github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 01:38:56 -04:00
Code Issues Projects Releases Packages Wiki Activity

Add openAPI specifications for cases _find endpoint (#131761) (#133262)

Browse source 
(cherry picked from commit d512c3a9e5)

Co-authored-by: Lisa Cawley <lcawley@elastic.co>
This commit is contained in:
Kibana Machine 2022-05-31 18:50:30 -05:00 committed by GitHub
parent ccf5afa04c
commit 5bd7337f8a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
13 changed files with 2380 additions and 95 deletions
Download patch file Download diff file Expand all files Collapse all files

88
docs/api/cases/cases-api-find-cases.asciidoc
View file

@ -111,94 +111,46 @@ The API returns a JSON object listing the retrieved cases. For example:
{
"page": 1,
"per_page": 5,
"total": 2,
"total": 1,
"cases": [
{
"id": "abed3a70-71bd-11ea-a0b2-c51ea50a58e2",
"version": "WzExMCwxXQ==",
"comments": [],
"totalComment": 0,
"totalComment": 1,
"totalAlerts": 0,
"title": "The Long Game",
"tags": [
"windows",
"phishing"
],
"description": "Windows 95",
"settings": {
"syncAlerts": true
},
"title": "Case title",
"tags": [ "phishing" ],
"description": "Case description",
"settings": { "syncAlerts": true },
"owner": "securitySolution",
"duration": null,
"severity": "low",
"closed_at": null,
"closed_by": null,
"created_at": "2022-03-29T13:03:23.533Z",
"created_at": "2022-05-12T00:16:36.371Z",
"created_by": {
"email": "rhustler@email.com",
"full_name": "Rat Hustler",
"username": "rhustler"
"email": "jdoe@email.com",
"full_name": "Jane Doe",
"username": "jdoe"
},
"status": "open",
"updated_at": null,
"updated_by": null,
"connector": {
"id": "131d4448-abe0-4789-939d-8ef60680b498",
"name": "My connector",
"type": ".jira",
"fields": {
"issueType": "10006",
"priority": null,
}
}
"external_service": null,
},
{
"id": "a18b38a0-71b0-11ea-a0b2-c51ea50a58e2",
"version": "Wzk4LDFd",
"comments": [],
"totalComment": 0,
"totalAlerts": 0,
"title": "This case will self-destruct in 5 seconds",
"tags": [
"phishing",
"social engineering",
"bubblegum"
],
"description": "James Bond clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants. Operation bubblegum is active. Repeat - operation bubblegum is now active!",
"settings": {
"syncAlerts": false
},
"owner": "cases",
"duration": null,
"closed_at": null,
"closed_by": null,
"created_at": "2022-03-29T11:30:02.658Z",
"created_by": {
"email": "ahunley@imf.usa.gov",
"full_name": "Alan Hunley",
"username": "ahunley"
},
"status": "open",
"updated_at": "2022-03-29T12:01:50.244Z",
"updated_at": "2022-05-12T00:27:58.162Z",
"updated_by": {
"full_name": "Classified",
"email": "classified@hms.oo.gov.uk",
"username": "M"
"email": "jsmith@email.com",
"full_name": "Joe Smith",
"username": "jsmith"
},
"connector": {
"id": "131d4448-abe0-4789-939d-8ef60680b498",
"name": "My connector",
"type": ".resilient",
"fields": {
"issueTypes": [13],
"severityCode": 6,
}
"id": "none",
"name": "none",
"type": ".none",
"fields": null
},
"external_service": null,
"external_service": null
}
],
"count_open_cases": 2,
"count_open_cases": 1,
"count_in_progress_cases":0,
"count_closed_cases": 0
}

1109
x-pack/plugins/cases/docs/openapi/bundled.json
View file

File diff suppressed because it is too large Load diff

877
x-pack/plugins/cases/docs/openapi/bundled.yaml
View file

@ -148,7 +148,7 @@ paths:
description: Turns alert syncing on or off.
type: boolean
severity:
$ref: '#/components/schemas/severity'
$ref: '#/components/schemas/severity_property'
tags:
description: >-
The words and phrases that help categorize cases. It can be
@ -366,7 +366,7 @@ paths:
type: boolean
example: true
severity:
$ref: '#/components/schemas/severity'
$ref: '#/components/schemas/severity_property'
status:
$ref: '#/components/schemas/status'
tags:
@ -574,7 +574,7 @@ paths:
description: Turns alert syncing on or off.
type: boolean
severity:
$ref: '#/components/schemas/severity'
$ref: '#/components/schemas/severity_property'
status:
$ref: '#/components/schemas/status'
tags:
@ -791,7 +791,7 @@ paths:
type: boolean
example: true
severity:
$ref: '#/components/schemas/severity'
$ref: '#/components/schemas/severity_property'
status:
$ref: '#/components/schemas/status'
tags:
@ -837,6 +837,399 @@ paths:
- url: https://localhost:5601
servers:
- url: https://localhost:5601
/api/cases/_find:
get:
description: >
Retrieves a paginated subset of cases. You must have read privileges for
the **Cases** feature in the **Management**, **Observability**, or
**Security** section of the Kibana feature privileges, depending on the
owner of the cases you're seeking.
tags:
- cases
- kibana
parameters:
- name: defaultSearchOperator
in: query
description: The default operator to use for the simple_query_string.
schema:
type: string
default: OR
example: OR
- name: fields
in: query
description: The fields in the entity to return in the response.
schema:
type: array
items:
type: string
- name: from
in: query
description: >
[preview] Returns only cases that were created after a specific
date. The date must be specified as a KQL data range or date match
expression. This functionality is in technical preview and may be
changed or removed in a future release. Elastic will apply best
effort to fix any issues, but features in technical preview are not
subject to the support SLA of official GA features.
schema:
type: string
example: now-1d
x-preview: true
- $ref: '#/components/parameters/owner'
- name: page
in: query
description: The page number to return.
schema:
type: integer
default: 1
example: 1
- name: perPage
in: query
description: The number of rules to return per page.
schema:
type: integer
default: 20
example: 20
- name: reporters
in: query
description: Filters the returned cases by the user name of the reporter.
schema:
oneOf:
- type: string
- type: array
items:
type: string
example: elastic
- name: search
in: query
description: >-
An Elasticsearch simple_query_string query that filters the objects
in the response.
schema:
type: string
- name: searchFields
in: query
description: The fields to perform the simple_query_string parsed query against.
schema:
oneOf:
- type: string
- type: array
items:
type: string
- $ref: '#/components/parameters/severity'
- name: sortField
in: query
description: Determines which field is used to sort the results.
schema:
type: string
enum:
- createdAt
- updatedAt
default: createdAt
example: updatedAt
- name: sortOrder
in: query
description: Determines the sort order.
schema:
type: string
enum:
- asc
- desc
default: desc
example: asc
- in: query
name: status
description: Filters the returned cases by state.
schema:
type: string
enum:
- closed
- in-progress
- open
example: open
- name: tags
in: query
description: Filters the returned cases by tags.
schema:
oneOf:
- type: string
- type: array
items:
type: string
example: phishing
- name: to
in: query
description: >-
Returns only cases that were created before a specific date. The
date must be specified as a KQL data range or date match expression.
schema:
type: string
example: now%2B1d
x-preview: true
responses:
'200':
description: Indicates a successful call.
content:
application/json; charset=utf-8:
schema:
type: object
properties:
cases:
type: array
items:
type: object
properties:
closed_at:
type: string
format: date-time
nullable: true
example: null
closed_by:
type: object
properties:
email:
type: string
full_name:
type: string
username:
type: string
nullable: true
example: null
comments:
type: array
items:
type: string
example: []
connector:
type: object
properties:
fields:
description: >-
An object containing the connector fields. To
create a case without a connector, specify null.
If you want to omit any individual field,
specify null as its value.
nullable: true
type: object
properties:
caseId:
description: The case identifier for Swimlane connectors.
type: string
category:
description: >-
The category of the incident for ServiceNow
ITSM and ServiceNow SecOps connectors.
type: string
destIp:
description: >-
A comma-separated list of destination IPs
for ServiceNow SecOps connectors.
type: string
impact:
description: >-
The effect an incident had on business for
ServiceNow ITSM connectors.
type: string
issueType:
description: The type of issue for Jira connectors.
type: string
issueTypes:
description: >-
The type of incident for IBM Resilient
connectors.
type: array
items:
type: number
malwareHash:
description: >-
A comma-separated list of malware hashes for
ServiceNow SecOps connectors.
type: string
malwareUrl:
description: >-
A comma-separated list of malware URLs for
ServiceNow SecOps connectors.
type: string
parent:
description: >-
The key of the parent issue, when the issue
type is sub-task for Jira connectors.
type: string
priority:
description: >-
The priority of the issue for Jira and
ServiceNow SecOps connectors.
type: string
severity:
description: >-
The severity of the incident for ServiceNow
ITSM connectors.
type: string
severityCode:
description: >-
The severity code of the incident for IBM
Resilient connectors.
type: number
sourceIp:
description: >-
A comma-separated list of source IPs for
ServiceNow SecOps connectors.
type: string
subcategory:
description: >-
The subcategory of the incident for
ServiceNow ITSM connectors.
type: string
urgency:
description: >-
The extent to which the incident resolution
can be delayed for ServiceNow ITSM
connectors.
type: string
required:
- fields
- id
- name
- type
id:
description: >-
The identifier for the connector. To create a
case without a connector, use `none`.
type: string
name:
description: >-
The name of the connector. To create a case
without a connector, use `none`.
type: string
type:
$ref: '#/components/schemas/connector_types'
created_at:
type: string
format: date-time
example: '2022-05-13T09:16:17.416Z'
created_by:
type: object
properties:
email:
type: string
example: ahunley@imf.usa.gov
full_name:
type: string
example: Alan Hunley
username:
type: string
example: ahunley
description:
type: string
example: >-
James Bond clicked on a highly suspicious email
banner advertising cheap holidays for underpaid
civil servants. Operation bubblegum is active.
Repeat - operation bubblegum is now active
duration:
type: integer
description: >-
The elapsed time from the creation of the case to
its closure (in seconds). If the case has not been
closed, the duration is set to null.
example: 120
external_service:
type: object
properties:
connector_id:
type: string
connector_name:
type: string
external_id:
type: string
external_title:
type: string
external_url:
type: string
pushed_at:
type: string
format: date-time
pushed_by:
type: object
properties:
email:
type: string
full_name:
type: string
username:
type: string
nullable: true
example: null
id:
type: string
example: 66b9aa00-94fa-11ea-9f74-e7e108796192
owner:
$ref: '#/components/schemas/owners'
settings:
type: object
properties:
syncAlerts:
type: boolean
example: true
severity:
$ref: '#/components/schemas/severity_property'
status:
$ref: '#/components/schemas/status'
tags:
type: array
items:
type: string
example:
- phishing
- social engineering
- bubblegum
title:
type: string
example: This case will self-destruct in 5 seconds
totalAlerts:
type: integer
example: 0
totalComment:
type: integer
example: 0
updated_at:
type: string
format: date-time
nullable: true
example: null
updated_by:
type: object
properties:
email:
type: string
full_name:
type: string
username:
type: string
nullable: true
example: null
version:
type: string
example: WzUzMiwxXQ==
count_closed_cases:
type: integer
count_in_progress_cases:
type: integer
count_open_cases:
type: integer
page:
type: integer
per_page:
type: integer
total:
type: integer
examples:
findCaseResponse:
$ref: '#/components/examples/find_case_response'
servers:
- url: https://localhost:5601
servers:
- url: https://localhost:5601
/s/{spaceId}/api/cases:
post:
description: >
@ -969,7 +1362,7 @@ paths:
description: Turns alert syncing on or off.
type: boolean
severity:
$ref: '#/components/schemas/severity'
$ref: '#/components/schemas/severity_property'
tags:
description: >-
The words and phrases that help categorize cases. It can be
@ -1187,7 +1580,7 @@ paths:
type: boolean
example: true
severity:
$ref: '#/components/schemas/severity'
$ref: '#/components/schemas/severity_property'
status:
$ref: '#/components/schemas/status'
tags:
@ -1397,7 +1790,7 @@ paths:
description: Turns alert syncing on or off.
type: boolean
severity:
$ref: '#/components/schemas/severity'
$ref: '#/components/schemas/severity_property'
status:
$ref: '#/components/schemas/status'
tags:
@ -1614,7 +2007,7 @@ paths:
type: boolean
example: true
severity:
$ref: '#/components/schemas/severity'
$ref: '#/components/schemas/severity_property'
status:
$ref: '#/components/schemas/status'
tags:
@ -1660,6 +2053,402 @@ paths:
- url: https://localhost:5601
servers:
- url: https://localhost:5601
/s/{spaceId}/api/cases/_find:
get:
description: >
Retrieves a paginated subset of cases. You must have read privileges for
the **Cases** feature in the **Management**, **Observability**, or
**Security** section of the Kibana feature privileges, depending on the
owner of the cases you're seeking.
tags:
- cases
- kibana
parameters:
- $ref: '#/components/parameters/space_id'
- name: defaultSearchOperator
in: query
description: The default operator to use for the simple_query_string.
schema:
type: string
default: OR
example: OR
- name: fields
in: query
description: The fields in the entity to return in the response.
schema:
type: array
items:
type: string
- name: from
in: query
description: >
[preview] Returns only cases that were created after a specific
date. The date must be specified as a KQL data range or date match
expression. This functionality is in technical preview and may be
changed or removed in a future release. Elastic will apply best
effort to fix any issues, but features in technical preview are not
subject to the support SLA of official GA features.
schema:
type: string
example: now-1d
- $ref: '#/components/parameters/owner'
- name: page
in: query
description: The page number to return.
schema:
type: integer
default: 1
example: 1
- name: perPage
in: query
description: The number of rules to return per page.
schema:
type: integer
default: 20
example: 20
- name: reporters
in: query
description: Filters the returned cases by the user name of the reporter.
schema:
oneOf:
- type: string
- type: array
items:
type: string
example: elastic
- name: search
in: query
description: >-
An Elasticsearch simple_query_string query that filters the objects
in the response.
schema:
type: string
- name: searchFields
in: query
description: The fields to perform the simple_query_string parsed query against.
schema:
oneOf:
- type: string
- type: array
items:
type: string
- $ref: '#/components/parameters/severity'
- name: sortField
in: query
description: Determines which field is used to sort the results.
schema:
type: string
enum:
- createdAt
- updatedAt
default: createdAt
example: updatedAt
- name: sortOrder
in: query
description: Determines the sort order.
schema:
type: string
enum:
- asc
- desc
default: desc
example: asc
- name: status
in: query
description: Filters the returned cases by state.
schema:
type: string
enum:
- closed
- in-progress
- open
example: open
- name: tags
in: query
description: Filters the returned cases by tags.
schema:
oneOf:
- type: string
- type: array
items:
type: string
example: phishing
- name: to
in: query
description: >
[preview] Returns only cases that were created before a specific
date. The date must be specified as a KQL data range or date match
expression. This functionality is in technical preview and may be
changed or removed in a future release. Elastic will apply best
effort to fix any issues, but features in technical preview are not
subject to the support SLA of official GA features.
schema:
type: string
example: now+1d
responses:
'200':
description: Indicates a successful call.
content:
application/json; charset=utf-8:
schema:
type: object
properties:
cases:
type: array
items:
type: object
properties:
closed_at:
type: string
format: date-time
nullable: true
example: null
closed_by:
type: object
properties:
email:
type: string
full_name:
type: string
username:
type: string
nullable: true
example: null
comments:
type: array
items:
type: string
example: []
connector:
type: object
properties:
fields:
description: >-
An object containing the connector fields. To
create a case without a connector, specify null.
If you want to omit any individual field,
specify null as its value.
nullable: true
type: object
properties:
caseId:
description: The case identifier for Swimlane connectors.
type: string
category:
description: >-
The category of the incident for ServiceNow
ITSM and ServiceNow SecOps connectors.
type: string
destIp:
description: >-
A comma-separated list of destination IPs
for ServiceNow SecOps connectors.
type: string
impact:
description: >-
The effect an incident had on business for
ServiceNow ITSM connectors.
type: string
issueType:
description: The type of issue for Jira connectors.
type: string
issueTypes:
description: >-
The type of incident for IBM Resilient
connectors.
type: array
items:
type: number
malwareHash:
description: >-
A comma-separated list of malware hashes for
ServiceNow SecOps connectors.
type: string
malwareUrl:
description: >-
A comma-separated list of malware URLs for
ServiceNow SecOps connectors.
type: string
parent:
description: >-
The key of the parent issue, when the issue
type is sub-task for Jira connectors.
type: string
priority:
description: >-
The priority of the issue for Jira and
ServiceNow SecOps connectors.
type: string
severity:
description: >-
The severity of the incident for ServiceNow
ITSM connectors.
type: string
severityCode:
description: >-
The severity code of the incident for IBM
Resilient connectors.
type: number
sourceIp:
description: >-
A comma-separated list of source IPs for
ServiceNow SecOps connectors.
type: string
subcategory:
description: >-
The subcategory of the incident for
ServiceNow ITSM connectors.
type: string
urgency:
description: >-
The extent to which the incident resolution
can be delayed for ServiceNow ITSM
connectors.
type: string
required:
- fields
- id
- name
- type
id:
description: >-
The identifier for the connector. To create a
case without a connector, use `none`.
type: string
name:
description: >-
The name of the connector. To create a case
without a connector, use `none`.
type: string
type:
$ref: '#/components/schemas/connector_types'
created_at:
type: string
format: date-time
example: '2022-05-13T09:16:17.416Z'
created_by:
type: object
properties:
email:
type: string
example: ahunley@imf.usa.gov
full_name:
type: string
example: Alan Hunley
username:
type: string
example: ahunley
description:
type: string
example: >-
James Bond clicked on a highly suspicious email
banner advertising cheap holidays for underpaid
civil servants. Operation bubblegum is active.
Repeat - operation bubblegum is now active
duration:
type: integer
description: >-
The elapsed time from the creation of the case to
its closure (in seconds). If the case has not been
closed, the duration is set to null.
example: 120
external_service:
type: object
properties:
connector_id:
type: string
connector_name:
type: string
external_id:
type: string
external_title:
type: string
external_url:
type: string
pushed_at:
type: string
format: date-time
pushed_by:
type: object
properties:
email:
type: string
full_name:
type: string
username:
type: string
nullable: true
example: null
id:
type: string
example: 66b9aa00-94fa-11ea-9f74-e7e108796192
owner:
$ref: '#/components/schemas/owners'
settings:
type: object
properties:
syncAlerts:
type: boolean
example: true
severity:
$ref: '#/components/schemas/severity_property'
status:
$ref: '#/components/schemas/status'
tags:
type: array
items:
type: string
example:
- phishing
- social engineering
- bubblegum
title:
type: string
example: This case will self-destruct in 5 seconds
totalAlerts:
type: integer
example: 0
totalComment:
type: integer
example: 0
updated_at:
type: string
format: date-time
nullable: true
example: null
updated_by:
type: object
properties:
email:
type: string
full_name:
type: string
username:
type: string
nullable: true
example: null
version:
type: string
example: WzUzMiwxXQ==
count_closed_cases:
type: integer
count_in_progress_cases:
type: integer
count_open_cases:
type: integer
page:
type: integer
per_page:
type: integer
total:
type: integer
examples:
findCaseResponse:
$ref: '#/components/examples/find_case_response'
servers:
- url: https://localhost:5601
servers:
- url: https://localhost:5601
components:
securitySchemes:
basicAuth:
@ -1676,6 +2465,31 @@ components:
in: header
name: kbn-xsrf
required: true
owner:
in: query
name: owner
description: >-
A filter to limit the response to a specific set of applications. If
this parameter is omitted, the response contains information about all
the cases that the user has access to read.
schema:
oneOf:
- $ref: '#/components/schemas/owners'
- type: array
items:
$ref: '#/components/schemas/owners'
example: cases
severity:
in: query
name: severity
description: The severity of the case.
schema:
type: string
enum:
- critical
- high
- low
- medium
space_id:
in: path
name: spaceId
@ -1702,7 +2516,7 @@ components:
- cases
- observability
- securitySolution
severity:
severity_property:
type: string
description: The severity of the case.
enum:
@ -1863,6 +2677,51 @@ components:
connector_id: 05da469f-1fde-4058-99a3-91e4807e2de8
external_id: '10003'
connector_name: Jira
find_case_response:
summary: >-
Retrieve the first five cases with the `phishing` tag, in ascending
order by last update time.
value:
page: 1
per_page: 5
total: 1
cases:
- id: abed3a70-71bd-11ea-a0b2-c51ea50a58e2
version: WzExMCwxXQ==
comments: []
totalComment: 1
totalAlerts: 0
title: Case title
tags:
- phishing
description: Case description
settings:
syncAlerts: true
owner: securitySolution
duration: null
severity: low
closed_at: null
closed_by: null
created_at: '2022-05-12T00:16:36.371Z'
created_by:
email: jdoe@email.com
full_name: Jane Doe
username: jdoe
status: open
updated_at: '2022-05-12T00:27:58.162Z'
updated_by:
email: jsmith@email.com
full_name: Joe Smith
username: jsmith
connector:
id: none
name: none
type: .none
fields: null
external_service: null
count_open_cases: 1
count_in_progress_cases: 0
count_closed_cases: 0
security:
- basicAuth: []
- apiKeyAuth: []

48
x-pack/plugins/cases/docs/openapi/components/examples/find_case_response.yaml Normal file
View file

@ -0,0 +1,48 @@
summary: Retrieve the first five cases with the `phishing` tag, in ascending order by last update time.
value:
{
"page": 1,
"per_page": 5,
"total": 1,
"cases": [
{
"id": "abed3a70-71bd-11ea-a0b2-c51ea50a58e2",
"version": "WzExMCwxXQ==",
"comments": [],
"totalComment": 1,
"totalAlerts": 0,
"title": "Case title",
"tags": [ "phishing" ],
"description": "Case description",
"settings": { "syncAlerts": true },
"owner": "securitySolution",
"duration": null,
"severity": "low",
"closed_at": null,
"closed_by": null,
"created_at": "2022-05-12T00:16:36.371Z",
"created_by": {
"email": "jdoe@email.com",
"full_name": "Jane Doe",
"username": "jdoe"
},
"status": "open",
"updated_at": "2022-05-12T00:27:58.162Z",
"updated_by": {
"email": "jsmith@email.com",
"full_name": "Joe Smith",
"username": "jsmith"
},
"connector": {
"id": "none",
"name": "none",
"type": ".none",
"fields": null
},
"external_service": null
}
],
"count_open_cases": 1,
"count_in_progress_cases":0,
"count_closed_cases": 0
}

10
x-pack/plugins/cases/docs/openapi/components/parameters/owner.yaml Normal file
View file

@ -0,0 +1,10 @@
in: query
name: owner
description: A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read.
schema:
oneOf:
- $ref: '../schemas/owners.yaml'
- type: array
items:
$ref: '../schemas/owners.yaml'
example: cases

10
x-pack/plugins/cases/docs/openapi/components/parameters/severity.yaml Normal file
View file

@ -0,0 +1,10 @@
in: query
name: severity
description: The severity of the case.
schema:
type: string
enum:
- critical
- high
- low
- medium

2
x-pack/plugins/cases/docs/openapi/components/schemas/case_response_properties.yaml
View file

@ -85,7 +85,7 @@ settings:
type: boolean
example: true
severity:
$ref: 'severity.yaml'
$ref: 'severity_property.yaml'
status:
$ref: 'status.yaml'
tags:

0
x-pack/plugins/cases/docs/openapi/components/schemas/severity.yaml → x-pack/plugins/cases/docs/openapi/components/schemas/severity_property.yaml
View file

8
x-pack/plugins/cases/docs/openapi/entrypoint.yaml
View file

@ -19,8 +19,8 @@ servers:
paths:
/api/cases:
$ref: paths/api@cases.yaml
# /api/cases/_find:
# $ref: paths/api@cases@_find.yaml
/api/cases/_find:
$ref: paths/api@cases@_find.yaml
# '/api/cases/alerts/{alertId}':
# $ref: 'paths/api@cases@alerts@{alertid}.yaml'
# '/api/cases/configure':
@ -50,8 +50,8 @@ paths:
'/s/{spaceId}/api/cases':
$ref: 'paths/s@{spaceid}@api@cases.yaml'
# '/s/{spaceId}/api/cases/_find':
# $ref: 'paths/s@{spaceid}@api@cases@_find.yaml'
'/s/{spaceId}/api/cases/_find':
$ref: 'paths/s@{spaceid}@api@cases@_find.yaml'
# '/s/{spaceId}/api/cases/alerts/{alertId}':
# $ref: 'paths/s@{spaceid}@api@cases@alerts@{alertid}.yaml'
# '/s/{spaceId}/api/cases/configure':

4
x-pack/plugins/cases/docs/openapi/paths/api@cases.yaml
View file

@ -31,7 +31,7 @@ post:
description: Turns alert syncing on or off.
type: boolean
severity:
$ref: '../components/schemas/severity.yaml'
$ref: '../components/schemas/severity_property.yaml'
tags:
description: The words and phrases that help categorize cases. It can be an empty array.
type: array
@ -126,7 +126,7 @@ patch:
description: Turns alert syncing on or off.
type: boolean
severity:
$ref: '../components/schemas/severity.yaml'
$ref: '../components/schemas/severity_property.yaml'
status:
$ref: '../components/schemas/status.yaml'
tags:

155
x-pack/plugins/cases/docs/openapi/paths/api@cases@_find.yaml Normal file
View file

@ -0,0 +1,155 @@
get:
description: >
Retrieves a paginated subset of cases.
You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.
tags:
- cases
- kibana
parameters:
- name: defaultSearchOperator
in: query
description: The default operator to use for the simple_query_string.
schema:
type: string
default: OR
example: OR
- name: fields
in: query
description: The fields in the entity to return in the response.
schema:
type: array
items:
type: string
- name: from
in: query
description: >
[preview] Returns only cases that were created after a specific date.
The date must be specified as a KQL data range or date match expression.
This functionality is in technical preview and may be changed or removed
in a future release. Elastic will apply best effort to fix any issues,
but features in technical preview are not subject to the support SLA of
official GA features.
schema:
type: string
example: now-1d
x-preview: true
- $ref: '../components/parameters/owner.yaml'
- name: page
in: query
description: The page number to return.
schema:
type: integer
default: 1
example: 1
- name: perPage
in: query
description: The number of rules to return per page.
schema:
type: integer
default: 20
example: 20
- name: reporters
in: query
description: Filters the returned cases by the user name of the reporter.
schema:
oneOf:
- type: string
- type: array
items:
type: string
example: elastic
- name: search
in: query
description: An Elasticsearch simple_query_string query that filters the objects in the response.
schema:
type: string
- name: searchFields
in: query
description: The fields to perform the simple_query_string parsed query against.
schema:
oneOf:
- type: string
- type: array
items:
type: string
- $ref: '../components/parameters/severity.yaml'
- name: sortField
in: query
description: Determines which field is used to sort the results.
schema:
type: string
enum:
- createdAt
- updatedAt
default: createdAt
example: updatedAt
- name: sortOrder
in: query
description: Determines the sort order.
schema:
type: string
enum:
- asc
- desc
default: desc
example: asc
- in: query
name: status
description: Filters the returned cases by state.
schema:
type: string
enum:
- closed
- in-progress
- open
example: open
- name: tags
in: query
description: Filters the returned cases by tags.
schema:
oneOf:
- type: string
- type: array
items:
type: string
example: phishing
- name: to
in: query
description: Returns only cases that were created before a specific date. The date must be specified as a KQL data range or date match expression.
schema:
type: string
example: now%2B1d
x-preview: true
responses:
'200':
description: Indicates a successful call.
content:
application/json; charset=utf-8:
schema:
type: object
properties:
cases:
type: array
items:
type: object
properties:
$ref: '../components/schemas/case_response_properties.yaml'
count_closed_cases:
type: integer
count_in_progress_cases:
type: integer
count_open_cases:
type: integer
page:
type: integer
per_page:
type: integer
total:
type: integer
examples:
findCaseResponse:
$ref: '../components/examples/find_case_response.yaml'
servers:
- url: https://localhost:5601
servers:
- url: https://localhost:5601

4
x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases.yaml
View file

@ -32,7 +32,7 @@ post:
description: Turns alert syncing on or off.
type: boolean
severity:
$ref: '../components/schemas/severity.yaml'
$ref: '../components/schemas/severity_property.yaml'
tags:
description: The words and phrases that help categorize cases. It can be an empty array.
type: array
@ -129,7 +129,7 @@ patch:
description: Turns alert syncing on or off.
type: boolean
severity:
$ref: '../components/schemas/severity.yaml'
$ref: '../components/schemas/severity_property.yaml'
status:
$ref: '../components/schemas/status.yaml'
tags:

160
x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@_find.yaml Normal file
View file

@ -0,0 +1,160 @@
get:
description: >
Retrieves a paginated subset of cases.
You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.
tags:
- cases
- kibana
parameters:
- $ref: '../components/parameters/space_id.yaml'
- name: defaultSearchOperator
in: query
description: The default operator to use for the simple_query_string.
schema:
type: string
default: OR
example: OR
- name: fields
in: query
description: The fields in the entity to return in the response.
schema:
type: array
items:
type: string
- name: from
in: query
description: >
[preview] Returns only cases that were created after a specific date.
The date must be specified as a KQL data range or date match expression.
This functionality is in technical preview and may be changed or removed
in a future release. Elastic will apply best effort to fix any issues,
but features in technical preview are not subject to the support SLA of
official GA features.
schema:
type: string
example: now-1d
- $ref: '../components/parameters/owner.yaml'
- name: page
in: query
description: The page number to return.
schema:
type: integer
default: 1
example: 1
- name: perPage
in: query
description: The number of rules to return per page.
schema:
type: integer
default: 20
example: 20
- name: reporters
in: query
description: Filters the returned cases by the user name of the reporter.
schema:
oneOf:
- type: string
- type: array
items:
type: string
example: elastic
- name: search
in: query
description: An Elasticsearch simple_query_string query that filters the objects in the response.
schema:
type: string
- name: searchFields
in: query
description: The fields to perform the simple_query_string parsed query against.
schema:
oneOf:
- type: string
- type: array
items:
type: string
- $ref: '../components/parameters/severity.yaml'
- name: sortField
in: query
description: Determines which field is used to sort the results.
schema:
type: string
enum:
- createdAt
- updatedAt
default: createdAt
example: updatedAt
- name: sortOrder
in: query
description: Determines the sort order.
schema:
type: string
enum:
- asc
- desc
default: desc
example: asc
- name: status
in: query
description: Filters the returned cases by state.
schema:
type: string
enum:
- closed
- in-progress
- open
example: open
- name: tags
in: query
description: Filters the returned cases by tags.
schema:
oneOf:
- type: string
- type: array
items:
type: string
example: phishing
- name: to
in: query
description: >
[preview] Returns only cases that were created before a specific date.
The date must be specified as a KQL data range or date match expression.
This functionality is in technical preview and may be changed or removed
in a future release. Elastic will apply best effort to fix any issues,
but features in technical preview are not subject to the support SLA of
official GA features.
schema:
type: string
example: now+1d
responses:
'200':
description: Indicates a successful call.
content:
application/json; charset=utf-8:
schema:
type: object
properties:
cases:
type: array
items:
type: object
properties:
$ref: '../components/schemas/case_response_properties.yaml'
count_closed_cases:
type: integer
count_in_progress_cases:
type: integer
count_open_cases:
type: integer
page:
type: integer
per_page:
type: integer
total:
type: integer
examples:
findCaseResponse:
$ref: '../components/examples/find_case_response.yaml'
servers:
- url: https://localhost:5601
servers:
- url: https://localhost:5601