
    -
    -
    uid
    String A unique identifier for the user profile. These identifiers can be found by using the suggest user profile API.
    -
    -

    create_case_request_connector - Up

    @@ -1952,7 +2351,7 @@ Any modifications made to this file will be overwritten.
    external_title (optional)
    external_url (optional)
    pushed_at (optional)
    Date format: date-time
    -
    pushed_by (optional)
    +
    pushed_by (optional)
    @@ -2011,6 +2410,7 @@ Any modifications made to this file will be overwritten.
    email (optional)
    full_name (optional)
    username (optional)
    +
    profile_uid (optional)
    @@ -2029,16 +2429,29 @@ Any modifications made to this file will be overwritten.
    email (optional)
    full_name (optional)
    username (optional)
    +
    profile_uid (optional)
    -

    getCaseReporters_200_response_inner - Up

    +

    getCaseConnectors_200_response_inner - Up

    -
    email (optional)
    -
    full_name (optional)
    -
    username (optional)
    -
    profile_uid (optional)
    +
    actionTypeId (optional)
    +
    config (optional)
    +
    id (optional)
    +
    isDeprecated (optional)
    +
    isMissingSecrets (optional)
    +
    isPreconfigured (optional)
    +
    name (optional)
    +
    referencedByCount (optional)
    +
    +
    +
    +

    getCaseConnectors_200_response_inner_config - Up

    +
    +
    +
    apiUrl (optional)
    +
    projectKey (optional)
    @@ -2059,7 +2472,26 @@ Any modifications made to this file will be overwritten.
    -

    getCasesByAlert_owner_parameter - Up

    +

    getCases_200_response - Up

    +
    +
    +
    cases (optional)
    +
    count_closed_cases (optional)
    +
    count_in_progress_cases (optional)
    +
    count_open_cases (optional)
    +
    page (optional)
    +
    per_page (optional)
    +
    total (optional)
    +
    +
    +
    +

    getCases_owner_parameter - Up

    +
    +
    +
    +
    +
    +

    getCases_reporters_parameter - Up

    @@ -2070,6 +2502,165 @@ Any modifications made to this file will be overwritten.
    +
    +

    payload_alert_comment - Up

    +
    +
    +
    comment (optional)
    +
    +
    +
    +

    payload_alert_comment_comment - Up

    +
    +
    +
    alertId (optional)
    +
    index (optional)
    +
    owner (optional)
    +
    rule (optional)
    +
    type (optional)
    +
    Enum:
    +
    alert
    +
    +
    +
    +

    payload_alert_comment_comment_alertId - Up

    +
    +
    +
    +
    +
    +

    payload_alert_comment_comment_index - Up

    +
    +
    +
    +
    +
    +

    payload_assignees - Up

    +
    +
    +
    assignees (optional)
    array[assignees_inner] An array containing users that are assigned to the case.
    +
    +
    +
    +

    payload_connector - Up

    +
    +
    +
    connector (optional)
    +
    +
    +
    +

    payload_connector_connector - Up

    +
    +
    +
    fields (optional)
    +
    id (optional)
    String The identifier for the connector. To create a case without a connector, use none.
    +
    name (optional)
    String The name of the connector. To create a case without a connector, use none.
    +
    type (optional)
    +
    +
    +
    +

    payload_connector_connector_fields - Up

    +
    An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.
    +
    +
    caseId (optional)
    String The case identifier for Swimlane connectors.
    +
    category (optional)
    String The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.
    +
    destIp (optional)
    Boolean Indicates whether cases will send a comma-separated list of destination IPs for ServiceNow SecOps connectors.
    +
    impact (optional)
    String The effect an incident had on business for ServiceNow ITSM connectors.
    +
    issueType (optional)
    String The type of issue for Jira connectors.
    +
    issueTypes (optional)
    array[String] The type of incident for IBM Resilient connectors.
    +
    malwareHash (optional)
    Boolean Indicates whether cases will send a comma-separated list of malware hashes for ServiceNow SecOps connectors.
    +
    malwareUrl (optional)
    Boolean Indicates whether cases will send a comma-separated list of malware URLs for ServiceNow SecOps connectors.
    +
    parent (optional)
    String The key of the parent issue, when the issue type is sub-task for Jira connectors.
    +
    priority (optional)
    String The priority of the issue for Jira and ServiceNow SecOps connectors.
    +
    severity (optional)
    String The severity of the incident for ServiceNow ITSM connectors.
    +
    severityCode (optional)
    String The severity code of the incident for IBM Resilient connectors.
    +
    sourceIp (optional)
    Boolean Indicates whether cases will send a comma-separated list of source IPs for ServiceNow SecOps connectors.
    +
    subcategory (optional)
    String The subcategory of the incident for ServiceNow ITSM connectors.
    +
    urgency (optional)
    String The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.
    +
    +
    +
    +

    payload_create_case - Up

    +
    +
    +
    assignees (optional)
    array[assignees_inner] An array containing users that are assigned to the case.
    +
    connector (optional)
    +
    description (optional)
    +
    owner (optional)
    +
    settings (optional)
    +
    severity (optional)
    +
    status (optional)
    +
    tags (optional)
    +
    title (optional)
    +
    +
    +
    +

    payload_description - Up

    +
    +
    +
    description (optional)
    +
    +
    +
    +

    payload_pushed - Up

    +
    +
    +
    externalService (optional)
    +
    +
    +
    +

    payload_settings - Up

    +
    +
    +
    settings (optional)
    +
    +
    +
    +

    payload_severity - Up

    +
    +
    +
    severity (optional)
    +
    +
    +
    +

    payload_status - Up

    +
    +
    +
    status (optional)
    +
    +
    +
    +

    payload_tags - Up

    +
    +
    +
    tags (optional)
    +
    +
    +
    +

    payload_title - Up

    +
    +
    +
    title (optional)
    +
    +
    +
    +

    payload_user_comment - Up

    +
    +
    +
    comment (optional)
    +
    +
    +
    +

    payload_user_comment_comment - Up

    +
    +
    +
    comment (optional)
    +
    owner (optional)
    +
    type (optional)
    +
    Enum:
    +
    user
    +
    +

    rule - Alerting rule Up

    The rule that is associated with the alert. It is required only when type is alert. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
    @@ -2175,7 +2766,7 @@ Any modifications made to this file will be overwritten.

    update_case_request_cases_inner - Up

    -
    assignees (optional)
    array[create_case_request_assignees_inner] An array containing users that are assigned to the case.
    +
    assignees (optional)
    array[assignees_inner] An array containing users that are assigned to the case.
    connector (optional)
    description (optional)
    String An updated description for the case.
    id
    String The identifier for the case.
    @@ -2200,6 +2791,48 @@ Any modifications made to this file will be overwritten.
    version
    String The current comment version. To retrieve version values, use the get comments API.
    +
    +

    user_actions_response_properties - Up

    +
    +
    +
    action
    +
    action_id
    +
    case_id
    +
    comment_id
    +
    created_at
    Date format: date-time
    +
    created_by
    +
    owner
    +
    payload
    +
    type
    +
    +
    +
    +

    user_actions_response_properties_created_by - Up

    +
    +
    +
    email
    +
    full_name
    +
    username
    +
    profile_uid (optional)
    +
    +
    +
    +

    user_actions_response_properties_payload - Up

    +
    +
    +
    comment (optional)
    +
    assignees (optional)
    array[assignees_inner] An array containing users that are assigned to the case.
    +
    connector (optional)
    +
    description (optional)
    +
    owner (optional)
    +
    settings (optional)
    +
    severity (optional)
    +
    status (optional)
    +
    tags (optional)
    +
    title (optional)
    +
    externalService (optional)
    +
    +

    user_comment_response_properties - Case response properties for user comments Up

    diff --git a/docs/api/cases/cases-api-find-cases.asciidoc b/docs/api/cases/cases-api-find-cases.asciidoc index 770e1d30ee594..ff79471a677fa 100644 --- a/docs/api/cases/cases-api-find-cases.asciidoc +++ b/docs/api/cases/cases-api-find-cases.asciidoc @@ -6,6 +6,12 @@ Retrieves a paginated subset of cases. +[NOTE] +==== +For the most up-to-date API details, refer to the +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +==== + === {api-request-title} `GET :/api/cases/_find` diff --git a/docs/api/cases/cases-api-find-connectors.asciidoc b/docs/api/cases/cases-api-find-connectors.asciidoc index b12be5621e991..aee6900155726 100644 --- a/docs/api/cases/cases-api-find-connectors.asciidoc +++ b/docs/api/cases/cases-api-find-connectors.asciidoc @@ -10,6 +10,12 @@ In particular, only the connectors that are supported for use in cases are returned. Refer to the list of supported external incident management systems in <>. +[NOTE] +==== +For the most up-to-date API details, refer to the +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +==== + === {api-request-title} `GET :/api/cases/configure/connectors/_find` diff --git a/docs/api/cases/cases-api-get-alerts.asciidoc b/docs/api/cases/cases-api-get-alerts.asciidoc index c9857d985d086..1b9c1da1bd926 100644 --- a/docs/api/cases/cases-api-get-alerts.asciidoc +++ b/docs/api/cases/cases-api-get-alerts.asciidoc @@ -8,6 +8,12 @@ preview::[] Gets all alerts attached to a case. +[NOTE] +==== +For the most up-to-date API details, refer to the +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +==== + === {api-request-title} `GET :/api/cases//alerts` diff --git a/docs/api/cases/cases-api-get-case-activity.asciidoc b/docs/api/cases/cases-api-get-case-activity.asciidoc index a87d322d0f8c0..da23e845164db 100644 --- a/docs/api/cases/cases-api-get-case-activity.asciidoc +++ b/docs/api/cases/cases-api-get-case-activity.asciidoc @@ -8,6 +8,12 @@ Returns all user activity for a case. deprecated::[8.1.0] +[NOTE] +==== +For the most up-to-date API details, refer to the +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +==== + === {api-request-title} `GET :/api/cases//user_actions` diff --git a/x-pack/plugins/cases/docs/openapi/bundled-min.json b/x-pack/plugins/cases/docs/openapi/bundled-min.json deleted file mode 100644 index c3fc5ebc17443..0000000000000 --- a/x-pack/plugins/cases/docs/openapi/bundled-min.json +++ /dev/null @@ -1,3440 +0,0 @@ -{ - "openapi": "3.0.1", - "info": { - "title": "Cases", - "description": "OpenAPI schema for Cases endpoints", - "version": "0.2", - "contact": { - "name": "Cases Team" - }, - "license": { - "name": "Elastic License 2.0", - "url": "https://www.elastic.co/licensing/elastic-license" - } - }, - "tags": [ - { - "name": "cases", - "description": "Case APIs enable you to open and track issues." - } - ], - "servers": [ - { - "url": "http://localhost:5601", - "description": "local" - } - ], - "paths": { - "/s/{spaceId}/api/cases": { - "post": { - "summary": "Creates a case.", - "operationId": "createCase", - "description": "You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're creating.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/kbn_xsrf" - }, - { - "$ref": "#/components/parameters/space_id" - } - ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/create_case_request" - }, - "examples": { - "createCaseRequest": { - "$ref": "#/components/examples/create_case_request" - } - } - } - } - }, - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/case_response_properties" - }, - "examples": { - "createCaseResponse": { - "$ref": "#/components/examples/create_case_response" - } - } - } - } - } - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "delete": { - "summary": "Deletes one or more cases.", - "operationId": "deleteCase", - "description": "You must have `read` or `all` privileges and the `delete` sub-feature privilege for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/kbn_xsrf" - }, - { - "$ref": "#/components/parameters/space_id" - }, - { - "name": "ids", - "description": "The cases that you want to removed. All non-ASCII characters must be URL encoded.", - "in": "query", - "required": true, - "schema": { - "type": "string" - }, - "example": "d4e7abb0-b462-11ec-9a8d-698504725a43" - } - ], - "responses": { - "204": { - "description": "Indicates a successful call." - } - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "patch": { - "summary": "Updates one or more cases.", - "operationId": "updateCase", - "description": "You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/kbn_xsrf" - }, - { - "$ref": "#/components/parameters/space_id" - } - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/update_case_request" - }, - "examples": { - "updateCaseRequest": { - "$ref": "#/components/examples/update_case_request" - } - } - } - } - }, - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/case_response_properties" - } - }, - "examples": { - "updateCaseResponse": { - "$ref": "#/components/examples/update_case_response" - } - } - } - } - } - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "/s/{spaceId}/api/cases/alerts/{alertId}": { - "get": { - "summary": "Returns the cases associated with a specific alert.", - "operationId": "getCasesByAlert", - "description": "You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.\n", - "x-technical-preview": true, - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/alert_id" - }, - { - "$ref": "#/components/parameters/space_id" - }, - { - "$ref": "#/components/parameters/owner" - } - ], - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "type": "object", - "properties": { - "id": { - "type": "string", - "description": "The case identifier." - }, - "title": { - "type": "string", - "description": "The case title." - } - } - }, - "example": [ - { - "id": "06116b80-e1c3-11ec-be9b-9b1838238ee6", - "title": "security_case" - } - ] - } - } - } - } - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "/s/{spaceId}/api/cases/configure": { - "get": { - "summary": "Retrieves external connection details, such as the closure type and default connector for cases.", - "operationId": "getCaseConfiguration", - "description": "You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case configuration.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/space_id" - }, - { - "$ref": "#/components/parameters/owner" - } - ], - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "type": "object", - "properties": { - "closure_type": { - "$ref": "#/components/schemas/closure_types" - }, - "connector": { - "type": "object", - "properties": { - "fields": { - "description": "The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`.", - "nullable": true, - "type": "object" - }, - "id": { - "description": "The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API.", - "type": "string", - "example": "none" - }, - "name": { - "description": "The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API.", - "type": "string", - "example": "none" - }, - "type": { - "$ref": "#/components/schemas/connector_types" - } - } - }, - "created_at": { - "type": "string", - "format": "date-time", - "example": "2022-06-01T17:07:17.767Z" - }, - "created_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null, - "nullable": true - }, - "full_name": { - "type": "string", - "example": null, - "nullable": true - }, - "username": { - "type": "string", - "example": "elastic" - } - } - }, - "error": { - "type": "string", - "nullable": true, - "example": null - }, - "id": { - "type": "string", - "example": "4a97a440-e1cd-11ec-be9b-9b1838238ee6" - }, - "mappings": { - "type": "array", - "items": { - "type": "object", - "properties": { - "action_type": { - "type": "string", - "example": "overwrite" - }, - "source": { - "type": "string", - "example": "title" - }, - "target": { - "type": "string", - "example": "summary" - } - } - } - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "updated_at": { - "type": "string", - "format": "date-time", - "nullable": true, - "example": "2022-06-01T19:58:48.169Z" - }, - "updated_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null, - "nullable": true - }, - "full_name": { - "type": "string", - "example": null, - "nullable": true - }, - "username": { - "type": "string", - "example": "elastic" - } - }, - "nullable": true - }, - "version": { - "type": "string", - "example": "WzIwNzMsMV0=" - } - } - } - } - } - } - } - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "post": { - "summary": "Sets external connection details, such as the closure type and default connector for cases.", - "operationId": "setCaseConfiguration", - "description": "You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case configuration. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. Refer to the add connectors API. If you set a default connector, it is automatically selected when you create cases in Kibana. If you use the create case API, however, you must still specify all of the connector details.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/kbn_xsrf" - }, - { - "$ref": "#/components/parameters/space_id" - } - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "type": "object", - "properties": { - "closure_type": { - "$ref": "#/components/schemas/closure_types" - }, - "connector": { - "description": "An object that contains the connector configuration.", - "type": "object", - "properties": { - "fields": { - "description": "The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`.", - "nullable": true, - "type": "object" - }, - "id": { - "description": "The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API.", - "type": "string", - "example": "none" - }, - "name": { - "description": "The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API.", - "type": "string", - "example": "none" - }, - "type": { - "$ref": "#/components/schemas/connector_types" - } - }, - "required": [ - "fields", - "id", - "name", - "type" - ] - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "settings": { - "description": "An object that contains the case settings.", - "type": "object", - "properties": { - "syncAlerts": { - "description": "Turns alert syncing on or off.", - "type": "boolean", - "example": true - } - }, - "required": [ - "syncAlerts" - ] - } - }, - "required": [ - "closure_type", - "connector", - "owner" - ] - }, - "examples": { - "setCaseConfigRequest": { - "$ref": "#/components/examples/set_case_configuration_request" - } - } - } - } - }, - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "type": "object", - "properties": { - "closure_type": { - "$ref": "#/components/schemas/closure_types" - }, - "connector": { - "type": "object", - "properties": { - "fields": { - "description": "The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`.", - "nullable": true, - "type": "object" - }, - "id": { - "description": "The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API.", - "type": "string", - "example": "none" - }, - "name": { - "description": "The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API.", - "type": "string", - "example": "none" - }, - "type": { - "$ref": "#/components/schemas/connector_types" - } - } - }, - "created_at": { - "type": "string", - "format": "date-time", - "example": "2022-06-01T17:07:17.767Z" - }, - "created_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null, - "nullable": true - }, - "full_name": { - "type": "string", - "example": null, - "nullable": true - }, - "username": { - "type": "string", - "example": "elastic" - } - } - }, - "error": { - "type": "string", - "nullable": true, - "example": null - }, - "id": { - "type": "string", - "example": "4a97a440-e1cd-11ec-be9b-9b1838238ee6" - }, - "mappings": { - "type": "array", - "items": { - "type": "object", - "properties": { - "action_type": { - "type": "string", - "example": "overwrite" - }, - "source": { - "type": "string", - "example": "title" - }, - "target": { - "type": "string", - "example": "summary" - } - } - } - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "updated_at": { - "type": "string", - "format": "date-time", - "nullable": true, - "example": "2022-06-01T19:58:48.169Z" - }, - "updated_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null, - "nullable": true - }, - "full_name": { - "type": "string", - "example": null, - "nullable": true - }, - "username": { - "type": "string", - "example": "elastic" - } - }, - "nullable": true - }, - "version": { - "type": "string", - "example": "WzIwNzMsMV0=" - } - } - }, - "examples": { - "setCaseConfigResponse": { - "$ref": "#/components/examples/set_case_configuration_response" - } - } - } - } - } - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "/s/{spaceId}/api/cases/configure/{configurationId}": { - "patch": { - "summary": "Updates external connection details, such as the closure type and default connector for cases.", - "operationId": "updateCaseConfiguration", - "description": "You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case configuration. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. Refer to the add connectors API.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/kbn_xsrf" - }, - { - "$ref": "#/components/parameters/configuration_id" - }, - { - "$ref": "#/components/parameters/space_id" - } - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "type": "object", - "properties": { - "closure_type": { - "$ref": "#/components/schemas/closure_types" - }, - "connector": { - "description": "An object that contains the connector configuration.", - "type": "object", - "properties": { - "fields": { - "description": "The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`.", - "nullable": true, - "type": "object" - }, - "id": { - "description": "The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API.", - "type": "string", - "example": "none" - }, - "name": { - "description": "The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API.", - "type": "string", - "example": "none" - }, - "type": { - "$ref": "#/components/schemas/connector_types" - } - }, - "required": [ - "fields", - "id", - "name", - "type" - ] - }, - "version": { - "description": "The version of the connector. To retrieve the version value, use the get configuration API.\n", - "type": "string", - "example": "WzIwMiwxXQ==" - } - }, - "required": [ - "version" - ] - } - } - } - }, - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "type": "object", - "properties": { - "closure_type": { - "$ref": "#/components/schemas/closure_types" - }, - "connector": { - "type": "object", - "properties": { - "fields": { - "description": "The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`.", - "nullable": true, - "type": "object" - }, - "id": { - "description": "The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API.", - "type": "string", - "example": "none" - }, - "name": { - "description": "The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API.", - "type": "string", - "example": "none" - }, - "type": { - "$ref": "#/components/schemas/connector_types" - } - } - }, - "created_at": { - "type": "string", - "format": "date-time", - "example": "2022-06-01T17:07:17.767Z" - }, - "created_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null, - "nullable": true - }, - "full_name": { - "type": "string", - "example": null, - "nullable": true - }, - "username": { - "type": "string", - "example": "elastic" - } - } - }, - "error": { - "type": "string", - "nullable": true, - "example": null - }, - "id": { - "type": "string", - "example": "4a97a440-e1cd-11ec-be9b-9b1838238ee6" - }, - "mappings": { - "type": "array", - "items": { - "type": "object", - "properties": { - "action_type": { - "type": "string", - "example": "overwrite" - }, - "source": { - "type": "string", - "example": "title" - }, - "target": { - "type": "string", - "example": "summary" - } - } - } - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "updated_at": { - "type": "string", - "format": "date-time", - "nullable": true, - "example": "2022-06-01T19:58:48.169Z" - }, - "updated_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null, - "nullable": true - }, - "full_name": { - "type": "string", - "example": null, - "nullable": true - }, - "username": { - "type": "string", - "example": "elastic" - } - }, - "nullable": true - }, - "version": { - "type": "string", - "example": "WzIwNzMsMV0=" - } - } - } - } - } - } - } - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "/s/{spaceId}/api/cases/reporters": { - "get": { - "summary": "Returns information about the users who opened cases.", - "operationId": "getCaseReporters", - "description": "You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases. The API returns information about the users as they existed at the time of the case creation, including their name, full name, and email address. If any of those details change thereafter or if a user is deleted, the information returned by this API is unchanged.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/space_id" - }, - { - "$ref": "#/components/parameters/owner" - } - ], - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null, - "nullable": true - }, - "full_name": { - "type": "string", - "example": null, - "nullable": true - }, - "username": { - "type": "string", - "example": "elastic", - "nullable": true - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - } - } - }, - "examples": { - "getReportersResponse": { - "$ref": "#/components/examples/get_reporters_response" - } - } - } - } - } - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "/s/{spaceId}/api/cases/status": { - "get": { - "summary": "Returns the number of cases that are open, closed, and in progress.", - "operationId": "getCaseStatus", - "description": "You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.\n", - "deprecated": true, - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/space_id" - }, - { - "$ref": "#/components/parameters/owner" - } - ], - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "type": "object", - "properties": { - "count_closed_cases": { - "type": "integer" - }, - "count_in_progress_cases": { - "type": "integer" - }, - "count_open_cases": { - "type": "integer" - } - } - }, - "examples": { - "getStatusResponse": { - "$ref": "#/components/examples/get_status_response" - } - } - } - } - } - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "/s/{spaceId}/api/cases/tags": { - "get": { - "summary": "Aggregates and returns a list of case tags.", - "operationId": "getCaseTags", - "description": "You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/space_id" - }, - { - "in": "query", - "name": "owner", - "description": "A filter to limit the retrieved case statistics to a specific set of applications. If this parameter is omitted, the response contains tags from all cases that the user has access to read.", - "schema": { - "oneOf": [ - { - "$ref": "#/components/schemas/owners" - }, - { - "type": "array", - "items": { - "$ref": "#/components/schemas/owners" - } - } - ] - } - } - ], - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "type": "string" - } - }, - "examples": { - "getTagsResponse": { - "$ref": "#/components/examples/get_tags_response" - } - } - } - } - } - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "/s/{spaceId}/api/cases/{caseId}": { - "get": { - "summary": "Retrieves information about a case.", - "operationId": "getCase", - "description": "You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're seeking.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/case_id" - }, - { - "$ref": "#/components/parameters/space_id" - }, - { - "in": "query", - "name": "includeComments", - "description": "Determines whether case comments are returned.", - "deprecated": true, - "schema": { - "type": "boolean", - "default": true - } - } - ], - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/case_response_properties" - }, - "examples": { - "getCaseResponse": { - "$ref": "#/components/examples/get_case_response" - } - } - } - } - } - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "/s/{spaceId}/api/cases/{caseId}/comments": { - "post": { - "summary": "Adds a comment or alert to a case.", - "operationId": "addCaseComment", - "description": "You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're creating.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/kbn_xsrf" - }, - { - "$ref": "#/components/parameters/case_id" - }, - { - "$ref": "#/components/parameters/space_id" - } - ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/add_case_comment_request" - }, - "examples": { - "createCaseCommentRequest": { - "$ref": "#/components/examples/add_comment_request" - } - } - } - } - }, - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/case_response_properties" - }, - "examples": { - "createCaseCommentResponse": { - "$ref": "#/components/examples/add_comment_response" - } - } - } - } - } - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "delete": { - "summary": "Deletes all comments and alerts from a case.", - "operationId": "deleteCaseComments", - "description": "You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/kbn_xsrf" - }, - { - "$ref": "#/components/parameters/case_id" - }, - { - "$ref": "#/components/parameters/space_id" - } - ], - "responses": { - "204": { - "description": "Indicates a successful call." - } - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "patch": { - "summary": "Updates a comment or alert in a case.", - "operationId": "updateCaseComment", - "description": "You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating. NOTE: You cannot change the comment type or the owner of a comment.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/kbn_xsrf" - }, - { - "$ref": "#/components/parameters/case_id" - }, - { - "$ref": "#/components/parameters/space_id" - } - ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/update_case_comment_request" - }, - "examples": { - "updateCaseCommentRequest": { - "$ref": "#/components/examples/update_comment_request" - } - } - } - } - }, - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/case_response_properties" - }, - "examples": { - "updateCaseCommentResponse": { - "$ref": "#/components/examples/update_comment_response" - } - } - } - } - } - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "get": { - "summary": "Retrieves all the comments from a case.", - "operationId": "getAllCaseComments", - "description": "You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.\n", - "deprecated": true, - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/case_id" - }, - { - "$ref": "#/components/parameters/space_id" - } - ], - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/case_response_properties" - } - } - } - } - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "/s/{spaceId}/api/cases/{caseId}/comments/{commentId}": { - "delete": { - "summary": "Deletes a comment or alert from a case.", - "operationId": "deleteCaseComment", - "description": "You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/kbn_xsrf" - }, - { - "$ref": "#/components/parameters/case_id" - }, - { - "$ref": "#/components/parameters/comment_id" - }, - { - "$ref": "#/components/parameters/space_id" - } - ], - "responses": { - "204": { - "description": "Indicates a successful call." - } - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "get": { - "summary": "Retrieves a comment from a case.", - "operationId": "getCaseComment", - "description": "You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/case_id" - }, - { - "$ref": "#/components/parameters/comment_id" - }, - { - "$ref": "#/components/parameters/space_id" - } - ], - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "oneOf": [ - { - "$ref": "#/components/schemas/alert_comment_response_properties" - }, - { - "$ref": "#/components/schemas/user_comment_response_properties" - } - ] - }, - "examples": { - "getCaseCommentResponse": { - "$ref": "#/components/examples/get_comment_response" - } - } - } - } - } - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "/s/{spaceId}/api/cases/{caseId}/connector/{connectorId}/_push": { - "post": { - "summary": "Pushes a case to an external service.", - "description": "You must have `all` privileges for the **Actions and Connectors** feature in the **Management** section of the Kibana feature privileges. You must also have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're pushing.\n", - "operationId": "pushCase", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/case_id" - }, - { - "$ref": "#/components/parameters/connector_id" - }, - { - "$ref": "#/components/parameters/kbn_xsrf" - }, - { - "$ref": "#/components/parameters/space_id" - } - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "type": "object", - "nullable": true - } - } - } - }, - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/case_response_properties" - }, - "examples": { - "pushCaseResponse": { - "$ref": "#/components/examples/push_case_response" - } - } - } - } - } - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - } - }, - "components": { - "securitySchemes": { - "basicAuth": { - "type": "http", - "scheme": "basic" - }, - "apiKeyAuth": { - "type": "apiKey", - "in": "header", - "name": "ApiKey" - } - }, - "parameters": { - "kbn_xsrf": { - "schema": { - "type": "string" - }, - "in": "header", - "name": "kbn-xsrf", - "required": true - }, - "space_id": { - "in": "path", - "name": "spaceId", - "description": "An identifier for the space. If `/s/` and the identifier are omitted from the path, the default space is used.", - "required": true, - "schema": { - "type": "string", - "example": "default" - } - }, - "alert_id": { - "in": "path", - "name": "alertId", - "description": "An identifier for the alert.", - "required": true, - "schema": { - "type": "string", - "example": "09f0c261e39e36351d75995b78bb83673774d1bc2cca9df2d15f0e5c0a99a540" - } - }, - "owner": { - "in": "query", - "name": "owner", - "description": "A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read.\n", - "schema": { - "oneOf": [ - { - "$ref": "#/components/schemas/owners" - }, - { - "type": "array", - "items": { - "$ref": "#/components/schemas/owners" - } - } - ] - }, - "example": "cases" - }, - "configuration_id": { - "in": "path", - "name": "configurationId", - "description": "An identifier for the configuration.", - "required": true, - "schema": { - "type": "string", - "example": "3297a0f0-b5ec-11ec-b141-0fdb20a7f9a9" - } - }, - "case_id": { - "in": "path", - "name": "caseId", - "description": "The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded.", - "required": true, - "schema": { - "type": "string", - "example": "9c235210-6834-11ea-a78c-6ffb38a34414" - } - }, - "comment_id": { - "in": "path", - "name": "commentId", - "description": "The identifier for the comment. To retrieve comment IDs, use the get case or find cases APIs.\n", - "required": true, - "schema": { - "type": "string", - "example": "71ec1870-725b-11ea-a0b2-c51ea50a58e2" - } - }, - "connector_id": { - "in": "path", - "name": "connectorId", - "description": "An identifier for the connector. To retrieve connector IDs, use the find connectors API.", - "required": true, - "schema": { - "type": "string", - "example": "abed3a70-71bd-11ea-a0b2-c51ea50a58e2" - } - } - }, - "schemas": { - "connector_properties_none": { - "title": "Create or update case request properties for no connector", - "required": [ - "fields", - "id", - "name", - "type" - ], - "description": "Defines properties for connectors when type is `.none`.", - "type": "object", - "properties": { - "fields": { - "description": "An object containing the connector fields. To create a case without a connector, specify null. To update a case to remove the connector, specify null.", - "nullable": true, - "type": "string", - "example": null - }, - "id": { - "description": "The identifier for the connector. To create a case without a connector, use `none`. To update a case to remove the connector, specify `none`.", - "type": "string", - "example": "none" - }, - "name": { - "description": "The name of the connector. To create a case without a connector, use `none`. To update a case to remove the connector, specify `none`.", - "type": "string", - "example": "none" - }, - "type": { - "description": "The type of connector. To create a case without a connector, use `.none`. To update a case to remove the connector, specify `.none`.", - "type": "string", - "example": ".none", - "enum": [ - ".none" - ] - } - } - }, - "connector_properties_cases_webhook": { - "title": "Create or upate case request properties for Cases Webhook connector", - "required": [ - "fields", - "id", - "name", - "type" - ], - "description": "Defines properties for connectors when type is `.cases-webhook`.", - "type": "object", - "properties": { - "fields": { - "type": "string", - "nullable": true, - "example": null - }, - "id": { - "description": "The identifier for the connector. To retrieve connector IDs, use the find connectors API.", - "type": "string" - }, - "name": { - "description": "The name of the connector.", - "type": "string" - }, - "type": { - "description": "The type of connector.", - "type": "string", - "example": ".cases-webhook", - "enum": [ - ".cases-webhook" - ] - } - } - }, - "connector_properties_jira": { - "title": "Create or update case request properties for a Jira connector", - "required": [ - "fields", - "id", - "name", - "type" - ], - "description": "Defines properties for connectors when type is `.jira`.", - "type": "object", - "properties": { - "fields": { - "description": "An object containing the connector fields. If you want to omit any individual field, specify null as its value.", - "type": "object", - "required": [ - "issueType", - "parent", - "priority" - ], - "properties": { - "issueType": { - "description": "The type of issue.", - "type": "string", - "nullable": true - }, - "parent": { - "description": "The key of the parent issue, when the issue type is sub-task.", - "type": "string", - "nullable": true - }, - "priority": { - "description": "The priority of the issue.", - "type": "string", - "nullable": true - } - } - }, - "id": { - "description": "The identifier for the connector. To retrieve connector IDs, use the find connectors API.", - "type": "string" - }, - "name": { - "description": "The name of the connector.", - "type": "string" - }, - "type": { - "description": "The type of connector.", - "type": "string", - "example": ".jira", - "enum": [ - ".jira" - ] - } - } - }, - "connector_properties_resilient": { - "title": "Create case request properties for a IBM Resilient connector", - "required": [ - "fields", - "id", - "name", - "type" - ], - "description": "Defines properties for connectors when type is `.resilient`.", - "type": "object", - "properties": { - "fields": { - "description": "An object containing the connector fields. If you want to omit any individual field, specify null as its value.", - "type": "object", - "nullable": true, - "required": [ - "issueTypes", - "severityCode" - ], - "properties": { - "issueTypes": { - "description": "The type of incident.", - "type": "array", - "items": { - "type": "string" - } - }, - "severityCode": { - "description": "The severity code of the incident.", - "type": "string" - } - } - }, - "id": { - "description": "The identifier for the connector.", - "type": "string" - }, - "name": { - "description": "The name of the connector.", - "type": "string" - }, - "type": { - "description": "The type of connector.", - "type": "string", - "example": ".resilient", - "enum": [ - ".resilient" - ] - } - } - }, - "connector_properties_servicenow": { - "title": "Create case request properties for a ServiceNow ITSM connector", - "required": [ - "fields", - "id", - "name", - "type" - ], - "description": "Defines properties for connectors when type is `.servicenow`.", - "type": "object", - "properties": { - "fields": { - "description": "An object containing the connector fields. If you want to omit any individual field, specify null as its value.", - "type": "object", - "required": [ - "category", - "impact", - "severity", - "subcategory", - "urgency" - ], - "properties": { - "category": { - "description": "The category of the incident.", - "type": "string", - "nullable": true - }, - "impact": { - "description": "The effect an incident had on business.", - "type": "string", - "nullable": true - }, - "severity": { - "description": "The severity of the incident.", - "type": "string", - "nullable": true - }, - "subcategory": { - "description": "The subcategory of the incident.", - "type": "string", - "nullable": true - }, - "urgency": { - "description": "The extent to which the incident resolution can be delayed.", - "type": "string", - "nullable": true - } - } - }, - "id": { - "description": "The identifier for the connector. To retrieve connector IDs, use the find connectors API.", - "type": "string" - }, - "name": { - "description": "The name of the connector.", - "type": "string" - }, - "type": { - "description": "The type of connector.", - "type": "string", - "example": ".servicenow", - "enum": [ - ".servicenow" - ] - } - } - }, - "connector_properties_servicenow_sir": { - "title": "Create case request properties for a ServiceNow SecOps connector", - "required": [ - "fields", - "id", - "name", - "type" - ], - "description": "Defines properties for connectors when type is `.servicenow-sir`.", - "type": "object", - "properties": { - "fields": { - "description": "An object containing the connector fields. If you want to omit any individual field, specify null as its value.", - "type": "object", - "required": [ - "category", - "destIp", - "malwareHash", - "malwareUrl", - "priority", - "sourceIp", - "subcategory" - ], - "properties": { - "category": { - "description": "The category of the incident.", - "type": "string", - "nullable": true - }, - "destIp": { - "description": "Indicates whether cases will send a comma-separated list of destination IPs.", - "type": "boolean", - "nullable": true - }, - "malwareHash": { - "description": "Indicates whether cases will send a comma-separated list of malware hashes.", - "type": "boolean", - "nullable": true - }, - "malwareUrl": { - "description": "Indicates whether cases will send a comma-separated list of malware URLs.", - "type": "boolean", - "nullable": true - }, - "priority": { - "description": "The priority of the issue.", - "type": "string", - "nullable": true - }, - "sourceIp": { - "description": "Indicates whether cases will send a comma-separated list of source IPs.", - "type": "boolean", - "nullable": true - }, - "subcategory": { - "description": "The subcategory of the incident.", - "type": "string", - "nullable": true - } - } - }, - "id": { - "description": "The identifier for the connector. To retrieve connector IDs, use the find connectors API.", - "type": "string" - }, - "name": { - "description": "The name of the connector.", - "type": "string" - }, - "type": { - "description": "The type of connector.", - "type": "string", - "example": ".servicenow-sir", - "enum": [ - ".servicenow-sir" - ] - } - } - }, - "connector_properties_swimlane": { - "title": "Create case request properties for a Swimlane connector", - "required": [ - "fields", - "id", - "name", - "type" - ], - "description": "Defines properties for connectors when type is `.swimlane`.", - "type": "object", - "properties": { - "fields": { - "description": "An object containing the connector fields. If you want to omit any individual field, specify null as its value.", - "type": "object", - "required": [ - "caseId" - ], - "properties": { - "caseId": { - "description": "The case identifier for Swimlane connectors.", - "type": "string", - "nullable": true - } - } - }, - "id": { - "description": "The identifier for the connector. To retrieve connector IDs, use the find connectors API.", - "type": "string" - }, - "name": { - "description": "The name of the connector.", - "type": "string" - }, - "type": { - "description": "The type of connector.", - "type": "string", - "example": ".swimlane", - "enum": [ - ".swimlane" - ] - } - } - }, - "owners": { - "type": "string", - "description": "The application that owns the cases: Stack Management, Observability, or Elastic Security.\n", - "enum": [ - "cases", - "observability", - "securitySolution" - ], - "example": "cases" - }, - "settings": { - "type": "object", - "description": "An object that contains the case settings.", - "required": [ - "syncAlerts" - ], - "properties": { - "syncAlerts": { - "description": "Turns alert syncing on or off.", - "type": "boolean", - "example": true - } - } - }, - "severity_property": { - "type": "string", - "description": "The severity of the case.", - "enum": [ - "critical", - "high", - "low", - "medium" - ], - "default": "low" - }, - "create_case_request": { - "title": "Create case request", - "description": "The create case API request body varies depending on the type of connector.", - "type": "object", - "required": [ - "connector", - "description", - "owner", - "settings", - "tags", - "title" - ], - "properties": { - "assignees": { - "type": "array", - "description": "An array containing users that are assigned to the case.", - "nullable": true, - "items": { - "type": "object", - "required": [ - "uid" - ], - "properties": { - "uid": { - "type": "string", - "description": "A unique identifier for the user profile. These identifiers can be found by using the suggest user profile API.", - "example": "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0" - } - } - } - }, - "connector": { - "oneOf": [ - { - "$ref": "#/components/schemas/connector_properties_none" - }, - { - "$ref": "#/components/schemas/connector_properties_cases_webhook" - }, - { - "$ref": "#/components/schemas/connector_properties_jira" - }, - { - "$ref": "#/components/schemas/connector_properties_resilient" - }, - { - "$ref": "#/components/schemas/connector_properties_servicenow" - }, - { - "$ref": "#/components/schemas/connector_properties_servicenow_sir" - }, - { - "$ref": "#/components/schemas/connector_properties_swimlane" - } - ] - }, - "description": { - "description": "The description for the case.", - "type": "string" - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "settings": { - "$ref": "#/components/schemas/settings" - }, - "severity": { - "$ref": "#/components/schemas/severity_property" - }, - "tags": { - "description": "The words and phrases that help categorize cases. It can be an empty array.", - "type": "array", - "items": { - "type": "string" - } - }, - "title": { - "description": "A title for the case.", - "type": "string" - } - } - }, - "case_response_closed_by_properties": { - "title": "Case response properties for closed_by", - "type": "object", - "nullable": true, - "properties": { - "email": { - "type": "string", - "example": null, - "nullable": true - }, - "full_name": { - "type": "string", - "example": null, - "nullable": true - }, - "username": { - "type": "string", - "example": "elastic", - "nullable": true - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "required": [ - "email", - "full_name", - "username" - ] - }, - "alert_comment_response_properties": { - "title": "Add case comment response properties for alerts", - "type": "object", - "required": [ - "type" - ], - "properties": { - "alertId": { - "type": "string", - "example": "6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42" - }, - "created_at": { - "type": "string", - "format": "date-time", - "example": "2022-03-24T02:31:03.210Z" - }, - "created_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null, - "nullable": true - }, - "full_name": { - "type": "string", - "example": null, - "nullable": true - }, - "username": { - "type": "string", - "example": "elastic", - "nullable": true - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - } - }, - "id": { - "type": "string", - "example": "73362370-ab1a-11ec-985f-97e55adae8b9" - }, - "index": { - "type": "string", - "example": ".internal.alerts-security.alerts-default-000001" - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "pushed_at": { - "type": "string", - "format": "date-time", - "example": null, - "nullable": true - }, - "pushed_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null, - "nullable": true - }, - "full_name": { - "type": "string", - "example": null, - "nullable": true - }, - "username": { - "type": "string", - "example": "elastic", - "nullable": true - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "nullable": true - }, - "rule": { - "type": "object", - "properties": { - "id": { - "description": "The rule identifier.", - "type": "string", - "example": "94d80550-aaf4-11ec-985f-97e55adae8b9" - }, - "name": { - "description": "The rule name.", - "type": "string", - "example": "security_rule" - } - } - }, - "type": { - "type": "string", - "example": "alert", - "enum": [ - "alert" - ] - }, - "updated_at": { - "type": "string", - "format": "date-time", - "example": null - }, - "updated_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null, - "nullable": true - }, - "full_name": { - "type": "string", - "example": null, - "nullable": true - }, - "username": { - "type": "string", - "example": "elastic", - "nullable": true - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - } - }, - "version": { - "type": "string", - "example": "WzMwNDgsMV0=" - } - } - }, - "case_response_created_by_properties": { - "title": "Case response properties for created_by", - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null, - "nullable": true - }, - "full_name": { - "type": "string", - "example": null, - "nullable": true - }, - "username": { - "type": "string", - "example": "elastic", - "nullable": true - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "required": [ - "email", - "full_name", - "username" - ] - }, - "case_response_pushed_by_properties": { - "title": "Case response properties for pushed_by", - "type": "object", - "nullable": true, - "properties": { - "email": { - "type": "string", - "example": null, - "nullable": true - }, - "full_name": { - "type": "string", - "example": null, - "nullable": true - }, - "username": { - "type": "string", - "example": "elastic", - "nullable": true - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "required": [ - "email", - "full_name", - "username" - ] - }, - "case_response_updated_by_properties": { - "title": "Case response properties for updated_by", - "type": "object", - "nullable": true, - "properties": { - "email": { - "type": "string", - "example": null, - "nullable": true - }, - "full_name": { - "type": "string", - "example": null, - "nullable": true - }, - "username": { - "type": "string", - "example": "elastic", - "nullable": true - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "required": [ - "email", - "full_name", - "username" - ] - }, - "user_comment_response_properties": { - "title": "Case response properties for user comments", - "type": "object", - "required": [ - "type" - ], - "properties": { - "comment": { - "type": "string", - "example": "A new comment." - }, - "created_at": { - "type": "string", - "format": "date-time", - "example": "2022-05-13T09:16:17.416Z" - }, - "created_by": { - "$ref": "#/components/schemas/case_response_created_by_properties" - }, - "id": { - "type": "string", - "example": "8af6ac20-74f6-11ea-b83a-553aecdb28b6" - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "pushed_at": { - "type": "string", - "format": "date-time", - "nullable": true, - "example": null - }, - "pushed_by": { - "$ref": "#/components/schemas/case_response_pushed_by_properties" - }, - "type": { - "type": "string", - "example": "user", - "enum": [ - "user" - ] - }, - "updated_at": { - "type": "string", - "format": "date-time", - "nullable": true, - "example": null - }, - "updated_by": { - "$ref": "#/components/schemas/case_response_updated_by_properties" - }, - "version": { - "type": "string", - "example": "WzIwNDMxLDFd" - } - } - }, - "external_service": { - "type": "object", - "nullable": true, - "properties": { - "connector_id": { - "type": "string" - }, - "connector_name": { - "type": "string" - }, - "external_id": { - "type": "string" - }, - "external_title": { - "type": "string" - }, - "external_url": { - "type": "string" - }, - "pushed_at": { - "type": "string", - "format": "date-time" - }, - "pushed_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null, - "nullable": true - }, - "full_name": { - "type": "string", - "example": null, - "nullable": true - }, - "username": { - "type": "string", - "example": "elastic", - "nullable": true - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "nullable": true - } - } - }, - "status": { - "type": "string", - "description": "The status of the case.", - "enum": [ - "closed", - "in-progress", - "open" - ] - }, - "case_response_properties": { - "title": "Case response properties", - "type": "object", - "required": [ - "closed_at", - "closed_by", - "comments", - "connector", - "created_at", - "created_by", - "description", - "duration", - "external_service", - "id", - "owner", - "settings", - "severity", - "status", - "tags", - "title", - "totalAlerts", - "totalComment", - "updated_at", - "updated_by", - "version" - ], - "properties": { - "assignees": { - "type": "array", - "description": "An array containing users that are assigned to the case.", - "nullable": true, - "items": { - "type": "object", - "required": [ - "uid" - ], - "properties": { - "uid": { - "type": "string", - "description": "A unique identifier for the user profile. You can use the get user profile API to retrieve more details.", - "example": "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0" - } - } - } - }, - "closed_at": { - "type": "string", - "format": "date-time", - "nullable": true - }, - "closed_by": { - "$ref": "#/components/schemas/case_response_closed_by_properties" - }, - "comments": { - "title": "Case response properties for comments", - "description": "An array of comment objects for the case.", - "type": "array", - "items": { - "discriminator": { - "propertyName": "type" - }, - "oneOf": [ - { - "$ref": "#/components/schemas/alert_comment_response_properties" - }, - { - "$ref": "#/components/schemas/user_comment_response_properties" - } - ] - } - }, - "connector": { - "title": "Case response properties for connectors", - "discriminator": { - "propertyName": "type" - }, - "oneOf": [ - { - "$ref": "#/components/schemas/connector_properties_none" - }, - { - "$ref": "#/components/schemas/connector_properties_cases_webhook" - }, - { - "$ref": "#/components/schemas/connector_properties_jira" - }, - { - "$ref": "#/components/schemas/connector_properties_resilient" - }, - { - "$ref": "#/components/schemas/connector_properties_servicenow" - }, - { - "$ref": "#/components/schemas/connector_properties_servicenow_sir" - }, - { - "$ref": "#/components/schemas/connector_properties_swimlane" - } - ] - }, - "created_at": { - "type": "string", - "format": "date-time", - "example": "2022-05-13T09:16:17.416Z" - }, - "created_by": { - "$ref": "#/components/schemas/case_response_created_by_properties" - }, - "description": { - "type": "string", - "example": "A case description." - }, - "duration": { - "type": "integer", - "description": "The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero.\n", - "nullable": true, - "example": 120 - }, - "external_service": { - "$ref": "#/components/schemas/external_service" - }, - "id": { - "type": "string", - "example": "66b9aa00-94fa-11ea-9f74-e7e108796192" - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "settings": { - "$ref": "#/components/schemas/settings" - }, - "severity": { - "$ref": "#/components/schemas/severity_property" - }, - "status": { - "$ref": "#/components/schemas/status" - }, - "tags": { - "type": "array", - "items": { - "type": "string" - }, - "example": [ - "tag-1" - ] - }, - "title": { - "type": "string", - "example": "Case title 1" - }, - "totalAlerts": { - "type": "integer", - "example": 0 - }, - "totalComment": { - "type": "integer", - "example": 0 - }, - "updated_at": { - "type": "string", - "format": "date-time", - "nullable": true - }, - "updated_by": { - "$ref": "#/components/schemas/case_response_updated_by_properties" - }, - "version": { - "type": "string", - "example": "WzUzMiwxXQ==" - } - } - }, - "update_case_request": { - "title": "Update case request", - "description": "The update case API request body varies depending on the type of connector.", - "type": "object", - "required": [ - "cases" - ], - "properties": { - "cases": { - "type": "array", - "description": "An array containing one or more case objects.", - "items": { - "type": "object", - "required": [ - "id", - "version" - ], - "properties": { - "assignees": { - "type": "array", - "description": "An array containing users that are assigned to the case.", - "nullable": true, - "items": { - "type": "object", - "required": [ - "uid" - ], - "properties": { - "uid": { - "type": "string", - "description": "A unique identifier for the user profile. These identifiers can be found by using the suggest user profile API.", - "example": "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0" - } - } - } - }, - "connector": { - "oneOf": [ - { - "$ref": "#/components/schemas/connector_properties_none" - }, - { - "$ref": "#/components/schemas/connector_properties_cases_webhook" - }, - { - "$ref": "#/components/schemas/connector_properties_jira" - }, - { - "$ref": "#/components/schemas/connector_properties_resilient" - }, - { - "$ref": "#/components/schemas/connector_properties_servicenow" - }, - { - "$ref": "#/components/schemas/connector_properties_servicenow_sir" - }, - { - "$ref": "#/components/schemas/connector_properties_swimlane" - } - ] - }, - "description": { - "description": "An updated description for the case.", - "type": "string" - }, - "id": { - "description": "The identifier for the case.", - "type": "string" - }, - "settings": { - "$ref": "#/components/schemas/settings" - }, - "severity": { - "$ref": "#/components/schemas/severity_property" - }, - "status": { - "$ref": "#/components/schemas/status" - }, - "tags": { - "description": "The words and phrases that help categorize cases.", - "type": "array", - "items": { - "type": "string" - } - }, - "title": { - "description": "A title for the case.", - "type": "string" - }, - "version": { - "description": "The current version of the case. To determine this value, use the get case or find cases APIs.", - "type": "string" - } - } - } - } - } - }, - "closure_types": { - "type": "string", - "description": "Indicates whether a case is automatically closed when it is pushed to external systems (`close-by-pushing`) or not automatically closed (`close-by-user`).", - "enum": [ - "close-by-pushing", - "close-by-user" - ], - "example": "close-by-user" - }, - "connector_types": { - "type": "string", - "description": "The type of connector.", - "enum": [ - ".cases-webhook", - ".jira", - ".none", - ".resilient", - ".servicenow", - ".servicenow-sir", - ".swimlane" - ], - "example": ".none" - }, - "alert_identifiers": { - "title": "Alert identifiers", - "description": "The alert identifier. It is required only when `type` is `alert`. If it is an array, `index` must also be an array with the same length or number of elements. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.\n", - "oneOf": [ - { - "type": "string" - }, - { - "type": "array", - "items": { - "type": "string" - } - } - ], - "x-technical-preview": true, - "example": "6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42" - }, - "alert_indices": { - "title": "Alert indices", - "description": "The alert index. It is required only when `type` is `alert`. If it is an array, `alertId` must also be an array with the same length or number of elements. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.\n", - "oneOf": [ - { - "type": "string" - }, - { - "type": "array", - "items": { - "type": "string" - } - } - ], - "x-technical-preview": true - }, - "rule": { - "title": "Alerting rule", - "description": "The rule that is associated with the alert. It is required only when `type` is `alert`. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.\n", - "type": "object", - "x-technical-preview": true, - "properties": { - "id": { - "description": "The rule identifier.", - "type": "string", - "example": "94d80550-aaf4-11ec-985f-97e55adae8b9" - }, - "name": { - "description": "The rule name.", - "type": "string", - "example": "security_rule" - } - } - }, - "add_alert_comment_request_properties": { - "title": "Add case comment request properties for alerts", - "required": [ - "alertId", - "index", - "owner", - "rule", - "type" - ], - "description": "Defines properties for case comment requests when type is alert.", - "type": "object", - "properties": { - "alertId": { - "$ref": "#/components/schemas/alert_identifiers" - }, - "index": { - "$ref": "#/components/schemas/alert_indices" - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "rule": { - "$ref": "#/components/schemas/rule" - }, - "type": { - "description": "The type of comment.", - "type": "string", - "example": "alert", - "enum": [ - "alert" - ] - } - } - }, - "add_user_comment_request_properties": { - "title": "Add case comment request properties for user comments", - "description": "Defines properties for case comment requests when type is user.", - "type": "object", - "properties": { - "comment": { - "description": "The new comment. It is required only when `type` is `user`.", - "type": "string", - "example": "A new comment." - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "type": { - "type": "string", - "description": "The type of comment.", - "example": "user", - "enum": [ - "user" - ] - } - }, - "required": [ - "comment", - "owner", - "type" - ] - }, - "add_case_comment_request": { - "title": "Add case comment request", - "description": "The add comment to case API request body varies depending on whether you are adding an alert or a comment.", - "discriminator": { - "propertyName": "type" - }, - "oneOf": [ - { - "$ref": "#/components/schemas/add_alert_comment_request_properties" - }, - { - "$ref": "#/components/schemas/add_user_comment_request_properties" - } - ] - }, - "update_alert_comment_request_properties": { - "title": "Update case comment request properties for alerts", - "description": "Defines properties for case comment requests when type is alert.", - "required": [ - "alertId", - "id", - "index", - "owner", - "rule", - "type", - "version" - ], - "type": "object", - "properties": { - "alertId": { - "$ref": "#/components/schemas/alert_identifiers" - }, - "id": { - "type": "string", - "description": "The identifier for the comment. To retrieve comment IDs, use the get comments API.\n", - "example": "8af6ac20-74f6-11ea-b83a-553aecdb28b6" - }, - "index": { - "$ref": "#/components/schemas/alert_indices" - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "rule": { - "$ref": "#/components/schemas/rule" - }, - "type": { - "description": "The type of comment.", - "type": "string", - "enum": [ - "alert" - ], - "example": "alert" - }, - "version": { - "description": "The current comment version. To retrieve version values, use the get comments API.\n", - "type": "string", - "example": "Wzk1LDFd" - } - } - }, - "update_user_comment_request_properties": { - "title": "Update case comment request properties for user comments", - "description": "Defines properties for case comment requests when type is user.", - "type": "object", - "properties": { - "comment": { - "description": "The new comment. It is required only when `type` is `user`.", - "type": "string", - "example": "A new comment." - }, - "id": { - "type": "string", - "description": "The identifier for the comment. To retrieve comment IDs, use the get comments API.\n", - "example": "8af6ac20-74f6-11ea-b83a-553aecdb28b6" - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "type": { - "type": "string", - "description": "The type of comment.", - "enum": [ - "user" - ], - "example": "user" - }, - "version": { - "description": "The current comment version. To retrieve version values, use the get comments API.\n", - "type": "string", - "example": "Wzk1LDFd" - } - }, - "required": [ - "comment", - "id", - "owner", - "type", - "version" - ] - }, - "update_case_comment_request": { - "title": "Update case comment request", - "description": "The update case comment API request body varies depending on whether you are updating an alert or a comment.", - "discriminator": { - "propertyName": "type" - }, - "oneOf": [ - { - "$ref": "#/components/schemas/update_alert_comment_request_properties" - }, - { - "$ref": "#/components/schemas/update_user_comment_request_properties" - } - ] - } - }, - "examples": { - "create_case_request": { - "summary": "Create a security case that uses a Jira connector.", - "value": { - "description": "A case description.", - "title": "Case title 1", - "tags": [ - "tag-1" - ], - "connector": { - "id": "131d4448-abe0-4789-939d-8ef60680b498", - "name": "My connector", - "type": ".jira", - "fields": { - "issueType": "10006", - "priority": "High", - "parent": null - } - }, - "settings": { - "syncAlerts": true - }, - "owner": "cases" - } - }, - "create_case_response": { - "summary": "The create case API returns a JSON object that contains details about the case.", - "value": { - "comments": [], - "totalAlerts": 0, - "id": "66b9aa00-94fa-11ea-9f74-e7e108796192", - "version": "WzUzMiwxXQ==", - "totalComment": 1, - "title": "Case title 1", - "tags": [ - "tag 1" - ], - "assignees": [], - "description": "A case description.", - "settings": { - "syncAlerts": false - }, - "owner": "cases", - "duration": null, - "severity": "low", - "closed_at": null, - "closed_by": null, - "created_at": "2022-03-24T00:37:03.906Z", - "created_by": { - "username": "elastic", - "full_name": null, - "email": null - }, - "status": "open", - "updated_at": null, - "updated_by": null, - "connector": { - "id": "131d4448-abe0-4789-939d-8ef60680b498", - "name": "My connector", - "type": ".jira", - "fields": { - "issueType": "10006", - "parent": null, - "priority": "High" - } - }, - "external_service": null - } - }, - "update_case_request": { - "summary": "Update the case description, tags, and connector.", - "value": { - "cases": [ - { - "id": "a18b38a0-71b0-11ea-a0b2-c51ea50a58e2", - "version": "WzIzLDFd", - "connector": { - "id": "131d4448-abe0-4789-939d-8ef60680b498", - "name": "My connector", - "type": ".jira", - "fields": { - "issueType": "10006", - "priority": null, - "parent": null - } - }, - "description": "A case description.", - "tags": [ - "tag-1" - ], - "settings": { - "syncAlerts": true - } - } - ] - } - }, - "update_case_response": { - "summary": "This is an example response when the case description, tags, and connector were updated.", - "value": [ - { - "id": "66b9aa00-94fa-11ea-9f74-e7e108796192", - "version": "WzU0OCwxXQ==", - "comments": [], - "totalComment": 0, - "totalAlerts": 0, - "title": "Case title 1", - "tags": [ - "tag-1" - ], - "settings": { - "syncAlerts": true - }, - "owner": "cases", - "description": "A case description.", - "duration": null, - "severity": "low", - "closed_at": null, - "closed_by": null, - "created_at": "2022-05-13T09:16:17.416Z", - "created_by": { - "email": null, - "full_name": null, - "username": "elastic" - }, - "status": "open", - "updated_at": "2022-05-13T09:48:33.043Z", - "updated_by": { - "email": null, - "full_name": null, - "username": "elastic" - }, - "assignees": [], - "connector": { - "id": "131d4448-abe0-4789-939d-8ef60680b498", - "name": "My connector", - "type": ".jira", - "fields": { - "issueType": "10006", - "parent": null, - "priority": null - } - }, - "external_service": { - "external_title": "IS-4", - "pushed_by": { - "full_name": null, - "email": null, - "username": "elastic" - }, - "external_url": "https://hms.atlassian.net/browse/IS-4", - "pushed_at": "2022-05-13T09:20:40.672Z", - "connector_id": "05da469f-1fde-4058-99a3-91e4807e2de8", - "external_id": "10003", - "connector_name": "Jira" - } - } - ] - }, - "set_case_configuration_request": { - "summary": "Set the closure type and default connector for Stack Management cases.", - "value": { - "owner": "cases", - "connector": { - "id": "5e656730-e1ca-11ec-be9b-9b1838238ee6", - "name": "my-jira-connector", - "type": ".jira", - "fields": null - }, - "closure_type": "close-by-user" - } - }, - "set_case_configuration_response": { - "summary": "This is an example response when the case configuration was updated.", - "value": { - "closure_type": "close-by-user", - "owner": "cases", - "created_at": "2022-06-01T17:07:17.767Z", - "created_by": { - "username": "elastic", - "email": "null,", - "full_name": null - }, - "updated_at": null, - "updated_by": null, - "connector": { - "id": "5e656730-e1ca-11ec-be9b-9b1838238ee6", - "name": "my-jira-connector", - "type": ".jira", - "fields": null - }, - "mappings": [ - { - "source": "title", - "target": "summary", - "action_type": "overwrite" - }, - { - "source": "description", - "target": "description", - "action_type": "overwrite" - }, - { - "source": "comments", - "target": "comments", - "action_type": "append" - } - ], - "version": "WzIwNzMsMV0=", - "error": null, - "id": "4a97a440-e1cd-11ec-be9b-9b1838238ee6" - } - }, - "get_reporters_response": { - "summary": "A list of three users that opened cases", - "value": [ - { - "username": "elastic", - "full_name": null, - "email": null - }, - { - "username": "user1", - "full_name": "User 1", - "email": "user1@elastic.co" - }, - { - "username": "user2", - "full_name": "User 2", - "email": "user2@elastic.co" - } - ] - }, - "get_status_response": { - "summary": "Get the number of cases in each state.", - "value": { - "count_open_cases": 27, - "count_in_progress_cases": 50, - "count_closed_cases": 198 - } - }, - "get_tags_response": { - "summary": "A list of tags that are used in cases", - "value": [ - "observability", - "security", - "tag 1", - "tag 2" - ] - }, - "get_case_response": { - "summary": "Retrieves information about a case including its comments.", - "value": { - "id": "31cdada0-02c1-11ed-85f2-4f7c222ca2fa", - "version": "WzM2LDFd", - "comments": [ - { - "id": "2134c1d0-02c2-11ed-85f2-4f7c222ca2fa", - "version": "WzM3LDFd", - "type": "user", - "owner": "cases", - "comment": "A new comment", - "created_at": "2022-07-13T15:40:32.335Z", - "created_by": { - "email": null, - "full_name": null, - "username": "elastic" - }, - "pushed_at": null, - "pushed_by": null, - "updated_at": null, - "updated_by": null - } - ], - "totalComment": 1, - "totalAlerts": 0, - "title": "Case title 1", - "tags": [ - "tag 1" - ], - "settings": { - "syncAlerts": true - }, - "owner": "cases", - "description": "A case description", - "duration": null, - "severity": "low", - "closed_at": null, - "closed_by": null, - "created_at": "2022-07-13T15:33:50.604Z", - "created_by": { - "username": "elastic", - "email": null, - "full_name": null - }, - "status": "open", - "updated_at": "2022-07-13T15:40:32.335Z", - "updated_by": { - "full_name": null, - "email": null, - "username": "elastic" - }, - "assignees": [ - { - "uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0" - } - ], - "connector": { - "id": "none", - "name": "none", - "type": ".none", - "fields": null - }, - "external_service": null - } - }, - "add_comment_request": { - "summary": "Adds a comment to a case.", - "value": { - "type": "user", - "comment": "A new comment.", - "owner": "cases" - } - }, - "add_comment_response": { - "summary": "The add comment to case API returns a JSON object that contains details about the case and its comments.", - "value": { - "comments": [ - { - "id": "8af6ac20-74f6-11ea-b83a-553aecdb28b6", - "version": "WzIwNDMxLDFd", - "type": "user", - "owner": "cases", - "comment": "A new comment.", - "created_at": "2022-06-02T00:49:47.716Z", - "created_by": { - "username": "elastic", - "email": null, - "full_name": null - } - } - ], - "totalAlerts": 0, - "id": "293f1bc0-74f6-11ea-b83a-553aecdb28b6", - "version": "WzIzMzgsMV0=", - "totalComment": 1, - "title": "Case title 1", - "tags": [ - "tag 1" - ], - "description": "A case description.", - "settings": { - "syncAlerts": false - }, - "owner": "cases", - "duration": null, - "severity": "low", - "closed_at": null, - "closed_by": null, - "created_at": "2022-03-24T00:37:03.906Z", - "created_by": { - "username": "elastic", - "full_name": null, - "email": null - }, - "status": "open", - "updated_at": "2022-06-03T00:49:47.716Z", - "updated_by": { - "username": "elastic", - "email": null, - "full_name": null - }, - "connector": { - "id": "none", - "name": "none", - "type": ".none", - "fields": null - }, - "external_service": null - } - }, - "update_comment_request": { - "summary": "Updates a comment of a case.", - "value": { - "id": "8af6ac20-74f6-11ea-b83a-553aecdb28b6", - "version": "Wzk1LDFd", - "type": "user", - "comment": "An updated comment.", - "owner": "cases" - } - }, - "update_comment_response": { - "summary": "The add comment to case API returns a JSON object that contains details about the case and its comments.", - "value": { - "comments": [ - { - "id": "8af6ac20-74f6-11ea-b83a-553aecdb28b6", - "version": "WzIwNjM3LDFd", - "comment": "An updated comment.", - "type": "user", - "owner": "cases", - "created_at": "2022-03-24T00:37:10.832Z", - "created_by": { - "username": "elastic", - "full_name": null, - "email": null - }, - "pushed_at": null, - "pushed_by": null, - "updated_at": "2022-03-24T01:27:06.210Z", - "updated_by": { - "username": "elastic", - "full_name": null, - "email": null - } - } - ], - "totalAlerts": 0, - "id": "293f1bc0-74f6-11ea-b83a-553aecdb28b6", - "version": "WzIwNjM2LDFd", - "totalComment": 1, - "title": "Case title 1", - "tags": [ - "tag 1" - ], - "description": "A case description.", - "settings": { - "syncAlerts": false - }, - "owner": "cases", - "duration": null, - "severity": "low", - "closed_at": null, - "closed_by": null, - "created_at": "2022-03-24T00:37:03.906Z", - "created_by": { - "username": "elastic", - "full_name": null, - "email": null - }, - "status": "open", - "updated_at": "2022-03-24T01:27:06.210Z", - "updated_by": { - "username": "elastic", - "full_name": null, - "email": null - }, - "connector": { - "id": "none", - "name": "none", - "type": ".none", - "fields": null - }, - "external_service": null - } - }, - "get_comment_response": { - "summary": "A single user comment retrieved from a case", - "value": { - "id": "8048b460-fe2b-11ec-b15d-779a7c8bbcc3", - "version": "WzIzLDFd", - "type": "user", - "owner": "cases", - "comment": "A new comment", - "created_at": "2022-07-07T19:32:13.104Z", - "created_by": { - "email": null, - "full_name": null, - "username": "elastic" - }, - "pushed_at": null, - "pushed_by": null, - "updated_at": null, - "updated_by": null - } - }, - "push_case_response": { - "summary": "The push case API returns a JSON object with details about the case and the external service.", - "value": { - "id": "b917f300-0ed9-11ed-bd18-65557fe66949", - "version": "WzE3NjgsM10=", - "comments": [], - "totalComment": 0, - "totalAlerts": 0, - "description": "A case description.", - "title": "Case title 1", - "tags": [ - "tag 1" - ], - "settings": { - "syncAlerts": true - }, - "owner": "cases", - "duration": null, - "severity": "low", - "closed_at": null, - "closed_by": null, - "created_at": "2022-07-29T00:59:39.444Z", - "created_by": { - "username": "elastic", - "email": null, - "full_name": null - }, - "status": "open", - "updated_at": "2022-07-29T01:20:58.436Z", - "updated_by": { - "username": "elastic", - "full_name": null, - "email": null - }, - "connector": { - "id": "09f8c0b0-0eda-11ed-bd18-65557fe66949", - "name": "My connector", - "type": ".jira", - "fields": { - "issueType": "10006", - "parent": null, - "priority": "Low" - } - }, - "external_service": { - "pushed_at": "2022-07-29T01:20:58.436Z", - "pushed_by": { - "username": "elastic", - "full_name": null, - "email": null - }, - "connector_name": "My connector", - "external_id": "71926", - "external_title": "ES-554", - "external_url": "https://cases.jira.com", - "connector_id": "09f8c0b0-0eda-11ed-bd18-65557fe66949" - } - } - } - } - }, - "security": [ - { - "basicAuth": [] - }, - { - "apiKeyAuth": [] - } - ] -} \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/bundled-min.yaml b/x-pack/plugins/cases/docs/openapi/bundled-min.yaml deleted file mode 100644 index e255439def5db..0000000000000 --- a/x-pack/plugins/cases/docs/openapi/bundled-min.yaml +++ /dev/null @@ -1,2389 +0,0 @@ -openapi: 3.0.1 -info: - title: Cases - description: OpenAPI schema for Cases endpoints - version: '0.2' - contact: - name: Cases Team - license: - name: Elastic License 2.0 - url: https://www.elastic.co/licensing/elastic-license -tags: - - name: cases - description: Case APIs enable you to open and track issues. -servers: - - url: http://localhost:5601 - description: local -paths: - /s/{spaceId}/api/cases: - post: - summary: Creates a case. - operationId: createCase - description: | - You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're creating. - tags: - - cases - parameters: - - $ref: '#/components/parameters/kbn_xsrf' - - $ref: '#/components/parameters/space_id' - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/create_case_request' - examples: - createCaseRequest: - $ref: '#/components/examples/create_case_request' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - $ref: '#/components/schemas/case_response_properties' - examples: - createCaseResponse: - $ref: '#/components/examples/create_case_response' - servers: - - url: https://localhost:5601 - delete: - summary: Deletes one or more cases. - operationId: deleteCase - description: | - You must have `read` or `all` privileges and the `delete` sub-feature privilege for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting. - tags: - - cases - parameters: - - $ref: '#/components/parameters/kbn_xsrf' - - $ref: '#/components/parameters/space_id' - - name: ids - description: The cases that you want to removed. All non-ASCII characters must be URL encoded. - in: query - required: true - schema: - type: string - example: d4e7abb0-b462-11ec-9a8d-698504725a43 - responses: - '204': - description: Indicates a successful call. - servers: - - url: https://localhost:5601 - patch: - summary: Updates one or more cases. - operationId: updateCase - description: | - You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating. - tags: - - cases - parameters: - - $ref: '#/components/parameters/kbn_xsrf' - - $ref: '#/components/parameters/space_id' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/update_case_request' - examples: - updateCaseRequest: - $ref: '#/components/examples/update_case_request' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - type: array - items: - $ref: '#/components/schemas/case_response_properties' - examples: - updateCaseResponse: - $ref: '#/components/examples/update_case_response' - servers: - - url: https://localhost:5601 - servers: - - url: https://localhost:5601 - /s/{spaceId}/api/cases/alerts/{alertId}: - get: - summary: Returns the cases associated with a specific alert. - operationId: getCasesByAlert - description: | - You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. - x-technical-preview: true - tags: - - cases - parameters: - - $ref: '#/components/parameters/alert_id' - - $ref: '#/components/parameters/space_id' - - $ref: '#/components/parameters/owner' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - type: array - items: - type: object - properties: - id: - type: string - description: The case identifier. - title: - type: string - description: The case title. - example: - - id: 06116b80-e1c3-11ec-be9b-9b1838238ee6 - title: security_case - servers: - - url: https://localhost:5601 - servers: - - url: https://localhost:5601 - /s/{spaceId}/api/cases/configure: - get: - summary: Retrieves external connection details, such as the closure type and default connector for cases. - operationId: getCaseConfiguration - description: | - You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case configuration. - tags: - - cases - parameters: - - $ref: '#/components/parameters/space_id' - - $ref: '#/components/parameters/owner' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - type: array - items: - type: object - properties: - closure_type: - $ref: '#/components/schemas/closure_types' - connector: - type: object - properties: - fields: - description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. - nullable: true - type: object - id: - description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. - type: string - example: none - name: - description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. - type: string - example: none - type: - $ref: '#/components/schemas/connector_types' - created_at: - type: string - format: date-time - example: '2022-06-01T17:07:17.767Z' - created_by: - type: object - properties: - email: - type: string - example: null - nullable: true - full_name: - type: string - example: null - nullable: true - username: - type: string - example: elastic - error: - type: string - nullable: true - example: null - id: - type: string - example: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 - mappings: - type: array - items: - type: object - properties: - action_type: - type: string - example: overwrite - source: - type: string - example: title - target: - type: string - example: summary - owner: - $ref: '#/components/schemas/owners' - updated_at: - type: string - format: date-time - nullable: true - example: '2022-06-01T19:58:48.169Z' - updated_by: - type: object - properties: - email: - type: string - example: null - nullable: true - full_name: - type: string - example: null - nullable: true - username: - type: string - example: elastic - nullable: true - version: - type: string - example: WzIwNzMsMV0= - servers: - - url: https://localhost:5601 - post: - summary: Sets external connection details, such as the closure type and default connector for cases. - operationId: setCaseConfiguration - description: | - You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case configuration. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. Refer to the add connectors API. If you set a default connector, it is automatically selected when you create cases in Kibana. If you use the create case API, however, you must still specify all of the connector details. - tags: - - cases - parameters: - - $ref: '#/components/parameters/kbn_xsrf' - - $ref: '#/components/parameters/space_id' - requestBody: - content: - application/json: - schema: - type: object - properties: - closure_type: - $ref: '#/components/schemas/closure_types' - connector: - description: An object that contains the connector configuration. - type: object - properties: - fields: - description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. - nullable: true - type: object - id: - description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. - type: string - example: none - name: - description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. - type: string - example: none - type: - $ref: '#/components/schemas/connector_types' - required: - - fields - - id - - name - - type - owner: - $ref: '#/components/schemas/owners' - settings: - description: An object that contains the case settings. - type: object - properties: - syncAlerts: - description: Turns alert syncing on or off. - type: boolean - example: true - required: - - syncAlerts - required: - - closure_type - - connector - - owner - examples: - setCaseConfigRequest: - $ref: '#/components/examples/set_case_configuration_request' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - type: object - properties: - closure_type: - $ref: '#/components/schemas/closure_types' - connector: - type: object - properties: - fields: - description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. - nullable: true - type: object - id: - description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. - type: string - example: none - name: - description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. - type: string - example: none - type: - $ref: '#/components/schemas/connector_types' - created_at: - type: string - format: date-time - example: '2022-06-01T17:07:17.767Z' - created_by: - type: object - properties: - email: - type: string - example: null - nullable: true - full_name: - type: string - example: null - nullable: true - username: - type: string - example: elastic - error: - type: string - nullable: true - example: null - id: - type: string - example: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 - mappings: - type: array - items: - type: object - properties: - action_type: - type: string - example: overwrite - source: - type: string - example: title - target: - type: string - example: summary - owner: - $ref: '#/components/schemas/owners' - updated_at: - type: string - format: date-time - nullable: true - example: '2022-06-01T19:58:48.169Z' - updated_by: - type: object - properties: - email: - type: string - example: null - nullable: true - full_name: - type: string - example: null - nullable: true - username: - type: string - example: elastic - nullable: true - version: - type: string - example: WzIwNzMsMV0= - examples: - setCaseConfigResponse: - $ref: '#/components/examples/set_case_configuration_response' - servers: - - url: https://localhost:5601 - servers: - - url: https://localhost:5601 - /s/{spaceId}/api/cases/configure/{configurationId}: - patch: - summary: Updates external connection details, such as the closure type and default connector for cases. - operationId: updateCaseConfiguration - description: | - You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case configuration. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. Refer to the add connectors API. - tags: - - cases - parameters: - - $ref: '#/components/parameters/kbn_xsrf' - - $ref: '#/components/parameters/configuration_id' - - $ref: '#/components/parameters/space_id' - requestBody: - content: - application/json: - schema: - type: object - properties: - closure_type: - $ref: '#/components/schemas/closure_types' - connector: - description: An object that contains the connector configuration. - type: object - properties: - fields: - description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. - nullable: true - type: object - id: - description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. - type: string - example: none - name: - description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. - type: string - example: none - type: - $ref: '#/components/schemas/connector_types' - required: - - fields - - id - - name - - type - version: - description: | - The version of the connector. To retrieve the version value, use the get configuration API. - type: string - example: WzIwMiwxXQ== - required: - - version - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - type: array - items: - type: object - properties: - closure_type: - $ref: '#/components/schemas/closure_types' - connector: - type: object - properties: - fields: - description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. - nullable: true - type: object - id: - description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. - type: string - example: none - name: - description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. - type: string - example: none - type: - $ref: '#/components/schemas/connector_types' - created_at: - type: string - format: date-time - example: '2022-06-01T17:07:17.767Z' - created_by: - type: object - properties: - email: - type: string - example: null - nullable: true - full_name: - type: string - example: null - nullable: true - username: - type: string - example: elastic - error: - type: string - nullable: true - example: null - id: - type: string - example: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 - mappings: - type: array - items: - type: object - properties: - action_type: - type: string - example: overwrite - source: - type: string - example: title - target: - type: string - example: summary - owner: - $ref: '#/components/schemas/owners' - updated_at: - type: string - format: date-time - nullable: true - example: '2022-06-01T19:58:48.169Z' - updated_by: - type: object - properties: - email: - type: string - example: null - nullable: true - full_name: - type: string - example: null - nullable: true - username: - type: string - example: elastic - nullable: true - version: - type: string - example: WzIwNzMsMV0= - servers: - - url: https://localhost:5601 - servers: - - url: https://localhost:5601 - /s/{spaceId}/api/cases/reporters: - get: - summary: Returns information about the users who opened cases. - operationId: getCaseReporters - description: | - You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases. The API returns information about the users as they existed at the time of the case creation, including their name, full name, and email address. If any of those details change thereafter or if a user is deleted, the information returned by this API is unchanged. - tags: - - cases - parameters: - - $ref: '#/components/parameters/space_id' - - $ref: '#/components/parameters/owner' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - type: array - items: - type: object - properties: - email: - type: string - example: null - nullable: true - full_name: - type: string - example: null - nullable: true - username: - type: string - example: elastic - nullable: true - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - examples: - getReportersResponse: - $ref: '#/components/examples/get_reporters_response' - servers: - - url: https://localhost:5601 - servers: - - url: https://localhost:5601 - /s/{spaceId}/api/cases/status: - get: - summary: Returns the number of cases that are open, closed, and in progress. - operationId: getCaseStatus - description: | - You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. - deprecated: true - tags: - - cases - parameters: - - $ref: '#/components/parameters/space_id' - - $ref: '#/components/parameters/owner' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - type: object - properties: - count_closed_cases: - type: integer - count_in_progress_cases: - type: integer - count_open_cases: - type: integer - examples: - getStatusResponse: - $ref: '#/components/examples/get_status_response' - servers: - - url: https://localhost:5601 - servers: - - url: https://localhost:5601 - /s/{spaceId}/api/cases/tags: - get: - summary: Aggregates and returns a list of case tags. - operationId: getCaseTags - description: | - You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. - tags: - - cases - parameters: - - $ref: '#/components/parameters/space_id' - - in: query - name: owner - description: A filter to limit the retrieved case statistics to a specific set of applications. If this parameter is omitted, the response contains tags from all cases that the user has access to read. - schema: - oneOf: - - $ref: '#/components/schemas/owners' - - type: array - items: - $ref: '#/components/schemas/owners' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - type: array - items: - type: string - examples: - getTagsResponse: - $ref: '#/components/examples/get_tags_response' - servers: - - url: https://localhost:5601 - servers: - - url: https://localhost:5601 - /s/{spaceId}/api/cases/{caseId}: - get: - summary: Retrieves information about a case. - operationId: getCase - description: | - You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're seeking. - tags: - - cases - parameters: - - $ref: '#/components/parameters/case_id' - - $ref: '#/components/parameters/space_id' - - in: query - name: includeComments - description: Determines whether case comments are returned. - deprecated: true - schema: - type: boolean - default: true - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - $ref: '#/components/schemas/case_response_properties' - examples: - getCaseResponse: - $ref: '#/components/examples/get_case_response' - servers: - - url: https://localhost:5601 - servers: - - url: https://localhost:5601 - /s/{spaceId}/api/cases/{caseId}/comments: - post: - summary: Adds a comment or alert to a case. - operationId: addCaseComment - description: | - You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're creating. - tags: - - cases - parameters: - - $ref: '#/components/parameters/kbn_xsrf' - - $ref: '#/components/parameters/case_id' - - $ref: '#/components/parameters/space_id' - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/add_case_comment_request' - examples: - createCaseCommentRequest: - $ref: '#/components/examples/add_comment_request' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - $ref: '#/components/schemas/case_response_properties' - examples: - createCaseCommentResponse: - $ref: '#/components/examples/add_comment_response' - servers: - - url: https://localhost:5601 - delete: - summary: Deletes all comments and alerts from a case. - operationId: deleteCaseComments - description: | - You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting. - tags: - - cases - parameters: - - $ref: '#/components/parameters/kbn_xsrf' - - $ref: '#/components/parameters/case_id' - - $ref: '#/components/parameters/space_id' - responses: - '204': - description: Indicates a successful call. - servers: - - url: https://localhost:5601 - patch: - summary: Updates a comment or alert in a case. - operationId: updateCaseComment - description: | - You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating. NOTE: You cannot change the comment type or the owner of a comment. - tags: - - cases - parameters: - - $ref: '#/components/parameters/kbn_xsrf' - - $ref: '#/components/parameters/case_id' - - $ref: '#/components/parameters/space_id' - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/update_case_comment_request' - examples: - updateCaseCommentRequest: - $ref: '#/components/examples/update_comment_request' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - $ref: '#/components/schemas/case_response_properties' - examples: - updateCaseCommentResponse: - $ref: '#/components/examples/update_comment_response' - servers: - - url: https://localhost:5601 - get: - summary: Retrieves all the comments from a case. - operationId: getAllCaseComments - description: | - You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking. - deprecated: true - tags: - - cases - parameters: - - $ref: '#/components/parameters/case_id' - - $ref: '#/components/parameters/space_id' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - $ref: '#/components/schemas/case_response_properties' - servers: - - url: https://localhost:5601 - servers: - - url: https://localhost:5601 - /s/{spaceId}/api/cases/{caseId}/comments/{commentId}: - delete: - summary: Deletes a comment or alert from a case. - operationId: deleteCaseComment - description: | - You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting. - tags: - - cases - parameters: - - $ref: '#/components/parameters/kbn_xsrf' - - $ref: '#/components/parameters/case_id' - - $ref: '#/components/parameters/comment_id' - - $ref: '#/components/parameters/space_id' - responses: - '204': - description: Indicates a successful call. - servers: - - url: https://localhost:5601 - get: - summary: Retrieves a comment from a case. - operationId: getCaseComment - description: | - You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking. - tags: - - cases - parameters: - - $ref: '#/components/parameters/case_id' - - $ref: '#/components/parameters/comment_id' - - $ref: '#/components/parameters/space_id' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - oneOf: - - $ref: '#/components/schemas/alert_comment_response_properties' - - $ref: '#/components/schemas/user_comment_response_properties' - examples: - getCaseCommentResponse: - $ref: '#/components/examples/get_comment_response' - servers: - - url: https://localhost:5601 - servers: - - url: https://localhost:5601 - /s/{spaceId}/api/cases/{caseId}/connector/{connectorId}/_push: - post: - summary: Pushes a case to an external service. - description: | - You must have `all` privileges for the **Actions and Connectors** feature in the **Management** section of the Kibana feature privileges. You must also have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're pushing. - operationId: pushCase - tags: - - cases - parameters: - - $ref: '#/components/parameters/case_id' - - $ref: '#/components/parameters/connector_id' - - $ref: '#/components/parameters/kbn_xsrf' - - $ref: '#/components/parameters/space_id' - requestBody: - content: - application/json: - schema: - type: object - nullable: true - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - $ref: '#/components/schemas/case_response_properties' - examples: - pushCaseResponse: - $ref: '#/components/examples/push_case_response' - servers: - - url: https://localhost:5601 - servers: - - url: https://localhost:5601 -components: - securitySchemes: - basicAuth: - type: http - scheme: basic - apiKeyAuth: - type: apiKey - in: header - name: ApiKey - parameters: - kbn_xsrf: - schema: - type: string - in: header - name: kbn-xsrf - required: true - space_id: - in: path - name: spaceId - description: An identifier for the space. If `/s/` and the identifier are omitted from the path, the default space is used. - required: true - schema: - type: string - example: default - alert_id: - in: path - name: alertId - description: An identifier for the alert. - required: true - schema: - type: string - example: 09f0c261e39e36351d75995b78bb83673774d1bc2cca9df2d15f0e5c0a99a540 - owner: - in: query - name: owner - description: | - A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read. - schema: - oneOf: - - $ref: '#/components/schemas/owners' - - type: array - items: - $ref: '#/components/schemas/owners' - example: cases - configuration_id: - in: path - name: configurationId - description: An identifier for the configuration. - required: true - schema: - type: string - example: 3297a0f0-b5ec-11ec-b141-0fdb20a7f9a9 - case_id: - in: path - name: caseId - description: The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. - required: true - schema: - type: string - example: 9c235210-6834-11ea-a78c-6ffb38a34414 - comment_id: - in: path - name: commentId - description: | - The identifier for the comment. To retrieve comment IDs, use the get case or find cases APIs. - required: true - schema: - type: string - example: 71ec1870-725b-11ea-a0b2-c51ea50a58e2 - connector_id: - in: path - name: connectorId - description: An identifier for the connector. To retrieve connector IDs, use the find connectors API. - required: true - schema: - type: string - example: abed3a70-71bd-11ea-a0b2-c51ea50a58e2 - schemas: - connector_properties_none: - title: Create or update case request properties for no connector - required: - - fields - - id - - name - - type - description: Defines properties for connectors when type is `.none`. - type: object - properties: - fields: - description: An object containing the connector fields. To create a case without a connector, specify null. To update a case to remove the connector, specify null. - nullable: true - type: string - example: null - id: - description: The identifier for the connector. To create a case without a connector, use `none`. To update a case to remove the connector, specify `none`. - type: string - example: none - name: - description: The name of the connector. To create a case without a connector, use `none`. To update a case to remove the connector, specify `none`. - type: string - example: none - type: - description: The type of connector. To create a case without a connector, use `.none`. To update a case to remove the connector, specify `.none`. - type: string - example: .none - enum: - - .none - connector_properties_cases_webhook: - title: Create or upate case request properties for Cases Webhook connector - required: - - fields - - id - - name - - type - description: Defines properties for connectors when type is `.cases-webhook`. - type: object - properties: - fields: - type: string - nullable: true - example: null - id: - description: The identifier for the connector. To retrieve connector IDs, use the find connectors API. - type: string - name: - description: The name of the connector. - type: string - type: - description: The type of connector. - type: string - example: .cases-webhook - enum: - - .cases-webhook - connector_properties_jira: - title: Create or update case request properties for a Jira connector - required: - - fields - - id - - name - - type - description: Defines properties for connectors when type is `.jira`. - type: object - properties: - fields: - description: An object containing the connector fields. If you want to omit any individual field, specify null as its value. - type: object - required: - - issueType - - parent - - priority - properties: - issueType: - description: The type of issue. - type: string - nullable: true - parent: - description: The key of the parent issue, when the issue type is sub-task. - type: string - nullable: true - priority: - description: The priority of the issue. - type: string - nullable: true - id: - description: The identifier for the connector. To retrieve connector IDs, use the find connectors API. - type: string - name: - description: The name of the connector. - type: string - type: - description: The type of connector. - type: string - example: .jira - enum: - - .jira - connector_properties_resilient: - title: Create case request properties for a IBM Resilient connector - required: - - fields - - id - - name - - type - description: Defines properties for connectors when type is `.resilient`. - type: object - properties: - fields: - description: An object containing the connector fields. If you want to omit any individual field, specify null as its value. - type: object - nullable: true - required: - - issueTypes - - severityCode - properties: - issueTypes: - description: The type of incident. - type: array - items: - type: string - severityCode: - description: The severity code of the incident. - type: string - id: - description: The identifier for the connector. - type: string - name: - description: The name of the connector. - type: string - type: - description: The type of connector. - type: string - example: .resilient - enum: - - .resilient - connector_properties_servicenow: - title: Create case request properties for a ServiceNow ITSM connector - required: - - fields - - id - - name - - type - description: Defines properties for connectors when type is `.servicenow`. - type: object - properties: - fields: - description: An object containing the connector fields. If you want to omit any individual field, specify null as its value. - type: object - required: - - category - - impact - - severity - - subcategory - - urgency - properties: - category: - description: The category of the incident. - type: string - nullable: true - impact: - description: The effect an incident had on business. - type: string - nullable: true - severity: - description: The severity of the incident. - type: string - nullable: true - subcategory: - description: The subcategory of the incident. - type: string - nullable: true - urgency: - description: The extent to which the incident resolution can be delayed. - type: string - nullable: true - id: - description: The identifier for the connector. To retrieve connector IDs, use the find connectors API. - type: string - name: - description: The name of the connector. - type: string - type: - description: The type of connector. - type: string - example: .servicenow - enum: - - .servicenow - connector_properties_servicenow_sir: - title: Create case request properties for a ServiceNow SecOps connector - required: - - fields - - id - - name - - type - description: Defines properties for connectors when type is `.servicenow-sir`. - type: object - properties: - fields: - description: An object containing the connector fields. If you want to omit any individual field, specify null as its value. - type: object - required: - - category - - destIp - - malwareHash - - malwareUrl - - priority - - sourceIp - - subcategory - properties: - category: - description: The category of the incident. - type: string - nullable: true - destIp: - description: Indicates whether cases will send a comma-separated list of destination IPs. - type: boolean - nullable: true - malwareHash: - description: Indicates whether cases will send a comma-separated list of malware hashes. - type: boolean - nullable: true - malwareUrl: - description: Indicates whether cases will send a comma-separated list of malware URLs. - type: boolean - nullable: true - priority: - description: The priority of the issue. - type: string - nullable: true - sourceIp: - description: Indicates whether cases will send a comma-separated list of source IPs. - type: boolean - nullable: true - subcategory: - description: The subcategory of the incident. - type: string - nullable: true - id: - description: The identifier for the connector. To retrieve connector IDs, use the find connectors API. - type: string - name: - description: The name of the connector. - type: string - type: - description: The type of connector. - type: string - example: .servicenow-sir - enum: - - .servicenow-sir - connector_properties_swimlane: - title: Create case request properties for a Swimlane connector - required: - - fields - - id - - name - - type - description: Defines properties for connectors when type is `.swimlane`. - type: object - properties: - fields: - description: An object containing the connector fields. If you want to omit any individual field, specify null as its value. - type: object - required: - - caseId - properties: - caseId: - description: The case identifier for Swimlane connectors. - type: string - nullable: true - id: - description: The identifier for the connector. To retrieve connector IDs, use the find connectors API. - type: string - name: - description: The name of the connector. - type: string - type: - description: The type of connector. - type: string - example: .swimlane - enum: - - .swimlane - owners: - type: string - description: | - The application that owns the cases: Stack Management, Observability, or Elastic Security. - enum: - - cases - - observability - - securitySolution - example: cases - settings: - type: object - description: An object that contains the case settings. - required: - - syncAlerts - properties: - syncAlerts: - description: Turns alert syncing on or off. - type: boolean - example: true - severity_property: - type: string - description: The severity of the case. - enum: - - critical - - high - - low - - medium - default: low - create_case_request: - title: Create case request - description: The create case API request body varies depending on the type of connector. - type: object - required: - - connector - - description - - owner - - settings - - tags - - title - properties: - assignees: - type: array - description: An array containing users that are assigned to the case. - nullable: true - items: - type: object - required: - - uid - properties: - uid: - type: string - description: A unique identifier for the user profile. These identifiers can be found by using the suggest user profile API. - example: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 - connector: - oneOf: - - $ref: '#/components/schemas/connector_properties_none' - - $ref: '#/components/schemas/connector_properties_cases_webhook' - - $ref: '#/components/schemas/connector_properties_jira' - - $ref: '#/components/schemas/connector_properties_resilient' - - $ref: '#/components/schemas/connector_properties_servicenow' - - $ref: '#/components/schemas/connector_properties_servicenow_sir' - - $ref: '#/components/schemas/connector_properties_swimlane' - description: - description: The description for the case. - type: string - owner: - $ref: '#/components/schemas/owners' - settings: - $ref: '#/components/schemas/settings' - severity: - $ref: '#/components/schemas/severity_property' - tags: - description: The words and phrases that help categorize cases. It can be an empty array. - type: array - items: - type: string - title: - description: A title for the case. - type: string - case_response_closed_by_properties: - title: Case response properties for closed_by - type: object - nullable: true - properties: - email: - type: string - example: null - nullable: true - full_name: - type: string - example: null - nullable: true - username: - type: string - example: elastic - nullable: true - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - required: - - email - - full_name - - username - alert_comment_response_properties: - title: Add case comment response properties for alerts - type: object - required: - - type - properties: - alertId: - type: string - example: 6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42 - created_at: - type: string - format: date-time - example: '2022-03-24T02:31:03.210Z' - created_by: - type: object - properties: - email: - type: string - example: null - nullable: true - full_name: - type: string - example: null - nullable: true - username: - type: string - example: elastic - nullable: true - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - id: - type: string - example: 73362370-ab1a-11ec-985f-97e55adae8b9 - index: - type: string - example: .internal.alerts-security.alerts-default-000001 - owner: - $ref: '#/components/schemas/owners' - pushed_at: - type: string - format: date-time - example: null - nullable: true - pushed_by: - type: object - properties: - email: - type: string - example: null - nullable: true - full_name: - type: string - example: null - nullable: true - username: - type: string - example: elastic - nullable: true - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - nullable: true - rule: - type: object - properties: - id: - description: The rule identifier. - type: string - example: 94d80550-aaf4-11ec-985f-97e55adae8b9 - name: - description: The rule name. - type: string - example: security_rule - type: - type: string - example: alert - enum: - - alert - updated_at: - type: string - format: date-time - example: null - updated_by: - type: object - properties: - email: - type: string - example: null - nullable: true - full_name: - type: string - example: null - nullable: true - username: - type: string - example: elastic - nullable: true - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - version: - type: string - example: WzMwNDgsMV0= - case_response_created_by_properties: - title: Case response properties for created_by - type: object - properties: - email: - type: string - example: null - nullable: true - full_name: - type: string - example: null - nullable: true - username: - type: string - example: elastic - nullable: true - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - required: - - email - - full_name - - username - case_response_pushed_by_properties: - title: Case response properties for pushed_by - type: object - nullable: true - properties: - email: - type: string - example: null - nullable: true - full_name: - type: string - example: null - nullable: true - username: - type: string - example: elastic - nullable: true - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - required: - - email - - full_name - - username - case_response_updated_by_properties: - title: Case response properties for updated_by - type: object - nullable: true - properties: - email: - type: string - example: null - nullable: true - full_name: - type: string - example: null - nullable: true - username: - type: string - example: elastic - nullable: true - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - required: - - email - - full_name - - username - user_comment_response_properties: - title: Case response properties for user comments - type: object - required: - - type - properties: - comment: - type: string - example: A new comment. - created_at: - type: string - format: date-time - example: '2022-05-13T09:16:17.416Z' - created_by: - $ref: '#/components/schemas/case_response_created_by_properties' - id: - type: string - example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 - owner: - $ref: '#/components/schemas/owners' - pushed_at: - type: string - format: date-time - nullable: true - example: null - pushed_by: - $ref: '#/components/schemas/case_response_pushed_by_properties' - type: - type: string - example: user - enum: - - user - updated_at: - type: string - format: date-time - nullable: true - example: null - updated_by: - $ref: '#/components/schemas/case_response_updated_by_properties' - version: - type: string - example: WzIwNDMxLDFd - external_service: - type: object - nullable: true - properties: - connector_id: - type: string - connector_name: - type: string - external_id: - type: string - external_title: - type: string - external_url: - type: string - pushed_at: - type: string - format: date-time - pushed_by: - type: object - properties: - email: - type: string - example: null - nullable: true - full_name: - type: string - example: null - nullable: true - username: - type: string - example: elastic - nullable: true - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - nullable: true - status: - type: string - description: The status of the case. - enum: - - closed - - in-progress - - open - case_response_properties: - title: Case response properties - type: object - required: - - closed_at - - closed_by - - comments - - connector - - created_at - - created_by - - description - - duration - - external_service - - id - - owner - - settings - - severity - - status - - tags - - title - - totalAlerts - - totalComment - - updated_at - - updated_by - - version - properties: - assignees: - type: array - description: An array containing users that are assigned to the case. - nullable: true - items: - type: object - required: - - uid - properties: - uid: - type: string - description: A unique identifier for the user profile. You can use the get user profile API to retrieve more details. - example: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 - closed_at: - type: string - format: date-time - nullable: true - closed_by: - $ref: '#/components/schemas/case_response_closed_by_properties' - comments: - title: Case response properties for comments - description: An array of comment objects for the case. - type: array - items: - discriminator: - propertyName: type - oneOf: - - $ref: '#/components/schemas/alert_comment_response_properties' - - $ref: '#/components/schemas/user_comment_response_properties' - connector: - title: Case response properties for connectors - discriminator: - propertyName: type - oneOf: - - $ref: '#/components/schemas/connector_properties_none' - - $ref: '#/components/schemas/connector_properties_cases_webhook' - - $ref: '#/components/schemas/connector_properties_jira' - - $ref: '#/components/schemas/connector_properties_resilient' - - $ref: '#/components/schemas/connector_properties_servicenow' - - $ref: '#/components/schemas/connector_properties_servicenow_sir' - - $ref: '#/components/schemas/connector_properties_swimlane' - created_at: - type: string - format: date-time - example: '2022-05-13T09:16:17.416Z' - created_by: - $ref: '#/components/schemas/case_response_created_by_properties' - description: - type: string - example: A case description. - duration: - type: integer - description: | - The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero. - nullable: true - example: 120 - external_service: - $ref: '#/components/schemas/external_service' - id: - type: string - example: 66b9aa00-94fa-11ea-9f74-e7e108796192 - owner: - $ref: '#/components/schemas/owners' - settings: - $ref: '#/components/schemas/settings' - severity: - $ref: '#/components/schemas/severity_property' - status: - $ref: '#/components/schemas/status' - tags: - type: array - items: - type: string - example: - - tag-1 - title: - type: string - example: Case title 1 - totalAlerts: - type: integer - example: 0 - totalComment: - type: integer - example: 0 - updated_at: - type: string - format: date-time - nullable: true - updated_by: - $ref: '#/components/schemas/case_response_updated_by_properties' - version: - type: string - example: WzUzMiwxXQ== - update_case_request: - title: Update case request - description: The update case API request body varies depending on the type of connector. - type: object - required: - - cases - properties: - cases: - type: array - description: An array containing one or more case objects. - items: - type: object - required: - - id - - version - properties: - assignees: - type: array - description: An array containing users that are assigned to the case. - nullable: true - items: - type: object - required: - - uid - properties: - uid: - type: string - description: A unique identifier for the user profile. These identifiers can be found by using the suggest user profile API. - example: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 - connector: - oneOf: - - $ref: '#/components/schemas/connector_properties_none' - - $ref: '#/components/schemas/connector_properties_cases_webhook' - - $ref: '#/components/schemas/connector_properties_jira' - - $ref: '#/components/schemas/connector_properties_resilient' - - $ref: '#/components/schemas/connector_properties_servicenow' - - $ref: '#/components/schemas/connector_properties_servicenow_sir' - - $ref: '#/components/schemas/connector_properties_swimlane' - description: - description: An updated description for the case. - type: string - id: - description: The identifier for the case. - type: string - settings: - $ref: '#/components/schemas/settings' - severity: - $ref: '#/components/schemas/severity_property' - status: - $ref: '#/components/schemas/status' - tags: - description: The words and phrases that help categorize cases. - type: array - items: - type: string - title: - description: A title for the case. - type: string - version: - description: The current version of the case. To determine this value, use the get case or find cases APIs. - type: string - closure_types: - type: string - description: Indicates whether a case is automatically closed when it is pushed to external systems (`close-by-pushing`) or not automatically closed (`close-by-user`). - enum: - - close-by-pushing - - close-by-user - example: close-by-user - connector_types: - type: string - description: The type of connector. - enum: - - .cases-webhook - - .jira - - .none - - .resilient - - .servicenow - - .servicenow-sir - - .swimlane - example: .none - alert_identifiers: - title: Alert identifiers - description: | - The alert identifier. It is required only when `type` is `alert`. If it is an array, `index` must also be an array with the same length or number of elements. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. - oneOf: - - type: string - - type: array - items: - type: string - x-technical-preview: true - example: 6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42 - alert_indices: - title: Alert indices - description: | - The alert index. It is required only when `type` is `alert`. If it is an array, `alertId` must also be an array with the same length or number of elements. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. - oneOf: - - type: string - - type: array - items: - type: string - x-technical-preview: true - rule: - title: Alerting rule - description: | - The rule that is associated with the alert. It is required only when `type` is `alert`. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. - type: object - x-technical-preview: true - properties: - id: - description: The rule identifier. - type: string - example: 94d80550-aaf4-11ec-985f-97e55adae8b9 - name: - description: The rule name. - type: string - example: security_rule - add_alert_comment_request_properties: - title: Add case comment request properties for alerts - required: - - alertId - - index - - owner - - rule - - type - description: Defines properties for case comment requests when type is alert. - type: object - properties: - alertId: - $ref: '#/components/schemas/alert_identifiers' - index: - $ref: '#/components/schemas/alert_indices' - owner: - $ref: '#/components/schemas/owners' - rule: - $ref: '#/components/schemas/rule' - type: - description: The type of comment. - type: string - example: alert - enum: - - alert - add_user_comment_request_properties: - title: Add case comment request properties for user comments - description: Defines properties for case comment requests when type is user. - type: object - properties: - comment: - description: The new comment. It is required only when `type` is `user`. - type: string - example: A new comment. - owner: - $ref: '#/components/schemas/owners' - type: - type: string - description: The type of comment. - example: user - enum: - - user - required: - - comment - - owner - - type - add_case_comment_request: - title: Add case comment request - description: The add comment to case API request body varies depending on whether you are adding an alert or a comment. - discriminator: - propertyName: type - oneOf: - - $ref: '#/components/schemas/add_alert_comment_request_properties' - - $ref: '#/components/schemas/add_user_comment_request_properties' - update_alert_comment_request_properties: - title: Update case comment request properties for alerts - description: Defines properties for case comment requests when type is alert. - required: - - alertId - - id - - index - - owner - - rule - - type - - version - type: object - properties: - alertId: - $ref: '#/components/schemas/alert_identifiers' - id: - type: string - description: | - The identifier for the comment. To retrieve comment IDs, use the get comments API. - example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 - index: - $ref: '#/components/schemas/alert_indices' - owner: - $ref: '#/components/schemas/owners' - rule: - $ref: '#/components/schemas/rule' - type: - description: The type of comment. - type: string - enum: - - alert - example: alert - version: - description: | - The current comment version. To retrieve version values, use the get comments API. - type: string - example: Wzk1LDFd - update_user_comment_request_properties: - title: Update case comment request properties for user comments - description: Defines properties for case comment requests when type is user. - type: object - properties: - comment: - description: The new comment. It is required only when `type` is `user`. - type: string - example: A new comment. - id: - type: string - description: | - The identifier for the comment. To retrieve comment IDs, use the get comments API. - example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 - owner: - $ref: '#/components/schemas/owners' - type: - type: string - description: The type of comment. - enum: - - user - example: user - version: - description: | - The current comment version. To retrieve version values, use the get comments API. - type: string - example: Wzk1LDFd - required: - - comment - - id - - owner - - type - - version - update_case_comment_request: - title: Update case comment request - description: The update case comment API request body varies depending on whether you are updating an alert or a comment. - discriminator: - propertyName: type - oneOf: - - $ref: '#/components/schemas/update_alert_comment_request_properties' - - $ref: '#/components/schemas/update_user_comment_request_properties' - examples: - create_case_request: - summary: Create a security case that uses a Jira connector. - value: - description: A case description. - title: Case title 1 - tags: - - tag-1 - connector: - id: 131d4448-abe0-4789-939d-8ef60680b498 - name: My connector - type: .jira - fields: - issueType: '10006' - priority: High - parent: null - settings: - syncAlerts: true - owner: cases - create_case_response: - summary: The create case API returns a JSON object that contains details about the case. - value: - comments: [] - totalAlerts: 0 - id: 66b9aa00-94fa-11ea-9f74-e7e108796192 - version: WzUzMiwxXQ== - totalComment: 1 - title: Case title 1 - tags: - - tag 1 - assignees: [] - description: A case description. - settings: - syncAlerts: false - owner: cases - duration: null - severity: low - closed_at: null - closed_by: null - created_at: '2022-03-24T00:37:03.906Z' - created_by: - username: elastic - full_name: null - email: null - status: open - updated_at: null - updated_by: null - connector: - id: 131d4448-abe0-4789-939d-8ef60680b498 - name: My connector - type: .jira - fields: - issueType: '10006' - parent: null - priority: High - external_service: null - update_case_request: - summary: Update the case description, tags, and connector. - value: - cases: - - id: a18b38a0-71b0-11ea-a0b2-c51ea50a58e2 - version: WzIzLDFd - connector: - id: 131d4448-abe0-4789-939d-8ef60680b498 - name: My connector - type: .jira - fields: - issueType: '10006' - priority: null - parent: null - description: A case description. - tags: - - tag-1 - settings: - syncAlerts: true - update_case_response: - summary: This is an example response when the case description, tags, and connector were updated. - value: - - id: 66b9aa00-94fa-11ea-9f74-e7e108796192 - version: WzU0OCwxXQ== - comments: [] - totalComment: 0 - totalAlerts: 0 - title: Case title 1 - tags: - - tag-1 - settings: - syncAlerts: true - owner: cases - description: A case description. - duration: null - severity: low - closed_at: null - closed_by: null - created_at: '2022-05-13T09:16:17.416Z' - created_by: - email: null - full_name: null - username: elastic - status: open - updated_at: '2022-05-13T09:48:33.043Z' - updated_by: - email: null - full_name: null - username: elastic - assignees: [] - connector: - id: 131d4448-abe0-4789-939d-8ef60680b498 - name: My connector - type: .jira - fields: - issueType: '10006' - parent: null - priority: null - external_service: - external_title: IS-4 - pushed_by: - full_name: null - email: null - username: elastic - external_url: https://hms.atlassian.net/browse/IS-4 - pushed_at: '2022-05-13T09:20:40.672Z' - connector_id: 05da469f-1fde-4058-99a3-91e4807e2de8 - external_id: '10003' - connector_name: Jira - set_case_configuration_request: - summary: Set the closure type and default connector for Stack Management cases. - value: - owner: cases - connector: - id: 5e656730-e1ca-11ec-be9b-9b1838238ee6 - name: my-jira-connector - type: .jira - fields: null - closure_type: close-by-user - set_case_configuration_response: - summary: This is an example response when the case configuration was updated. - value: - closure_type: close-by-user - owner: cases - created_at: '2022-06-01T17:07:17.767Z' - created_by: - username: elastic - email: null, - full_name: null - updated_at: null - updated_by: null - connector: - id: 5e656730-e1ca-11ec-be9b-9b1838238ee6 - name: my-jira-connector - type: .jira - fields: null - mappings: - - source: title - target: summary - action_type: overwrite - - source: description - target: description - action_type: overwrite - - source: comments - target: comments - action_type: append - version: WzIwNzMsMV0= - error: null - id: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 - get_reporters_response: - summary: A list of three users that opened cases - value: - - username: elastic - full_name: null - email: null - - username: user1 - full_name: User 1 - email: user1@elastic.co - - username: user2 - full_name: User 2 - email: user2@elastic.co - get_status_response: - summary: Get the number of cases in each state. - value: - count_open_cases: 27 - count_in_progress_cases: 50 - count_closed_cases: 198 - get_tags_response: - summary: A list of tags that are used in cases - value: - - observability - - security - - tag 1 - - tag 2 - get_case_response: - summary: Retrieves information about a case including its comments. - value: - id: 31cdada0-02c1-11ed-85f2-4f7c222ca2fa - version: WzM2LDFd - comments: - - id: 2134c1d0-02c2-11ed-85f2-4f7c222ca2fa - version: WzM3LDFd - type: user - owner: cases - comment: A new comment - created_at: '2022-07-13T15:40:32.335Z' - created_by: - email: null - full_name: null - username: elastic - pushed_at: null - pushed_by: null - updated_at: null - updated_by: null - totalComment: 1 - totalAlerts: 0 - title: Case title 1 - tags: - - tag 1 - settings: - syncAlerts: true - owner: cases - description: A case description - duration: null - severity: low - closed_at: null - closed_by: null - created_at: '2022-07-13T15:33:50.604Z' - created_by: - username: elastic - email: null - full_name: null - status: open - updated_at: '2022-07-13T15:40:32.335Z' - updated_by: - full_name: null - email: null - username: elastic - assignees: - - uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - connector: - id: none - name: none - type: .none - fields: null - external_service: null - add_comment_request: - summary: Adds a comment to a case. - value: - type: user - comment: A new comment. - owner: cases - add_comment_response: - summary: The add comment to case API returns a JSON object that contains details about the case and its comments. - value: - comments: - - id: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 - version: WzIwNDMxLDFd - type: user - owner: cases - comment: A new comment. - created_at: '2022-06-02T00:49:47.716Z' - created_by: - username: elastic - email: null - full_name: null - totalAlerts: 0 - id: 293f1bc0-74f6-11ea-b83a-553aecdb28b6 - version: WzIzMzgsMV0= - totalComment: 1 - title: Case title 1 - tags: - - tag 1 - description: A case description. - settings: - syncAlerts: false - owner: cases - duration: null - severity: low - closed_at: null - closed_by: null - created_at: '2022-03-24T00:37:03.906Z' - created_by: - username: elastic - full_name: null - email: null - status: open - updated_at: '2022-06-03T00:49:47.716Z' - updated_by: - username: elastic - email: null - full_name: null - connector: - id: none - name: none - type: .none - fields: null - external_service: null - update_comment_request: - summary: Updates a comment of a case. - value: - id: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 - version: Wzk1LDFd - type: user - comment: An updated comment. - owner: cases - update_comment_response: - summary: The add comment to case API returns a JSON object that contains details about the case and its comments. - value: - comments: - - id: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 - version: WzIwNjM3LDFd - comment: An updated comment. - type: user - owner: cases - created_at: '2022-03-24T00:37:10.832Z' - created_by: - username: elastic - full_name: null - email: null - pushed_at: null - pushed_by: null - updated_at: '2022-03-24T01:27:06.210Z' - updated_by: - username: elastic - full_name: null - email: null - totalAlerts: 0 - id: 293f1bc0-74f6-11ea-b83a-553aecdb28b6 - version: WzIwNjM2LDFd - totalComment: 1 - title: Case title 1 - tags: - - tag 1 - description: A case description. - settings: - syncAlerts: false - owner: cases - duration: null - severity: low - closed_at: null - closed_by: null - created_at: '2022-03-24T00:37:03.906Z' - created_by: - username: elastic - full_name: null - email: null - status: open - updated_at: '2022-03-24T01:27:06.210Z' - updated_by: - username: elastic - full_name: null - email: null - connector: - id: none - name: none - type: .none - fields: null - external_service: null - get_comment_response: - summary: A single user comment retrieved from a case - value: - id: 8048b460-fe2b-11ec-b15d-779a7c8bbcc3 - version: WzIzLDFd - type: user - owner: cases - comment: A new comment - created_at: '2022-07-07T19:32:13.104Z' - created_by: - email: null - full_name: null - username: elastic - pushed_at: null - pushed_by: null - updated_at: null - updated_by: null - push_case_response: - summary: The push case API returns a JSON object with details about the case and the external service. - value: - id: b917f300-0ed9-11ed-bd18-65557fe66949 - version: WzE3NjgsM10= - comments: [] - totalComment: 0 - totalAlerts: 0 - description: A case description. - title: Case title 1 - tags: - - tag 1 - settings: - syncAlerts: true - owner: cases - duration: null - severity: low - closed_at: null - closed_by: null - created_at: '2022-07-29T00:59:39.444Z' - created_by: - username: elastic - email: null - full_name: null - status: open - updated_at: '2022-07-29T01:20:58.436Z' - updated_by: - username: elastic - full_name: null - email: null - connector: - id: 09f8c0b0-0eda-11ed-bd18-65557fe66949 - name: My connector - type: .jira - fields: - issueType: '10006' - parent: null - priority: Low - external_service: - pushed_at: '2022-07-29T01:20:58.436Z' - pushed_by: - username: elastic - full_name: null - email: null - connector_name: My connector - external_id: '71926' - external_title: ES-554 - external_url: https://cases.jira.com - connector_id: 09f8c0b0-0eda-11ed-bd18-65557fe66949 -security: - - basicAuth: [] - - apiKeyAuth: [] diff --git a/x-pack/plugins/cases/docs/openapi/bundled.json b/x-pack/plugins/cases/docs/openapi/bundled.json index 4202c658ee4ff..ebdc5cb9cf859 100644 --- a/x-pack/plugins/cases/docs/openapi/bundled.json +++ b/x-pack/plugins/cases/docs/openapi/bundled.json @@ -16,10 +16,6 @@ { "name": "cases", "description": "Case APIs enable you to open and track issues." - }, - { - "name": "kibana", - "description": "Kibana APIs enable you to interact with Kibana features." } ], "servers": [ @@ -46,140 +42,11 @@ } ], "requestBody": { + "required": true, "content": { "application/json": { "schema": { - "type": "object", - "properties": { - "connector": { - "description": "An object that contains the connector configuration.", - "type": "object", - "properties": { - "fields": { - "description": "An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.", - "nullable": true, - "type": "object", - "properties": { - "caseId": { - "description": "The case identifier for Swimlane connectors.", - "type": "string" - }, - "category": { - "description": "The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.", - "type": "string" - }, - "destIp": { - "description": "A comma-separated list of destination IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "impact": { - "description": "The effect an incident had on business for ServiceNow ITSM connectors.", - "type": "string" - }, - "issueType": { - "description": "The type of issue for Jira connectors.", - "type": "string" - }, - "issueTypes": { - "description": "The type of incident for IBM Resilient connectors.", - "type": "array", - "items": { - "type": "number" - } - }, - "malwareHash": { - "description": "A comma-separated list of malware hashes for ServiceNow SecOps connectors.", - "type": "string" - }, - "malwareUrl": { - "description": "A comma-separated list of malware URLs for ServiceNow SecOps connectors.", - "type": "string" - }, - "parent": { - "description": "The key of the parent issue, when the issue type is sub-task for Jira connectors.", - "type": "string" - }, - "priority": { - "description": "The priority of the issue for Jira and ServiceNow SecOps connectors.", - "type": "string" - }, - "severity": { - "description": "The severity of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "severityCode": { - "description": "The severity code of the incident for IBM Resilient connectors.", - "type": "number" - }, - "sourceIp": { - "description": "A comma-separated list of source IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "subcategory": { - "description": "The subcategory of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "urgency": { - "description": "The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.", - "type": "string" - } - }, - "example": null - }, - "id": { - "description": "The identifier for the connector. To create a case without a connector, use `none`.", - "type": "string", - "example": "none" - }, - "name": { - "description": "The name of the connector. To create a case without a connector, use `none`.", - "type": "string", - "example": "none" - }, - "type": { - "$ref": "#/components/schemas/connector_types" - } - }, - "required": [ - "fields", - "id", - "name", - "type" - ] - }, - "description": { - "description": "The description for the case.", - "type": "string" - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "settings": { - "$ref": "#/components/schemas/settings" - }, - "severity": { - "$ref": "#/components/schemas/severity_property" - }, - "tags": { - "description": "The words and phrases that help categorize cases. It can be an empty array.", - "type": "array", - "items": { - "type": "string" - } - }, - "title": { - "description": "A title for the case.", - "type": "string" - } - }, - "required": [ - "connector", - "description", - "owner", - "settings", - "tags", - "title" - ] + "$ref": "#/components/schemas/create_case_request" }, "examples": { "createCaseRequest": { @@ -193,251 +60,9 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { - "type": "object", - "properties": { - "closed_at": { - "type": "string", - "format": "date-time", - "nullable": true, - "example": null - }, - "closed_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "nullable": true, - "example": null - }, - "comments": { - "type": "array", - "items": { - "oneOf": [ - { - "$ref": "#/components/schemas/alert_comment_response_properties" - }, - { - "$ref": "#/components/schemas/user_comment_response_properties" - } - ] - }, - "example": [] - }, - "connector": { - "type": "object", - "properties": { - "fields": { - "description": "An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.", - "nullable": true, - "type": "object", - "properties": { - "caseId": { - "description": "The case identifier for Swimlane connectors.", - "type": "string" - }, - "category": { - "description": "The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.", - "type": "string" - }, - "destIp": { - "description": "A comma-separated list of destination IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "impact": { - "description": "The effect an incident had on business for ServiceNow ITSM connectors.", - "type": "string" - }, - "issueType": { - "description": "The type of issue for Jira connectors.", - "type": "string" - }, - "issueTypes": { - "description": "The type of incident for IBM Resilient connectors.", - "type": "array", - "items": { - "type": "number" - } - }, - "malwareHash": { - "description": "A comma-separated list of malware hashes for ServiceNow SecOps connectors.", - "type": "string" - }, - "malwareUrl": { - "description": "A comma-separated list of malware URLs for ServiceNow SecOps connectors.", - "type": "string" - }, - "parent": { - "description": "The key of the parent issue, when the issue type is sub-task for Jira connectors.", - "type": "string" - }, - "priority": { - "description": "The priority of the issue for Jira and ServiceNow SecOps connectors.", - "type": "string" - }, - "severity": { - "description": "The severity of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "severityCode": { - "description": "The severity code of the incident for IBM Resilient connectors.", - "type": "number" - }, - "sourceIp": { - "description": "A comma-separated list of source IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "subcategory": { - "description": "The subcategory of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "urgency": { - "description": "The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.", - "type": "string" - } - }, - "example": null - }, - "id": { - "description": "The identifier for the connector. To create a case without a connector, use `none`.", - "type": "string", - "example": "none" - }, - "name": { - "description": "The name of the connector. To create a case without a connector, use `none`.", - "type": "string", - "example": "none" - }, - "type": { - "$ref": "#/components/schemas/connector_types" - } - } - }, - "created_at": { - "type": "string", - "format": "date-time", - "example": "2022-05-13T09:16:17.416Z" - }, - "created_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - } - }, - "description": { - "type": "string", - "example": "A case description." - }, - "duration": { - "type": "integer", - "description": "The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero.\n", - "example": 120 - }, - "external_service": { - "$ref": "#/components/schemas/external_service" - }, - "id": { - "type": "string", - "example": "66b9aa00-94fa-11ea-9f74-e7e108796192" - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "settings": { - "$ref": "#/components/schemas/settings" - }, - "severity": { - "$ref": "#/components/schemas/severity_property" - }, - "status": { - "$ref": "#/components/schemas/status" - }, - "tags": { - "type": "array", - "items": { - "type": "string" - }, - "example": [ - "tag-1" - ] - }, - "title": { - "type": "string", - "example": "Case title 1" - }, - "totalAlerts": { - "type": "integer", - "example": 0 - }, - "totalComment": { - "type": "integer", - "example": 0 - }, - "updated_at": { - "type": "string", - "format": "date-time", - "nullable": true, - "example": null - }, - "updated_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "nullable": true, - "example": null - }, - "version": { - "type": "string", - "example": "WzUzMiwxXQ==" - } - } + "$ref": "#/components/schemas/case_response_properties" }, "examples": { "createCaseResponse": { @@ -509,149 +134,7 @@ "content": { "application/json": { "schema": { - "type": "object", - "properties": { - "cases": { - "type": "array", - "items": { - "type": "object", - "properties": { - "connector": { - "description": "An object that contains the connector configuration.", - "type": "object", - "properties": { - "fields": { - "description": "An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.", - "nullable": true, - "type": "object", - "properties": { - "caseId": { - "description": "The case identifier for Swimlane connectors.", - "type": "string" - }, - "category": { - "description": "The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.", - "type": "string" - }, - "destIp": { - "description": "A comma-separated list of destination IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "impact": { - "description": "The effect an incident had on business for ServiceNow ITSM connectors.", - "type": "string" - }, - "issueType": { - "description": "The type of issue for Jira connectors.", - "type": "string" - }, - "issueTypes": { - "description": "The type of incident for IBM Resilient connectors.", - "type": "array", - "items": { - "type": "number" - } - }, - "malwareHash": { - "description": "A comma-separated list of malware hashes for ServiceNow SecOps connectors.", - "type": "string" - }, - "malwareUrl": { - "description": "A comma-separated list of malware URLs for ServiceNow SecOps connectors.", - "type": "string" - }, - "parent": { - "description": "The key of the parent issue, when the issue type is sub-task for Jira connectors.", - "type": "string" - }, - "priority": { - "description": "The priority of the issue for Jira and ServiceNow SecOps connectors.", - "type": "string" - }, - "severity": { - "description": "The severity of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "severityCode": { - "description": "The severity code of the incident for IBM Resilient connectors.", - "type": "number" - }, - "sourceIp": { - "description": "A comma-separated list of source IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "subcategory": { - "description": "The subcategory of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "urgency": { - "description": "The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.", - "type": "string" - } - }, - "example": null - }, - "id": { - "description": "The identifier for the connector. To create a case without a connector, use `none`.", - "type": "string", - "example": "none" - }, - "name": { - "description": "The name of the connector. To create a case without a connector, use `none`.", - "type": "string", - "example": "none" - }, - "type": { - "$ref": "#/components/schemas/connector_types" - } - }, - "required": [ - "fields", - "id", - "name", - "type" - ] - }, - "description": { - "description": "The description for the case.", - "type": "string" - }, - "id": { - "description": "The identifier for the case.", - "type": "string" - }, - "settings": { - "$ref": "#/components/schemas/settings" - }, - "severity": { - "$ref": "#/components/schemas/severity_property" - }, - "status": { - "$ref": "#/components/schemas/status" - }, - "tags": { - "description": "The words and phrases that help categorize cases.", - "type": "array", - "items": { - "type": "string" - } - }, - "title": { - "description": "A title for the case.", - "type": "string" - }, - "version": { - "description": "The current version of the case.", - "type": "string" - } - }, - "required": [ - "id", - "version" - ] - } - } - } + "$ref": "#/components/schemas/update_case_request" }, "examples": { "updateCaseRequest": { @@ -665,250 +148,11 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { - "type": "object", - "properties": { - "closed_at": { - "type": "string", - "format": "date-time", - "nullable": true, - "example": null - }, - "closed_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "nullable": true, - "example": null - }, - "comments": { - "type": "array", - "items": { - "oneOf": [ - { - "$ref": "#/components/schemas/alert_comment_response_properties" - }, - { - "$ref": "#/components/schemas/user_comment_response_properties" - } - ] - }, - "example": [] - }, - "connector": { - "type": "object", - "properties": { - "fields": { - "description": "An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.", - "nullable": true, - "type": "object", - "properties": { - "caseId": { - "description": "The case identifier for Swimlane connectors.", - "type": "string" - }, - "category": { - "description": "The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.", - "type": "string" - }, - "destIp": { - "description": "A comma-separated list of destination IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "impact": { - "description": "The effect an incident had on business for ServiceNow ITSM connectors.", - "type": "string" - }, - "issueType": { - "description": "The type of issue for Jira connectors.", - "type": "string" - }, - "issueTypes": { - "description": "The type of incident for IBM Resilient connectors.", - "type": "array", - "items": { - "type": "number" - } - }, - "malwareHash": { - "description": "A comma-separated list of malware hashes for ServiceNow SecOps connectors.", - "type": "string" - }, - "malwareUrl": { - "description": "A comma-separated list of malware URLs for ServiceNow SecOps connectors.", - "type": "string" - }, - "parent": { - "description": "The key of the parent issue, when the issue type is sub-task for Jira connectors.", - "type": "string" - }, - "priority": { - "description": "The priority of the issue for Jira and ServiceNow SecOps connectors.", - "type": "string" - }, - "severity": { - "description": "The severity of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "severityCode": { - "description": "The severity code of the incident for IBM Resilient connectors.", - "type": "number" - }, - "sourceIp": { - "description": "A comma-separated list of source IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "subcategory": { - "description": "The subcategory of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "urgency": { - "description": "The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.", - "type": "string" - } - }, - "example": null - }, - "id": { - "description": "The identifier for the connector. To create a case without a connector, use `none`.", - "type": "string", - "example": "none" - }, - "name": { - "description": "The name of the connector. To create a case without a connector, use `none`.", - "type": "string", - "example": "none" - }, - "type": { - "$ref": "#/components/schemas/connector_types" - } - } - }, - "created_at": { - "type": "string", - "format": "date-time", - "example": "2022-05-13T09:16:17.416Z" - }, - "created_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - } - }, - "description": { - "type": "string", - "example": "A case description." - }, - "duration": { - "type": "integer", - "description": "The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero.\n", - "example": 120 - }, - "external_service": { - "$ref": "#/components/schemas/external_service" - }, - "id": { - "type": "string", - "example": "66b9aa00-94fa-11ea-9f74-e7e108796192" - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "settings": { - "$ref": "#/components/schemas/settings" - }, - "severity": { - "$ref": "#/components/schemas/severity_property" - }, - "status": { - "$ref": "#/components/schemas/status" - }, - "tags": { - "type": "array", - "items": { - "type": "string" - }, - "example": [ - "tag-1" - ] - }, - "title": { - "type": "string", - "example": "Case title 1" - }, - "totalAlerts": { - "type": "integer", - "example": 0 - }, - "totalComment": { - "type": "integer", - "example": 0 - }, - "updated_at": { - "type": "string", - "format": "date-time", - "nullable": true, - "example": null - }, - "updated_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "nullable": true, - "example": null - }, - "version": { - "type": "string", - "example": "WzUzMiwxXQ==" - } + "type": "array", + "items": { + "$ref": "#/components/schemas/case_response_properties" } }, "examples": { @@ -1120,256 +364,14 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { "type": "object", "properties": { "cases": { "type": "array", "items": { - "type": "object", - "properties": { - "closed_at": { - "type": "string", - "format": "date-time", - "nullable": true, - "example": null - }, - "closed_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "nullable": true, - "example": null - }, - "comments": { - "type": "array", - "items": { - "oneOf": [ - { - "$ref": "#/components/schemas/alert_comment_response_properties" - }, - { - "$ref": "#/components/schemas/user_comment_response_properties" - } - ] - }, - "example": [] - }, - "connector": { - "type": "object", - "properties": { - "fields": { - "description": "An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.", - "nullable": true, - "type": "object", - "properties": { - "caseId": { - "description": "The case identifier for Swimlane connectors.", - "type": "string" - }, - "category": { - "description": "The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.", - "type": "string" - }, - "destIp": { - "description": "A comma-separated list of destination IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "impact": { - "description": "The effect an incident had on business for ServiceNow ITSM connectors.", - "type": "string" - }, - "issueType": { - "description": "The type of issue for Jira connectors.", - "type": "string" - }, - "issueTypes": { - "description": "The type of incident for IBM Resilient connectors.", - "type": "array", - "items": { - "type": "number" - } - }, - "malwareHash": { - "description": "A comma-separated list of malware hashes for ServiceNow SecOps connectors.", - "type": "string" - }, - "malwareUrl": { - "description": "A comma-separated list of malware URLs for ServiceNow SecOps connectors.", - "type": "string" - }, - "parent": { - "description": "The key of the parent issue, when the issue type is sub-task for Jira connectors.", - "type": "string" - }, - "priority": { - "description": "The priority of the issue for Jira and ServiceNow SecOps connectors.", - "type": "string" - }, - "severity": { - "description": "The severity of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "severityCode": { - "description": "The severity code of the incident for IBM Resilient connectors.", - "type": "number" - }, - "sourceIp": { - "description": "A comma-separated list of source IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "subcategory": { - "description": "The subcategory of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "urgency": { - "description": "The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.", - "type": "string" - } - }, - "example": null - }, - "id": { - "description": "The identifier for the connector. To create a case without a connector, use `none`.", - "type": "string", - "example": "none" - }, - "name": { - "description": "The name of the connector. To create a case without a connector, use `none`.", - "type": "string", - "example": "none" - }, - "type": { - "$ref": "#/components/schemas/connector_types" - } - } - }, - "created_at": { - "type": "string", - "format": "date-time", - "example": "2022-05-13T09:16:17.416Z" - }, - "created_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - } - }, - "description": { - "type": "string", - "example": "A case description." - }, - "duration": { - "type": "integer", - "description": "The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero.\n", - "example": 120 - }, - "external_service": { - "$ref": "#/components/schemas/external_service" - }, - "id": { - "type": "string", - "example": "66b9aa00-94fa-11ea-9f74-e7e108796192" - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "settings": { - "$ref": "#/components/schemas/settings" - }, - "severity": { - "$ref": "#/components/schemas/severity_property" - }, - "status": { - "$ref": "#/components/schemas/status" - }, - "tags": { - "type": "array", - "items": { - "type": "string" - }, - "example": [ - "tag-1" - ] - }, - "title": { - "type": "string", - "example": "Case title 1" - }, - "totalAlerts": { - "type": "integer", - "example": 0 - }, - "totalComment": { - "type": "integer", - "example": 0 - }, - "updated_at": { - "type": "string", - "format": "date-time", - "nullable": true, - "example": null - }, - "updated_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "nullable": true, - "example": null - }, - "version": { - "type": "string", - "example": "WzUzMiwxXQ==" - } - } + "$ref": "#/components/schemas/case_response_properties" } }, "count_closed_cases": { @@ -1437,7 +439,7 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { "type": "array", "items": { @@ -1496,7 +498,7 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { "type": "array", "items": { @@ -1509,83 +511,17 @@ "type": "object", "properties": { "fields": { - "description": "An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.", + "description": "The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`.", "nullable": true, - "type": "object", - "properties": { - "caseId": { - "description": "The case identifier for Swimlane connectors.", - "type": "string" - }, - "category": { - "description": "The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.", - "type": "string" - }, - "destIp": { - "description": "A comma-separated list of destination IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "impact": { - "description": "The effect an incident had on business for ServiceNow ITSM connectors.", - "type": "string" - }, - "issueType": { - "description": "The type of issue for Jira connectors.", - "type": "string" - }, - "issueTypes": { - "description": "The type of incident for IBM Resilient connectors.", - "type": "array", - "items": { - "type": "number" - } - }, - "malwareHash": { - "description": "A comma-separated list of malware hashes for ServiceNow SecOps connectors.", - "type": "string" - }, - "malwareUrl": { - "description": "A comma-separated list of malware URLs for ServiceNow SecOps connectors.", - "type": "string" - }, - "parent": { - "description": "The key of the parent issue, when the issue type is sub-task for Jira connectors.", - "type": "string" - }, - "priority": { - "description": "The priority of the issue for Jira and ServiceNow SecOps connectors.", - "type": "string" - }, - "severity": { - "description": "The severity of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "severityCode": { - "description": "The severity code of the incident for IBM Resilient connectors.", - "type": "number" - }, - "sourceIp": { - "description": "A comma-separated list of source IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "subcategory": { - "description": "The subcategory of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "urgency": { - "description": "The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.", - "type": "string" - } - }, - "example": null + "type": "object" }, "id": { - "description": "The identifier for the connector. To create a case without a connector, use `none`.", + "description": "The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API.", "type": "string", "example": "none" }, "name": { - "description": "The name of the connector. To create a case without a connector, use `none`.", + "description": "The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API.", "type": "string", "example": "none" }, @@ -1604,20 +540,28 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", - "example": "elastic" + "example": "elastic", + "nullable": true + }, + "profile_uid": { + "type": "string", + "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" } } }, "error": { "type": "string", + "nullable": true, "example": null }, "id": { @@ -1658,15 +602,22 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", - "example": "elastic" + "example": "elastic", + "nullable": true + }, + "profile_uid": { + "type": "string", + "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" } }, "nullable": true @@ -1717,83 +668,17 @@ "type": "object", "properties": { "fields": { - "description": "An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.", + "description": "The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`.", "nullable": true, - "type": "object", - "properties": { - "caseId": { - "description": "The case identifier for Swimlane connectors.", - "type": "string" - }, - "category": { - "description": "The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.", - "type": "string" - }, - "destIp": { - "description": "A comma-separated list of destination IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "impact": { - "description": "The effect an incident had on business for ServiceNow ITSM connectors.", - "type": "string" - }, - "issueType": { - "description": "The type of issue for Jira connectors.", - "type": "string" - }, - "issueTypes": { - "description": "The type of incident for IBM Resilient connectors.", - "type": "array", - "items": { - "type": "number" - } - }, - "malwareHash": { - "description": "A comma-separated list of malware hashes for ServiceNow SecOps connectors.", - "type": "string" - }, - "malwareUrl": { - "description": "A comma-separated list of malware URLs for ServiceNow SecOps connectors.", - "type": "string" - }, - "parent": { - "description": "The key of the parent issue, when the issue type is sub-task for Jira connectors.", - "type": "string" - }, - "priority": { - "description": "The priority of the issue for Jira and ServiceNow SecOps connectors.", - "type": "string" - }, - "severity": { - "description": "The severity of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "severityCode": { - "description": "The severity code of the incident for IBM Resilient connectors.", - "type": "number" - }, - "sourceIp": { - "description": "A comma-separated list of source IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "subcategory": { - "description": "The subcategory of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "urgency": { - "description": "The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.", - "type": "string" - } - }, - "example": null + "type": "object" }, "id": { - "description": "The identifier for the connector. To create a case without a connector, use `none`.", + "description": "The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API.", "type": "string", "example": "none" }, "name": { - "description": "The name of the connector. To create a case without a connector, use `none`.", + "description": "The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API.", "type": "string", "example": "none" }, @@ -1831,6 +716,11 @@ "connector", "owner" ] + }, + "examples": { + "setCaseConfigRequest": { + "$ref": "#/components/examples/set_case_configuration_request" + } } } } @@ -1839,187 +729,138 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { - "type": "array", - "items": { - "type": "object", - "properties": { - "closure_type": { - "$ref": "#/components/schemas/closure_types" - }, - "connector": { - "type": "object", - "properties": { - "fields": { - "description": "An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.", - "nullable": true, - "type": "object", - "properties": { - "caseId": { - "description": "The case identifier for Swimlane connectors.", - "type": "string" - }, - "category": { - "description": "The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.", - "type": "string" - }, - "destIp": { - "description": "A comma-separated list of destination IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "impact": { - "description": "The effect an incident had on business for ServiceNow ITSM connectors.", - "type": "string" - }, - "issueType": { - "description": "The type of issue for Jira connectors.", - "type": "string" - }, - "issueTypes": { - "description": "The type of incident for IBM Resilient connectors.", - "type": "array", - "items": { - "type": "number" - } - }, - "malwareHash": { - "description": "A comma-separated list of malware hashes for ServiceNow SecOps connectors.", - "type": "string" - }, - "malwareUrl": { - "description": "A comma-separated list of malware URLs for ServiceNow SecOps connectors.", - "type": "string" - }, - "parent": { - "description": "The key of the parent issue, when the issue type is sub-task for Jira connectors.", - "type": "string" - }, - "priority": { - "description": "The priority of the issue for Jira and ServiceNow SecOps connectors.", - "type": "string" - }, - "severity": { - "description": "The severity of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "severityCode": { - "description": "The severity code of the incident for IBM Resilient connectors.", - "type": "number" - }, - "sourceIp": { - "description": "A comma-separated list of source IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "subcategory": { - "description": "The subcategory of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "urgency": { - "description": "The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.", - "type": "string" - } - }, - "example": null - }, - "id": { - "description": "The identifier for the connector. To create a case without a connector, use `none`.", - "type": "string", - "example": "none" - }, - "name": { - "description": "The name of the connector. To create a case without a connector, use `none`.", - "type": "string", - "example": "none" - }, - "type": { - "$ref": "#/components/schemas/connector_types" - } - } - }, - "created_at": { - "type": "string", - "format": "date-time", - "example": "2022-06-01T17:07:17.767Z" - }, - "created_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - } + "type": "object", + "properties": { + "closure_type": { + "$ref": "#/components/schemas/closure_types" + }, + "connector": { + "type": "object", + "properties": { + "fields": { + "description": "The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`.", + "nullable": true, + "type": "object" + }, + "id": { + "description": "The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API.", + "type": "string", + "example": "none" + }, + "name": { + "description": "The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API.", + "type": "string", + "example": "none" + }, + "type": { + "$ref": "#/components/schemas/connector_types" } - }, - "error": { - "type": "string", - "example": null - }, - "id": { - "type": "string", - "example": "4a97a440-e1cd-11ec-be9b-9b1838238ee6" - }, - "mappings": { - "type": "array", - "items": { - "type": "object", - "properties": { - "action_type": { - "type": "string", - "example": "overwrite" - }, - "source": { - "type": "string", - "example": "title" - }, - "target": { - "type": "string", - "example": "summary" - } - } + } + }, + "created_at": { + "type": "string", + "format": "date-time", + "example": "2022-06-01T17:07:17.767Z" + }, + "created_by": { + "type": "object", + "properties": { + "email": { + "type": "string", + "example": null, + "nullable": true + }, + "full_name": { + "type": "string", + "example": null, + "nullable": true + }, + "username": { + "type": "string", + "example": "elastic", + "nullable": true + }, + "profile_uid": { + "type": "string", + "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" } - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "updated_at": { - "type": "string", - "format": "date-time", - "nullable": true, - "example": "2022-06-01T19:58:48.169Z" - }, - "updated_by": { + } + }, + "error": { + "type": "string", + "nullable": true, + "example": null + }, + "id": { + "type": "string", + "example": "4a97a440-e1cd-11ec-be9b-9b1838238ee6" + }, + "mappings": { + "type": "array", + "items": { "type": "object", "properties": { - "email": { + "action_type": { "type": "string", - "example": null + "example": "overwrite" }, - "full_name": { + "source": { "type": "string", - "example": null + "example": "title" }, - "username": { + "target": { "type": "string", - "example": "elastic" + "example": "summary" } + } + } + }, + "owner": { + "$ref": "#/components/schemas/owners" + }, + "updated_at": { + "type": "string", + "format": "date-time", + "nullable": true, + "example": "2022-06-01T19:58:48.169Z" + }, + "updated_by": { + "type": "object", + "properties": { + "email": { + "type": "string", + "example": null, + "nullable": true }, - "nullable": true + "full_name": { + "type": "string", + "example": null, + "nullable": true + }, + "username": { + "type": "string", + "example": "elastic", + "nullable": true + }, + "profile_uid": { + "type": "string", + "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" + } }, - "version": { - "type": "string", - "example": "WzIwNzMsMV0=" - } + "nullable": true + }, + "version": { + "type": "string", + "example": "WzIwNzMsMV0=" } } + }, + "examples": { + "setCaseConfigResponse": { + "$ref": "#/components/examples/set_case_configuration_response" + } } } } @@ -2070,83 +911,17 @@ "type": "object", "properties": { "fields": { - "description": "An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.", + "description": "The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`.", "nullable": true, - "type": "object", - "properties": { - "caseId": { - "description": "The case identifier for Swimlane connectors.", - "type": "string" - }, - "category": { - "description": "The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.", - "type": "string" - }, - "destIp": { - "description": "A comma-separated list of destination IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "impact": { - "description": "The effect an incident had on business for ServiceNow ITSM connectors.", - "type": "string" - }, - "issueType": { - "description": "The type of issue for Jira connectors.", - "type": "string" - }, - "issueTypes": { - "description": "The type of incident for IBM Resilient connectors.", - "type": "array", - "items": { - "type": "number" - } - }, - "malwareHash": { - "description": "A comma-separated list of malware hashes for ServiceNow SecOps connectors.", - "type": "string" - }, - "malwareUrl": { - "description": "A comma-separated list of malware URLs for ServiceNow SecOps connectors.", - "type": "string" - }, - "parent": { - "description": "The key of the parent issue, when the issue type is sub-task for Jira connectors.", - "type": "string" - }, - "priority": { - "description": "The priority of the issue for Jira and ServiceNow SecOps connectors.", - "type": "string" - }, - "severity": { - "description": "The severity of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "severityCode": { - "description": "The severity code of the incident for IBM Resilient connectors.", - "type": "number" - }, - "sourceIp": { - "description": "A comma-separated list of source IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "subcategory": { - "description": "The subcategory of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "urgency": { - "description": "The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.", - "type": "string" - } - }, - "example": null + "type": "object" }, "id": { - "description": "The identifier for the connector. To create a case without a connector, use `none`.", + "description": "The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API.", "type": "string", "example": "none" }, "name": { - "description": "The name of the connector. To create a case without a connector, use `none`.", + "description": "The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API.", "type": "string", "example": "none" }, @@ -2178,7 +953,7 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { "type": "array", "items": { @@ -2191,83 +966,17 @@ "type": "object", "properties": { "fields": { - "description": "An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.", + "description": "The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`.", "nullable": true, - "type": "object", - "properties": { - "caseId": { - "description": "The case identifier for Swimlane connectors.", - "type": "string" - }, - "category": { - "description": "The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.", - "type": "string" - }, - "destIp": { - "description": "A comma-separated list of destination IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "impact": { - "description": "The effect an incident had on business for ServiceNow ITSM connectors.", - "type": "string" - }, - "issueType": { - "description": "The type of issue for Jira connectors.", - "type": "string" - }, - "issueTypes": { - "description": "The type of incident for IBM Resilient connectors.", - "type": "array", - "items": { - "type": "number" - } - }, - "malwareHash": { - "description": "A comma-separated list of malware hashes for ServiceNow SecOps connectors.", - "type": "string" - }, - "malwareUrl": { - "description": "A comma-separated list of malware URLs for ServiceNow SecOps connectors.", - "type": "string" - }, - "parent": { - "description": "The key of the parent issue, when the issue type is sub-task for Jira connectors.", - "type": "string" - }, - "priority": { - "description": "The priority of the issue for Jira and ServiceNow SecOps connectors.", - "type": "string" - }, - "severity": { - "description": "The severity of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "severityCode": { - "description": "The severity code of the incident for IBM Resilient connectors.", - "type": "number" - }, - "sourceIp": { - "description": "A comma-separated list of source IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "subcategory": { - "description": "The subcategory of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "urgency": { - "description": "The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.", - "type": "string" - } - }, - "example": null + "type": "object" }, "id": { - "description": "The identifier for the connector. To create a case without a connector, use `none`.", + "description": "The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API.", "type": "string", "example": "none" }, "name": { - "description": "The name of the connector. To create a case without a connector, use `none`.", + "description": "The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API.", "type": "string", "example": "none" }, @@ -2286,20 +995,28 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", - "example": "elastic" + "example": "elastic", + "nullable": true + }, + "profile_uid": { + "type": "string", + "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" } } }, "error": { "type": "string", + "nullable": true, "example": null }, "id": { @@ -2340,15 +1057,22 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", - "example": "elastic" + "example": "elastic", + "nullable": true + }, + "profile_uid": { + "type": "string", + "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" } }, "nullable": true @@ -2393,7 +1117,7 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { "type": "array", "items": { @@ -2476,7 +1200,7 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { "type": "array", "items": { @@ -2484,15 +1208,18 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", - "example": "elastic" + "example": "elastic", + "nullable": true }, "profile_uid": { "type": "string", @@ -2543,7 +1270,7 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { "type": "object", "properties": { @@ -2583,7 +1310,7 @@ "get": { "summary": "Aggregates and returns a list of case tags.", "operationId": "getCaseTags", - "description": "You must have read privileges for the **Cases*** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.\n", + "description": "You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.\n", "tags": [ "cases" ], @@ -2614,7 +1341,7 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { "type": "array", "items": { @@ -2672,251 +1399,9 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { - "type": "object", - "properties": { - "closed_at": { - "type": "string", - "format": "date-time", - "nullable": true, - "example": null - }, - "closed_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "nullable": true, - "example": null - }, - "comments": { - "type": "array", - "items": { - "oneOf": [ - { - "$ref": "#/components/schemas/alert_comment_response_properties" - }, - { - "$ref": "#/components/schemas/user_comment_response_properties" - } - ] - }, - "example": [] - }, - "connector": { - "type": "object", - "properties": { - "fields": { - "description": "An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.", - "nullable": true, - "type": "object", - "properties": { - "caseId": { - "description": "The case identifier for Swimlane connectors.", - "type": "string" - }, - "category": { - "description": "The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.", - "type": "string" - }, - "destIp": { - "description": "A comma-separated list of destination IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "impact": { - "description": "The effect an incident had on business for ServiceNow ITSM connectors.", - "type": "string" - }, - "issueType": { - "description": "The type of issue for Jira connectors.", - "type": "string" - }, - "issueTypes": { - "description": "The type of incident for IBM Resilient connectors.", - "type": "array", - "items": { - "type": "number" - } - }, - "malwareHash": { - "description": "A comma-separated list of malware hashes for ServiceNow SecOps connectors.", - "type": "string" - }, - "malwareUrl": { - "description": "A comma-separated list of malware URLs for ServiceNow SecOps connectors.", - "type": "string" - }, - "parent": { - "description": "The key of the parent issue, when the issue type is sub-task for Jira connectors.", - "type": "string" - }, - "priority": { - "description": "The priority of the issue for Jira and ServiceNow SecOps connectors.", - "type": "string" - }, - "severity": { - "description": "The severity of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "severityCode": { - "description": "The severity code of the incident for IBM Resilient connectors.", - "type": "number" - }, - "sourceIp": { - "description": "A comma-separated list of source IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "subcategory": { - "description": "The subcategory of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "urgency": { - "description": "The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.", - "type": "string" - } - }, - "example": null - }, - "id": { - "description": "The identifier for the connector. To create a case without a connector, use `none`.", - "type": "string", - "example": "none" - }, - "name": { - "description": "The name of the connector. To create a case without a connector, use `none`.", - "type": "string", - "example": "none" - }, - "type": { - "$ref": "#/components/schemas/connector_types" - } - } - }, - "created_at": { - "type": "string", - "format": "date-time", - "example": "2022-05-13T09:16:17.416Z" - }, - "created_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - } - }, - "description": { - "type": "string", - "example": "A case description." - }, - "duration": { - "type": "integer", - "description": "The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero.\n", - "example": 120 - }, - "external_service": { - "$ref": "#/components/schemas/external_service" - }, - "id": { - "type": "string", - "example": "66b9aa00-94fa-11ea-9f74-e7e108796192" - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "settings": { - "$ref": "#/components/schemas/settings" - }, - "severity": { - "$ref": "#/components/schemas/severity_property" - }, - "status": { - "$ref": "#/components/schemas/status" - }, - "tags": { - "type": "array", - "items": { - "type": "string" - }, - "example": [ - "tag-1" - ] - }, - "title": { - "type": "string", - "example": "Case title 1" - }, - "totalAlerts": { - "type": "integer", - "example": 0 - }, - "totalComment": { - "type": "integer", - "example": 0 - }, - "updated_at": { - "type": "string", - "format": "date-time", - "nullable": true, - "example": null - }, - "updated_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "nullable": true, - "example": null - }, - "version": { - "type": "string", - "example": "WzUzMiwxXQ==" - } - } + "$ref": "#/components/schemas/case_response_properties" }, "examples": { "getCaseResponse": { @@ -2960,7 +1445,7 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { "type": "array", "items": { @@ -2968,7 +1453,7 @@ } }, "examples": { - "createCaseCommentResponse": { + "getCaseAlertsResponse": { "$ref": "#/components/examples/get_case_alerts_response" } } @@ -3008,17 +1493,11 @@ } ], "requestBody": { + "required": true, "content": { "application/json": { "schema": { - "oneOf": [ - { - "$ref": "#/components/schemas/add_alert_comment_request_properties" - }, - { - "$ref": "#/components/schemas/add_user_comment_request_properties" - } - ] + "$ref": "#/components/schemas/add_case_comment_request" }, "examples": { "createCaseCommentRequest": { @@ -3032,251 +1511,9 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { - "type": "object", - "properties": { - "closed_at": { - "type": "string", - "format": "date-time", - "nullable": true, - "example": null - }, - "closed_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "nullable": true, - "example": null - }, - "comments": { - "type": "array", - "items": { - "oneOf": [ - { - "$ref": "#/components/schemas/alert_comment_response_properties" - }, - { - "$ref": "#/components/schemas/user_comment_response_properties" - } - ] - }, - "example": [] - }, - "connector": { - "type": "object", - "properties": { - "fields": { - "description": "An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.", - "nullable": true, - "type": "object", - "properties": { - "caseId": { - "description": "The case identifier for Swimlane connectors.", - "type": "string" - }, - "category": { - "description": "The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.", - "type": "string" - }, - "destIp": { - "description": "A comma-separated list of destination IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "impact": { - "description": "The effect an incident had on business for ServiceNow ITSM connectors.", - "type": "string" - }, - "issueType": { - "description": "The type of issue for Jira connectors.", - "type": "string" - }, - "issueTypes": { - "description": "The type of incident for IBM Resilient connectors.", - "type": "array", - "items": { - "type": "number" - } - }, - "malwareHash": { - "description": "A comma-separated list of malware hashes for ServiceNow SecOps connectors.", - "type": "string" - }, - "malwareUrl": { - "description": "A comma-separated list of malware URLs for ServiceNow SecOps connectors.", - "type": "string" - }, - "parent": { - "description": "The key of the parent issue, when the issue type is sub-task for Jira connectors.", - "type": "string" - }, - "priority": { - "description": "The priority of the issue for Jira and ServiceNow SecOps connectors.", - "type": "string" - }, - "severity": { - "description": "The severity of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "severityCode": { - "description": "The severity code of the incident for IBM Resilient connectors.", - "type": "number" - }, - "sourceIp": { - "description": "A comma-separated list of source IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "subcategory": { - "description": "The subcategory of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "urgency": { - "description": "The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.", - "type": "string" - } - }, - "example": null - }, - "id": { - "description": "The identifier for the connector. To create a case without a connector, use `none`.", - "type": "string", - "example": "none" - }, - "name": { - "description": "The name of the connector. To create a case without a connector, use `none`.", - "type": "string", - "example": "none" - }, - "type": { - "$ref": "#/components/schemas/connector_types" - } - } - }, - "created_at": { - "type": "string", - "format": "date-time", - "example": "2022-05-13T09:16:17.416Z" - }, - "created_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - } - }, - "description": { - "type": "string", - "example": "A case description." - }, - "duration": { - "type": "integer", - "description": "The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero.\n", - "example": 120 - }, - "external_service": { - "$ref": "#/components/schemas/external_service" - }, - "id": { - "type": "string", - "example": "66b9aa00-94fa-11ea-9f74-e7e108796192" - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "settings": { - "$ref": "#/components/schemas/settings" - }, - "severity": { - "$ref": "#/components/schemas/severity_property" - }, - "status": { - "$ref": "#/components/schemas/status" - }, - "tags": { - "type": "array", - "items": { - "type": "string" - }, - "example": [ - "tag-1" - ] - }, - "title": { - "type": "string", - "example": "Case title 1" - }, - "totalAlerts": { - "type": "integer", - "example": 0 - }, - "totalComment": { - "type": "integer", - "example": 0 - }, - "updated_at": { - "type": "string", - "format": "date-time", - "nullable": true, - "example": null - }, - "updated_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "nullable": true, - "example": null - }, - "version": { - "type": "string", - "example": "WzUzMiwxXQ==" - } - } + "$ref": "#/components/schemas/case_response_properties" }, "examples": { "createCaseCommentResponse": { @@ -3341,17 +1578,11 @@ } ], "requestBody": { + "required": true, "content": { "application/json": { "schema": { - "oneOf": [ - { - "$ref": "#/components/schemas/update_alert_comment_request_properties" - }, - { - "$ref": "#/components/schemas/update_user_comment_request_properties" - } - ] + "$ref": "#/components/schemas/update_case_comment_request" }, "examples": { "updateCaseCommentRequest": { @@ -3365,251 +1596,9 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { - "type": "object", - "properties": { - "closed_at": { - "type": "string", - "format": "date-time", - "nullable": true, - "example": null - }, - "closed_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "nullable": true, - "example": null - }, - "comments": { - "type": "array", - "items": { - "oneOf": [ - { - "$ref": "#/components/schemas/alert_comment_response_properties" - }, - { - "$ref": "#/components/schemas/user_comment_response_properties" - } - ] - }, - "example": [] - }, - "connector": { - "type": "object", - "properties": { - "fields": { - "description": "An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.", - "nullable": true, - "type": "object", - "properties": { - "caseId": { - "description": "The case identifier for Swimlane connectors.", - "type": "string" - }, - "category": { - "description": "The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.", - "type": "string" - }, - "destIp": { - "description": "A comma-separated list of destination IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "impact": { - "description": "The effect an incident had on business for ServiceNow ITSM connectors.", - "type": "string" - }, - "issueType": { - "description": "The type of issue for Jira connectors.", - "type": "string" - }, - "issueTypes": { - "description": "The type of incident for IBM Resilient connectors.", - "type": "array", - "items": { - "type": "number" - } - }, - "malwareHash": { - "description": "A comma-separated list of malware hashes for ServiceNow SecOps connectors.", - "type": "string" - }, - "malwareUrl": { - "description": "A comma-separated list of malware URLs for ServiceNow SecOps connectors.", - "type": "string" - }, - "parent": { - "description": "The key of the parent issue, when the issue type is sub-task for Jira connectors.", - "type": "string" - }, - "priority": { - "description": "The priority of the issue for Jira and ServiceNow SecOps connectors.", - "type": "string" - }, - "severity": { - "description": "The severity of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "severityCode": { - "description": "The severity code of the incident for IBM Resilient connectors.", - "type": "number" - }, - "sourceIp": { - "description": "A comma-separated list of source IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "subcategory": { - "description": "The subcategory of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "urgency": { - "description": "The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.", - "type": "string" - } - }, - "example": null - }, - "id": { - "description": "The identifier for the connector. To create a case without a connector, use `none`.", - "type": "string", - "example": "none" - }, - "name": { - "description": "The name of the connector. To create a case without a connector, use `none`.", - "type": "string", - "example": "none" - }, - "type": { - "$ref": "#/components/schemas/connector_types" - } - } - }, - "created_at": { - "type": "string", - "format": "date-time", - "example": "2022-05-13T09:16:17.416Z" - }, - "created_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - } - }, - "description": { - "type": "string", - "example": "A case description." - }, - "duration": { - "type": "integer", - "description": "The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero.\n", - "example": 120 - }, - "external_service": { - "$ref": "#/components/schemas/external_service" - }, - "id": { - "type": "string", - "example": "66b9aa00-94fa-11ea-9f74-e7e108796192" - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "settings": { - "$ref": "#/components/schemas/settings" - }, - "severity": { - "$ref": "#/components/schemas/severity_property" - }, - "status": { - "$ref": "#/components/schemas/status" - }, - "tags": { - "type": "array", - "items": { - "type": "string" - }, - "example": [ - "tag-1" - ] - }, - "title": { - "type": "string", - "example": "Case title 1" - }, - "totalAlerts": { - "type": "integer", - "example": 0 - }, - "totalComment": { - "type": "integer", - "example": 0 - }, - "updated_at": { - "type": "string", - "format": "date-time", - "nullable": true, - "example": null - }, - "updated_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "nullable": true, - "example": null - }, - "version": { - "type": "string", - "example": "WzUzMiwxXQ==" - } - } + "$ref": "#/components/schemas/case_response_properties" }, "examples": { "updateCaseCommentResponse": { @@ -3646,22 +1635,11 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { - "type": "array", - "items": { - "anyOf": [ - { - "$ref": "#/components/schemas/alert_comment_response_properties" - }, - { - "$ref": "#/components/schemas/user_comment_response_properties" - } - ] - } + "$ref": "#/components/schemas/case_response_properties" } - }, - "examples": {} + } } } }, @@ -3713,7 +1691,7 @@ "get": { "summary": "Retrieves a comment from a case.", "operationId": "getCaseComment", - "description": "You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security*** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.\n", + "description": "You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.\n", "tags": [ "cases" ], @@ -3732,7 +1710,7 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { "oneOf": [ { @@ -3788,258 +1766,21 @@ ], "requestBody": { "content": { - "application/json": {} + "application/json": { + "schema": { + "type": "object", + "nullable": true + } + } } }, "responses": { "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { - "type": "object", - "properties": { - "closed_at": { - "type": "string", - "format": "date-time", - "nullable": true, - "example": null - }, - "closed_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "nullable": true, - "example": null - }, - "comments": { - "type": "array", - "items": { - "oneOf": [ - { - "$ref": "#/components/schemas/alert_comment_response_properties" - }, - { - "$ref": "#/components/schemas/user_comment_response_properties" - } - ] - }, - "example": [] - }, - "connector": { - "type": "object", - "properties": { - "fields": { - "description": "An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.", - "nullable": true, - "type": "object", - "properties": { - "caseId": { - "description": "The case identifier for Swimlane connectors.", - "type": "string" - }, - "category": { - "description": "The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.", - "type": "string" - }, - "destIp": { - "description": "A comma-separated list of destination IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "impact": { - "description": "The effect an incident had on business for ServiceNow ITSM connectors.", - "type": "string" - }, - "issueType": { - "description": "The type of issue for Jira connectors.", - "type": "string" - }, - "issueTypes": { - "description": "The type of incident for IBM Resilient connectors.", - "type": "array", - "items": { - "type": "number" - } - }, - "malwareHash": { - "description": "A comma-separated list of malware hashes for ServiceNow SecOps connectors.", - "type": "string" - }, - "malwareUrl": { - "description": "A comma-separated list of malware URLs for ServiceNow SecOps connectors.", - "type": "string" - }, - "parent": { - "description": "The key of the parent issue, when the issue type is sub-task for Jira connectors.", - "type": "string" - }, - "priority": { - "description": "The priority of the issue for Jira and ServiceNow SecOps connectors.", - "type": "string" - }, - "severity": { - "description": "The severity of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "severityCode": { - "description": "The severity code of the incident for IBM Resilient connectors.", - "type": "number" - }, - "sourceIp": { - "description": "A comma-separated list of source IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "subcategory": { - "description": "The subcategory of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "urgency": { - "description": "The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.", - "type": "string" - } - }, - "example": null - }, - "id": { - "description": "The identifier for the connector. To create a case without a connector, use `none`.", - "type": "string", - "example": "none" - }, - "name": { - "description": "The name of the connector. To create a case without a connector, use `none`.", - "type": "string", - "example": "none" - }, - "type": { - "$ref": "#/components/schemas/connector_types" - } - } - }, - "created_at": { - "type": "string", - "format": "date-time", - "example": "2022-05-13T09:16:17.416Z" - }, - "created_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - } - }, - "description": { - "type": "string", - "example": "A case description." - }, - "duration": { - "type": "integer", - "description": "The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero.\n", - "example": 120 - }, - "external_service": { - "$ref": "#/components/schemas/external_service" - }, - "id": { - "type": "string", - "example": "66b9aa00-94fa-11ea-9f74-e7e108796192" - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "settings": { - "$ref": "#/components/schemas/settings" - }, - "severity": { - "$ref": "#/components/schemas/severity_property" - }, - "status": { - "$ref": "#/components/schemas/status" - }, - "tags": { - "type": "array", - "items": { - "type": "string" - }, - "example": [ - "tag-1" - ] - }, - "title": { - "type": "string", - "example": "Case title 1" - }, - "totalAlerts": { - "type": "integer", - "example": 0 - }, - "totalComment": { - "type": "integer", - "example": 0 - }, - "updated_at": { - "type": "string", - "format": "date-time", - "nullable": true, - "example": null - }, - "updated_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "nullable": true, - "example": null - }, - "version": { - "type": "string", - "example": "WzUzMiwxXQ==" - } - } + "$ref": "#/components/schemas/case_response_properties" }, "examples": { "pushCaseResponse": { @@ -4083,7 +1824,7 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { "type": "array", "items": { @@ -4228,211 +1969,570 @@ } }, "schemas": { - "connector_types": { - "type": "string", - "description": "The type of connector.", - "enum": [ - ".cases-webhook", - ".jira", - ".none", - ".resilient", - ".servicenow", - ".servicenow-sir", - ".swimlane" - ], - "example": ".none" + "assignees": { + "type": "array", + "description": "An array containing users that are assigned to the case.", + "nullable": true, + "items": { + "type": "object", + "required": [ + "uid" + ], + "properties": { + "uid": { + "type": "string", + "description": "A unique identifier for the user profile. These identifiers can be found by using the suggest user profile API.", + "example": "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0" + } + } + } }, - "owners": { - "type": "string", - "description": "The application that owns the cases: Stack Management, Observability, or Elastic Security.\n", - "enum": [ - "cases", - "observability", - "securitySolution" + "connector_properties_none": { + "title": "Create or update case request properties for no connector", + "required": [ + "fields", + "id", + "name", + "type" ], - "example": "cases" - }, - "settings": { + "description": "Defines properties for connectors when type is `.none`.", "type": "object", - "description": "An object that contains the case settings.", "properties": { - "syncAlerts": { - "description": "Turns alert syncing on or off.", - "type": "boolean", - "example": true + "fields": { + "description": "An object containing the connector fields. To create a case without a connector, specify null. To update a case to remove the connector, specify null.", + "nullable": true, + "type": "string", + "example": null + }, + "id": { + "description": "The identifier for the connector. To create a case without a connector, use `none`. To update a case to remove the connector, specify `none`.", + "type": "string", + "example": "none" + }, + "name": { + "description": "The name of the connector. To create a case without a connector, use `none`. To update a case to remove the connector, specify `none`.", + "type": "string", + "example": "none" + }, + "type": { + "description": "The type of connector. To create a case without a connector, use `.none`. To update a case to remove the connector, specify `.none`.", + "type": "string", + "example": ".none", + "enum": [ + ".none" + ] } } }, - "severity_property": { - "type": "string", - "description": "The severity of the case.", - "enum": [ - "critical", - "high", - "low", - "medium" + "connector_properties_cases_webhook": { + "title": "Create or upate case request properties for Cases Webhook connector", + "required": [ + "fields", + "id", + "name", + "type" ], - "default": "low" - }, - "alert_comment_response_properties": { + "description": "Defines properties for connectors when type is `.cases-webhook`.", "type": "object", "properties": { - "alertId": { + "fields": { "type": "string", - "example": "6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42" + "nullable": true, + "example": null }, - "created_at": { - "type": "string", - "format": "date-time", - "example": "2022-03-24T02:31:03.210Z" + "id": { + "description": "The identifier for the connector. To retrieve connector IDs, use the find connectors API.", + "type": "string" }, - "created_by": { + "name": { + "description": "The name of the connector.", + "type": "string" + }, + "type": { + "description": "The type of connector.", + "type": "string", + "example": ".cases-webhook", + "enum": [ + ".cases-webhook" + ] + } + } + }, + "connector_properties_jira": { + "title": "Create or update case request properties for a Jira connector", + "required": [ + "fields", + "id", + "name", + "type" + ], + "description": "Defines properties for connectors when type is `.jira`.", + "type": "object", + "properties": { + "fields": { + "description": "An object containing the connector fields. If you want to omit any individual field, specify null as its value.", "type": "object", + "required": [ + "issueType", + "parent", + "priority" + ], "properties": { - "email": { + "issueType": { + "description": "The type of issue.", "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null + "nullable": true }, - "username": { + "parent": { + "description": "The key of the parent issue, when the issue type is sub-task.", "type": "string", - "example": "elastic" + "nullable": true }, - "profile_uid": { + "priority": { + "description": "The priority of the issue.", "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" + "nullable": true } } }, "id": { - "type": "string", - "example": "73362370-ab1a-11ec-985f-97e55adae8b9" - }, - "index": { - "type": "string", - "example": ".internal.alerts-security.alerts-default-000001" + "description": "The identifier for the connector. To retrieve connector IDs, use the find connectors API.", + "type": "string" }, - "owner": { - "$ref": "#/components/schemas/owners" + "name": { + "description": "The name of the connector.", + "type": "string" }, - "pushed_at": { + "type": { + "description": "The type of connector.", "type": "string", - "format": "date-time", - "example": null, - "nullable": true - }, - "pushed_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "nullable": true - }, - "rule": { + "example": ".jira", + "enum": [ + ".jira" + ] + } + } + }, + "connector_properties_resilient": { + "title": "Create case request properties for a IBM Resilient connector", + "required": [ + "fields", + "id", + "name", + "type" + ], + "description": "Defines properties for connectors when type is `.resilient`.", + "type": "object", + "properties": { + "fields": { + "description": "An object containing the connector fields. If you want to omit any individual field, specify null as its value.", "type": "object", + "nullable": true, + "required": [ + "issueTypes", + "severityCode" + ], "properties": { - "id": { - "description": "The rule identifier.", - "type": "string", - "example": "94d80550-aaf4-11ec-985f-97e55adae8b9" + "issueTypes": { + "description": "The type of incident.", + "type": "array", + "items": { + "type": "string" + } }, - "name": { - "description": "The rule name.", - "type": "string", - "example": "security_rule" + "severityCode": { + "description": "The severity code of the incident.", + "type": "string" } } }, - "type": { - "type": "string", - "example": "alert" + "id": { + "description": "The identifier for the connector.", + "type": "string" }, - "updated_at": { - "type": "string", - "format": "date-time", - "example": null + "name": { + "description": "The name of the connector.", + "type": "string" }, - "updated_by": { + "type": { + "description": "The type of connector.", + "type": "string", + "example": ".resilient", + "enum": [ + ".resilient" + ] + } + } + }, + "connector_properties_servicenow": { + "title": "Create case request properties for a ServiceNow ITSM connector", + "required": [ + "fields", + "id", + "name", + "type" + ], + "description": "Defines properties for connectors when type is `.servicenow`.", + "type": "object", + "properties": { + "fields": { + "description": "An object containing the connector fields. If you want to omit any individual field, specify null as its value.", "type": "object", + "required": [ + "category", + "impact", + "severity", + "subcategory", + "urgency" + ], "properties": { - "email": { + "category": { + "description": "The category of the incident.", "type": "string", - "example": null + "nullable": true }, - "full_name": { + "impact": { + "description": "The effect an incident had on business.", "type": "string", - "example": null + "nullable": true }, - "username": { + "severity": { + "description": "The severity of the incident.", "type": "string", - "example": "elastic" + "nullable": true }, - "profile_uid": { + "subcategory": { + "description": "The subcategory of the incident.", "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" + "nullable": true + }, + "urgency": { + "description": "The extent to which the incident resolution can be delayed.", + "type": "string", + "nullable": true } } }, - "version": { + "id": { + "description": "The identifier for the connector. To retrieve connector IDs, use the find connectors API.", + "type": "string" + }, + "name": { + "description": "The name of the connector.", + "type": "string" + }, + "type": { + "description": "The type of connector.", "type": "string", - "example": "WzMwNDgsMV0=" + "example": ".servicenow", + "enum": [ + ".servicenow" + ] } } }, - "user_comment_response_properties": { + "connector_properties_servicenow_sir": { + "title": "Create case request properties for a ServiceNow SecOps connector", + "required": [ + "fields", + "id", + "name", + "type" + ], + "description": "Defines properties for connectors when type is `.servicenow-sir`.", "type": "object", "properties": { - "comment": { - "type": "string", - "example": "A new comment." - }, - "created_at": { - "type": "string", - "format": "date-time", - "example": "2022-05-13T09:16:17.416Z" - }, - "created_by": { + "fields": { + "description": "An object containing the connector fields. If you want to omit any individual field, specify null as its value.", "type": "object", + "required": [ + "category", + "destIp", + "malwareHash", + "malwareUrl", + "priority", + "sourceIp", + "subcategory" + ], "properties": { - "email": { + "category": { + "description": "The category of the incident.", "type": "string", - "example": null + "nullable": true }, - "full_name": { - "type": "string", - "example": null + "destIp": { + "description": "Indicates whether cases will send a comma-separated list of destination IPs.", + "type": "boolean", + "nullable": true }, - "username": { + "malwareHash": { + "description": "Indicates whether cases will send a comma-separated list of malware hashes.", + "type": "boolean", + "nullable": true + }, + "malwareUrl": { + "description": "Indicates whether cases will send a comma-separated list of malware URLs.", + "type": "boolean", + "nullable": true + }, + "priority": { + "description": "The priority of the issue.", "type": "string", - "example": "elastic" + "nullable": true }, - "profile_uid": { + "sourceIp": { + "description": "Indicates whether cases will send a comma-separated list of source IPs.", + "type": "boolean", + "nullable": true + }, + "subcategory": { + "description": "The subcategory of the incident.", "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" + "nullable": true } } }, "id": { - "type": "string", - "example": "8af6ac20-74f6-11ea-b83a-553aecdb28b6" + "description": "The identifier for the connector. To retrieve connector IDs, use the find connectors API.", + "type": "string" + }, + "name": { + "description": "The name of the connector.", + "type": "string" + }, + "type": { + "description": "The type of connector.", + "type": "string", + "example": ".servicenow-sir", + "enum": [ + ".servicenow-sir" + ] + } + } + }, + "connector_properties_swimlane": { + "title": "Create case request properties for a Swimlane connector", + "required": [ + "fields", + "id", + "name", + "type" + ], + "description": "Defines properties for connectors when type is `.swimlane`.", + "type": "object", + "properties": { + "fields": { + "description": "An object containing the connector fields. If you want to omit any individual field, specify null as its value.", + "type": "object", + "required": [ + "caseId" + ], + "properties": { + "caseId": { + "description": "The case identifier for Swimlane connectors.", + "type": "string", + "nullable": true + } + } + }, + "id": { + "description": "The identifier for the connector. To retrieve connector IDs, use the find connectors API.", + "type": "string" + }, + "name": { + "description": "The name of the connector.", + "type": "string" + }, + "type": { + "description": "The type of connector.", + "type": "string", + "example": ".swimlane", + "enum": [ + ".swimlane" + ] + } + } + }, + "owners": { + "type": "string", + "description": "The application that owns the cases: Stack Management, Observability, or Elastic Security.\n", + "enum": [ + "cases", + "observability", + "securitySolution" + ], + "example": "cases" + }, + "settings": { + "type": "object", + "description": "An object that contains the case settings.", + "required": [ + "syncAlerts" + ], + "properties": { + "syncAlerts": { + "description": "Turns alert syncing on or off.", + "type": "boolean", + "example": true + } + } + }, + "severity_property": { + "type": "string", + "description": "The severity of the case.", + "enum": [ + "critical", + "high", + "low", + "medium" + ], + "default": "low" + }, + "create_case_request": { + "title": "Create case request", + "description": "The create case API request body varies depending on the type of connector.", + "type": "object", + "required": [ + "connector", + "description", + "owner", + "settings", + "tags", + "title" + ], + "properties": { + "assignees": { + "$ref": "#/components/schemas/assignees" + }, + "connector": { + "oneOf": [ + { + "$ref": "#/components/schemas/connector_properties_none" + }, + { + "$ref": "#/components/schemas/connector_properties_cases_webhook" + }, + { + "$ref": "#/components/schemas/connector_properties_jira" + }, + { + "$ref": "#/components/schemas/connector_properties_resilient" + }, + { + "$ref": "#/components/schemas/connector_properties_servicenow" + }, + { + "$ref": "#/components/schemas/connector_properties_servicenow_sir" + }, + { + "$ref": "#/components/schemas/connector_properties_swimlane" + } + ] + }, + "description": { + "description": "The description for the case.", + "type": "string" + }, + "owner": { + "$ref": "#/components/schemas/owners" + }, + "settings": { + "$ref": "#/components/schemas/settings" + }, + "severity": { + "$ref": "#/components/schemas/severity_property" + }, + "tags": { + "description": "The words and phrases that help categorize cases. It can be an empty array.", + "type": "array", + "items": { + "type": "string" + } + }, + "title": { + "description": "A title for the case.", + "type": "string" + } + } + }, + "case_response_closed_by_properties": { + "title": "Case response properties for closed_by", + "type": "object", + "nullable": true, + "properties": { + "email": { + "type": "string", + "example": null, + "nullable": true + }, + "full_name": { + "type": "string", + "example": null, + "nullable": true + }, + "username": { + "type": "string", + "example": "elastic", + "nullable": true + }, + "profile_uid": { + "type": "string", + "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" + } + }, + "required": [ + "email", + "full_name", + "username" + ] + }, + "alert_comment_response_properties": { + "title": "Add case comment response properties for alerts", + "type": "object", + "required": [ + "type" + ], + "properties": { + "alertId": { + "type": "string", + "example": "6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42" + }, + "created_at": { + "type": "string", + "format": "date-time", + "example": "2022-03-24T02:31:03.210Z" + }, + "created_by": { + "type": "object", + "properties": { + "email": { + "type": "string", + "example": null, + "nullable": true + }, + "full_name": { + "type": "string", + "example": null, + "nullable": true + }, + "username": { + "type": "string", + "example": "elastic", + "nullable": true + }, + "profile_uid": { + "type": "string", + "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" + } + } + }, + "id": { + "type": "string", + "example": "73362370-ab1a-11ec-985f-97e55adae8b9" + }, + "index": { + "type": "string", + "example": ".internal.alerts-security.alerts-default-000001" }, "owner": { "$ref": "#/components/schemas/owners" @@ -4440,35 +2540,224 @@ "pushed_at": { "type": "string", "format": "date-time", - "nullable": true, - "example": null + "example": null, + "nullable": true }, "pushed_by": { "type": "object", "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", - "example": "elastic" + "example": "elastic", + "nullable": true }, "profile_uid": { "type": "string", "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" } }, + "nullable": true + }, + "rule": { + "type": "object", + "properties": { + "id": { + "description": "The rule identifier.", + "type": "string", + "example": "94d80550-aaf4-11ec-985f-97e55adae8b9" + }, + "name": { + "description": "The rule name.", + "type": "string", + "example": "security_rule" + } + } + }, + "type": { + "type": "string", + "example": "alert", + "enum": [ + "alert" + ] + }, + "updated_at": { + "type": "string", + "format": "date-time", + "example": null + }, + "updated_by": { + "type": "object", + "properties": { + "email": { + "type": "string", + "example": null, + "nullable": true + }, + "full_name": { + "type": "string", + "example": null, + "nullable": true + }, + "username": { + "type": "string", + "example": "elastic", + "nullable": true + }, + "profile_uid": { + "type": "string", + "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" + } + } + }, + "version": { + "type": "string", + "example": "WzMwNDgsMV0=" + } + } + }, + "case_response_created_by_properties": { + "title": "Case response properties for created_by", + "type": "object", + "properties": { + "email": { + "type": "string", + "example": null, + "nullable": true + }, + "full_name": { + "type": "string", + "example": null, + "nullable": true + }, + "username": { + "type": "string", + "example": "elastic", + "nullable": true + }, + "profile_uid": { + "type": "string", + "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" + } + }, + "required": [ + "email", + "full_name", + "username" + ] + }, + "case_response_pushed_by_properties": { + "title": "Case response properties for pushed_by", + "type": "object", + "nullable": true, + "properties": { + "email": { + "type": "string", + "example": null, + "nullable": true + }, + "full_name": { + "type": "string", + "example": null, + "nullable": true + }, + "username": { + "type": "string", + "example": "elastic", + "nullable": true + }, + "profile_uid": { + "type": "string", + "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" + } + }, + "required": [ + "email", + "full_name", + "username" + ] + }, + "case_response_updated_by_properties": { + "title": "Case response properties for updated_by", + "type": "object", + "nullable": true, + "properties": { + "email": { + "type": "string", + "example": null, + "nullable": true + }, + "full_name": { + "type": "string", + "example": null, + "nullable": true + }, + "username": { + "type": "string", + "example": "elastic", + "nullable": true + }, + "profile_uid": { + "type": "string", + "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" + } + }, + "required": [ + "email", + "full_name", + "username" + ] + }, + "user_comment_response_properties": { + "title": "Case response properties for user comments", + "type": "object", + "required": [ + "type" + ], + "properties": { + "comment": { + "type": "string", + "example": "A new comment." + }, + "created_at": { + "type": "string", + "format": "date-time", + "example": "2022-05-13T09:16:17.416Z" + }, + "created_by": { + "$ref": "#/components/schemas/case_response_created_by_properties" + }, + "id": { + "type": "string", + "example": "8af6ac20-74f6-11ea-b83a-553aecdb28b6" + }, + "owner": { + "$ref": "#/components/schemas/owners" + }, + "pushed_at": { + "type": "string", + "format": "date-time", "nullable": true, "example": null }, + "pushed_by": { + "$ref": "#/components/schemas/case_response_pushed_by_properties" + }, "type": { "type": "string", - "example": "user" + "example": "user", + "enum": [ + "user" + ] }, "updated_at": { "type": "string", @@ -4477,27 +2766,7 @@ "example": null }, "updated_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "nullable": true, - "example": null + "$ref": "#/components/schemas/case_response_updated_by_properties" }, "version": { "type": "string", @@ -4507,6 +2776,7 @@ }, "external_service": { "type": "object", + "nullable": true, "properties": { "connector_id": { "type": "string" @@ -4532,15 +2802,18 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", - "example": "elastic" + "example": "elastic", + "nullable": true }, "profile_uid": { "type": "string", @@ -4560,6 +2833,246 @@ "open" ] }, + "case_response_properties": { + "title": "Case response properties", + "type": "object", + "required": [ + "closed_at", + "closed_by", + "comments", + "connector", + "created_at", + "created_by", + "description", + "duration", + "external_service", + "id", + "owner", + "settings", + "severity", + "status", + "tags", + "title", + "totalAlerts", + "totalComment", + "updated_at", + "updated_by", + "version" + ], + "properties": { + "assignees": { + "$ref": "#/components/schemas/assignees" + }, + "closed_at": { + "type": "string", + "format": "date-time", + "nullable": true + }, + "closed_by": { + "$ref": "#/components/schemas/case_response_closed_by_properties" + }, + "comments": { + "title": "Case response properties for comments", + "description": "An array of comment objects for the case.", + "type": "array", + "items": { + "discriminator": { + "propertyName": "type" + }, + "oneOf": [ + { + "$ref": "#/components/schemas/alert_comment_response_properties" + }, + { + "$ref": "#/components/schemas/user_comment_response_properties" + } + ] + } + }, + "connector": { + "title": "Case response properties for connectors", + "discriminator": { + "propertyName": "type" + }, + "oneOf": [ + { + "$ref": "#/components/schemas/connector_properties_none" + }, + { + "$ref": "#/components/schemas/connector_properties_cases_webhook" + }, + { + "$ref": "#/components/schemas/connector_properties_jira" + }, + { + "$ref": "#/components/schemas/connector_properties_resilient" + }, + { + "$ref": "#/components/schemas/connector_properties_servicenow" + }, + { + "$ref": "#/components/schemas/connector_properties_servicenow_sir" + }, + { + "$ref": "#/components/schemas/connector_properties_swimlane" + } + ] + }, + "created_at": { + "type": "string", + "format": "date-time", + "example": "2022-05-13T09:16:17.416Z" + }, + "created_by": { + "$ref": "#/components/schemas/case_response_created_by_properties" + }, + "description": { + "type": "string", + "example": "A case description." + }, + "duration": { + "type": "integer", + "description": "The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero.\n", + "nullable": true, + "example": 120 + }, + "external_service": { + "$ref": "#/components/schemas/external_service" + }, + "id": { + "type": "string", + "example": "66b9aa00-94fa-11ea-9f74-e7e108796192" + }, + "owner": { + "$ref": "#/components/schemas/owners" + }, + "settings": { + "$ref": "#/components/schemas/settings" + }, + "severity": { + "$ref": "#/components/schemas/severity_property" + }, + "status": { + "$ref": "#/components/schemas/status" + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "tag-1" + ] + }, + "title": { + "type": "string", + "example": "Case title 1" + }, + "totalAlerts": { + "type": "integer", + "example": 0 + }, + "totalComment": { + "type": "integer", + "example": 0 + }, + "updated_at": { + "type": "string", + "format": "date-time", + "nullable": true + }, + "updated_by": { + "$ref": "#/components/schemas/case_response_updated_by_properties" + }, + "version": { + "type": "string", + "example": "WzUzMiwxXQ==" + } + } + }, + "update_case_request": { + "title": "Update case request", + "description": "The update case API request body varies depending on the type of connector.", + "type": "object", + "required": [ + "cases" + ], + "properties": { + "cases": { + "type": "array", + "description": "An array containing one or more case objects.", + "items": { + "type": "object", + "required": [ + "id", + "version" + ], + "properties": { + "assignees": { + "$ref": "#/components/schemas/assignees" + }, + "connector": { + "oneOf": [ + { + "$ref": "#/components/schemas/connector_properties_none" + }, + { + "$ref": "#/components/schemas/connector_properties_cases_webhook" + }, + { + "$ref": "#/components/schemas/connector_properties_jira" + }, + { + "$ref": "#/components/schemas/connector_properties_resilient" + }, + { + "$ref": "#/components/schemas/connector_properties_servicenow" + }, + { + "$ref": "#/components/schemas/connector_properties_servicenow_sir" + }, + { + "$ref": "#/components/schemas/connector_properties_swimlane" + } + ] + }, + "description": { + "description": "An updated description for the case.", + "type": "string" + }, + "id": { + "description": "The identifier for the case.", + "type": "string" + }, + "settings": { + "$ref": "#/components/schemas/settings" + }, + "severity": { + "$ref": "#/components/schemas/severity_property" + }, + "status": { + "$ref": "#/components/schemas/status" + }, + "tags": { + "description": "The words and phrases that help categorize cases.", + "type": "array", + "items": { + "type": "string" + } + }, + "title": { + "description": "A title for the case.", + "type": "string" + }, + "version": { + "description": "The current version of the case. To determine this value, use the get case or find cases APIs.", + "type": "string" + } + } + } + } + } + }, "closure_types": { "type": "string", "description": "Indicates whether a case is automatically closed when it is pushed to external systems (`close-by-pushing`) or not automatically closed (`close-by-user`).", @@ -4569,6 +3082,20 @@ ], "example": "close-by-user" }, + "connector_types": { + "type": "string", + "description": "The type of connector.", + "enum": [ + ".cases-webhook", + ".jira", + ".none", + ".resilient", + ".servicenow", + ".servicenow-sir", + ".swimlane" + ], + "example": ".none" + }, "alert_response_properties": { "type": "object", "properties": { @@ -4586,78 +3113,94 @@ } } }, - "add_alert_comment_request_properties": { + "alert_identifiers": { + "title": "Alert identifiers", + "description": "The alert identifier. It is required only when `type` is `alert`. If it is an array, `index` must also be an array with the same length or number of elements. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.\n", + "oneOf": [ + { + "type": "string" + }, + { + "type": "array", + "items": { + "type": "string" + } + } + ], + "x-technical-preview": true, + "example": "6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42" + }, + "alert_indices": { + "title": "Alert indices", + "description": "The alert index. It is required only when `type` is `alert`. If it is an array, `alertId` must also be an array with the same length or number of elements. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.\n", + "oneOf": [ + { + "type": "string" + }, + { + "type": "array", + "items": { + "type": "string" + } + } + ], + "x-technical-preview": true + }, + "rule": { + "title": "Alerting rule", + "description": "The rule that is associated with the alert. It is required only when `type` is `alert`. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.\n", "type": "object", + "x-technical-preview": true, "properties": { - "alertId": { - "description": "The alert identifier. It is required only when `type` is `alert`. If it is an array, `index` must also be an array. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.\n", - "oneOf": [ - { - "type": "string" - }, - { - "type": "array", - "items": { - "type": "string" - } - } - ], - "x-technical-preview": true, - "example": "6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42" + "id": { + "description": "The rule identifier.", + "type": "string", + "example": "94d80550-aaf4-11ec-985f-97e55adae8b9" + }, + "name": { + "description": "The rule name.", + "type": "string", + "example": "security_rule" + } + } + }, + "add_alert_comment_request_properties": { + "title": "Add case comment request properties for alerts", + "required": [ + "alertId", + "index", + "owner", + "rule", + "type" + ], + "description": "Defines properties for case comment requests when type is alert.", + "type": "object", + "properties": { + "alertId": { + "$ref": "#/components/schemas/alert_identifiers" }, "index": { - "description": "The alert index. It is required only when `type` is `alert`. If it is an array, `alertId` must also be an array. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.\n", - "oneOf": [ - { - "type": "string" - }, - { - "type": "array", - "items": { - "type": "string" - } - } - ], - "x-technical-preview": true + "$ref": "#/components/schemas/alert_indices" }, "owner": { "$ref": "#/components/schemas/owners" }, "rule": { - "description": "The rule that is associated with the alert. It is required only when `type` is `alert`. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.\n", - "type": "object", - "x-technical-preview": true, - "properties": { - "id": { - "description": "The rule identifier.", - "type": "string", - "example": "94d80550-aaf4-11ec-985f-97e55adae8b9" - }, - "name": { - "description": "The rule name.", - "type": "string", - "example": "security_rule" - } - } + "$ref": "#/components/schemas/rule" }, "type": { "description": "The type of comment.", "type": "string", + "example": "alert", "enum": [ "alert" - ], - "example": "alert" + ] } - }, - "required": [ - "alertId", - "index", - "owner", - "rule", - "type" - ] + } }, "add_user_comment_request_properties": { + "title": "Add case comment request properties for user comments", + "description": "Defines properties for case comment requests when type is user.", "type": "object", "properties": { "comment": { @@ -4671,10 +3214,10 @@ "type": { "type": "string", "description": "The type of comment.", + "example": "user", "enum": [ "user" - ], - "example": "user" + ] } }, "required": [ @@ -4683,24 +3226,37 @@ "type" ] }, + "add_case_comment_request": { + "title": "Add case comment request", + "description": "The add comment to case API request body varies depending on whether you are adding an alert or a comment.", + "discriminator": { + "propertyName": "type" + }, + "oneOf": [ + { + "$ref": "#/components/schemas/add_alert_comment_request_properties" + }, + { + "$ref": "#/components/schemas/add_user_comment_request_properties" + } + ] + }, "update_alert_comment_request_properties": { + "title": "Update case comment request properties for alerts", + "description": "Defines properties for case comment requests when type is alert.", + "required": [ + "alertId", + "id", + "index", + "owner", + "rule", + "type", + "version" + ], "type": "object", "properties": { "alertId": { - "description": "The alert identifier. It is required only when `type` is `alert`. If it is an array, `index` must also be an array. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.\n", - "oneOf": [ - { - "type": "string" - }, - { - "type": "array", - "items": { - "type": "string" - } - } - ], - "x-technical-preview": true, - "example": "6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42" + "$ref": "#/components/schemas/alert_identifiers" }, "id": { "type": "string", @@ -4708,39 +3264,13 @@ "example": "8af6ac20-74f6-11ea-b83a-553aecdb28b6" }, "index": { - "description": "The alert index. It is required only when `type` is `alert`. If it is an array, `alertId` must also be an array. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.\n", - "oneOf": [ - { - "type": "string" - }, - { - "type": "array", - "items": { - "type": "string" - } - } - ], - "x-technical-preview": true + "$ref": "#/components/schemas/alert_indices" }, "owner": { "$ref": "#/components/schemas/owners" }, "rule": { - "description": "The rule that is associated with the alert. It is required only when `type` is `alert`. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.\n", - "type": "object", - "x-technical-preview": true, - "properties": { - "id": { - "description": "The rule identifier.", - "type": "string", - "example": "94d80550-aaf4-11ec-985f-97e55adae8b9" - }, - "name": { - "description": "The rule name.", - "type": "string", - "example": "security_rule" - } - } + "$ref": "#/components/schemas/rule" }, "type": { "description": "The type of comment.", @@ -4755,18 +3285,11 @@ "type": "string", "example": "Wzk1LDFd" } - }, - "required": [ - "alertId", - "id", - "index", - "owner", - "rule", - "type", - "version" - ] + } }, "update_user_comment_request_properties": { + "title": "Update case comment request properties for user comments", + "description": "Defines properties for case comment requests when type is user.", "type": "object", "properties": { "comment": { @@ -4804,6 +3327,21 @@ "version" ] }, + "update_case_comment_request": { + "title": "Update case comment request", + "description": "The update case comment API request body varies depending on whether you are updating an alert or a comment.", + "discriminator": { + "propertyName": "type" + }, + "oneOf": [ + { + "$ref": "#/components/schemas/update_alert_comment_request_properties" + }, + { + "$ref": "#/components/schemas/update_user_comment_request_properties" + } + ] + }, "actions": { "type": "string", "enum": [ @@ -4877,6 +3415,14 @@ } } }, + "payload_assignees": { + "type": "object", + "properties": { + "assignees": { + "$ref": "#/components/schemas/assignees" + } + } + }, "payload_connector": { "type": "object", "properties": { @@ -4897,8 +3443,9 @@ "type": "string" }, "destIp": { - "description": "A comma-separated list of destination IPs for ServiceNow SecOps connectors.", - "type": "string" + "description": "Indicates whether cases will send a comma-separated list of destination IPs for ServiceNow SecOps connectors.", + "type": "boolean", + "nullable": true }, "impact": { "description": "The effect an incident had on business for ServiceNow ITSM connectors.", @@ -4912,16 +3459,18 @@ "description": "The type of incident for IBM Resilient connectors.", "type": "array", "items": { - "type": "number" + "type": "string" } }, "malwareHash": { - "description": "A comma-separated list of malware hashes for ServiceNow SecOps connectors.", - "type": "string" + "description": "Indicates whether cases will send a comma-separated list of malware hashes for ServiceNow SecOps connectors.", + "type": "boolean", + "nullable": true }, "malwareUrl": { - "description": "A comma-separated list of malware URLs for ServiceNow SecOps connectors.", - "type": "string" + "description": "Indicates whether cases will send a comma-separated list of malware URLs for ServiceNow SecOps connectors.", + "type": "boolean", + "nullable": true }, "parent": { "description": "The key of the parent issue, when the issue type is sub-task for Jira connectors.", @@ -4937,11 +3486,12 @@ }, "severityCode": { "description": "The severity code of the incident for IBM Resilient connectors.", - "type": "number" + "type": "string" }, "sourceIp": { - "description": "A comma-separated list of source IPs for ServiceNow SecOps connectors.", - "type": "string" + "description": "Indicates whether cases will send a comma-separated list of source IPs for ServiceNow SecOps connectors.", + "type": "boolean", + "nullable": true }, "subcategory": { "description": "The subcategory of the incident for ServiceNow ITSM connectors.", @@ -4974,6 +3524,9 @@ "payload_create_case": { "type": "object", "properties": { + "assignees": { + "$ref": "#/components/schemas/assignees" + }, "connector": { "type": "object", "properties": { @@ -4991,8 +3544,9 @@ "type": "string" }, "destIp": { - "description": "A comma-separated list of destination IPs for ServiceNow SecOps connectors.", - "type": "string" + "description": "Indicates whether cases will send a comma-separated list of destination IPs for ServiceNow SecOps connectors.", + "type": "boolean", + "nullable": true }, "impact": { "description": "The effect an incident had on business for ServiceNow ITSM connectors.", @@ -5006,16 +3560,18 @@ "description": "The type of incident for IBM Resilient connectors.", "type": "array", "items": { - "type": "number" + "type": "string" } }, "malwareHash": { - "description": "A comma-separated list of malware hashes for ServiceNow SecOps connectors.", - "type": "string" + "description": "Indicates whether cases will send a comma-separated list of malware hashes for ServiceNow SecOps connectors.", + "type": "boolean", + "nullable": true }, "malwareUrl": { - "description": "A comma-separated list of malware URLs for ServiceNow SecOps connectors.", - "type": "string" + "description": "Indicates whether cases will send a comma-separated list of malware URLs for ServiceNow SecOps connectors.", + "type": "boolean", + "nullable": true }, "parent": { "description": "The key of the parent issue, when the issue type is sub-task for Jira connectors.", @@ -5031,11 +3587,12 @@ }, "severityCode": { "description": "The severity code of the incident for IBM Resilient connectors.", - "type": "number" + "type": "string" }, "sourceIp": { - "description": "A comma-separated list of source IPs for ServiceNow SecOps connectors.", - "type": "string" + "description": "Indicates whether cases will send a comma-separated list of source IPs for ServiceNow SecOps connectors.", + "type": "boolean", + "nullable": true }, "subcategory": { "description": "The subcategory of the incident for ServiceNow ITSM connectors.", @@ -5092,6 +3649,11 @@ } } }, + "payload_delete": { + "type": "object", + "description": "If the `action` is `delete` and the `type` is `delete_case`, the payload is nullable.", + "nullable": true + }, "payload_description": { "type": "object", "properties": { @@ -5180,6 +3742,7 @@ "type": "string", "description": "The type of action.", "enum": [ + "assignees", "create_case", "comment", "connector", @@ -5196,6 +3759,17 @@ }, "user_actions_response_properties": { "type": "object", + "required": [ + "action", + "action_id", + "case_id", + "comment_id", + "created_at", + "created_by", + "owner", + "payload", + "type" + ], "properties": { "action": { "$ref": "#/components/schemas/actions" @@ -5210,6 +3784,7 @@ }, "comment_id": { "type": "string", + "nullable": true, "example": "578608d0-03b1-11ed-920c-974bfa104448" }, "created_at": { @@ -5222,21 +3797,29 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", - "example": "elastic" + "example": "elastic", + "nullable": true }, "profile_uid": { "type": "string", "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" } - } + }, + "required": [ + "email", + "full_name", + "username" + ] }, "owner": { "$ref": "#/components/schemas/owners" @@ -5246,12 +3829,18 @@ { "$ref": "#/components/schemas/payload_alert_comment" }, + { + "$ref": "#/components/schemas/payload_assignees" + }, { "$ref": "#/components/schemas/payload_connector" }, { "$ref": "#/components/schemas/payload_create_case" }, + { + "$ref": "#/components/schemas/payload_delete" + }, { "$ref": "#/components/schemas/payload_description" }, @@ -5276,8 +3865,7 @@ { "$ref": "#/components/schemas/payload_user_comment" } - ], - "nullable": true + ] }, "type": { "$ref": "#/components/schemas/action_types" @@ -5311,31 +3899,32 @@ } }, "create_case_response": { - "summary": "The create case API returns a JSON object that includes the user who created the case and the case identifier, version, and creation time.", + "summary": "The create case API returns a JSON object that contains details about the case.", "value": { - "id": "66b9aa00-94fa-11ea-9f74-e7e108796192", - "version": "WzUzMiwxXQ==", "comments": [], - "totalComment": 0, "totalAlerts": 0, + "id": "66b9aa00-94fa-11ea-9f74-e7e108796192", + "version": "WzUzMiwxXQ==", + "totalComment": 1, "title": "Case title 1", "tags": [ - "tag-1" + "tag 1" ], + "assignees": [], + "description": "A case description.", "settings": { - "syncAlerts": true + "syncAlerts": false }, "owner": "cases", - "description": "A case description.", "duration": null, "severity": "low", "closed_at": null, "closed_by": null, - "created_at": "2022-05-13T09:16:17.416Z", + "created_at": "2022-03-24T00:37:03.906Z", "created_by": { - "email": null, + "username": "elastic", "full_name": null, - "username": "elastic" + "email": null }, "status": "open", "updated_at": null, @@ -5416,6 +4005,7 @@ "full_name": null, "username": "elastic" }, + "assignees": [], "connector": { "id": "131d4448-abe0-4789-939d-8ef60680b498", "name": "My connector", @@ -5481,6 +4071,7 @@ "full_name": null, "username": "elastic" }, + "assignees": [], "connector": { "id": "none", "name": "none", @@ -5495,6 +4086,60 @@ "count_closed_cases": 0 } }, + "set_case_configuration_request": { + "summary": "Set the closure type and default connector for Stack Management cases.", + "value": { + "owner": "cases", + "connector": { + "id": "5e656730-e1ca-11ec-be9b-9b1838238ee6", + "name": "my-jira-connector", + "type": ".jira", + "fields": null + }, + "closure_type": "close-by-user" + } + }, + "set_case_configuration_response": { + "summary": "This is an example response when the case configuration was updated.", + "value": { + "closure_type": "close-by-user", + "owner": "cases", + "created_at": "2022-06-01T17:07:17.767Z", + "created_by": { + "username": "elastic", + "email": "null,", + "full_name": null + }, + "updated_at": null, + "updated_by": null, + "connector": { + "id": "5e656730-e1ca-11ec-be9b-9b1838238ee6", + "name": "my-jira-connector", + "type": ".jira", + "fields": null + }, + "mappings": [ + { + "source": "title", + "target": "summary", + "action_type": "overwrite" + }, + { + "source": "description", + "target": "description", + "action_type": "overwrite" + }, + { + "source": "comments", + "target": "comments", + "action_type": "append" + } + ], + "version": "WzIwNzMsMV0=", + "error": null, + "id": "4a97a440-e1cd-11ec-be9b-9b1838238ee6" + } + }, "find_connector_response": { "summary": "Retrieve information about the connectors and their settings.", "value": [ @@ -5602,6 +4247,11 @@ "email": null, "username": "elastic" }, + "assignees": [ + { + "uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0" + } + ], "connector": { "id": "none", "name": "none", @@ -5644,11 +4294,7 @@ "username": "elastic", "email": null, "full_name": null - }, - "pushed_at": null, - "pushed_by": null, - "updated_at": null, - "updated_by": null + } } ], "totalAlerts": 0, @@ -5670,9 +4316,9 @@ "closed_by": null, "created_at": "2022-03-24T00:37:03.906Z", "created_by": { - "email": null, + "username": "elastic", "full_name": null, - "username": "elastic" + "email": null }, "status": "open", "updated_at": "2022-06-03T00:49:47.716Z", @@ -5696,7 +4342,8 @@ "id": "8af6ac20-74f6-11ea-b83a-553aecdb28b6", "version": "Wzk1LDFd", "type": "user", - "comment": "An updated comment." + "comment": "An updated comment.", + "owner": "cases" } }, "update_comment_response": { @@ -5847,39 +4494,45 @@ "summary": "Retrieves all activity for a case", "value": [ { - "created_at": "2022-07-14T20:11:24.947Z", + "action_id": "b4cd0770-07c9-11ed-a5fd-47154cb8767e", + "action": "create", + "case_id": "22df07d0-03b1-11ed-920c-974bfa104448", + "comment_id": "578608d0-03b1-11ed-920c-974bfa104448", + "created_at": "2022-07-20T01:17:22.150Z", "created_by": { "username": "elastic", "email": null, "full_name": null }, "owner": "cases", - "action": "create", "payload": { - "description": "A case description", - "title": "Case title 1", - "tags": [ - "tag 1" - ], + "assignees": null, "connector": { "name": "none", "type": ".none", "fields": null, "id": "none" }, + "description": "test", + "tags": [ + "mine" + ], + "title": "test-case", + "owner": "cases", "settings": { - "syncAlerts": true + "syncAlerts": false }, - "owner": "cases", "severity": "low", - "status": "open" + "status": "open", + "type": "create_case" }, - "type": "create_case", - "action_id": "22fd3e30-03b1-11ed-920c-974bfa104448", - "case_id": "22df07d0-03b1-11ed-920c-974bfa104448", - "comment_id": null + "type": "comment" }, { + "action_id": "57af14a0-03b1-11ed-920c-974bfa104448", + "action": "create", + "case_id": "22df07d0-03b1-11ed-920c-974bfa104448", + "comment_id": "578608d0-03b1-11ed-920c-974bfa104448", "created_at": "2022-07-14T20:12:53.354Z", "created_by": { "username": "elastic", @@ -5887,18 +4540,47 @@ "full_name": null }, "owner": "cases", - "action": "create", "payload": { - "comment": { - "type": "user", - "owner": "cases", - "comment": "A new comment" + "comment": "A new comment", + "owner": "cases", + "type": "user" + }, + "type": "comment" + }, + { + "action_id": "573c6980-6123-11ed-aa41-81a0a61fe447", + "action": "add", + "case_id": "22df07d0-03b1-11ed-920c-974bfa104448", + "comment_id": null, + "created_at": "2022-07-20T01:10:28.238Z", + "created_by": { + "username": "elastic", + "email": null, + "full_name": null, + "profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0" + }, + "owner": "cases", + "payload": { + "assignees": { + "uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0" } }, - "type": "comment", - "action_id": "57af14a0-03b1-11ed-920c-974bfa104448", + "type": "assignees" + }, + { + "action_id": "fff460e0-07c9-11ed-a5fd-47154cb8767e", + "action": "delete", "case_id": "22df07d0-03b1-11ed-920c-974bfa104448", - "comment_id": "578608d0-03b1-11ed-920c-974bfa104448" + "comment_id": null, + "created_at": "2022-07-20T01:19:28.238Z", + "created_by": { + "username": "elastic", + "email": null, + "full_name": null + }, + "owner": "cases", + "payload": null, + "type": "delete_case" } ] } diff --git a/x-pack/plugins/cases/docs/openapi/bundled.yaml b/x-pack/plugins/cases/docs/openapi/bundled.yaml index 7f02703b161a6..b99f1c74e2d0a 100644 --- a/x-pack/plugins/cases/docs/openapi/bundled.yaml +++ b/x-pack/plugins/cases/docs/openapi/bundled.yaml @@ -11,8 +11,6 @@ info: tags: - name: cases description: Case APIs enable you to open and track issues. - - name: kibana - description: Kibana APIs enable you to interact with Kibana features. servers: - url: http://localhost:5601 description: local @@ -21,151 +19,19 @@ paths: post: summary: Creates a case. operationId: createCase - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the - Kibana feature privileges, depending on the owner of the case you're - creating. + description: | + You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're creating. tags: - cases parameters: - $ref: '#/components/parameters/kbn_xsrf' - $ref: '#/components/parameters/space_id' requestBody: + required: true content: application/json: schema: - type: object - properties: - connector: - description: An object that contains the connector configuration. - type: object - properties: - fields: - description: >- - An object containing the connector fields. To create a - case without a connector, specify null. If you want to - omit any individual field, specify null as its value. - nullable: true - type: object - properties: - caseId: - description: The case identifier for Swimlane connectors. - type: string - category: - description: >- - The category of the incident for ServiceNow ITSM and - ServiceNow SecOps connectors. - type: string - destIp: - description: >- - A comma-separated list of destination IPs for - ServiceNow SecOps connectors. - type: string - impact: - description: >- - The effect an incident had on business for - ServiceNow ITSM connectors. - type: string - issueType: - description: The type of issue for Jira connectors. - type: string - issueTypes: - description: The type of incident for IBM Resilient connectors. - type: array - items: - type: number - malwareHash: - description: >- - A comma-separated list of malware hashes for - ServiceNow SecOps connectors. - type: string - malwareUrl: - description: >- - A comma-separated list of malware URLs for - ServiceNow SecOps connectors. - type: string - parent: - description: >- - The key of the parent issue, when the issue type is - sub-task for Jira connectors. - type: string - priority: - description: >- - The priority of the issue for Jira and ServiceNow - SecOps connectors. - type: string - severity: - description: >- - The severity of the incident for ServiceNow ITSM - connectors. - type: string - severityCode: - description: >- - The severity code of the incident for IBM Resilient - connectors. - type: number - sourceIp: - description: >- - A comma-separated list of source IPs for ServiceNow - SecOps connectors. - type: string - subcategory: - description: >- - The subcategory of the incident for ServiceNow ITSM - connectors. - type: string - urgency: - description: >- - The extent to which the incident resolution can be - delayed for ServiceNow ITSM connectors. - type: string - example: null - id: - description: >- - The identifier for the connector. To create a case - without a connector, use `none`. - type: string - example: none - name: - description: >- - The name of the connector. To create a case without a - connector, use `none`. - type: string - example: none - type: - $ref: '#/components/schemas/connector_types' - required: - - fields - - id - - name - - type - description: - description: The description for the case. - type: string - owner: - $ref: '#/components/schemas/owners' - settings: - $ref: '#/components/schemas/settings' - severity: - $ref: '#/components/schemas/severity_property' - tags: - description: >- - The words and phrases that help categorize cases. It can be - an empty array. - type: array - items: - type: string - title: - description: A title for the case. - type: string - required: - - connector - - description - - owner - - settings - - tags - - title + $ref: '#/components/schemas/create_case_request' examples: createCaseRequest: $ref: '#/components/examples/create_case_request' @@ -173,221 +39,9 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: - type: object - properties: - closed_at: - type: string - format: date-time - nullable: true - example: null - closed_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - nullable: true - example: null - comments: - type: array - items: - oneOf: - - $ref: >- - #/components/schemas/alert_comment_response_properties - - $ref: >- - #/components/schemas/user_comment_response_properties - example: [] - connector: - type: object - properties: - fields: - description: >- - An object containing the connector fields. To create a - case without a connector, specify null. If you want to - omit any individual field, specify null as its value. - nullable: true - type: object - properties: - caseId: - description: The case identifier for Swimlane connectors. - type: string - category: - description: >- - The category of the incident for ServiceNow ITSM - and ServiceNow SecOps connectors. - type: string - destIp: - description: >- - A comma-separated list of destination IPs for - ServiceNow SecOps connectors. - type: string - impact: - description: >- - The effect an incident had on business for - ServiceNow ITSM connectors. - type: string - issueType: - description: The type of issue for Jira connectors. - type: string - issueTypes: - description: The type of incident for IBM Resilient connectors. - type: array - items: - type: number - malwareHash: - description: >- - A comma-separated list of malware hashes for - ServiceNow SecOps connectors. - type: string - malwareUrl: - description: >- - A comma-separated list of malware URLs for - ServiceNow SecOps connectors. - type: string - parent: - description: >- - The key of the parent issue, when the issue type - is sub-task for Jira connectors. - type: string - priority: - description: >- - The priority of the issue for Jira and ServiceNow - SecOps connectors. - type: string - severity: - description: >- - The severity of the incident for ServiceNow ITSM - connectors. - type: string - severityCode: - description: >- - The severity code of the incident for IBM - Resilient connectors. - type: number - sourceIp: - description: >- - A comma-separated list of source IPs for - ServiceNow SecOps connectors. - type: string - subcategory: - description: >- - The subcategory of the incident for ServiceNow - ITSM connectors. - type: string - urgency: - description: >- - The extent to which the incident resolution can be - delayed for ServiceNow ITSM connectors. - type: string - example: null - id: - description: >- - The identifier for the connector. To create a case - without a connector, use `none`. - type: string - example: none - name: - description: >- - The name of the connector. To create a case without a - connector, use `none`. - type: string - example: none - type: - $ref: '#/components/schemas/connector_types' - created_at: - type: string - format: date-time - example: '2022-05-13T09:16:17.416Z' - created_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - description: - type: string - example: A case description. - duration: - type: integer - description: > - The elapsed time from the creation of the case to its - closure (in seconds). If the case has not been closed, the - duration is set to null. If the case was closed after less - than half a second, the duration is rounded down to zero. - example: 120 - external_service: - $ref: '#/components/schemas/external_service' - id: - type: string - example: 66b9aa00-94fa-11ea-9f74-e7e108796192 - owner: - $ref: '#/components/schemas/owners' - settings: - $ref: '#/components/schemas/settings' - severity: - $ref: '#/components/schemas/severity_property' - status: - $ref: '#/components/schemas/status' - tags: - type: array - items: - type: string - example: - - tag-1 - title: - type: string - example: Case title 1 - totalAlerts: - type: integer - example: 0 - totalComment: - type: integer - example: 0 - updated_at: - type: string - format: date-time - nullable: true - example: null - updated_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - nullable: true - example: null - version: - type: string - example: WzUzMiwxXQ== + $ref: '#/components/schemas/case_response_properties' examples: createCaseResponse: $ref: '#/components/examples/create_case_response' @@ -396,20 +50,15 @@ paths: delete: summary: Deletes one or more cases. operationId: deleteCase - description: > - You must have `read` or `all` privileges and the `delete` sub-feature - privilege for the **Cases** feature in the **Management**, - **Observability**, or **Security** section of the Kibana feature - privileges, depending on the owner of the cases you're deleting. + description: | + You must have `read` or `all` privileges and the `delete` sub-feature privilege for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting. tags: - cases parameters: - $ref: '#/components/parameters/kbn_xsrf' - $ref: '#/components/parameters/space_id' - name: ids - description: >- - The cases that you want to removed. All non-ASCII characters must be - URL encoded. + description: The cases that you want to removed. All non-ASCII characters must be URL encoded. in: query required: true schema: @@ -423,11 +72,8 @@ paths: patch: summary: Updates one or more cases. operationId: updateCase - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the - Kibana feature privileges, depending on the owner of the case you're - updating. + description: | + You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating. tags: - cases parameters: @@ -437,145 +83,7 @@ paths: content: application/json: schema: - type: object - properties: - cases: - type: array - items: - type: object - properties: - connector: - description: An object that contains the connector configuration. - type: object - properties: - fields: - description: >- - An object containing the connector fields. To - create a case without a connector, specify null. - If you want to omit any individual field, specify - null as its value. - nullable: true - type: object - properties: - caseId: - description: The case identifier for Swimlane connectors. - type: string - category: - description: >- - The category of the incident for ServiceNow - ITSM and ServiceNow SecOps connectors. - type: string - destIp: - description: >- - A comma-separated list of destination IPs for - ServiceNow SecOps connectors. - type: string - impact: - description: >- - The effect an incident had on business for - ServiceNow ITSM connectors. - type: string - issueType: - description: The type of issue for Jira connectors. - type: string - issueTypes: - description: >- - The type of incident for IBM Resilient - connectors. - type: array - items: - type: number - malwareHash: - description: >- - A comma-separated list of malware hashes for - ServiceNow SecOps connectors. - type: string - malwareUrl: - description: >- - A comma-separated list of malware URLs for - ServiceNow SecOps connectors. - type: string - parent: - description: >- - The key of the parent issue, when the issue - type is sub-task for Jira connectors. - type: string - priority: - description: >- - The priority of the issue for Jira and - ServiceNow SecOps connectors. - type: string - severity: - description: >- - The severity of the incident for ServiceNow - ITSM connectors. - type: string - severityCode: - description: >- - The severity code of the incident for IBM - Resilient connectors. - type: number - sourceIp: - description: >- - A comma-separated list of source IPs for - ServiceNow SecOps connectors. - type: string - subcategory: - description: >- - The subcategory of the incident for ServiceNow - ITSM connectors. - type: string - urgency: - description: >- - The extent to which the incident resolution - can be delayed for ServiceNow ITSM connectors. - type: string - example: null - id: - description: >- - The identifier for the connector. To create a case - without a connector, use `none`. - type: string - example: none - name: - description: >- - The name of the connector. To create a case - without a connector, use `none`. - type: string - example: none - type: - $ref: '#/components/schemas/connector_types' - required: - - fields - - id - - name - - type - description: - description: The description for the case. - type: string - id: - description: The identifier for the case. - type: string - settings: - $ref: '#/components/schemas/settings' - severity: - $ref: '#/components/schemas/severity_property' - status: - $ref: '#/components/schemas/status' - tags: - description: The words and phrases that help categorize cases. - type: array - items: - type: string - title: - description: A title for the case. - type: string - version: - description: The current version of the case. - type: string - required: - - id - - version + $ref: '#/components/schemas/update_case_request' examples: updateCaseRequest: $ref: '#/components/examples/update_case_request' @@ -583,221 +91,11 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: - type: object - properties: - closed_at: - type: string - format: date-time - nullable: true - example: null - closed_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - nullable: true - example: null - comments: - type: array - items: - oneOf: - - $ref: >- - #/components/schemas/alert_comment_response_properties - - $ref: >- - #/components/schemas/user_comment_response_properties - example: [] - connector: - type: object - properties: - fields: - description: >- - An object containing the connector fields. To create a - case without a connector, specify null. If you want to - omit any individual field, specify null as its value. - nullable: true - type: object - properties: - caseId: - description: The case identifier for Swimlane connectors. - type: string - category: - description: >- - The category of the incident for ServiceNow ITSM - and ServiceNow SecOps connectors. - type: string - destIp: - description: >- - A comma-separated list of destination IPs for - ServiceNow SecOps connectors. - type: string - impact: - description: >- - The effect an incident had on business for - ServiceNow ITSM connectors. - type: string - issueType: - description: The type of issue for Jira connectors. - type: string - issueTypes: - description: The type of incident for IBM Resilient connectors. - type: array - items: - type: number - malwareHash: - description: >- - A comma-separated list of malware hashes for - ServiceNow SecOps connectors. - type: string - malwareUrl: - description: >- - A comma-separated list of malware URLs for - ServiceNow SecOps connectors. - type: string - parent: - description: >- - The key of the parent issue, when the issue type - is sub-task for Jira connectors. - type: string - priority: - description: >- - The priority of the issue for Jira and ServiceNow - SecOps connectors. - type: string - severity: - description: >- - The severity of the incident for ServiceNow ITSM - connectors. - type: string - severityCode: - description: >- - The severity code of the incident for IBM - Resilient connectors. - type: number - sourceIp: - description: >- - A comma-separated list of source IPs for - ServiceNow SecOps connectors. - type: string - subcategory: - description: >- - The subcategory of the incident for ServiceNow - ITSM connectors. - type: string - urgency: - description: >- - The extent to which the incident resolution can be - delayed for ServiceNow ITSM connectors. - type: string - example: null - id: - description: >- - The identifier for the connector. To create a case - without a connector, use `none`. - type: string - example: none - name: - description: >- - The name of the connector. To create a case without a - connector, use `none`. - type: string - example: none - type: - $ref: '#/components/schemas/connector_types' - created_at: - type: string - format: date-time - example: '2022-05-13T09:16:17.416Z' - created_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - description: - type: string - example: A case description. - duration: - type: integer - description: > - The elapsed time from the creation of the case to its - closure (in seconds). If the case has not been closed, the - duration is set to null. If the case was closed after less - than half a second, the duration is rounded down to zero. - example: 120 - external_service: - $ref: '#/components/schemas/external_service' - id: - type: string - example: 66b9aa00-94fa-11ea-9f74-e7e108796192 - owner: - $ref: '#/components/schemas/owners' - settings: - $ref: '#/components/schemas/settings' - severity: - $ref: '#/components/schemas/severity_property' - status: - $ref: '#/components/schemas/status' - tags: - type: array - items: - type: string - example: - - tag-1 - title: - type: string - example: Case title 1 - totalAlerts: - type: integer - example: 0 - totalComment: - type: integer - example: 0 - updated_at: - type: string - format: date-time - nullable: true - example: null - updated_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - nullable: true - example: null - version: - type: string - example: WzUzMiwxXQ== + type: array + items: + $ref: '#/components/schemas/case_response_properties' examples: updateCaseResponse: $ref: '#/components/examples/update_case_response' @@ -809,10 +107,8 @@ paths: get: summary: Retrieves a paginated subset of cases. operationId: getCases - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're seeking. + description: | + You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. tags: - cases parameters: @@ -833,13 +129,8 @@ paths: type: string - name: from in: query - description: > - [preview] Returns only cases that were created after a specific - date. The date must be specified as a KQL data range or date match - expression. This functionality is in technical preview and may be - changed or removed in a future release. Elastic will apply best - effort to fix any issues, but features in technical preview are not - subject to the support SLA of official GA features. + description: | + [preview] Returns only cases that were created after a specific date. The date must be specified as a KQL data range or date match expression. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. schema: type: string example: now-1d @@ -870,9 +161,7 @@ paths: example: elastic - name: search in: query - description: >- - An Elasticsearch simple_query_string query that filters the objects - in the response. + description: An Elasticsearch simple_query_string query that filters the objects in the response. schema: type: string - name: searchFields @@ -927,13 +216,8 @@ paths: example: tag-1 - name: to in: query - description: > - [preview] Returns only cases that were created before a specific - date. The date must be specified as a KQL data range or date match - expression. This functionality is in technical preview and may be - changed or removed in a future release. Elastic will apply best - effort to fix any issues, but features in technical preview are not - subject to the support SLA of official GA features. + description: | + [preview] Returns only cases that were created before a specific date. The date must be specified as a KQL data range or date match expression. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. schema: type: string example: now+1d @@ -941,231 +225,14 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: object properties: cases: type: array items: - type: object - properties: - closed_at: - type: string - format: date-time - nullable: true - example: null - closed_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - nullable: true - example: null - comments: - type: array - items: - oneOf: - - $ref: >- - #/components/schemas/alert_comment_response_properties - - $ref: >- - #/components/schemas/user_comment_response_properties - example: [] - connector: - type: object - properties: - fields: - description: >- - An object containing the connector fields. To - create a case without a connector, specify null. - If you want to omit any individual field, - specify null as its value. - nullable: true - type: object - properties: - caseId: - description: The case identifier for Swimlane connectors. - type: string - category: - description: >- - The category of the incident for ServiceNow - ITSM and ServiceNow SecOps connectors. - type: string - destIp: - description: >- - A comma-separated list of destination IPs - for ServiceNow SecOps connectors. - type: string - impact: - description: >- - The effect an incident had on business for - ServiceNow ITSM connectors. - type: string - issueType: - description: The type of issue for Jira connectors. - type: string - issueTypes: - description: >- - The type of incident for IBM Resilient - connectors. - type: array - items: - type: number - malwareHash: - description: >- - A comma-separated list of malware hashes for - ServiceNow SecOps connectors. - type: string - malwareUrl: - description: >- - A comma-separated list of malware URLs for - ServiceNow SecOps connectors. - type: string - parent: - description: >- - The key of the parent issue, when the issue - type is sub-task for Jira connectors. - type: string - priority: - description: >- - The priority of the issue for Jira and - ServiceNow SecOps connectors. - type: string - severity: - description: >- - The severity of the incident for ServiceNow - ITSM connectors. - type: string - severityCode: - description: >- - The severity code of the incident for IBM - Resilient connectors. - type: number - sourceIp: - description: >- - A comma-separated list of source IPs for - ServiceNow SecOps connectors. - type: string - subcategory: - description: >- - The subcategory of the incident for - ServiceNow ITSM connectors. - type: string - urgency: - description: >- - The extent to which the incident resolution - can be delayed for ServiceNow ITSM - connectors. - type: string - example: null - id: - description: >- - The identifier for the connector. To create a - case without a connector, use `none`. - type: string - example: none - name: - description: >- - The name of the connector. To create a case - without a connector, use `none`. - type: string - example: none - type: - $ref: '#/components/schemas/connector_types' - created_at: - type: string - format: date-time - example: '2022-05-13T09:16:17.416Z' - created_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - description: - type: string - example: A case description. - duration: - type: integer - description: > - The elapsed time from the creation of the case to - its closure (in seconds). If the case has not been - closed, the duration is set to null. If the case was - closed after less than half a second, the duration - is rounded down to zero. - example: 120 - external_service: - $ref: '#/components/schemas/external_service' - id: - type: string - example: 66b9aa00-94fa-11ea-9f74-e7e108796192 - owner: - $ref: '#/components/schemas/owners' - settings: - $ref: '#/components/schemas/settings' - severity: - $ref: '#/components/schemas/severity_property' - status: - $ref: '#/components/schemas/status' - tags: - type: array - items: - type: string - example: - - tag-1 - title: - type: string - example: Case title 1 - totalAlerts: - type: integer - example: 0 - totalComment: - type: integer - example: 0 - updated_at: - type: string - format: date-time - nullable: true - example: null - updated_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - nullable: true - example: null - version: - type: string - example: WzUzMiwxXQ== + $ref: '#/components/schemas/case_response_properties' count_closed_cases: type: integer count_in_progress_cases: @@ -1189,10 +256,8 @@ paths: get: summary: Returns the cases associated with a specific alert. operationId: getCasesByAlert - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're seeking. + description: | + You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. x-technical-preview: true tags: - cases @@ -1204,7 +269,7 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: array items: @@ -1225,14 +290,10 @@ paths: - url: https://localhost:5601 /s/{spaceId}/api/cases/configure: get: - summary: >- - Retrieves external connection details, such as the closure type and - default connector for cases. + summary: Retrieves external connection details, such as the closure type and default connector for cases. operationId: getCaseConfiguration - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case configuration. + description: | + You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case configuration. tags: - cases parameters: @@ -1242,7 +303,7 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: array items: @@ -1254,98 +315,15 @@ paths: type: object properties: fields: - description: >- - An object containing the connector fields. To create - a case without a connector, specify null. If you - want to omit any individual field, specify null as - its value. + description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. nullable: true type: object - properties: - caseId: - description: The case identifier for Swimlane connectors. - type: string - category: - description: >- - The category of the incident for ServiceNow ITSM - and ServiceNow SecOps connectors. - type: string - destIp: - description: >- - A comma-separated list of destination IPs for - ServiceNow SecOps connectors. - type: string - impact: - description: >- - The effect an incident had on business for - ServiceNow ITSM connectors. - type: string - issueType: - description: The type of issue for Jira connectors. - type: string - issueTypes: - description: >- - The type of incident for IBM Resilient - connectors. - type: array - items: - type: number - malwareHash: - description: >- - A comma-separated list of malware hashes for - ServiceNow SecOps connectors. - type: string - malwareUrl: - description: >- - A comma-separated list of malware URLs for - ServiceNow SecOps connectors. - type: string - parent: - description: >- - The key of the parent issue, when the issue type - is sub-task for Jira connectors. - type: string - priority: - description: >- - The priority of the issue for Jira and - ServiceNow SecOps connectors. - type: string - severity: - description: >- - The severity of the incident for ServiceNow ITSM - connectors. - type: string - severityCode: - description: >- - The severity code of the incident for IBM - Resilient connectors. - type: number - sourceIp: - description: >- - A comma-separated list of source IPs for - ServiceNow SecOps connectors. - type: string - subcategory: - description: >- - The subcategory of the incident for ServiceNow - ITSM connectors. - type: string - urgency: - description: >- - The extent to which the incident resolution can - be delayed for ServiceNow ITSM connectors. - type: string - example: null id: - description: >- - The identifier for the connector. To create a case - without a connector, use `none`. + description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. type: string example: none name: - description: >- - The name of the connector. To create a case without - a connector, use `none`. + description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. type: string example: none type: @@ -1360,14 +338,21 @@ paths: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 error: type: string + nullable: true example: null id: type: string @@ -1399,12 +384,18 @@ paths: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 nullable: true version: type: string @@ -1412,19 +403,10 @@ paths: servers: - url: https://localhost:5601 post: - summary: >- - Sets external connection details, such as the closure type and default - connector for cases. + summary: Sets external connection details, such as the closure type and default connector for cases. operationId: setCaseConfiguration - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case configuration. - Connectors are used to interface with external systems. You must create - a connector before you can use it in your cases. Refer to the add - connectors API. If you set a default connector, it is automatically - selected when you create cases in Kibana. If you use the create case - API, however, you must still specify all of the connector details. + description: | + You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case configuration. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. Refer to the add connectors API. If you set a default connector, it is automatically selected when you create cases in Kibana. If you use the create case API, however, you must still specify all of the connector details. tags: - cases parameters: @@ -1443,95 +425,15 @@ paths: type: object properties: fields: - description: >- - An object containing the connector fields. To create a - case without a connector, specify null. If you want to - omit any individual field, specify null as its value. + description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. nullable: true type: object - properties: - caseId: - description: The case identifier for Swimlane connectors. - type: string - category: - description: >- - The category of the incident for ServiceNow ITSM and - ServiceNow SecOps connectors. - type: string - destIp: - description: >- - A comma-separated list of destination IPs for - ServiceNow SecOps connectors. - type: string - impact: - description: >- - The effect an incident had on business for - ServiceNow ITSM connectors. - type: string - issueType: - description: The type of issue for Jira connectors. - type: string - issueTypes: - description: The type of incident for IBM Resilient connectors. - type: array - items: - type: number - malwareHash: - description: >- - A comma-separated list of malware hashes for - ServiceNow SecOps connectors. - type: string - malwareUrl: - description: >- - A comma-separated list of malware URLs for - ServiceNow SecOps connectors. - type: string - parent: - description: >- - The key of the parent issue, when the issue type is - sub-task for Jira connectors. - type: string - priority: - description: >- - The priority of the issue for Jira and ServiceNow - SecOps connectors. - type: string - severity: - description: >- - The severity of the incident for ServiceNow ITSM - connectors. - type: string - severityCode: - description: >- - The severity code of the incident for IBM Resilient - connectors. - type: number - sourceIp: - description: >- - A comma-separated list of source IPs for ServiceNow - SecOps connectors. - type: string - subcategory: - description: >- - The subcategory of the incident for ServiceNow ITSM - connectors. - type: string - urgency: - description: >- - The extent to which the incident resolution can be - delayed for ServiceNow ITSM connectors. - type: string - example: null id: - description: >- - The identifier for the connector. To create a case - without a connector, use `none`. + description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. type: string example: none name: - description: >- - The name of the connector. To create a case without a - connector, use `none`. + description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. type: string example: none type: @@ -1557,194 +459,121 @@ paths: - closure_type - connector - owner + examples: + setCaseConfigRequest: + $ref: '#/components/examples/set_case_configuration_request' responses: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: - type: array - items: - type: object - properties: - closure_type: - $ref: '#/components/schemas/closure_types' - connector: - type: object - properties: - fields: - description: >- - An object containing the connector fields. To create - a case without a connector, specify null. If you - want to omit any individual field, specify null as - its value. - nullable: true - type: object - properties: - caseId: - description: The case identifier for Swimlane connectors. - type: string - category: - description: >- - The category of the incident for ServiceNow ITSM - and ServiceNow SecOps connectors. - type: string - destIp: - description: >- - A comma-separated list of destination IPs for - ServiceNow SecOps connectors. - type: string - impact: - description: >- - The effect an incident had on business for - ServiceNow ITSM connectors. - type: string - issueType: - description: The type of issue for Jira connectors. - type: string - issueTypes: - description: >- - The type of incident for IBM Resilient - connectors. - type: array - items: - type: number - malwareHash: - description: >- - A comma-separated list of malware hashes for - ServiceNow SecOps connectors. - type: string - malwareUrl: - description: >- - A comma-separated list of malware URLs for - ServiceNow SecOps connectors. - type: string - parent: - description: >- - The key of the parent issue, when the issue type - is sub-task for Jira connectors. - type: string - priority: - description: >- - The priority of the issue for Jira and - ServiceNow SecOps connectors. - type: string - severity: - description: >- - The severity of the incident for ServiceNow ITSM - connectors. - type: string - severityCode: - description: >- - The severity code of the incident for IBM - Resilient connectors. - type: number - sourceIp: - description: >- - A comma-separated list of source IPs for - ServiceNow SecOps connectors. - type: string - subcategory: - description: >- - The subcategory of the incident for ServiceNow - ITSM connectors. - type: string - urgency: - description: >- - The extent to which the incident resolution can - be delayed for ServiceNow ITSM connectors. - type: string - example: null - id: - description: >- - The identifier for the connector. To create a case - without a connector, use `none`. - type: string - example: none - name: - description: >- - The name of the connector. To create a case without - a connector, use `none`. - type: string - example: none - type: - $ref: '#/components/schemas/connector_types' - created_at: - type: string - format: date-time - example: '2022-06-01T17:07:17.767Z' - created_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - error: - type: string - example: null - id: - type: string - example: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 - mappings: - type: array - items: + type: object + properties: + closure_type: + $ref: '#/components/schemas/closure_types' + connector: + type: object + properties: + fields: + description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. + nullable: true type: object - properties: - action_type: - type: string - example: overwrite - source: - type: string - example: title - target: - type: string - example: summary - owner: - $ref: '#/components/schemas/owners' - updated_at: - type: string - format: date-time - nullable: true - example: '2022-06-01T19:58:48.169Z' - updated_by: + id: + description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. + type: string + example: none + name: + description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. + type: string + example: none + type: + $ref: '#/components/schemas/connector_types' + created_at: + type: string + format: date-time + example: '2022-06-01T17:07:17.767Z' + created_by: + type: object + properties: + email: + type: string + example: null + nullable: true + full_name: + type: string + example: null + nullable: true + username: + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + error: + type: string + nullable: true + example: null + id: + type: string + example: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 + mappings: + type: array + items: type: object properties: - email: + action_type: type: string - example: null - full_name: + example: overwrite + source: type: string - example: null - username: + example: title + target: type: string - example: elastic - nullable: true - version: - type: string - example: WzIwNzMsMV0= + example: summary + owner: + $ref: '#/components/schemas/owners' + updated_at: + type: string + format: date-time + nullable: true + example: '2022-06-01T19:58:48.169Z' + updated_by: + type: object + properties: + email: + type: string + example: null + nullable: true + full_name: + type: string + example: null + nullable: true + username: + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + nullable: true + version: + type: string + example: WzIwNzMsMV0= + examples: + setCaseConfigResponse: + $ref: '#/components/examples/set_case_configuration_response' servers: - url: https://localhost:5601 servers: - url: https://localhost:5601 /s/{spaceId}/api/cases/configure/{configurationId}: patch: - summary: >- - Updates external connection details, such as the closure type and - default connector for cases. + summary: Updates external connection details, such as the closure type and default connector for cases. operationId: updateCaseConfiguration - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case configuration. - Connectors are used to interface with external systems. You must create - a connector before you can use it in your cases. Refer to the add - connectors API. + description: | + You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case configuration. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. Refer to the add connectors API. tags: - cases parameters: @@ -1764,95 +593,15 @@ paths: type: object properties: fields: - description: >- - An object containing the connector fields. To create a - case without a connector, specify null. If you want to - omit any individual field, specify null as its value. + description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. nullable: true type: object - properties: - caseId: - description: The case identifier for Swimlane connectors. - type: string - category: - description: >- - The category of the incident for ServiceNow ITSM and - ServiceNow SecOps connectors. - type: string - destIp: - description: >- - A comma-separated list of destination IPs for - ServiceNow SecOps connectors. - type: string - impact: - description: >- - The effect an incident had on business for - ServiceNow ITSM connectors. - type: string - issueType: - description: The type of issue for Jira connectors. - type: string - issueTypes: - description: The type of incident for IBM Resilient connectors. - type: array - items: - type: number - malwareHash: - description: >- - A comma-separated list of malware hashes for - ServiceNow SecOps connectors. - type: string - malwareUrl: - description: >- - A comma-separated list of malware URLs for - ServiceNow SecOps connectors. - type: string - parent: - description: >- - The key of the parent issue, when the issue type is - sub-task for Jira connectors. - type: string - priority: - description: >- - The priority of the issue for Jira and ServiceNow - SecOps connectors. - type: string - severity: - description: >- - The severity of the incident for ServiceNow ITSM - connectors. - type: string - severityCode: - description: >- - The severity code of the incident for IBM Resilient - connectors. - type: number - sourceIp: - description: >- - A comma-separated list of source IPs for ServiceNow - SecOps connectors. - type: string - subcategory: - description: >- - The subcategory of the incident for ServiceNow ITSM - connectors. - type: string - urgency: - description: >- - The extent to which the incident resolution can be - delayed for ServiceNow ITSM connectors. - type: string - example: null id: - description: >- - The identifier for the connector. To create a case - without a connector, use `none`. + description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. type: string example: none name: - description: >- - The name of the connector. To create a case without a - connector, use `none`. + description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. type: string example: none type: @@ -1863,9 +612,8 @@ paths: - name - type version: - description: > - The version of the connector. To retrieve the version value, - use the get configuration API. + description: | + The version of the connector. To retrieve the version value, use the get configuration API. type: string example: WzIwMiwxXQ== required: @@ -1874,7 +622,7 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: array items: @@ -1886,98 +634,15 @@ paths: type: object properties: fields: - description: >- - An object containing the connector fields. To create - a case without a connector, specify null. If you - want to omit any individual field, specify null as - its value. + description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. nullable: true type: object - properties: - caseId: - description: The case identifier for Swimlane connectors. - type: string - category: - description: >- - The category of the incident for ServiceNow ITSM - and ServiceNow SecOps connectors. - type: string - destIp: - description: >- - A comma-separated list of destination IPs for - ServiceNow SecOps connectors. - type: string - impact: - description: >- - The effect an incident had on business for - ServiceNow ITSM connectors. - type: string - issueType: - description: The type of issue for Jira connectors. - type: string - issueTypes: - description: >- - The type of incident for IBM Resilient - connectors. - type: array - items: - type: number - malwareHash: - description: >- - A comma-separated list of malware hashes for - ServiceNow SecOps connectors. - type: string - malwareUrl: - description: >- - A comma-separated list of malware URLs for - ServiceNow SecOps connectors. - type: string - parent: - description: >- - The key of the parent issue, when the issue type - is sub-task for Jira connectors. - type: string - priority: - description: >- - The priority of the issue for Jira and - ServiceNow SecOps connectors. - type: string - severity: - description: >- - The severity of the incident for ServiceNow ITSM - connectors. - type: string - severityCode: - description: >- - The severity code of the incident for IBM - Resilient connectors. - type: number - sourceIp: - description: >- - A comma-separated list of source IPs for - ServiceNow SecOps connectors. - type: string - subcategory: - description: >- - The subcategory of the incident for ServiceNow - ITSM connectors. - type: string - urgency: - description: >- - The extent to which the incident resolution can - be delayed for ServiceNow ITSM connectors. - type: string - example: null id: - description: >- - The identifier for the connector. To create a case - without a connector, use `none`. + description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. type: string example: none name: - description: >- - The name of the connector. To create a case without - a connector, use `none`. + description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. type: string example: none type: @@ -1992,14 +657,21 @@ paths: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 error: type: string + nullable: true example: null id: type: string @@ -2031,12 +703,18 @@ paths: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 nullable: true version: type: string @@ -2049,11 +727,8 @@ paths: get: summary: Retrieves information about connectors. operationId: getCaseConnectors - description: > - In particular, only the connectors that are supported for use in cases - are returned. You must have `read` privileges for the **Actions and - Connectors** feature in the **Management** section of the Kibana feature - privileges. + description: | + In particular, only the connectors that are supported for use in cases are returned. You must have `read` privileges for the **Actions and Connectors** feature in the **Management** section of the Kibana feature privileges. tags: - cases parameters: @@ -2062,7 +737,7 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: array items: @@ -2101,14 +776,8 @@ paths: get: summary: Returns information about the users who opened cases. operationId: getCaseReporters - description: > - You must have read privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases. The API returns - information about the users as they existed at the time of the case - creation, including their name, full name, and email address. If any of - those details change thereafter or if a user is deleted, the information - returned by this API is unchanged. + description: | + You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases. The API returns information about the users as they existed at the time of the case creation, including their name, full name, and email address. If any of those details change thereafter or if a user is deleted, the information returned by this API is unchanged. tags: - cases parameters: @@ -2118,7 +787,7 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: array items: @@ -2127,12 +796,15 @@ paths: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic + nullable: true profile_uid: type: string example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 @@ -2147,10 +819,8 @@ paths: get: summary: Returns the number of cases that are open, closed, and in progress. operationId: getCaseStatus - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're seeking. + description: | + You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. deprecated: true tags: - cases @@ -2161,7 +831,7 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: object properties: @@ -2182,20 +852,15 @@ paths: get: summary: Aggregates and returns a list of case tags. operationId: getCaseTags - description: > - You must have read privileges for the **Cases*** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're seeking. + description: | + You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. tags: - cases parameters: - $ref: '#/components/parameters/space_id' - in: query name: owner - description: >- - A filter to limit the retrieved case statistics to a specific set of - applications. If this parameter is omitted, the response contains - tags from all cases that the user has access to read. + description: A filter to limit the retrieved case statistics to a specific set of applications. If this parameter is omitted, the response contains tags from all cases that the user has access to read. schema: oneOf: - $ref: '#/components/schemas/owners' @@ -2206,7 +871,7 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: array items: @@ -2222,10 +887,8 @@ paths: get: summary: Retrieves information about a case. operationId: getCase - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case you're seeking. + description: | + You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're seeking. tags: - cases parameters: @@ -2242,221 +905,9 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: - type: object - properties: - closed_at: - type: string - format: date-time - nullable: true - example: null - closed_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - nullable: true - example: null - comments: - type: array - items: - oneOf: - - $ref: >- - #/components/schemas/alert_comment_response_properties - - $ref: >- - #/components/schemas/user_comment_response_properties - example: [] - connector: - type: object - properties: - fields: - description: >- - An object containing the connector fields. To create a - case without a connector, specify null. If you want to - omit any individual field, specify null as its value. - nullable: true - type: object - properties: - caseId: - description: The case identifier for Swimlane connectors. - type: string - category: - description: >- - The category of the incident for ServiceNow ITSM - and ServiceNow SecOps connectors. - type: string - destIp: - description: >- - A comma-separated list of destination IPs for - ServiceNow SecOps connectors. - type: string - impact: - description: >- - The effect an incident had on business for - ServiceNow ITSM connectors. - type: string - issueType: - description: The type of issue for Jira connectors. - type: string - issueTypes: - description: The type of incident for IBM Resilient connectors. - type: array - items: - type: number - malwareHash: - description: >- - A comma-separated list of malware hashes for - ServiceNow SecOps connectors. - type: string - malwareUrl: - description: >- - A comma-separated list of malware URLs for - ServiceNow SecOps connectors. - type: string - parent: - description: >- - The key of the parent issue, when the issue type - is sub-task for Jira connectors. - type: string - priority: - description: >- - The priority of the issue for Jira and ServiceNow - SecOps connectors. - type: string - severity: - description: >- - The severity of the incident for ServiceNow ITSM - connectors. - type: string - severityCode: - description: >- - The severity code of the incident for IBM - Resilient connectors. - type: number - sourceIp: - description: >- - A comma-separated list of source IPs for - ServiceNow SecOps connectors. - type: string - subcategory: - description: >- - The subcategory of the incident for ServiceNow - ITSM connectors. - type: string - urgency: - description: >- - The extent to which the incident resolution can be - delayed for ServiceNow ITSM connectors. - type: string - example: null - id: - description: >- - The identifier for the connector. To create a case - without a connector, use `none`. - type: string - example: none - name: - description: >- - The name of the connector. To create a case without a - connector, use `none`. - type: string - example: none - type: - $ref: '#/components/schemas/connector_types' - created_at: - type: string - format: date-time - example: '2022-05-13T09:16:17.416Z' - created_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - description: - type: string - example: A case description. - duration: - type: integer - description: > - The elapsed time from the creation of the case to its - closure (in seconds). If the case has not been closed, the - duration is set to null. If the case was closed after less - than half a second, the duration is rounded down to zero. - example: 120 - external_service: - $ref: '#/components/schemas/external_service' - id: - type: string - example: 66b9aa00-94fa-11ea-9f74-e7e108796192 - owner: - $ref: '#/components/schemas/owners' - settings: - $ref: '#/components/schemas/settings' - severity: - $ref: '#/components/schemas/severity_property' - status: - $ref: '#/components/schemas/status' - tags: - type: array - items: - type: string - example: - - tag-1 - title: - type: string - example: Case title 1 - totalAlerts: - type: integer - example: 0 - totalComment: - type: integer - example: 0 - updated_at: - type: string - format: date-time - nullable: true - example: null - updated_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - nullable: true - example: null - version: - type: string - example: WzUzMiwxXQ== + $ref: '#/components/schemas/case_response_properties' examples: getCaseResponse: $ref: '#/components/examples/get_case_response' @@ -2467,10 +918,8 @@ paths: /s/{spaceId}/api/cases/{caseId}/alerts: get: summary: Gets all alerts attached to a case. - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're seeking. + description: | + You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. x-technical-preview: true operationId: getCaseAlerts tags: @@ -2482,13 +931,13 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: array items: $ref: '#/components/schemas/alert_response_properties' examples: - createCaseCommentResponse: + getCaseAlertsResponse: $ref: '#/components/examples/get_case_alerts_response' servers: - url: https://localhost:5601 @@ -2496,513 +945,80 @@ paths: - url: https://localhost:5601 /s/{spaceId}/api/cases/{caseId}/comments: post: - summary: Adds a comment or alert to a case. - operationId: addCaseComment - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case you're creating. - tags: - - cases - parameters: - - $ref: '#/components/parameters/kbn_xsrf' - - $ref: '#/components/parameters/case_id' - - $ref: '#/components/parameters/space_id' - requestBody: - content: - application/json: - schema: - oneOf: - - $ref: '#/components/schemas/add_alert_comment_request_properties' - - $ref: '#/components/schemas/add_user_comment_request_properties' - examples: - createCaseCommentRequest: - $ref: '#/components/examples/add_comment_request' - responses: - '200': - description: Indicates a successful call. - content: - application/json; charset=utf-8: - schema: - type: object - properties: - closed_at: - type: string - format: date-time - nullable: true - example: null - closed_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - nullable: true - example: null - comments: - type: array - items: - oneOf: - - $ref: >- - #/components/schemas/alert_comment_response_properties - - $ref: >- - #/components/schemas/user_comment_response_properties - example: [] - connector: - type: object - properties: - fields: - description: >- - An object containing the connector fields. To create a - case without a connector, specify null. If you want to - omit any individual field, specify null as its value. - nullable: true - type: object - properties: - caseId: - description: The case identifier for Swimlane connectors. - type: string - category: - description: >- - The category of the incident for ServiceNow ITSM - and ServiceNow SecOps connectors. - type: string - destIp: - description: >- - A comma-separated list of destination IPs for - ServiceNow SecOps connectors. - type: string - impact: - description: >- - The effect an incident had on business for - ServiceNow ITSM connectors. - type: string - issueType: - description: The type of issue for Jira connectors. - type: string - issueTypes: - description: The type of incident for IBM Resilient connectors. - type: array - items: - type: number - malwareHash: - description: >- - A comma-separated list of malware hashes for - ServiceNow SecOps connectors. - type: string - malwareUrl: - description: >- - A comma-separated list of malware URLs for - ServiceNow SecOps connectors. - type: string - parent: - description: >- - The key of the parent issue, when the issue type - is sub-task for Jira connectors. - type: string - priority: - description: >- - The priority of the issue for Jira and ServiceNow - SecOps connectors. - type: string - severity: - description: >- - The severity of the incident for ServiceNow ITSM - connectors. - type: string - severityCode: - description: >- - The severity code of the incident for IBM - Resilient connectors. - type: number - sourceIp: - description: >- - A comma-separated list of source IPs for - ServiceNow SecOps connectors. - type: string - subcategory: - description: >- - The subcategory of the incident for ServiceNow - ITSM connectors. - type: string - urgency: - description: >- - The extent to which the incident resolution can be - delayed for ServiceNow ITSM connectors. - type: string - example: null - id: - description: >- - The identifier for the connector. To create a case - without a connector, use `none`. - type: string - example: none - name: - description: >- - The name of the connector. To create a case without a - connector, use `none`. - type: string - example: none - type: - $ref: '#/components/schemas/connector_types' - created_at: - type: string - format: date-time - example: '2022-05-13T09:16:17.416Z' - created_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - description: - type: string - example: A case description. - duration: - type: integer - description: > - The elapsed time from the creation of the case to its - closure (in seconds). If the case has not been closed, the - duration is set to null. If the case was closed after less - than half a second, the duration is rounded down to zero. - example: 120 - external_service: - $ref: '#/components/schemas/external_service' - id: - type: string - example: 66b9aa00-94fa-11ea-9f74-e7e108796192 - owner: - $ref: '#/components/schemas/owners' - settings: - $ref: '#/components/schemas/settings' - severity: - $ref: '#/components/schemas/severity_property' - status: - $ref: '#/components/schemas/status' - tags: - type: array - items: - type: string - example: - - tag-1 - title: - type: string - example: Case title 1 - totalAlerts: - type: integer - example: 0 - totalComment: - type: integer - example: 0 - updated_at: - type: string - format: date-time - nullable: true - example: null - updated_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - nullable: true - example: null - version: - type: string - example: WzUzMiwxXQ== - examples: - createCaseCommentResponse: - $ref: '#/components/examples/add_comment_response' - servers: - - url: https://localhost:5601 - delete: - summary: Deletes all comments and alerts from a case. - operationId: deleteCaseComments - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're deleting. - tags: - - cases - parameters: - - $ref: '#/components/parameters/kbn_xsrf' - - $ref: '#/components/parameters/case_id' - - $ref: '#/components/parameters/space_id' - responses: - '204': - description: Indicates a successful call. - servers: - - url: https://localhost:5601 - patch: - summary: Updates a comment or alert in a case. - operationId: updateCaseComment - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case you're updating. - NOTE: You cannot change the comment type or the owner of a comment. - tags: - - cases - parameters: - - $ref: '#/components/parameters/kbn_xsrf' - - $ref: '#/components/parameters/case_id' - - $ref: '#/components/parameters/space_id' - requestBody: - content: - application/json: - schema: - oneOf: - - $ref: '#/components/schemas/update_alert_comment_request_properties' - - $ref: '#/components/schemas/update_user_comment_request_properties' - examples: - updateCaseCommentRequest: - $ref: '#/components/examples/update_comment_request' - responses: - '200': - description: Indicates a successful call. - content: - application/json; charset=utf-8: - schema: - type: object - properties: - closed_at: - type: string - format: date-time - nullable: true - example: null - closed_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - nullable: true - example: null - comments: - type: array - items: - oneOf: - - $ref: >- - #/components/schemas/alert_comment_response_properties - - $ref: >- - #/components/schemas/user_comment_response_properties - example: [] - connector: - type: object - properties: - fields: - description: >- - An object containing the connector fields. To create a - case without a connector, specify null. If you want to - omit any individual field, specify null as its value. - nullable: true - type: object - properties: - caseId: - description: The case identifier for Swimlane connectors. - type: string - category: - description: >- - The category of the incident for ServiceNow ITSM - and ServiceNow SecOps connectors. - type: string - destIp: - description: >- - A comma-separated list of destination IPs for - ServiceNow SecOps connectors. - type: string - impact: - description: >- - The effect an incident had on business for - ServiceNow ITSM connectors. - type: string - issueType: - description: The type of issue for Jira connectors. - type: string - issueTypes: - description: The type of incident for IBM Resilient connectors. - type: array - items: - type: number - malwareHash: - description: >- - A comma-separated list of malware hashes for - ServiceNow SecOps connectors. - type: string - malwareUrl: - description: >- - A comma-separated list of malware URLs for - ServiceNow SecOps connectors. - type: string - parent: - description: >- - The key of the parent issue, when the issue type - is sub-task for Jira connectors. - type: string - priority: - description: >- - The priority of the issue for Jira and ServiceNow - SecOps connectors. - type: string - severity: - description: >- - The severity of the incident for ServiceNow ITSM - connectors. - type: string - severityCode: - description: >- - The severity code of the incident for IBM - Resilient connectors. - type: number - sourceIp: - description: >- - A comma-separated list of source IPs for - ServiceNow SecOps connectors. - type: string - subcategory: - description: >- - The subcategory of the incident for ServiceNow - ITSM connectors. - type: string - urgency: - description: >- - The extent to which the incident resolution can be - delayed for ServiceNow ITSM connectors. - type: string - example: null - id: - description: >- - The identifier for the connector. To create a case - without a connector, use `none`. - type: string - example: none - name: - description: >- - The name of the connector. To create a case without a - connector, use `none`. - type: string - example: none - type: - $ref: '#/components/schemas/connector_types' - created_at: - type: string - format: date-time - example: '2022-05-13T09:16:17.416Z' - created_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - description: - type: string - example: A case description. - duration: - type: integer - description: > - The elapsed time from the creation of the case to its - closure (in seconds). If the case has not been closed, the - duration is set to null. If the case was closed after less - than half a second, the duration is rounded down to zero. - example: 120 - external_service: - $ref: '#/components/schemas/external_service' - id: - type: string - example: 66b9aa00-94fa-11ea-9f74-e7e108796192 - owner: - $ref: '#/components/schemas/owners' - settings: - $ref: '#/components/schemas/settings' - severity: - $ref: '#/components/schemas/severity_property' - status: - $ref: '#/components/schemas/status' - tags: - type: array - items: - type: string - example: - - tag-1 - title: - type: string - example: Case title 1 - totalAlerts: - type: integer - example: 0 - totalComment: - type: integer - example: 0 - updated_at: - type: string - format: date-time - nullable: true - example: null - updated_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - nullable: true - example: null - version: - type: string - example: WzUzMiwxXQ== + summary: Adds a comment or alert to a case. + operationId: addCaseComment + description: | + You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're creating. + tags: + - cases + parameters: + - $ref: '#/components/parameters/kbn_xsrf' + - $ref: '#/components/parameters/case_id' + - $ref: '#/components/parameters/space_id' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/add_case_comment_request' + examples: + createCaseCommentRequest: + $ref: '#/components/examples/add_comment_request' + responses: + '200': + description: Indicates a successful call. + content: + application/json: + schema: + $ref: '#/components/schemas/case_response_properties' + examples: + createCaseCommentResponse: + $ref: '#/components/examples/add_comment_response' + servers: + - url: https://localhost:5601 + delete: + summary: Deletes all comments and alerts from a case. + operationId: deleteCaseComments + description: | + You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting. + tags: + - cases + parameters: + - $ref: '#/components/parameters/kbn_xsrf' + - $ref: '#/components/parameters/case_id' + - $ref: '#/components/parameters/space_id' + responses: + '204': + description: Indicates a successful call. + servers: + - url: https://localhost:5601 + patch: + summary: Updates a comment or alert in a case. + operationId: updateCaseComment + description: | + You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating. NOTE: You cannot change the comment type or the owner of a comment. + tags: + - cases + parameters: + - $ref: '#/components/parameters/kbn_xsrf' + - $ref: '#/components/parameters/case_id' + - $ref: '#/components/parameters/space_id' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/update_case_comment_request' + examples: + updateCaseCommentRequest: + $ref: '#/components/examples/update_comment_request' + responses: + '200': + description: Indicates a successful call. + content: + application/json: + schema: + $ref: '#/components/schemas/case_response_properties' examples: updateCaseCommentResponse: $ref: '#/components/examples/update_comment_response' @@ -3011,11 +1027,8 @@ paths: get: summary: Retrieves all the comments from a case. operationId: getAllCaseComments - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases with the - comments you're seeking. + description: | + You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking. deprecated: true tags: - cases @@ -3026,14 +1039,9 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: - type: array - items: - anyOf: - - $ref: '#/components/schemas/alert_comment_response_properties' - - $ref: '#/components/schemas/user_comment_response_properties' - examples: {} + $ref: '#/components/schemas/case_response_properties' servers: - url: https://localhost:5601 servers: @@ -3042,10 +1050,8 @@ paths: delete: summary: Deletes a comment or alert from a case. operationId: deleteCaseComment - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're deleting. + description: | + You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting. tags: - cases parameters: @@ -3061,11 +1067,8 @@ paths: get: summary: Retrieves a comment from a case. operationId: getCaseComment - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security*** section of the - Kibana feature privileges, depending on the owner of the cases with the - comments you're seeking. + description: | + You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking. tags: - cases parameters: @@ -3076,7 +1079,7 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: oneOf: - $ref: '#/components/schemas/alert_comment_response_properties' @@ -3091,12 +1094,8 @@ paths: /s/{spaceId}/api/cases/{caseId}/connector/{connectorId}/_push: post: summary: Pushes a case to an external service. - description: > - You must have `all` privileges for the **Actions and Connectors** - feature in the **Management** section of the Kibana feature privileges. - You must also have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case you're pushing. + description: | + You must have `all` privileges for the **Actions and Connectors** feature in the **Management** section of the Kibana feature privileges. You must also have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're pushing. operationId: pushCase tags: - cases @@ -3107,226 +1106,17 @@ paths: - $ref: '#/components/parameters/space_id' requestBody: content: - application/json: {} + application/json: + schema: + type: object + nullable: true responses: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: - type: object - properties: - closed_at: - type: string - format: date-time - nullable: true - example: null - closed_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - nullable: true - example: null - comments: - type: array - items: - oneOf: - - $ref: >- - #/components/schemas/alert_comment_response_properties - - $ref: >- - #/components/schemas/user_comment_response_properties - example: [] - connector: - type: object - properties: - fields: - description: >- - An object containing the connector fields. To create a - case without a connector, specify null. If you want to - omit any individual field, specify null as its value. - nullable: true - type: object - properties: - caseId: - description: The case identifier for Swimlane connectors. - type: string - category: - description: >- - The category of the incident for ServiceNow ITSM - and ServiceNow SecOps connectors. - type: string - destIp: - description: >- - A comma-separated list of destination IPs for - ServiceNow SecOps connectors. - type: string - impact: - description: >- - The effect an incident had on business for - ServiceNow ITSM connectors. - type: string - issueType: - description: The type of issue for Jira connectors. - type: string - issueTypes: - description: The type of incident for IBM Resilient connectors. - type: array - items: - type: number - malwareHash: - description: >- - A comma-separated list of malware hashes for - ServiceNow SecOps connectors. - type: string - malwareUrl: - description: >- - A comma-separated list of malware URLs for - ServiceNow SecOps connectors. - type: string - parent: - description: >- - The key of the parent issue, when the issue type - is sub-task for Jira connectors. - type: string - priority: - description: >- - The priority of the issue for Jira and ServiceNow - SecOps connectors. - type: string - severity: - description: >- - The severity of the incident for ServiceNow ITSM - connectors. - type: string - severityCode: - description: >- - The severity code of the incident for IBM - Resilient connectors. - type: number - sourceIp: - description: >- - A comma-separated list of source IPs for - ServiceNow SecOps connectors. - type: string - subcategory: - description: >- - The subcategory of the incident for ServiceNow - ITSM connectors. - type: string - urgency: - description: >- - The extent to which the incident resolution can be - delayed for ServiceNow ITSM connectors. - type: string - example: null - id: - description: >- - The identifier for the connector. To create a case - without a connector, use `none`. - type: string - example: none - name: - description: >- - The name of the connector. To create a case without a - connector, use `none`. - type: string - example: none - type: - $ref: '#/components/schemas/connector_types' - created_at: - type: string - format: date-time - example: '2022-05-13T09:16:17.416Z' - created_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - description: - type: string - example: A case description. - duration: - type: integer - description: > - The elapsed time from the creation of the case to its - closure (in seconds). If the case has not been closed, the - duration is set to null. If the case was closed after less - than half a second, the duration is rounded down to zero. - example: 120 - external_service: - $ref: '#/components/schemas/external_service' - id: - type: string - example: 66b9aa00-94fa-11ea-9f74-e7e108796192 - owner: - $ref: '#/components/schemas/owners' - settings: - $ref: '#/components/schemas/settings' - severity: - $ref: '#/components/schemas/severity_property' - status: - $ref: '#/components/schemas/status' - tags: - type: array - items: - type: string - example: - - tag-1 - title: - type: string - example: Case title 1 - totalAlerts: - type: integer - example: 0 - totalComment: - type: integer - example: 0 - updated_at: - type: string - format: date-time - nullable: true - example: null - updated_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - nullable: true - example: null - version: - type: string - example: WzUzMiwxXQ== + $ref: '#/components/schemas/case_response_properties' examples: pushCaseResponse: $ref: '#/components/examples/push_case_response' @@ -3337,10 +1127,8 @@ paths: /s/{spaceId}/api/cases/{caseId}/user_actions: get: summary: Returns all user activity for a case. - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case you're seeking. + description: | + You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're seeking. deprecated: true operationId: getCaseActivity tags: @@ -3352,7 +1140,7 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: array items: @@ -3383,9 +1171,7 @@ components: space_id: in: path name: spaceId - description: >- - An identifier for the space. If `/s/` and the identifier are omitted - from the path, the default space is used. + description: An identifier for the space. If `/s/` and the identifier are omitted from the path, the default space is used. required: true schema: type: string @@ -3393,10 +1179,8 @@ components: owner: in: query name: owner - description: > - A filter to limit the response to a specific set of applications. If - this parameter is omitted, the response contains information about all - the cases that the user has access to read. + description: | + A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read. schema: oneOf: - $ref: '#/components/schemas/owners' @@ -3434,9 +1218,7 @@ components: case_id: in: path name: caseId - description: >- - The identifier for the case. To retrieve case IDs, use the find cases - API. All non-ASCII characters must be URL encoded. + description: The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. required: true schema: type: string @@ -3444,9 +1226,8 @@ components: comment_id: in: path name: commentId - description: > - The identifier for the comment. To retrieve comment IDs, use the get - case or find cases APIs. + description: | + The identifier for the comment. To retrieve comment IDs, use the get case or find cases APIs. required: true schema: type: string @@ -3454,31 +1235,310 @@ components: connector_id: in: path name: connectorId - description: >- - An identifier for the connector. To retrieve connector IDs, use the find - connectors API. + description: An identifier for the connector. To retrieve connector IDs, use the find connectors API. required: true schema: type: string example: abed3a70-71bd-11ea-a0b2-c51ea50a58e2 schemas: - connector_types: - type: string - description: The type of connector. - enum: - - .cases-webhook - - .jira - - .none - - .resilient - - .servicenow - - .servicenow-sir - - .swimlane - example: .none + assignees: + type: array + description: An array containing users that are assigned to the case. + nullable: true + items: + type: object + required: + - uid + properties: + uid: + type: string + description: A unique identifier for the user profile. These identifiers can be found by using the suggest user profile API. + example: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 + connector_properties_none: + title: Create or update case request properties for no connector + required: + - fields + - id + - name + - type + description: Defines properties for connectors when type is `.none`. + type: object + properties: + fields: + description: An object containing the connector fields. To create a case without a connector, specify null. To update a case to remove the connector, specify null. + nullable: true + type: string + example: null + id: + description: The identifier for the connector. To create a case without a connector, use `none`. To update a case to remove the connector, specify `none`. + type: string + example: none + name: + description: The name of the connector. To create a case without a connector, use `none`. To update a case to remove the connector, specify `none`. + type: string + example: none + type: + description: The type of connector. To create a case without a connector, use `.none`. To update a case to remove the connector, specify `.none`. + type: string + example: .none + enum: + - .none + connector_properties_cases_webhook: + title: Create or upate case request properties for Cases Webhook connector + required: + - fields + - id + - name + - type + description: Defines properties for connectors when type is `.cases-webhook`. + type: object + properties: + fields: + type: string + nullable: true + example: null + id: + description: The identifier for the connector. To retrieve connector IDs, use the find connectors API. + type: string + name: + description: The name of the connector. + type: string + type: + description: The type of connector. + type: string + example: .cases-webhook + enum: + - .cases-webhook + connector_properties_jira: + title: Create or update case request properties for a Jira connector + required: + - fields + - id + - name + - type + description: Defines properties for connectors when type is `.jira`. + type: object + properties: + fields: + description: An object containing the connector fields. If you want to omit any individual field, specify null as its value. + type: object + required: + - issueType + - parent + - priority + properties: + issueType: + description: The type of issue. + type: string + nullable: true + parent: + description: The key of the parent issue, when the issue type is sub-task. + type: string + nullable: true + priority: + description: The priority of the issue. + type: string + nullable: true + id: + description: The identifier for the connector. To retrieve connector IDs, use the find connectors API. + type: string + name: + description: The name of the connector. + type: string + type: + description: The type of connector. + type: string + example: .jira + enum: + - .jira + connector_properties_resilient: + title: Create case request properties for a IBM Resilient connector + required: + - fields + - id + - name + - type + description: Defines properties for connectors when type is `.resilient`. + type: object + properties: + fields: + description: An object containing the connector fields. If you want to omit any individual field, specify null as its value. + type: object + nullable: true + required: + - issueTypes + - severityCode + properties: + issueTypes: + description: The type of incident. + type: array + items: + type: string + severityCode: + description: The severity code of the incident. + type: string + id: + description: The identifier for the connector. + type: string + name: + description: The name of the connector. + type: string + type: + description: The type of connector. + type: string + example: .resilient + enum: + - .resilient + connector_properties_servicenow: + title: Create case request properties for a ServiceNow ITSM connector + required: + - fields + - id + - name + - type + description: Defines properties for connectors when type is `.servicenow`. + type: object + properties: + fields: + description: An object containing the connector fields. If you want to omit any individual field, specify null as its value. + type: object + required: + - category + - impact + - severity + - subcategory + - urgency + properties: + category: + description: The category of the incident. + type: string + nullable: true + impact: + description: The effect an incident had on business. + type: string + nullable: true + severity: + description: The severity of the incident. + type: string + nullable: true + subcategory: + description: The subcategory of the incident. + type: string + nullable: true + urgency: + description: The extent to which the incident resolution can be delayed. + type: string + nullable: true + id: + description: The identifier for the connector. To retrieve connector IDs, use the find connectors API. + type: string + name: + description: The name of the connector. + type: string + type: + description: The type of connector. + type: string + example: .servicenow + enum: + - .servicenow + connector_properties_servicenow_sir: + title: Create case request properties for a ServiceNow SecOps connector + required: + - fields + - id + - name + - type + description: Defines properties for connectors when type is `.servicenow-sir`. + type: object + properties: + fields: + description: An object containing the connector fields. If you want to omit any individual field, specify null as its value. + type: object + required: + - category + - destIp + - malwareHash + - malwareUrl + - priority + - sourceIp + - subcategory + properties: + category: + description: The category of the incident. + type: string + nullable: true + destIp: + description: Indicates whether cases will send a comma-separated list of destination IPs. + type: boolean + nullable: true + malwareHash: + description: Indicates whether cases will send a comma-separated list of malware hashes. + type: boolean + nullable: true + malwareUrl: + description: Indicates whether cases will send a comma-separated list of malware URLs. + type: boolean + nullable: true + priority: + description: The priority of the issue. + type: string + nullable: true + sourceIp: + description: Indicates whether cases will send a comma-separated list of source IPs. + type: boolean + nullable: true + subcategory: + description: The subcategory of the incident. + type: string + nullable: true + id: + description: The identifier for the connector. To retrieve connector IDs, use the find connectors API. + type: string + name: + description: The name of the connector. + type: string + type: + description: The type of connector. + type: string + example: .servicenow-sir + enum: + - .servicenow-sir + connector_properties_swimlane: + title: Create case request properties for a Swimlane connector + required: + - fields + - id + - name + - type + description: Defines properties for connectors when type is `.swimlane`. + type: object + properties: + fields: + description: An object containing the connector fields. If you want to omit any individual field, specify null as its value. + type: object + required: + - caseId + properties: + caseId: + description: The case identifier for Swimlane connectors. + type: string + nullable: true + id: + description: The identifier for the connector. To retrieve connector IDs, use the find connectors API. + type: string + name: + description: The name of the connector. + type: string + type: + description: The type of connector. + type: string + example: .swimlane + enum: + - .swimlane owners: type: string - description: > - The application that owns the cases: Stack Management, Observability, or - Elastic Security. + description: | + The application that owns the cases: Stack Management, Observability, or Elastic Security. enum: - cases - observability @@ -3487,6 +1547,8 @@ components: settings: type: object description: An object that contains the case settings. + required: + - syncAlerts properties: syncAlerts: description: Turns alert syncing on or off. @@ -3501,8 +1563,75 @@ components: - low - medium default: low + create_case_request: + title: Create case request + description: The create case API request body varies depending on the type of connector. + type: object + required: + - connector + - description + - owner + - settings + - tags + - title + properties: + assignees: + $ref: '#/components/schemas/assignees' + connector: + oneOf: + - $ref: '#/components/schemas/connector_properties_none' + - $ref: '#/components/schemas/connector_properties_cases_webhook' + - $ref: '#/components/schemas/connector_properties_jira' + - $ref: '#/components/schemas/connector_properties_resilient' + - $ref: '#/components/schemas/connector_properties_servicenow' + - $ref: '#/components/schemas/connector_properties_servicenow_sir' + - $ref: '#/components/schemas/connector_properties_swimlane' + description: + description: The description for the case. + type: string + owner: + $ref: '#/components/schemas/owners' + settings: + $ref: '#/components/schemas/settings' + severity: + $ref: '#/components/schemas/severity_property' + tags: + description: The words and phrases that help categorize cases. It can be an empty array. + type: array + items: + type: string + title: + description: A title for the case. + type: string + case_response_closed_by_properties: + title: Case response properties for closed_by + type: object + nullable: true + properties: + email: + type: string + example: null + nullable: true + full_name: + type: string + example: null + nullable: true + username: + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + required: + - email + - full_name + - username alert_comment_response_properties: + title: Add case comment response properties for alerts type: object + required: + - type properties: alertId: type: string @@ -3517,12 +1646,15 @@ components: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic + nullable: true profile_uid: type: string example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 @@ -3545,12 +1677,15 @@ components: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic + nullable: true profile_uid: type: string example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 @@ -3569,6 +1704,8 @@ components: type: type: string example: alert + enum: + - alert updated_at: type: string format: date-time @@ -3579,20 +1716,97 @@ components: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic + nullable: true profile_uid: type: string example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 version: type: string example: WzMwNDgsMV0= + case_response_created_by_properties: + title: Case response properties for created_by + type: object + properties: + email: + type: string + example: null + nullable: true + full_name: + type: string + example: null + nullable: true + username: + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + required: + - email + - full_name + - username + case_response_pushed_by_properties: + title: Case response properties for pushed_by + type: object + nullable: true + properties: + email: + type: string + example: null + nullable: true + full_name: + type: string + example: null + nullable: true + username: + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + required: + - email + - full_name + - username + case_response_updated_by_properties: + title: Case response properties for updated_by + type: object + nullable: true + properties: + email: + type: string + example: null + nullable: true + full_name: + type: string + example: null + nullable: true + username: + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + required: + - email + - full_name + - username user_comment_response_properties: + title: Case response properties for user comments type: object + required: + - type properties: comment: type: string @@ -3602,20 +1816,7 @@ components: format: date-time example: '2022-05-13T09:16:17.416Z' created_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + $ref: '#/components/schemas/case_response_created_by_properties' id: type: string example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 @@ -3626,100 +1827,243 @@ components: format: date-time nullable: true example: null + pushed_by: + $ref: '#/components/schemas/case_response_pushed_by_properties' + type: + type: string + example: user + enum: + - user + updated_at: + type: string + format: date-time + nullable: true + example: null + updated_by: + $ref: '#/components/schemas/case_response_updated_by_properties' + version: + type: string + example: WzIwNDMxLDFd + external_service: + type: object + nullable: true + properties: + connector_id: + type: string + connector_name: + type: string + external_id: + type: string + external_title: + type: string + external_url: + type: string + pushed_at: + type: string + format: date-time pushed_by: type: object properties: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic + nullable: true profile_uid: type: string example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 nullable: true - example: null - type: + status: + type: string + description: The status of the case. + enum: + - closed + - in-progress + - open + case_response_properties: + title: Case response properties + type: object + required: + - closed_at + - closed_by + - comments + - connector + - created_at + - created_by + - description + - duration + - external_service + - id + - owner + - settings + - severity + - status + - tags + - title + - totalAlerts + - totalComment + - updated_at + - updated_by + - version + properties: + assignees: + $ref: '#/components/schemas/assignees' + closed_at: type: string - example: user + format: date-time + nullable: true + closed_by: + $ref: '#/components/schemas/case_response_closed_by_properties' + comments: + title: Case response properties for comments + description: An array of comment objects for the case. + type: array + items: + discriminator: + propertyName: type + oneOf: + - $ref: '#/components/schemas/alert_comment_response_properties' + - $ref: '#/components/schemas/user_comment_response_properties' + connector: + title: Case response properties for connectors + discriminator: + propertyName: type + oneOf: + - $ref: '#/components/schemas/connector_properties_none' + - $ref: '#/components/schemas/connector_properties_cases_webhook' + - $ref: '#/components/schemas/connector_properties_jira' + - $ref: '#/components/schemas/connector_properties_resilient' + - $ref: '#/components/schemas/connector_properties_servicenow' + - $ref: '#/components/schemas/connector_properties_servicenow_sir' + - $ref: '#/components/schemas/connector_properties_swimlane' + created_at: + type: string + format: date-time + example: '2022-05-13T09:16:17.416Z' + created_by: + $ref: '#/components/schemas/case_response_created_by_properties' + description: + type: string + example: A case description. + duration: + type: integer + description: | + The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero. + nullable: true + example: 120 + external_service: + $ref: '#/components/schemas/external_service' + id: + type: string + example: 66b9aa00-94fa-11ea-9f74-e7e108796192 + owner: + $ref: '#/components/schemas/owners' + settings: + $ref: '#/components/schemas/settings' + severity: + $ref: '#/components/schemas/severity_property' + status: + $ref: '#/components/schemas/status' + tags: + type: array + items: + type: string + example: + - tag-1 + title: + type: string + example: Case title 1 + totalAlerts: + type: integer + example: 0 + totalComment: + type: integer + example: 0 updated_at: type: string format: date-time nullable: true - example: null updated_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - nullable: true - example: null + $ref: '#/components/schemas/case_response_updated_by_properties' version: type: string - example: WzIwNDMxLDFd - external_service: + example: WzUzMiwxXQ== + update_case_request: + title: Update case request + description: The update case API request body varies depending on the type of connector. type: object + required: + - cases properties: - connector_id: - type: string - connector_name: - type: string - external_id: - type: string - external_title: - type: string - external_url: - type: string - pushed_at: - type: string - format: date-time - pushed_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - nullable: true - status: - type: string - description: The status of the case. - enum: - - closed - - in-progress - - open + cases: + type: array + description: An array containing one or more case objects. + items: + type: object + required: + - id + - version + properties: + assignees: + $ref: '#/components/schemas/assignees' + connector: + oneOf: + - $ref: '#/components/schemas/connector_properties_none' + - $ref: '#/components/schemas/connector_properties_cases_webhook' + - $ref: '#/components/schemas/connector_properties_jira' + - $ref: '#/components/schemas/connector_properties_resilient' + - $ref: '#/components/schemas/connector_properties_servicenow' + - $ref: '#/components/schemas/connector_properties_servicenow_sir' + - $ref: '#/components/schemas/connector_properties_swimlane' + description: + description: An updated description for the case. + type: string + id: + description: The identifier for the case. + type: string + settings: + $ref: '#/components/schemas/settings' + severity: + $ref: '#/components/schemas/severity_property' + status: + $ref: '#/components/schemas/status' + tags: + description: The words and phrases that help categorize cases. + type: array + items: + type: string + title: + description: A title for the case. + type: string + version: + description: The current version of the case. To determine this value, use the get case or find cases APIs. + type: string closure_types: type: string - description: >- - Indicates whether a case is automatically closed when it is pushed to - external systems (`close-by-pushing`) or not automatically closed - (`close-by-user`). + description: Indicates whether a case is automatically closed when it is pushed to external systems (`close-by-pushing`) or not automatically closed (`close-by-user`). enum: - close-by-pushing - close-by-user example: close-by-user + connector_types: + type: string + description: The type of connector. + enum: + - .cases-webhook + - .jira + - .none + - .resilient + - .servicenow + - .servicenow-sir + - .swimlane + example: .none alert_response_properties: type: object properties: @@ -3732,71 +2076,70 @@ components: index: description: The alert index. type: string + alert_identifiers: + title: Alert identifiers + description: | + The alert identifier. It is required only when `type` is `alert`. If it is an array, `index` must also be an array with the same length or number of elements. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. + oneOf: + - type: string + - type: array + items: + type: string + x-technical-preview: true + example: 6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42 + alert_indices: + title: Alert indices + description: | + The alert index. It is required only when `type` is `alert`. If it is an array, `alertId` must also be an array with the same length or number of elements. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. + oneOf: + - type: string + - type: array + items: + type: string + x-technical-preview: true + rule: + title: Alerting rule + description: | + The rule that is associated with the alert. It is required only when `type` is `alert`. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. + type: object + x-technical-preview: true + properties: + id: + description: The rule identifier. + type: string + example: 94d80550-aaf4-11ec-985f-97e55adae8b9 + name: + description: The rule name. + type: string + example: security_rule add_alert_comment_request_properties: + title: Add case comment request properties for alerts + required: + - alertId + - index + - owner + - rule + - type + description: Defines properties for case comment requests when type is alert. type: object properties: alertId: - description: > - The alert identifier. It is required only when `type` is `alert`. If - it is an array, `index` must also be an array. This functionality is - in technical preview and may be changed or removed in a future - release. Elastic will apply best effort to fix any issues, but - features in technical preview are not subject to the support SLA of - official GA features. - oneOf: - - type: string - - type: array - items: - type: string - x-technical-preview: true - example: 6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42 + $ref: '#/components/schemas/alert_identifiers' index: - description: > - The alert index. It is required only when `type` is `alert`. If it - is an array, `alertId` must also be an array. This functionality is - in technical preview and may be changed or removed in a future - release. Elastic will apply best effort to fix any issues, but - features in technical preview are not subject to the support SLA of - official GA features. - oneOf: - - type: string - - type: array - items: - type: string - x-technical-preview: true + $ref: '#/components/schemas/alert_indices' owner: $ref: '#/components/schemas/owners' rule: - description: > - The rule that is associated with the alert. It is required only when - `type` is `alert`. This functionality is in technical preview and - may be changed or removed in a future release. Elastic will apply - best effort to fix any issues, but features in technical preview are - not subject to the support SLA of official GA features. - type: object - x-technical-preview: true - properties: - id: - description: The rule identifier. - type: string - example: 94d80550-aaf4-11ec-985f-97e55adae8b9 - name: - description: The rule name. - type: string - example: security_rule + $ref: '#/components/schemas/rule' type: description: The type of comment. type: string + example: alert enum: - alert - example: alert - required: - - alertId - - index - - owner - - rule - - type add_user_comment_request_properties: + title: Add case comment request properties for user comments + description: Defines properties for case comment requests when type is user. type: object properties: comment: @@ -3808,71 +2151,47 @@ components: type: type: string description: The type of comment. + example: user enum: - user - example: user required: - comment - owner - type + add_case_comment_request: + title: Add case comment request + description: The add comment to case API request body varies depending on whether you are adding an alert or a comment. + discriminator: + propertyName: type + oneOf: + - $ref: '#/components/schemas/add_alert_comment_request_properties' + - $ref: '#/components/schemas/add_user_comment_request_properties' update_alert_comment_request_properties: + title: Update case comment request properties for alerts + description: Defines properties for case comment requests when type is alert. + required: + - alertId + - id + - index + - owner + - rule + - type + - version type: object properties: alertId: - description: > - The alert identifier. It is required only when `type` is `alert`. If - it is an array, `index` must also be an array. This functionality is - in technical preview and may be changed or removed in a future - release. Elastic will apply best effort to fix any issues, but - features in technical preview are not subject to the support SLA of - official GA features. - oneOf: - - type: string - - type: array - items: - type: string - x-technical-preview: true - example: 6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42 + $ref: '#/components/schemas/alert_identifiers' id: type: string - description: > - The identifier for the comment. To retrieve comment IDs, use the get - comments API. + description: | + The identifier for the comment. To retrieve comment IDs, use the get comments API. example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 index: - description: > - The alert index. It is required only when `type` is `alert`. If it - is an array, `alertId` must also be an array. This functionality is - in technical preview and may be changed or removed in a future - release. Elastic will apply best effort to fix any issues, but - features in technical preview are not subject to the support SLA of - official GA features. - oneOf: - - type: string - - type: array - items: - type: string - x-technical-preview: true + $ref: '#/components/schemas/alert_indices' owner: $ref: '#/components/schemas/owners' rule: - description: > - The rule that is associated with the alert. It is required only when - `type` is `alert`. This functionality is in technical preview and - may be changed or removed in a future release. Elastic will apply - best effort to fix any issues, but features in technical preview are - not subject to the support SLA of official GA features. - type: object - x-technical-preview: true - properties: - id: - description: The rule identifier. - type: string - example: 94d80550-aaf4-11ec-985f-97e55adae8b9 - name: - description: The rule name. - type: string - example: security_rule + $ref: '#/components/schemas/rule' type: description: The type of comment. type: string @@ -3880,20 +2199,13 @@ components: - alert example: alert version: - description: > - The current comment version. To retrieve version values, use the get - comments API. + description: | + The current comment version. To retrieve version values, use the get comments API. type: string example: Wzk1LDFd - required: - - alertId - - id - - index - - owner - - rule - - type - - version update_user_comment_request_properties: + title: Update case comment request properties for user comments + description: Defines properties for case comment requests when type is user. type: object properties: comment: @@ -3902,9 +2214,8 @@ components: example: A new comment. id: type: string - description: > - The identifier for the comment. To retrieve comment IDs, use the get - comments API. + description: | + The identifier for the comment. To retrieve comment IDs, use the get comments API. example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 owner: $ref: '#/components/schemas/owners' @@ -3915,9 +2226,8 @@ components: - user example: user version: - description: > - The current comment version. To retrieve version values, use the get - comments API. + description: | + The current comment version. To retrieve version values, use the get comments API. type: string example: Wzk1LDFd required: @@ -3926,6 +2236,14 @@ components: - owner - type - version + update_case_comment_request: + title: Update case comment request + description: The update case comment API request body varies depending on whether you are updating an alert or a comment. + discriminator: + propertyName: type + oneOf: + - $ref: '#/components/schemas/update_alert_comment_request_properties' + - $ref: '#/components/schemas/update_user_comment_request_properties' actions: type: string enum: @@ -3972,6 +2290,11 @@ components: type: string enum: - alert + payload_assignees: + type: object + properties: + assignees: + $ref: '#/components/schemas/assignees' payload_connector: type: object properties: @@ -3979,10 +2302,7 @@ components: type: object properties: fields: - description: >- - An object containing the connector fields. To create a case - without a connector, specify null. If you want to omit any - individual field, specify null as its value. + description: An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value. nullable: true type: object properties: @@ -3990,19 +2310,14 @@ components: description: The case identifier for Swimlane connectors. type: string category: - description: >- - The category of the incident for ServiceNow ITSM and - ServiceNow SecOps connectors. + description: The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. type: string destIp: - description: >- - A comma-separated list of destination IPs for ServiceNow - SecOps connectors. - type: string + description: Indicates whether cases will send a comma-separated list of destination IPs for ServiceNow SecOps connectors. + type: boolean + nullable: true impact: - description: >- - The effect an incident had on business for ServiceNow ITSM - connectors. + description: The effect an incident had on business for ServiceNow ITSM connectors. type: string issueType: description: The type of issue for Jira connectors. @@ -4011,61 +2326,44 @@ components: description: The type of incident for IBM Resilient connectors. type: array items: - type: number + type: string malwareHash: - description: >- - A comma-separated list of malware hashes for ServiceNow - SecOps connectors. - type: string + description: Indicates whether cases will send a comma-separated list of malware hashes for ServiceNow SecOps connectors. + type: boolean + nullable: true malwareUrl: - description: >- - A comma-separated list of malware URLs for ServiceNow SecOps - connectors. - type: string + description: Indicates whether cases will send a comma-separated list of malware URLs for ServiceNow SecOps connectors. + type: boolean + nullable: true parent: - description: >- - The key of the parent issue, when the issue type is sub-task - for Jira connectors. + description: The key of the parent issue, when the issue type is sub-task for Jira connectors. type: string priority: - description: >- - The priority of the issue for Jira and ServiceNow SecOps - connectors. + description: The priority of the issue for Jira and ServiceNow SecOps connectors. type: string severity: description: The severity of the incident for ServiceNow ITSM connectors. type: string severityCode: - description: >- - The severity code of the incident for IBM Resilient - connectors. - type: number - sourceIp: - description: >- - A comma-separated list of source IPs for ServiceNow SecOps - connectors. + description: The severity code of the incident for IBM Resilient connectors. type: string + sourceIp: + description: Indicates whether cases will send a comma-separated list of source IPs for ServiceNow SecOps connectors. + type: boolean + nullable: true subcategory: - description: >- - The subcategory of the incident for ServiceNow ITSM - connectors. + description: The subcategory of the incident for ServiceNow ITSM connectors. type: string urgency: - description: >- - The extent to which the incident resolution can be delayed - for ServiceNow ITSM connectors. + description: The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors. type: string example: null id: - description: >- - The identifier for the connector. To create a case without a - connector, use `none`. + description: The identifier for the connector. To create a case without a connector, use `none`. type: string example: none name: - description: >- - The name of the connector. To create a case without a connector, - use `none`. + description: The name of the connector. To create a case without a connector, use `none`. type: string example: none type: @@ -4073,14 +2371,13 @@ components: payload_create_case: type: object properties: + assignees: + $ref: '#/components/schemas/assignees' connector: type: object properties: fields: - description: >- - An object containing the connector fields. To create a case - without a connector, specify null. If you want to omit any - individual field, specify null as its value. + description: An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value. nullable: true type: object properties: @@ -4088,19 +2385,14 @@ components: description: The case identifier for Swimlane connectors. type: string category: - description: >- - The category of the incident for ServiceNow ITSM and - ServiceNow SecOps connectors. + description: The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. type: string destIp: - description: >- - A comma-separated list of destination IPs for ServiceNow - SecOps connectors. - type: string + description: Indicates whether cases will send a comma-separated list of destination IPs for ServiceNow SecOps connectors. + type: boolean + nullable: true impact: - description: >- - The effect an incident had on business for ServiceNow ITSM - connectors. + description: The effect an incident had on business for ServiceNow ITSM connectors. type: string issueType: description: The type of issue for Jira connectors. @@ -4109,61 +2401,44 @@ components: description: The type of incident for IBM Resilient connectors. type: array items: - type: number + type: string malwareHash: - description: >- - A comma-separated list of malware hashes for ServiceNow - SecOps connectors. - type: string + description: Indicates whether cases will send a comma-separated list of malware hashes for ServiceNow SecOps connectors. + type: boolean + nullable: true malwareUrl: - description: >- - A comma-separated list of malware URLs for ServiceNow SecOps - connectors. - type: string + description: Indicates whether cases will send a comma-separated list of malware URLs for ServiceNow SecOps connectors. + type: boolean + nullable: true parent: - description: >- - The key of the parent issue, when the issue type is sub-task - for Jira connectors. + description: The key of the parent issue, when the issue type is sub-task for Jira connectors. type: string priority: - description: >- - The priority of the issue for Jira and ServiceNow SecOps - connectors. + description: The priority of the issue for Jira and ServiceNow SecOps connectors. type: string severity: description: The severity of the incident for ServiceNow ITSM connectors. type: string severityCode: - description: >- - The severity code of the incident for IBM Resilient - connectors. - type: number - sourceIp: - description: >- - A comma-separated list of source IPs for ServiceNow SecOps - connectors. + description: The severity code of the incident for IBM Resilient connectors. type: string + sourceIp: + description: Indicates whether cases will send a comma-separated list of source IPs for ServiceNow SecOps connectors. + type: boolean + nullable: true subcategory: - description: >- - The subcategory of the incident for ServiceNow ITSM - connectors. + description: The subcategory of the incident for ServiceNow ITSM connectors. type: string urgency: - description: >- - The extent to which the incident resolution can be delayed - for ServiceNow ITSM connectors. + description: The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors. type: string example: null id: - description: >- - The identifier for the connector. To create a case without a - connector, use `none`. + description: The identifier for the connector. To create a case without a connector, use `none`. type: string example: none name: - description: >- - The name of the connector. To create a case without a connector, - use `none`. + description: The name of the connector. To create a case without a connector, use `none`. type: string example: none type: @@ -4186,6 +2461,10 @@ components: - tag-1 title: type: string + payload_delete: + type: object + description: If the `action` is `delete` and the `type` is `delete_case`, the payload is nullable. + nullable: true payload_description: type: object properties: @@ -4243,6 +2522,7 @@ components: type: string description: The type of action. enum: + - assignees - create_case - comment - connector @@ -4257,6 +2537,16 @@ components: example: create_case user_actions_response_properties: type: object + required: + - action + - action_id + - case_id + - comment_id + - created_at + - created_by + - owner + - payload + - type properties: action: $ref: '#/components/schemas/actions' @@ -4268,6 +2558,7 @@ components: example: 22df07d0-03b1-11ed-920c-974bfa104448 comment_id: type: string + nullable: true example: 578608d0-03b1-11ed-920c-974bfa104448 created_at: type: string @@ -4279,22 +2570,31 @@ components: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic + nullable: true profile_uid: type: string example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + required: + - email + - full_name + - username owner: $ref: '#/components/schemas/owners' payload: oneOf: - $ref: '#/components/schemas/payload_alert_comment' + - $ref: '#/components/schemas/payload_assignees' - $ref: '#/components/schemas/payload_connector' - $ref: '#/components/schemas/payload_create_case' + - $ref: '#/components/schemas/payload_delete' - $ref: '#/components/schemas/payload_description' - $ref: '#/components/schemas/payload_pushed' - $ref: '#/components/schemas/payload_settings' @@ -4303,7 +2603,6 @@ components: - $ref: '#/components/schemas/payload_tags' - $ref: '#/components/schemas/payload_title' - $ref: '#/components/schemas/payload_user_comment' - nullable: true type: $ref: '#/components/schemas/action_types' examples: @@ -4326,31 +2625,30 @@ components: syncAlerts: true owner: cases create_case_response: - summary: >- - The create case API returns a JSON object that includes the user who - created the case and the case identifier, version, and creation time. + summary: The create case API returns a JSON object that contains details about the case. value: - id: 66b9aa00-94fa-11ea-9f74-e7e108796192 - version: WzUzMiwxXQ== comments: [] - totalComment: 0 totalAlerts: 0 + id: 66b9aa00-94fa-11ea-9f74-e7e108796192 + version: WzUzMiwxXQ== + totalComment: 1 title: Case title 1 tags: - - tag-1 + - tag 1 + assignees: [] + description: A case description. settings: - syncAlerts: true + syncAlerts: false owner: cases - description: A case description. duration: null severity: low closed_at: null closed_by: null - created_at: '2022-05-13T09:16:17.416Z' + created_at: '2022-03-24T00:37:03.906Z' created_by: - email: null - full_name: null username: elastic + full_name: null + email: null status: open updated_at: null updated_by: null @@ -4383,9 +2681,7 @@ components: settings: syncAlerts: true update_case_response: - summary: >- - This is an example response when the case description, tags, and - connector were updated. + summary: This is an example response when the case description, tags, and connector were updated. value: - id: 66b9aa00-94fa-11ea-9f74-e7e108796192 version: WzU0OCwxXQ== @@ -4414,6 +2710,7 @@ components: email: null full_name: null username: elastic + assignees: [] connector: id: 131d4448-abe0-4789-939d-8ef60680b498 name: My connector @@ -4434,9 +2731,7 @@ components: external_id: '10003' connector_name: Jira find_case_response: - summary: >- - Retrieve the first five cases with the `tag-1` tag, in ascending order - by last update time. + summary: Retrieve the first five cases with the `tag-1` tag, in ascending order by last update time. value: page: 1 per_page: 5 @@ -4469,6 +2764,7 @@ components: email: null full_name: null username: elastic + assignees: [] connector: id: none name: none @@ -4478,6 +2774,46 @@ components: count_open_cases: 1 count_in_progress_cases: 0 count_closed_cases: 0 + set_case_configuration_request: + summary: Set the closure type and default connector for Stack Management cases. + value: + owner: cases + connector: + id: 5e656730-e1ca-11ec-be9b-9b1838238ee6 + name: my-jira-connector + type: .jira + fields: null + closure_type: close-by-user + set_case_configuration_response: + summary: This is an example response when the case configuration was updated. + value: + closure_type: close-by-user + owner: cases + created_at: '2022-06-01T17:07:17.767Z' + created_by: + username: elastic + email: null, + full_name: null + updated_at: null + updated_by: null + connector: + id: 5e656730-e1ca-11ec-be9b-9b1838238ee6 + name: my-jira-connector + type: .jira + fields: null + mappings: + - source: title + target: summary + action_type: overwrite + - source: description + target: description + action_type: overwrite + - source: comments + target: comments + action_type: append + version: WzIwNzMsMV0= + error: null + id: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 find_connector_response: summary: Retrieve information about the connectors and their settings. value: @@ -4560,6 +2896,8 @@ components: full_name: null email: null username: elastic + assignees: + - uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 connector: id: none name: none @@ -4579,9 +2917,7 @@ components: comment: A new comment. owner: cases add_comment_response: - summary: >- - The add comment to case API returns a JSON object that contains details - about the case and its comments. + summary: The add comment to case API returns a JSON object that contains details about the case and its comments. value: comments: - id: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 @@ -4594,10 +2930,6 @@ components: username: elastic email: null full_name: null - pushed_at: null - pushed_by: null - updated_at: null - updated_by: null totalAlerts: 0 id: 293f1bc0-74f6-11ea-b83a-553aecdb28b6 version: WzIzMzgsMV0= @@ -4615,9 +2947,9 @@ components: closed_by: null created_at: '2022-03-24T00:37:03.906Z' created_by: - email: null - full_name: null username: elastic + full_name: null + email: null status: open updated_at: '2022-06-03T00:49:47.716Z' updated_by: @@ -4637,10 +2969,9 @@ components: version: Wzk1LDFd type: user comment: An updated comment. + owner: cases update_comment_response: - summary: >- - The add comment to case API returns a JSON object that contains details - about the case and its comments. + summary: The add comment to case API returns a JSON object that contains details about the case and its comments. value: comments: - id: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 @@ -4710,9 +3041,7 @@ components: updated_at: null updated_by: null push_case_response: - summary: >- - The push case API returns a JSON object with details about the case and - the external service. + summary: The push case API returns a JSON object with details about the case and the external service. value: id: b917f300-0ed9-11ed-bd18-65557fe66949 version: WzE3NjgsM10= @@ -4763,48 +3092,76 @@ components: get_case_activity_response: summary: Retrieves all activity for a case value: - - created_at: '2022-07-14T20:11:24.947Z' + - action_id: b4cd0770-07c9-11ed-a5fd-47154cb8767e + action: create + case_id: 22df07d0-03b1-11ed-920c-974bfa104448 + comment_id: 578608d0-03b1-11ed-920c-974bfa104448 + created_at: '2022-07-20T01:17:22.150Z' created_by: username: elastic email: null full_name: null owner: cases - action: create payload: - description: A case description - title: Case title 1 - tags: - - tag 1 + assignees: null connector: name: none type: .none fields: null id: none - settings: - syncAlerts: true + description: test + tags: + - mine + title: test-case owner: cases + settings: + syncAlerts: false severity: low status: open - type: create_case - action_id: 22fd3e30-03b1-11ed-920c-974bfa104448 + type: create_case + type: comment + - action_id: 57af14a0-03b1-11ed-920c-974bfa104448 + action: create case_id: 22df07d0-03b1-11ed-920c-974bfa104448 - comment_id: null - - created_at: '2022-07-14T20:12:53.354Z' + comment_id: 578608d0-03b1-11ed-920c-974bfa104448 + created_at: '2022-07-14T20:12:53.354Z' created_by: username: elastic email: null full_name: null owner: cases - action: create payload: - comment: - type: user - owner: cases - comment: A new comment + comment: A new comment + owner: cases + type: user type: comment - action_id: 57af14a0-03b1-11ed-920c-974bfa104448 + - action_id: 573c6980-6123-11ed-aa41-81a0a61fe447 + action: add case_id: 22df07d0-03b1-11ed-920c-974bfa104448 - comment_id: 578608d0-03b1-11ed-920c-974bfa104448 + comment_id: null + created_at: '2022-07-20T01:10:28.238Z' + created_by: + username: elastic + email: null + full_name: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + owner: cases + payload: + assignees: + uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + type: assignees + - action_id: fff460e0-07c9-11ed-a5fd-47154cb8767e + action: delete + case_id: 22df07d0-03b1-11ed-920c-974bfa104448 + comment_id: null + created_at: '2022-07-20T01:19:28.238Z' + created_by: + username: elastic + email: null + full_name: null + owner: cases + payload: null + type: delete_case security: - basicAuth: [] - apiKeyAuth: [] diff --git a/x-pack/plugins/cases/docs/openapi/components/examples/get_case_activity_response.yaml b/x-pack/plugins/cases/docs/openapi/components/examples/get_case_activity_response.yaml index 22487da290011..3cdafb4b26ef8 100644 --- a/x-pack/plugins/cases/docs/openapi/components/examples/get_case_activity_response.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/examples/get_case_activity_response.yaml @@ -1,37 +1,72 @@ summary: Retrieves all activity for a case -value: - [ - { - "created_at":"2022-07-14T20:11:24.947Z", - "created_by":{"username":"elastic","email":null,"full_name":null}, - "owner":"cases", - "action":"create", - "payload":{ - "description":"A case description", - "title":"Case title 1", - "tags":["tag 1"], - "connector":{"name":"none","type":".none","fields":null,"id":"none"}, - "settings":{"syncAlerts":true}, - "owner":"cases", - "severity":"low", - "status":"open" - }, - "type":"create_case", - "action_id":"22fd3e30-03b1-11ed-920c-974bfa104448", - "case_id":"22df07d0-03b1-11ed-920c-974bfa104448", - "comment_id":null - }, - { - "created_at":"2022-07-14T20:12:53.354Z", - "created_by":{"username":"elastic","email":null,"full_name":null}, - "owner":"cases", - "action":"create", - "payload":{ - "comment":{"type":"user","owner":"cases","comment":"A new comment"} - }, - "type":"comment", - "action_id":"57af14a0-03b1-11ed-920c-974bfa104448", - "case_id":"22df07d0-03b1-11ed-920c-974bfa104448", - "comment_id":"578608d0-03b1-11ed-920c-974bfa104448" - } - ] \ No newline at end of file +value: + - action_id: b4cd0770-07c9-11ed-a5fd-47154cb8767e + action: create + case_id: 22df07d0-03b1-11ed-920c-974bfa104448 + comment_id: 578608d0-03b1-11ed-920c-974bfa104448 + created_at: 2022-07-20T01:17:22.150Z + created_by: + username: elastic + email: null + full_name: null + owner: cases + payload: + assignees: + connector: + name: none + type: .none + fields: null + id: none + description: test + tags: + - mine + title: test-case + owner: cases + settings: + syncAlerts: false + severity: low + status: open + type: create_case + type: comment + - action_id: 57af14a0-03b1-11ed-920c-974bfa104448 + action: create + case_id: 22df07d0-03b1-11ed-920c-974bfa104448 + comment_id: 578608d0-03b1-11ed-920c-974bfa104448 + created_at: 2022-07-14T20:12:53.354Z + created_by: + username: elastic + email: null + full_name: null + owner: cases + payload: + comment: A new comment + owner: cases + type: user + type: comment + - action_id: 573c6980-6123-11ed-aa41-81a0a61fe447 + action: add + case_id: 22df07d0-03b1-11ed-920c-974bfa104448 + comment_id: null + created_at: 2022-07-20T01:10:28.238Z + created_by: + username: elastic + email: null + full_name: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + owner: cases + payload: + assignees: + uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + type: assignees + - action_id: fff460e0-07c9-11ed-a5fd-47154cb8767e + action: delete + case_id: 22df07d0-03b1-11ed-920c-974bfa104448 + comment_id: null + created_at: 2022-07-20T01:19:28.238Z + created_by: + username: elastic + email: null + full_name: null + owner: cases + payload: + type: delete_case \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/assignees.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/assignees.yaml new file mode 100644 index 0000000000000..97f7dc115b215 --- /dev/null +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/assignees.yaml @@ -0,0 +1,12 @@ +type: array +description: An array containing users that are assigned to the case. +nullable: true +items: + type: object + required: + - uid + properties: + uid: + type: string + description: A unique identifier for the user profile. These identifiers can be found by using the suggest user profile API. + example: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/case_configure_response_properties.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/case_configure_response_properties.yaml index 96feee871358f..90c969990f2e5 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/case_configure_response_properties.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/case_configure_response_properties.yaml @@ -11,17 +11,7 @@ created_at: created_by: type: object properties: - email: - type: string - example: null - nullable: true - full_name: - type: string - example: null - nullable: true - username: - type: string - example: elastic + $ref: 'user_properties.yaml' error: type: string nullable: true @@ -53,17 +43,7 @@ updated_at: updated_by: type: object properties: - email: - type: string - example: null - nullable: true - full_name: - type: string - example: null - nullable: true - username: - type: string - example: elastic + $ref: 'user_properties.yaml' nullable: true version: type: string diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/case_response_properties.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/case_response_properties.yaml index 1caa1643476d5..e20bfe664221a 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/case_response_properties.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/case_response_properties.yaml @@ -24,18 +24,7 @@ required: - version properties: assignees: - type: array - description: An array containing users that are assigned to the case. - nullable: true - items: - type: object - required: - - uid - properties: - uid: - type: string - description: A unique identifier for the user profile. You can use the get user profile API to retrieve more details. - example: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 + $ref: 'assignees.yaml' closed_at: type: string format: date-time diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/create_case_request.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/create_case_request.yaml index 715bfaf112042..9f6b039fb2563 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/create_case_request.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/create_case_request.yaml @@ -11,18 +11,7 @@ required: - title properties: assignees: - type: array - description: An array containing users that are assigned to the case. - nullable: true - items: - type: object - required: - - uid - properties: - uid: - type: string - description: A unique identifier for the user profile. These identifiers can be found by using the suggest user profile API. - example: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 + $ref: 'assignees.yaml' connector: oneOf: - $ref: 'connector_properties_none.yaml' diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/payload_assignees.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/payload_assignees.yaml index 122541dfe4fe6..f1fedf6598f95 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/payload_assignees.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/payload_assignees.yaml @@ -1,9 +1,4 @@ type: object properties: assignees: - type: array - items: - type: object - properties: - uid: - type: string \ No newline at end of file + $ref: 'assignees.yaml' \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/payload_create_case.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/payload_create_case.yaml index 7fc04b3db416a..4c3043a25c7b8 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/payload_create_case.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/payload_create_case.yaml @@ -1,5 +1,7 @@ type: object properties: + assignees: + $ref: 'assignees.yaml' connector: type: object properties: diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/payload_delete.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/payload_delete.yaml new file mode 100644 index 0000000000000..933d91305dca7 --- /dev/null +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/payload_delete.yaml @@ -0,0 +1,3 @@ +type: object +description: If the `action` is `delete` and the `type` is `delete_case`, the payload is nullable. +nullable: true \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/payload_user_comment.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/payload_user_comment.yaml index fb309afd82b69..e07d5f81359b2 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/payload_user_comment.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/payload_user_comment.yaml @@ -10,4 +10,4 @@ properties: type: type: string enum: - - user \ No newline at end of file + - user \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/update_case_request.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/update_case_request.yaml index ee4249aeaf9d3..35170dc4ef3eb 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/update_case_request.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/update_case_request.yaml @@ -15,18 +15,7 @@ properties: - version properties: assignees: - type: array - description: An array containing users that are assigned to the case. - nullable: true - items: - type: object - required: - - uid - properties: - uid: - type: string - description: A unique identifier for the user profile. These identifiers can be found by using the suggest user profile API. - example: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 + $ref: 'assignees.yaml' connector: oneOf: - $ref: 'connector_properties_none.yaml' diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/user_actions_response_properties.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/user_actions_response_properties.yaml index a3f57ed53297d..d7e30dfecac19 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/user_actions_response_properties.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/user_actions_response_properties.yaml @@ -1,4 +1,14 @@ type: object +required: + - action + - action_id + - case_id + - comment_id + - created_at + - created_by + - owner + - payload + - type properties: action: $ref: 'actions.yaml' @@ -10,6 +20,7 @@ properties: example: 22df07d0-03b1-11ed-920c-974bfa104448 comment_id: type: string + nullable: true example: 578608d0-03b1-11ed-920c-974bfa104448 created_at: type: string @@ -19,6 +30,10 @@ properties: type: object properties: $ref: 'user_properties.yaml' + required: + - email + - full_name + - username owner: $ref: 'owners.yaml' payload: @@ -27,6 +42,7 @@ properties: - $ref: 'payload_assignees.yaml' - $ref: 'payload_connector.yaml' - $ref: 'payload_create_case.yaml' + - $ref: 'payload_delete.yaml' - $ref: 'payload_description.yaml' - $ref: 'payload_pushed.yaml' - $ref: 'payload_settings.yaml' @@ -35,6 +51,5 @@ properties: - $ref: 'payload_tags.yaml' - $ref: 'payload_title.yaml' - $ref: 'payload_user_comment.yaml' - nullable: true - type: + type: $ref: 'action_types.yaml' \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/entrypoint-min.yaml b/x-pack/plugins/cases/docs/openapi/entrypoint-min.yaml deleted file mode 100644 index 16e2bba667397..0000000000000 --- a/x-pack/plugins/cases/docs/openapi/entrypoint-min.yaml +++ /dev/null @@ -1,59 +0,0 @@ -openapi: 3.0.1 -info: - title: Cases - description: OpenAPI schema for Cases endpoints - version: '0.2' - contact: - name: Cases Team - license: - name: Elastic License 2.0 - url: https://www.elastic.co/licensing/elastic-license -tags: - - name: cases - description: Case APIs enable you to open and track issues. -servers: - - url: 'http://localhost:5601' - description: local -paths: - '/s/{spaceId}/api/cases': - $ref: 'paths/s@{spaceid}@api@cases.yaml' -# '/s/{spaceId}/api/cases/_find': -# $ref: 'paths/s@{spaceid}@api@cases@_find.yaml' - '/s/{spaceId}/api/cases/alerts/{alertId}': - $ref: 'paths/s@{spaceid}@api@cases@alerts@{alertid}.yaml' - '/s/{spaceId}/api/cases/configure': - $ref: paths/s@{spaceid}@api@cases@configure.yaml - '/s/{spaceId}/api/cases/configure/{configurationId}': - $ref: paths/s@{spaceid}@api@cases@configure@{configurationid}.yaml -# '/s/{spaceId}/api/cases/configure/connectors/_find': -# $ref: paths/s@{spaceid}@api@cases@configure@connectors@_find.yaml - '/s/{spaceId}/api/cases/reporters': - $ref: 'paths/s@{spaceid}@api@cases@reporters.yaml' - '/s/{spaceId}/api/cases/status': - $ref: 'paths/s@{spaceid}@api@cases@status.yaml' - '/s/{spaceId}/api/cases/tags': - $ref: 'paths/s@{spaceid}@api@cases@tags.yaml' - '/s/{spaceId}/api/cases/{caseId}': - $ref: 'paths/s@{spaceid}@api@cases@{caseid}.yaml' -# '/s/{spaceId}/api/cases/{caseId}/alerts': -# $ref: 'paths/s@{spaceid}@api@cases@{caseid}@alerts.yaml' - '/s/{spaceId}/api/cases/{caseId}/comments': - $ref: 'paths/s@{spaceid}@api@cases@{caseid}@comments.yaml' - '/s/{spaceId}/api/cases/{caseId}/comments/{commentId}': - $ref: 'paths/s@{spaceid}@api@cases@{caseid}@comments@{commentid}.yaml' - '/s/{spaceId}/api/cases/{caseId}/connector/{connectorId}/_push': - $ref: 'paths/s@{spaceid}@api@cases@{caseid}@connector@{connectorid}@_push.yaml' -# '/s/{spaceId}/api/cases/{caseId}/user_actions': -# $ref: 'paths/s@{spaceid}@api@cases@{caseid}@user_actions.yaml' -components: - securitySchemes: - basicAuth: - type: http - scheme: basic - apiKeyAuth: - type: apiKey - in: header - name: ApiKey -security: - - basicAuth: [] - - apiKeyAuth: [] diff --git a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@_find.yaml b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@_find.yaml index 6d5bb0c2812cd..89c8a0eb9876c 100644 --- a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@_find.yaml +++ b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@_find.yaml @@ -131,7 +131,7 @@ get: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: object properties: diff --git a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@configure@connectors@_find.yaml b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@configure@connectors@_find.yaml index 0755225bad71a..d6328b4426f7b 100644 --- a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@configure@connectors@_find.yaml +++ b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@configure@connectors@_find.yaml @@ -13,7 +13,7 @@ get: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: array items: diff --git a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@alerts.yaml b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@alerts.yaml index 66b8d6cc276bf..abf2f26ce357b 100644 --- a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@alerts.yaml +++ b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@alerts.yaml @@ -21,7 +21,7 @@ get: items: $ref: '../components/schemas/alert_response_properties.yaml' examples: - createCaseCommentResponse: + getCaseAlertsResponse: $ref: '../components/examples/get_case_alerts_response.yaml' servers: - url: https://localhost:5601 diff --git a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@user_actions.yaml b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@user_actions.yaml index 71301cf67a731..43a6ec096dfaa 100644 --- a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@user_actions.yaml +++ b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@user_actions.yaml @@ -15,7 +15,7 @@ get: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: array items: