[DOCS] Adds GET case activity and GET tags API docs (#128874)

2025-04-24 09:48:58 -04:00 · 2022-03-31 13:40:17 +02:00 · 2022-03-31 13:40:17 +02:00 · 911a747926
commit 911a747926
parent abe70c5256
3 changed files with 480 additions and 2 deletions
--- a/docs/api/cases.asciidoc
+++ b/docs/api/cases.asciidoc
@ -12,13 +12,13 @@ these APIs:
 * <<cases-api-find-cases>>
 * {security-guide}/cases-api-find-cases-by-alert.html[Find cases by alert]
 * <<cases-api-find-connectors>>
-* {security-guide}/cases-api-get-case-activity.html[Get all case activity]
+* <<cases-api-get-case-activity>>
 * <<cases-api-get-case>>
 * <<cases-api-get-status>>
 * <<cases-api-get-comments>>
 * {security-guide}/cases-get-connector.html[Get current connector]
 * {security-guide}/cases-api-get-reporters.html[Get reporters]
-* {security-guide}/cases-api-get-tag.html[Get tags]
+* <<cases-api-get-tag>>
 * {security-guide}/cases-api-push.html[Push case]
 * {security-guide}/assign-connector.html[Set default Elastic Security UI connector]
 * {security-guide}/case-api-update-connector.html[Update case configurations]
@ -36,9 +36,11 @@ include::cases/cases-api-delete-comments.asciidoc[leveloffset=+1]
 include::cases/cases-api-find-cases.asciidoc[leveloffset=+1]
 include::cases/cases-api-find-connectors.asciidoc[leveloffset=+1]
 //GET
+include::cases/cases-api-get-case-activity.asciidoc[leveloffset=+1]
 include::cases/cases-api-get-case.asciidoc[leveloffset=+1]
 include::cases/cases-api-get-status.asciidoc[leveloffset=+1]
 include::cases/cases-api-get-comments.asciidoc[leveloffset=+1]
+include::cases/cases-api-get-tags.asciidoc[leveloffset=+1]
 //UPDATE
 include::cases/cases-api-update.asciidoc[leveloffset=+1]
 include::cases/cases-api-update-comment.asciidoc[leveloffset=+1]
--- a/docs/api/cases/cases-api-get-case-activity.asciidoc
+++ b/docs/api/cases/cases-api-get-case-activity.asciidoc
@ -0,0 +1,412 @@
+[[cases-api-get-case-activity]]
+== Get case activity API
++++
+<titleabbrev>Get case activity</titleabbrev>
++++
+
+Returns all user activity for the specified case.
+
+deprecated::[8.1.0]
+
+=== Request
+
+`GET <kibana host>:<port>/api/cases/<case ID>/user_actions`
+
+`GET <kibana host>:<port>/s/<space_id>/api/cases/<case ID>/user_actions`
+
+=== Prerequisite
+
+You must have `read` privileges for the *Cases* feature in the *Management*,
+*{observability}*, or *Security* section of the
+<<kibana-feature-privileges,{kib} feature privileges>>, depending on the
+`owner` of the cases you're seeking.
+
+=== Path parameters
+
+`<case_id>`::
+(Required, string) An identifier for the case to retrieve. Use 
+<<cases-api-find-cases>> to retrieve case IDs.
+
+`<space_id>`::
+(Optional, string) An identifier for the space. If it is not specified, the
+default space is used.
+
+==== Response code
+
+`200`::
+   Indicates a successful call.
+
+==== Example
+
+Gets all activity for case ID `a18b38a0-71b0-11ea-a0b2-c51ea50a58e2`:
+
+[source,sh]
+--------------------------------------------------
+GET api/cases/a18b38a0-71b0-11ea-a0b2-c51ea50a58e2/user_actions
+--------------------------------------------------
+// KIBANA
+
+The API returns a JSON object with all the activity for the case. For example: 
+
+[source,json]
+--------------------------------------------------
+[
+    {
+      "action": "create",
+      "action_id": "5275af50-5e7d-11ec-9ee9-cd64f0b77b3c",
+      "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
+      "comment_id": null,
+      "created_at": "2021-12-16T14:34:48.709Z",
+      "created_by": {
+        "email": "",
+        "full_name": "",
+        "username": "elastic"
+      },
+      "owner": "securitySolution",
+      "payload": {
+        "connector": {
+          "fields": null,
+          "id": "none",
+          "name": "none",
+          "type": ".none"
+        },
+        "description": "migrating user actions",
+        "settings": {
+          "syncAlerts": true
+        },
+        "status": "open",
+        "tags": [
+          "user",
+          "actions"
+        ],
+        "title": "User actions",
+        "owner": "securitySolution"
+      },
+      "sub_case_id": "",
+      "type": "create_case"
+    },
+    {
+      "action": "create",
+      "action_id": "72e73240-5e7d-11ec-9ee9-cd64f0b77b3c",
+      "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
+      "comment_id": "72a03e30-5e7d-11ec-9ee9-cd64f0b77b3c",
+      "created_at": "2021-12-16T14:35:42.872Z",
+      "created_by": {
+        "email": "",
+        "full_name": "",
+        "username": "elastic"
+      },
+      "owner": "securitySolution",
+      "payload": {
+        "comment": {
+          "comment": "a comment",
+          "owner": "securitySolution",
+          "type": "user"
+        }
+      },
+      "sub_case_id": "",
+      "type": "comment"
+    },
+    {
+      "action": "update",
+      "action_id": "7685b5c0-5e7d-11ec-9ee9-cd64f0b77b3c",
+      "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
+      "comment_id": null,
+      "created_at": "2021-12-16T14:35:48.826Z",
+      "created_by": {
+        "email": "",
+        "full_name": "",
+        "username": "elastic"
+      },
+      "owner": "securitySolution",
+      "payload": {
+        "title": "User actions!"
+      },
+      "sub_case_id": "",
+      "type": "title"
+    },
+    {
+      "action": "update",
+      "action_id": "7a2d8810-5e7d-11ec-9ee9-cd64f0b77b3c",
+      "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
+      "comment_id": null,
+      "created_at": "2021-12-16T14:35:55.421Z",
+      "created_by": {
+        "email": "",
+        "full_name": "",
+        "username": "elastic"
+      },
+      "owner": "securitySolution",
+      "payload": {
+        "description": "migrating user actions and update!"
+      },
+      "sub_case_id": "",
+      "type": "description"
+    },
+    {
+      "action": "update",
+      "action_id": "7f942160-5e7d-11ec-9ee9-cd64f0b77b3c",
+      "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
+      "comment_id": "72a03e30-5e7d-11ec-9ee9-cd64f0b77b3c",
+      "created_at": "2021-12-16T14:36:04.120Z",
+      "created_by": {
+        "email": "",
+        "full_name": "",
+        "username": "elastic"
+      },
+      "owner": "securitySolution",
+      "payload": {
+        "comment": {
+          "comment": "a comment updated!",
+          "owner": "securitySolution",
+          "type": "user"
+        }
+      },
+      "sub_case_id": "",
+      "type": "comment"
+    },
+    {
+      "action": "add",
+      "action_id": "8591a380-5e7d-11ec-9ee9-cd64f0b77b3c",
+      "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
+      "comment_id": null,
+      "created_at": "2021-12-16T14:36:13.840Z",
+      "created_by": {
+        "email": "",
+        "full_name": "",
+        "username": "elastic"
+      },
+      "owner": "securitySolution",
+      "payload": {
+        "tags": [
+          "migration"
+        ]
+      },
+      "sub_case_id": "",
+      "type": "tags"
+    },
+    {
+      "action": "delete",
+      "action_id": "8591a381-5e7d-11ec-9ee9-cd64f0b77b3c",
+      "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
+      "comment_id": null,
+      "created_at": "2021-12-16T14:36:13.840Z",
+      "created_by": {
+        "email": "",
+        "full_name": "",
+        "username": "elastic"
+      },
+      "owner": "securitySolution",
+      "payload": {
+        "tags": [
+          "user"
+        ]
+      },
+      "sub_case_id": "",
+      "type": "tags"
+    },
+    {
+      "action": "update",
+      "action_id": "87fadb50-5e7d-11ec-9ee9-cd64f0b77b3c",
+      "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
+      "comment_id": null,
+      "created_at": "2021-12-16T14:36:17.764Z",
+      "created_by": {
+        "email": "",
+        "full_name": "",
+        "username": "elastic"
+      },
+      "owner": "securitySolution",
+      "payload": {
+        "settings": {
+          "syncAlerts": false
+        }
+      },
+      "sub_case_id": "",
+      "type": "settings"
+    },
+    {
+      "action": "update",
+      "action_id": "89ca4420-5e7d-11ec-9ee9-cd64f0b77b3c",
+      "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
+      "comment_id": null,
+      "created_at": "2021-12-16T14:36:21.509Z",
+      "created_by": {
+        "email": "",
+        "full_name": "",
+        "username": "elastic"
+      },
+      "owner": "securitySolution",
+      "payload": {
+        "status": "in-progress"
+      },
+      "sub_case_id": "",
+      "type": "status"
+    },
+    {
+      "action": "update",
+      "action_id": "9060aae0-5e7d-11ec-9ee9-cd64f0b77b3c",
+      "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
+      "comment_id": null,
+      "created_at": "2021-12-16T14:36:32.716Z",
+      "created_by": {
+        "email": "",
+        "full_name": "",
+        "username": "elastic"
+      },
+      "owner": "securitySolution",
+      "payload": {
+        "connector": {
+          "fields": {
+            "issueType": "10001",
+            "parent": null,
+            "priority": "High"
+          },
+          "id": "6773fba0-5e7d-11ec-9ee9-cd64f0b77b3c",
+          "name": "Jira",
+          "type": ".jira"
+        }
+      },
+      "sub_case_id": "",
+      "type": "connector"
+    },
+    {
+      "action": "push_to_service",
+      "action_id": "988579d0-5e7d-11ec-9ee9-cd64f0b77b3c",
+      "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
+      "comment_id": null,
+      "created_at": "2021-12-16T14:36:46.443Z",
+      "created_by": {
+        "email": "",
+        "full_name": "",
+        "username": "elastic"
+      },
+      "owner": "securitySolution",
+      "payload": {
+        "externalService": {
+          "connector_id": "6773fba0-5e7d-11ec-9ee9-cd64f0b77b3c",
+          "connector_name": "Jira",
+          "external_id": "26225",
+          "external_title": "CASES-229",
+          "external_url": "https://example.com/browse/CASES-229",
+          "pushed_at": "2021-12-16T14:36:46.443Z",
+          "pushed_by": {
+            "email": "",
+            "full_name": "",
+            "username": "elastic"
+          }
+        }
+      },
+      "sub_case_id": "",
+      "type": "pushed"
+    },
+    {
+      "action": "update",
+      "action_id": "bcb76020-5e7d-11ec-9ee9-cd64f0b77b3c",
+      "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
+      "comment_id": null,
+      "created_at": "2021-12-16T14:37:46.863Z",
+      "created_by": {
+        "email": "",
+        "full_name": "",
+        "username": "elastic"
+      },
+      "owner": "securitySolution",
+      "payload": {
+        "connector": {
+          "fields": {
+            "incidentTypes": [
+              "17",
+              "4"
+            ],
+            "severityCode": "5"
+          },
+          "id": "b3214df0-5e7d-11ec-9ee9-cd64f0b77b3c",
+          "name": "IBM",
+          "type": ".resilient"
+        }
+      },
+      "sub_case_id": "",
+      "type": "connector"
+    },
+    {
+      "action": "push_to_service",
+      "action_id": "c0338e90-5e7d-11ec-9ee9-cd64f0b77b3c",
+      "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
+      "comment_id": null,
+      "created_at": "2021-12-16T14:37:53.016Z",
+      "created_by": {
+        "email": "",
+        "full_name": "",
+        "username": "elastic"
+      },
+      "owner": "securitySolution",
+      "payload": {
+        "externalService": {
+          "connector_id": "b3214df0-5e7d-11ec-9ee9-cd64f0b77b3c",
+          "connector_name": "IBM",
+          "external_id": "17574",
+          "external_title": "17574",
+          "external_url": "https://example.com/#incidents/17574",
+          "pushed_at": "2021-12-16T14:37:53.016Z",
+          "pushed_by": {
+            "email": "",
+            "full_name": "",
+            "username": "elastic"
+          }
+        }
+      },
+      "sub_case_id": "",
+      "type": "pushed"
+    },
+    {
+      "action": "update",
+      "action_id": "c5b6d7a0-5e7d-11ec-9ee9-cd64f0b77b3c",
+      "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
+      "comment_id": null,
+      "created_at": "2021-12-16T14:38:01.895Z",
+      "created_by": {
+        "email": "",
+        "full_name": "",
+        "username": "elastic"
+      },
+      "owner": "securitySolution",
+      "payload": {
+        "connector": {
+          "fields": {
+            "issueType": "10001",
+            "parent": null,
+            "priority": "Lowest"
+          },
+          "id": "6773fba0-5e7d-11ec-9ee9-cd64f0b77b3c",
+          "name": "Jira",
+          "type": ".jira"
+        }
+      },
+      "sub_case_id": "",
+      "type": "connector"
+    },
+    {
+      "action": "create",
+      "action_id": "ca8f61c0-5e7d-11ec-9ee9-cd64f0b77b3c",
+      "case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
+      "comment_id": "ca1d17f0-5e7d-11ec-9ee9-cd64f0b77b3c",
+      "created_at": "2021-12-16T14:38:09.649Z",
+      "created_by": {
+        "email": "",
+        "full_name": "",
+        "username": "elastic"
+      },
+      "owner": "securitySolution",
+      "payload": {
+        "comment": {
+          "comment": "and another comment!",
+          "owner": "securitySolution",
+          "type": "user"
+        }
+      },
+      "sub_case_id": "",
+      "type": "comment"
+    }
+  ]
+--------------------------------------------------
--- a/docs/api/cases/cases-api-get-tags.asciidoc
+++ b/docs/api/cases/cases-api-get-tags.asciidoc
@ -0,0 +1,64 @@
+[[cases-api-get-tag]]
+== Get tags API
++++
+<titleabbrev>Get tags</titleabbrev>
++++
+
+Aggregates and returns all unique tags from all cases.
+
+=== Request
+
+`GET <kibana host>:<port>/api/cases/tags`
+
+`GET <kibana host>:<port>/s/<space_id>/api/cases/tags`
+
+=== Prerequisite
+
+You must have `read` privileges for the *Cases* feature in the *Management*,
+*{observability}*, or *Security* section of the
+<<kibana-feature-privileges,{kib} feature privileges>>, depending on the
+`owner` of the cases you're seeking.
+
+=== Path parameters
+
+`<case_id>`::
+(Required, string) An identifier for the case to retrieve. Use 
+<<cases-api-find-cases>> to retrieve case IDs.
+
+`<space_id>`::
+(Optional, string) An identifier for the space. If it is not specified, the
+default space is used.
+
+=== Query parameters
+
+`owner`::
+(Optional, string) Specifies the set of applications to limit the retrieved 
+tags. If not specified, the response contains all tags that the user has access 
+to read.
+
+==== Response code
+
+`200`::
+   Indicates a successful call.
+
+==== Example
+
+Gets all tags for all cases:
+
+[source,sh]
+--------------------------------------------------
+GET api/cases/tags
+--------------------------------------------------
+// KIBANA
+
+The API returns a JSON object with all tags for all cases. For example: 
+
+[source,json]
+--------------------------------------------------
+[
+  "windows",
+  "phishing",
+  "social engineering",
+  "bubblegum"
+]
+--------------------------------------------------