github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 17:28:26 -04:00
Code Issues Projects Releases Packages Wiki Activity

[DOCS] Revise case API examples for consistent tone (#133456) (#133640)

Browse source 
(cherry picked from commit 05b392a862)

Co-authored-by: Lisa Cawley <lcawley@elastic.co>
This commit is contained in:
Kibana Machine 2022-06-06 12:15:56 -05:00 committed by GitHub
parent a521a30dc6
commit 8dc361e209
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
17 changed files with 186 additions and 289 deletions
Download patch file Download diff file Expand all files Collapse all files

30
docs/api/cases/cases-api-create.asciidoc
View file

@ -162,13 +162,9 @@ categorize cases. It can be an empty array.
--------------------------------------------------
POST api/cases
{
"description": "James Bond clicked on a highly suspicious email
banner advertising cheap holidays for underpaid civil servants.",
"title": "This case will self-destruct in 5 seconds",
"tags": [
"phishing",
"social engineering"
],
"description": "A case description.",
"title": "Case title 1",
"tags": [ "tag 1" ],
"connector": {
"id": "131d4448-abe0-4789-939d-8ef60680b498",
"name": "My connector",
@ -182,7 +178,7 @@ POST api/cases
"settings": {
"syncAlerts": true
},
"owner": "securitySolution"
"owner": "cases"
}
--------------------------------------------------
// KIBANA
@ -198,26 +194,22 @@ the case identifier, version, and creation time. For example:
"comments": [],
"totalComment": 0,
"totalAlerts": 0,
"title": "This case will self-destruct in 5 seconds",
"tags": [
"phishing",
"social engineering",
"bubblegum"
],
"title": "Case title 1",
"tags": [ "tag 1" ],
"settings": {
"syncAlerts": true
},
"owner": "securitySolution",
"description": "James Bond clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants. Operation bubblegum is active. Repeat - operation bubblegum is now active",
"owner": "cases",
"description": "A case description.",
"duration": null,
"severity": "low",
"closed_at": null,
"closed_by": null,
"created_at": "2022-05-13T09:16:17.416Z",
"created_by": {
"email": "ahunley@imf.usa.gov",
"full_name": "Alan Hunley",
"username": "ahunley"
"email": null,
"full_name": null,
"username": "elastic"
},
"status": "open",
"updated_at": null,

6
docs/api/cases/cases-api-find-cases.asciidoc
View file

@ -95,12 +95,12 @@ Defaults to `desc`.
=== {api-examples-title}
Retrieve the first five cases with the `phishing` tag, in ascending order by
Retrieve the first five cases with the `tag-1` tag, in ascending order by
last update time:
[source,sh]
--------------------------------------------------
GET api/cases/_find?page=1&perPage=5&sortField=updatedAt&sortOrder=asc&tags=phishing
GET api/cases/_find?page=1&perPage=5&sortField=updatedAt&sortOrder=asc&tags=tag-1
--------------------------------------------------
// KIBANA
@ -120,7 +120,7 @@ The API returns a JSON object listing the retrieved cases. For example:
"totalComment": 1,
"totalAlerts": 0,
"title": "Case title",
"tags": [ "phishing" ],
"tags": [ "tag-1" ],
"description": "Case description",
"settings": { "syncAlerts": true },
"owner": "securitySolution",

44
docs/api/cases/cases-api-update.asciidoc
View file

@ -159,7 +159,8 @@ and `open`.
(Optional, string) A title for the case.
`version`::
(Required, string) The current version of the case. To determine this value, use <<cases-api-get-case>> or <<cases-api-find-cases>>.
(Required, string) The current version of the case. To determine this value, use
<<cases-api-get-case>> or <<cases-api-find-cases>>.
====
=== {api-response-codes-title}
@ -190,15 +191,8 @@ PATCH api/cases
"parent": null
}
},
"description": "James Bond clicked on a highly suspicious email
banner advertising cheap holidays for underpaid civil servants.
Operation bubblegum is active. Repeat - operation bubblegum is
now active!",
"tags": [
"phishing",
"social engineering",
"bubblegum"
],
"description": "A new description.",
"tags": [ "tag-1", "tag-2" ],
"settings": {
"syncAlerts": true
}
@ -219,33 +213,29 @@ The API returns the updated case with a new `version` value. For example:
"comments": [],
"totalComment": 0,
"totalAlerts": 0,
"title": "This case will self-destruct in 5 seconds",
"tags": [
"phishing",
"social engineering",
"bubblegum"
],
"title": "Case title 1",
"tags": [ "tag-1", "tag-2" ],
"settings": {
"syncAlerts": true
},
"owner": "securitySolution",
"description": "James Bond clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants. Operation bubblegum is active. Repeat - operation bubblegum is now active!",
"owner": "cases",
"description": "A new description.",
"duration": null,
"severity": "low",
"closed_at": null,
"closed_by": null,
"created_at": "2022-05-13T09:16:17.416Z",
"created_by": {
"email": "ahunley@imf.usa.gov",
"full_name": "Alan Hunley",
"username": "ahunley"
"email": null,
"full_name": null,
"username": "elastic"
},
"status": "open",
"updated_at": "2022-05-13T09:48:33.043Z",
"updated_by": {
"email": "classified@hms.oo.gov.uk",
"full_name": "Classified",
"username": "M"
"email": null,
"full_name": null,
"username": "elastic"
},
"connector": {
"id": "131d4448-abe0-4789-939d-8ef60680b498",
@ -260,9 +250,9 @@ The API returns the updated case with a new `version` value. For example:
"external_service": {
"external_title": "IS-4",
"pushed_by": {
"full_name": "Classified",
"email": "classified@hms.oo.gov.uk",
"username": "M"
"full_name": null,
"email": null,
"username": "elastic"
},
"external_url": "https://hms.atlassian.net/browse/IS-4",
"pushed_at": "2022-05-13T09:20:40.672Z",

129
x-pack/plugins/cases/docs/openapi/bundled.json
View file

@ -342,7 +342,7 @@
},
"description": {
"type": "string",
"example": "James Bond clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants. Operation bubblegum is active. Repeat - operation bubblegum is now active"
"example": "A case description."
},
"duration": {
"type": "integer",
@ -417,14 +417,12 @@
"type": "string"
},
"example": [
"phishing",
"social engineering",
"bubblegum"
"tag-1"
]
},
"title": {
"type": "string",
"example": "This case will self-destruct in 5 seconds"
"example": "Case title 1"
},
"totalAlerts": {
"type": "integer",
@ -833,7 +831,7 @@
},
"description": {
"type": "string",
"example": "James Bond clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants. Operation bubblegum is active. Repeat - operation bubblegum is now active"
"example": "A case description."
},
"duration": {
"type": "integer",
@ -908,14 +906,12 @@
"type": "string"
},
"example": [
"phishing",
"social engineering",
"bubblegum"
"tag-1"
]
},
"title": {
"type": "string",
"example": "This case will self-destruct in 5 seconds"
"example": "Case title 1"
},
"totalAlerts": {
"type": "integer",
@ -1143,7 +1139,7 @@
}
]
},
"example": "phishing"
"example": "tag-1"
},
{
"name": "to",
@ -1311,7 +1307,7 @@
},
"description": {
"type": "string",
"example": "James Bond clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants. Operation bubblegum is active. Repeat - operation bubblegum is now active"
"example": "A case description."
},
"duration": {
"type": "integer",
@ -1386,14 +1382,12 @@
"type": "string"
},
"example": [
"phishing",
"social engineering",
"bubblegum"
"tag-1"
]
},
"title": {
"type": "string",
"example": "This case will self-destruct in 5 seconds"
"example": "Case title 1"
},
"totalAlerts": {
"type": "integer",
@ -2736,7 +2730,7 @@
},
"description": {
"type": "string",
"example": "James Bond clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants. Operation bubblegum is active. Repeat - operation bubblegum is now active"
"example": "A case description."
},
"duration": {
"type": "integer",
@ -2811,14 +2805,12 @@
"type": "string"
},
"example": [
"phishing",
"social engineering",
"bubblegum"
"tag-1"
]
},
"title": {
"type": "string",
"example": "This case will self-destruct in 5 seconds"
"example": "Case title 1"
},
"totalAlerts": {
"type": "integer",
@ -3233,7 +3225,7 @@
},
"description": {
"type": "string",
"example": "James Bond clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants. Operation bubblegum is active. Repeat - operation bubblegum is now active"
"example": "A case description."
},
"duration": {
"type": "integer",
@ -3308,14 +3300,12 @@
"type": "string"
},
"example": [
"phishing",
"social engineering",
"bubblegum"
"tag-1"
]
},
"title": {
"type": "string",
"example": "This case will self-destruct in 5 seconds"
"example": "Case title 1"
},
"totalAlerts": {
"type": "integer",
@ -3545,7 +3535,7 @@
}
]
},
"example": "phishing"
"example": "tag-1"
},
{
"name": "to",
@ -3712,7 +3702,7 @@
},
"description": {
"type": "string",
"example": "James Bond clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants. Operation bubblegum is active. Repeat - operation bubblegum is now active"
"example": "A case description."
},
"duration": {
"type": "integer",
@ -3787,14 +3777,12 @@
"type": "string"
},
"example": [
"phishing",
"social engineering",
"bubblegum"
"tag-1"
]
},
"title": {
"type": "string",
"example": "This case will self-destruct in 5 seconds"
"example": "Case title 1"
},
"totalAlerts": {
"type": "integer",
@ -4977,11 +4965,10 @@
"create_case_request": {
"summary": "Create a security case that uses a Jira connector.",
"value": {
"description": "James Bond clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants.",
"title": "This case will self-destruct in 5 seconds",
"description": "A case description.",
"title": "Case title 1",
"tags": [
"phishing",
"social engineering"
"tag-1"
],
"connector": {
"id": "131d4448-abe0-4789-939d-8ef60680b498",
@ -4996,7 +4983,7 @@
"settings": {
"syncAlerts": true
},
"owner": "securitySolution"
"owner": "cases"
}
},
"create_case_response": {
@ -5007,26 +4994,24 @@
"comments": [],
"totalComment": 0,
"totalAlerts": 0,
"title": "This case will self-destruct in 5 seconds",
"title": "Case title 1",
"tags": [
"phishing",
"social engineering",
"bubblegum"
"tag-1"
],
"settings": {
"syncAlerts": true
},
"owner": "securitySolution",
"description": "James Bond clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants. Operation bubblegum is active. Repeat - operation bubblegum is now active",
"owner": "cases",
"description": "A case description.",
"duration": null,
"severity": "low",
"closed_at": null,
"closed_by": null,
"created_at": "2022-05-13T09:16:17.416Z",
"created_by": {
"email": "ahunley@imf.usa.gov",
"full_name": "Alan Hunley",
"username": "ahunley"
"email": null,
"full_name": null,
"username": "elastic"
},
"status": "open",
"updated_at": null,
@ -5061,11 +5046,9 @@
"parent": null
}
},
"description": "James Bond clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants. Operation bubblegum is active. Repeat - operation bubblegum is now active!",
"description": "A case description.",
"tags": [
"phishing",
"social engineering",
"bubblegum"
"tag-1"
],
"settings": {
"syncAlerts": true
@ -5083,33 +5066,31 @@
"comments": [],
"totalComment": 0,
"totalAlerts": 0,
"title": "This case will self-destruct in 5 seconds",
"title": "Case title 1",
"tags": [
"phishing",
"social engineering",
"bubblegum"
"tag-1"
],
"settings": {
"syncAlerts": true
},
"owner": "securitySolution",
"description": "James Bond clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants. Operation bubblegum is active. Repeat - operation bubblegum is now active!",
"owner": "cases",
"description": "A case description.",
"duration": null,
"severity": "low",
"closed_at": null,
"closed_by": null,
"created_at": "2022-05-13T09:16:17.416Z",
"created_by": {
"email": "ahunley@imf.usa.gov",
"full_name": "Alan Hunley",
"username": "ahunley"
"email": null,
"full_name": null,
"username": "elastic"
},
"status": "open",
"updated_at": "2022-05-13T09:48:33.043Z",
"updated_by": {
"email": "classified@hms.oo.gov.uk",
"full_name": "Classified",
"username": "M"
"email": null,
"full_name": null,
"username": "elastic"
},
"connector": {
"id": "131d4448-abe0-4789-939d-8ef60680b498",
@ -5124,9 +5105,9 @@
"external_service": {
"external_title": "IS-4",
"pushed_by": {
"full_name": "Classified",
"email": "classified@hms.oo.gov.uk",
"username": "M"
"full_name": null,
"email": null,
"username": "elastic"
},
"external_url": "https://hms.atlassian.net/browse/IS-4",
"pushed_at": "2022-05-13T09:20:40.672Z",
@ -5138,7 +5119,7 @@
]
},
"find_case_response": {
"summary": "Retrieve the first five cases with the `phishing` tag, in ascending order by last update time.",
"summary": "Retrieve the first five cases with the `tag-1` tag, in ascending order by last update time.",
"value": {
"page": 1,
"per_page": 5,
@ -5152,29 +5133,29 @@
"totalAlerts": 0,
"title": "Case title",
"tags": [
"phishing"
"tag-1"
],
"description": "Case description",
"settings": {
"syncAlerts": true
},
"owner": "securitySolution",
"owner": "cases",
"duration": null,
"severity": "low",
"closed_at": null,
"closed_by": null,
"created_at": "2022-05-12T00:16:36.371Z",
"created_by": {
"email": "jdoe@email.com",
"full_name": "Jane Doe",
"username": "jdoe"
"email": null,
"full_name": null,
"username": "elastic"
},
"status": "open",
"updated_at": "2022-05-12T00:27:58.162Z",
"updated_by": {
"email": "jsmith@email.com",
"full_name": "Joe Smith",
"username": "jsmith"
"email": null,
"full_name": null,
"username": "elastic"
},
"connector": {
"id": "none",

166
x-pack/plugins/cases/docs/openapi/bundled.yaml
View file

@ -316,11 +316,7 @@ paths:
example: elastic
description:
type: string
example: >-
James Bond clicked on a highly suspicious email banner
advertising cheap holidays for underpaid civil servants.
Operation bubblegum is active. Repeat - operation
bubblegum is now active
example: A case description.
duration:
type: integer
description: >-
@ -375,12 +371,10 @@ paths:
items:
type: string
example:
- phishing
- social engineering
- bubblegum
- tag-1
title:
type: string
example: This case will self-destruct in 5 seconds
example: Case title 1
totalAlerts:
type: integer
example: 0
@ -742,11 +736,7 @@ paths:
example: elastic
description:
type: string
example: >-
James Bond clicked on a highly suspicious email banner
advertising cheap holidays for underpaid civil servants.
Operation bubblegum is active. Repeat - operation
bubblegum is now active
example: A case description.
duration:
type: integer
description: >-
@ -801,12 +791,10 @@ paths:
items:
type: string
example:
- phishing
- social engineering
- bubblegum
- tag-1
title:
type: string
example: This case will self-destruct in 5 seconds
example: Case title 1
totalAlerts:
type: integer
example: 0
@ -958,7 +946,7 @@ paths:
- type: array
items:
type: string
example: phishing
example: tag-1
- name: to
in: query
description: >-
@ -1121,11 +1109,7 @@ paths:
example: elastic
description:
type: string
example: >-
James Bond clicked on a highly suspicious email
banner advertising cheap holidays for underpaid
civil servants. Operation bubblegum is active.
Repeat - operation bubblegum is now active
example: A case description.
duration:
type: integer
description: >-
@ -1180,12 +1164,10 @@ paths:
items:
type: string
example:
- phishing
- social engineering
- bubblegum
- tag-1
title:
type: string
example: This case will self-destruct in 5 seconds
example: Case title 1
totalAlerts:
type: integer
example: 0
@ -2382,11 +2364,7 @@ paths:
example: elastic
description:
type: string
example: >-
James Bond clicked on a highly suspicious email banner
advertising cheap holidays for underpaid civil servants.
Operation bubblegum is active. Repeat - operation
bubblegum is now active
example: A case description.
duration:
type: integer
description: >-
@ -2441,12 +2419,10 @@ paths:
items:
type: string
example:
- phishing
- social engineering
- bubblegum
- tag-1
title:
type: string
example: This case will self-destruct in 5 seconds
example: Case title 1
totalAlerts:
type: integer
example: 0
@ -2810,11 +2786,7 @@ paths:
example: elastic
description:
type: string
example: >-
James Bond clicked on a highly suspicious email banner
advertising cheap holidays for underpaid civil servants.
Operation bubblegum is active. Repeat - operation
bubblegum is now active
example: A case description.
duration:
type: integer
description: >-
@ -2869,12 +2841,10 @@ paths:
items:
type: string
example:
- phishing
- social engineering
- bubblegum
- tag-1
title:
type: string
example: This case will self-destruct in 5 seconds
example: Case title 1
totalAlerts:
type: integer
example: 0
@ -3026,7 +2996,7 @@ paths:
- type: array
items:
type: string
example: phishing
example: tag-1
- name: to
in: query
description: >
@ -3192,11 +3162,7 @@ paths:
example: elastic
description:
type: string
example: >-
James Bond clicked on a highly suspicious email
banner advertising cheap holidays for underpaid
civil servants. Operation bubblegum is active.
Repeat - operation bubblegum is now active
example: A case description.
duration:
type: integer
description: >-
@ -3251,12 +3217,10 @@ paths:
items:
type: string
example:
- phishing
- social engineering
- bubblegum
- tag-1
title:
type: string
example: This case will self-destruct in 5 seconds
example: Case title 1
totalAlerts:
type: integer
example: 0
@ -4274,13 +4238,10 @@ components:
create_case_request:
summary: Create a security case that uses a Jira connector.
value:
description: >-
James Bond clicked on a highly suspicious email banner advertising
cheap holidays for underpaid civil servants.
title: This case will self-destruct in 5 seconds
description: A case description.
title: Case title 1
tags:
- phishing
- social engineering
- tag-1
connector:
id: 131d4448-abe0-4789-939d-8ef60680b498
name: My connector
@ -4291,7 +4252,7 @@ components:
parent: null
settings:
syncAlerts: true
owner: securitySolution
owner: cases
create_case_response:
summary: >-
The create case API returns a JSON object that includes the user who
@ -4302,27 +4263,22 @@ components:
comments: []
totalComment: 0
totalAlerts: 0
title: This case will self-destruct in 5 seconds
title: Case title 1
tags:
- phishing
- social engineering
- bubblegum
- tag-1
settings:
syncAlerts: true
owner: securitySolution
description: >-
James Bond clicked on a highly suspicious email banner advertising
cheap holidays for underpaid civil servants. Operation bubblegum is
active. Repeat - operation bubblegum is now active
owner: cases
description: A case description.
duration: null
severity: low
closed_at: null
closed_by: null
created_at: '2022-05-13T09:16:17.416Z'
created_by:
email: ahunley@imf.usa.gov
full_name: Alan Hunley
username: ahunley
email: null
full_name: null
username: elastic
status: open
updated_at: null
updated_by: null
@ -4349,14 +4305,9 @@ components:
issueType: '10006'
priority: null
parent: null
description: >-
James Bond clicked on a highly suspicious email banner advertising
cheap holidays for underpaid civil servants. Operation bubblegum
is active. Repeat - operation bubblegum is now active!
description: A case description.
tags:
- phishing
- social engineering
- bubblegum
- tag-1
settings:
syncAlerts: true
update_case_response:
@ -4369,33 +4320,28 @@ components:
comments: []
totalComment: 0
totalAlerts: 0
title: This case will self-destruct in 5 seconds
title: Case title 1
tags:
- phishing
- social engineering
- bubblegum
- tag-1
settings:
syncAlerts: true
owner: securitySolution
description: >-
James Bond clicked on a highly suspicious email banner advertising
cheap holidays for underpaid civil servants. Operation bubblegum is
active. Repeat - operation bubblegum is now active!
owner: cases
description: A case description.
duration: null
severity: low
closed_at: null
closed_by: null
created_at: '2022-05-13T09:16:17.416Z'
created_by:
email: ahunley@imf.usa.gov
full_name: Alan Hunley
username: ahunley
email: null
full_name: null
username: elastic
status: open
updated_at: '2022-05-13T09:48:33.043Z'
updated_by:
email: classified@hms.oo.gov.uk
full_name: Classified
username: M
email: null
full_name: null
username: elastic
connector:
id: 131d4448-abe0-4789-939d-8ef60680b498
name: My connector
@ -4407,9 +4353,9 @@ components:
external_service:
external_title: IS-4
pushed_by:
full_name: Classified
email: classified@hms.oo.gov.uk
username: M
full_name: null
email: null
username: elastic
external_url: https://hms.atlassian.net/browse/IS-4
pushed_at: '2022-05-13T09:20:40.672Z'
connector_id: 05da469f-1fde-4058-99a3-91e4807e2de8
@ -4417,8 +4363,8 @@ components:
connector_name: Jira
find_case_response:
summary: >-
Retrieve the first five cases with the `phishing` tag, in ascending
order by last update time.
Retrieve the first five cases with the `tag-1` tag, in ascending order
by last update time.
value:
page: 1
per_page: 5
@ -4431,26 +4377,26 @@ components:
totalAlerts: 0
title: Case title
tags:
- phishing
- tag-1
description: Case description
settings:
syncAlerts: true
owner: securitySolution
owner: cases
duration: null
severity: low
closed_at: null
closed_by: null
created_at: '2022-05-12T00:16:36.371Z'
created_by:
email: jdoe@email.com
full_name: Jane Doe
username: jdoe
email: null
full_name: null
username: elastic
status: open
updated_at: '2022-05-12T00:27:58.162Z'
updated_by:
email: jsmith@email.com
full_name: Joe Smith
username: jsmith
email: null
full_name: null
username: elastic
connector:
id: none
name: none

8
x-pack/plugins/cases/docs/openapi/components/examples/create_case_request.yaml
View file

@ -1,9 +1,9 @@
summary: Create a security case that uses a Jira connector.
value:
{
"description": "James Bond clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants.",
"title": "This case will self-destruct in 5 seconds",
"tags": [ "phishing","social engineering"],
"description": "A case description.",
"title": "Case title 1",
"tags": [ "tag-1" ],
"connector": {
"id": "131d4448-abe0-4789-939d-8ef60680b498",
"name": "My connector",
@ -17,5 +17,5 @@ value:
"settings": {
"syncAlerts": true
},
"owner": "securitySolution"
"owner": "cases"
}

18
x-pack/plugins/cases/docs/openapi/components/examples/create_case_response.yaml
View file

@ -6,26 +6,22 @@ value:
"comments": [],
"totalComment": 0,
"totalAlerts": 0,
"title": "This case will self-destruct in 5 seconds",
"tags": [
"phishing",
"social engineering",
"bubblegum"
],
"title": "Case title 1",
"tags": [ "tag-1" ],
"settings": {
"syncAlerts": true
},
"owner": "securitySolution",
"description": "James Bond clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants. Operation bubblegum is active. Repeat - operation bubblegum is now active",
"owner": "cases",
"description": "A case description.",
"duration": null,
"severity": "low",
"closed_at": null,
"closed_by": null,
"created_at": "2022-05-13T09:16:17.416Z",
"created_by": {
"email": "ahunley@imf.usa.gov",
"full_name": "Alan Hunley",
"username": "ahunley"
"email": null,
"full_name": null,
"username": "elastic"
},
"status": "open",
"updated_at": null,

18
x-pack/plugins/cases/docs/openapi/components/examples/find_case_response.yaml
View file

@ -1,4 +1,4 @@
summary: Retrieve the first five cases with the `phishing` tag, in ascending order by last update time.
summary: Retrieve the first five cases with the `tag-1` tag, in ascending order by last update time.
value:
{
"page": 1,
@ -12,26 +12,26 @@ value:
"totalComment": 1,
"totalAlerts": 0,
"title": "Case title",
"tags": [ "phishing" ],
"tags": [ "tag-1" ],
"description": "Case description",
"settings": { "syncAlerts": true },
"owner": "securitySolution",
"owner": "cases",
"duration": null,
"severity": "low",
"closed_at": null,
"closed_by": null,
"created_at": "2022-05-12T00:16:36.371Z",
"created_by": {
"email": "jdoe@email.com",
"full_name": "Jane Doe",
"username": "jdoe"
"email": null,
"full_name": null,
"username": "elastic"
},
"status": "open",
"updated_at": "2022-05-12T00:27:58.162Z",
"updated_by": {
"email": "jsmith@email.com",
"full_name": "Joe Smith",
"username": "jsmith"
"email": null,
"full_name": null,
"username": "elastic"
},
"connector": {
"id": "none",

8
x-pack/plugins/cases/docs/openapi/components/examples/update_case_request.yaml
View file

@ -15,12 +15,8 @@ value:
"parent": null
}
},
"description": "James Bond clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants. Operation bubblegum is active. Repeat - operation bubblegum is now active!",
"tags": [
"phishing",
"social engineering",
"bubblegum"
],
"description": "A case description.",
"tags": [ "tag-1" ],
"settings": {
"syncAlerts": true
}

30
x-pack/plugins/cases/docs/openapi/components/examples/update_case_response.yaml
View file

@ -7,33 +7,29 @@ value:
"comments": [],
"totalComment": 0,
"totalAlerts": 0,
"title": "This case will self-destruct in 5 seconds",
"tags": [
"phishing",
"social engineering",
"bubblegum"
],
"title": "Case title 1",
"tags": [ "tag-1" ],
"settings": {
"syncAlerts": true
},
"owner": "securitySolution",
"description": "James Bond clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants. Operation bubblegum is active. Repeat - operation bubblegum is now active!",
"owner": "cases",
"description": "A case description.",
"duration": null,
"severity": "low",
"closed_at": null,
"closed_by": null,
"created_at": "2022-05-13T09:16:17.416Z",
"created_by": {
"email": "ahunley@imf.usa.gov",
"full_name": "Alan Hunley",
"username": "ahunley"
"email": null,
"full_name": null,
"username": "elastic"
},
"status": "open",
"updated_at": "2022-05-13T09:48:33.043Z",
"updated_by": {
"email": "classified@hms.oo.gov.uk",
"full_name": "Classified",
"username": "M"
"email": null,
"full_name": null,
"username": "elastic"
},
"connector": {
"id": "131d4448-abe0-4789-939d-8ef60680b498",
@ -48,9 +44,9 @@ value:
"external_service": {
"external_title": "IS-4",
"pushed_by": {
"full_name": "Classified",
"email": "classified@hms.oo.gov.uk",
"username": "M"
"full_name": null,
"email": null,
"username": "elastic"
},
"external_url": "https://hms.atlassian.net/browse/IS-4",
"pushed_at": "2022-05-13T09:20:40.672Z",

6
x-pack/plugins/cases/docs/openapi/components/schemas/case_response_properties.yaml
View file

@ -41,7 +41,7 @@ created_by:
example: elastic
description:
type: string
example: "James Bond clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants. Operation bubblegum is active. Repeat - operation bubblegum is now active"
example: "A case description."
duration:
type: integer
description: The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null.
@ -92,10 +92,10 @@ tags:
type: array
items:
type: string
example: ["phishing","social engineering","bubblegum"]
example: ["tag-1"]
title:
type: string
example: This case will self-destruct in 5 seconds
example: Case title 1
totalAlerts:
type: integer
example: 0

2
x-pack/plugins/cases/docs/openapi/paths/api@cases.yaml
View file

@ -85,7 +85,7 @@ delete:
required: true
schema:
type: string
example: 'd4e7abb0-b462-11ec-9a8d-698504725a43'
example: d4e7abb0-b462-11ec-9a8d-698504725a43
responses:
'204':
description: Indicates a successful call.

2
x-pack/plugins/cases/docs/openapi/paths/api@cases@_find.yaml
View file

@ -112,7 +112,7 @@ get:
- type: array
items:
type: string
example: phishing
example: tag-1
- name: to
in: query
description: Returns only cases that were created before a specific date. The date must be specified as a KQL data range or date match expression.

2
x-pack/plugins/cases/docs/openapi/paths/api@cases@configure@{configurationid}.yaml
View file

@ -35,7 +35,7 @@ patch:
The version of the connector. To retrieve the version value, use
the get configuration API.
type: string
example: "WzIwMiwxXQ=="
example: WzIwMiwxXQ==
required:
- version
responses:

2
x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases.yaml
View file

@ -87,7 +87,7 @@ delete:
required: true
schema:
type: string
example: 'd4e7abb0-b462-11ec-9a8d-698504725a43'
example: d4e7abb0-b462-11ec-9a8d-698504725a43
responses:
'204':
description: Indicates a successful call.

2
x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@_find.yaml
View file

@ -112,7 +112,7 @@ get:
- type: array
items:
type: string
example: phishing
example: tag-1
- name: to
in: query
description: >

2
x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@configure@{configurationid}.yaml
View file

@ -36,7 +36,7 @@ patch:
The version of the connector. To retrieve the version value, use
the get configuration API.
type: string
example: "WzIwMiwxXQ=="
example: WzIwMiwxXQ==
required:
- version
responses: