github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 17:28:26 -04:00
Code Issues Projects Releases Packages Wiki Activity

Add open API specification for get case API (#136315)

Browse source
This commit is contained in:
Lisa Cawley 2022-07-14 11:45:39 -07:00 committed by GitHub
parent 7231d7c5a1
commit 93f6f89795
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 1431 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files

84
docs/api/cases/cases-api-get-case.asciidoc
View file

@ -4,7 +4,7 @@
<titleabbrev>Get case</titleabbrev>
++++
Returns a specified case.
Returns information about a case.
=== {api-request-title}
@ -17,7 +17,7 @@ Returns a specified case.
You must have `read` privileges for the *Cases* feature in the *Management*,
*{observability}*, or *Security* section of the
<<kibana-feature-privileges,{kib} feature privileges>>, depending on the
`owner` of the cases you're seeking.
`owner` of the case you're seeking.
=== {api-path-parms-title}
@ -42,11 +42,11 @@ default space is used.
=== {api-examples-title}
Returns case ID `a18b38a0-71b0-11ea-a0b2-c51ea50a58e2` without comments:
Returns case ID `31cdada0-02c1-11ed-85f2-4f7c222ca2fa`:
[source,sh]
--------------------------------------------------
GET api/cases/a18b38a0-71b0-11ea-a0b2-c51ea50a58e2
GET api/cases/31cdada0-02c1-11ed-85f2-4f7c222ca2fa
--------------------------------------------------
// KIBANA
@ -55,49 +55,39 @@ The API returns a JSON object with the retrieved case. For example:
[source,json]
--------------------------------------------------
{
"id": "a18b38a0-71b0-11ea-a0b2-c51ea50a58e2",
"version": "Wzk4LDFd",
"comments": [],
"totalComment": 0,
"totalAlerts": 0,
"closed_at": null,
"closed_by": null,
"created_at": "2020-03-29T11:30:02.658Z",
"created_by": {
"email": "ahunley@imf.usa.gov",
"full_name": "Alan Hunley",
"username": "ahunley"
},
"external_service": null,
"updated_at": "2020-03-29T12:01:50.244Z",
"updated_by": {
"full_name": "Classified",
"email": "classified@hms.oo.gov.uk",
"username": "M"
},
"description": "James Bond clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants. Operation bubblegum is active. Repeat - operation bubblegum is now active!",
"title": "This case will self-destruct in 5 seconds",
"status": "open",
"connector": {
"id": "131d4448-abe0-4789-939d-8ef60680b498",
"name": "My connector",
"type": ".jira",
"fields": {
"issueType": "10006",
"priority": "High",
}
},
"settings": {
"syncAlerts": true
},
"owner": "securitySolution",
"severity": "low",
"duration": null, <1>
"tags": [
"phishing",
"social engineering",
"bubblegum"
]
"id":"31cdada0-02c1-11ed-85f2-4f7c222ca2fa",
"version":"WzM2LDFd",
"comments":[{
"id":"2134c1d0-02c2-11ed-85f2-4f7c222ca2fa",
"version":"WzM3LDFd",
"type":"user",
"owner":"cases",
"comment":"A new comment",
"created_at":"2022-07-13T15:40:32.335Z",
"created_by":{"email":null,"full_name":null,"username":"elastic"},
"pushed_at":null,
"pushed_by":null,
"updated_at":null,
"updated_by":null
}],
"totalComment":1,
"totalAlerts":0,
"title":"Case title 1",
"tags":["tag 1"],
"settings":{"syncAlerts":true},
"owner":"cases",
"description":"A case description",
"duration":null, <1>
"severity":"low",
"closed_at":null,
"closed_by":null,
"created_at":"2022-07-13T15:33:50.604Z",
"created_by":{"username":"elastic","email":null,"full_name":null},
"status":"open",
"updated_at":"2022-07-13T15:40:32.335Z",
"updated_by":{"full_name":null,"email":null,"username":"elastic"},
"connector":{"id":"none","name":"none","type":".none","fields":null},
"external_service":null
}
--------------------------------------------------
<1> Duration represents the elapsed time from the creation of the case to its

704
x-pack/plugins/cases/docs/openapi/bundled.json
View file

@ -2699,6 +2699,326 @@
}
]
},
"/api/cases/{caseId}": {
"get": {
"summary": "Retrieves information about a case in the default space.",
"operationId": "getCaseDefaultSpace",
"description": "You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're seeking.\n",
"tags": [
"cases",
"kibana"
],
"parameters": [
{
"$ref": "#/components/parameters/case_id"
},
{
"in": "query",
"name": "includeComments",
"description": "Determines whether case comments are returned.",
"deprecated": true,
"schema": {
"type": "boolean",
"default": true
}
}
],
"responses": {
"200": {
"description": "Indicates a successful call.",
"content": {
"application/json; charset=utf-8": {
"schema": {
"type": "object",
"properties": {
"closed_at": {
"type": "string",
"format": "date-time",
"nullable": true,
"example": null
},
"closed_by": {
"type": "object",
"properties": {
"email": {
"type": "string"
},
"full_name": {
"type": "string"
},
"username": {
"type": "string"
}
},
"nullable": true,
"example": null
},
"comments": {
"type": "array",
"items": {
"oneOf": [
{
"$ref": "#/components/schemas/alert_comment_response_properties"
},
{
"$ref": "#/components/schemas/user_comment_response_properties"
}
]
},
"example": []
},
"connector": {
"type": "object",
"properties": {
"fields": {
"description": "An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.",
"nullable": true,
"type": "object",
"properties": {
"caseId": {
"description": "The case identifier for Swimlane connectors.",
"type": "string"
},
"category": {
"description": "The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.",
"type": "string"
},
"destIp": {
"description": "A comma-separated list of destination IPs for ServiceNow SecOps connectors.",
"type": "string"
},
"impact": {
"description": "The effect an incident had on business for ServiceNow ITSM connectors.",
"type": "string"
},
"issueType": {
"description": "The type of issue for Jira connectors.",
"type": "string"
},
"issueTypes": {
"description": "The type of incident for IBM Resilient connectors.",
"type": "array",
"items": {
"type": "number"
}
},
"malwareHash": {
"description": "A comma-separated list of malware hashes for ServiceNow SecOps connectors.",
"type": "string"
},
"malwareUrl": {
"description": "A comma-separated list of malware URLs for ServiceNow SecOps connectors.",
"type": "string"
},
"parent": {
"description": "The key of the parent issue, when the issue type is sub-task for Jira connectors.",
"type": "string"
},
"priority": {
"description": "The priority of the issue for Jira and ServiceNow SecOps connectors.",
"type": "string"
},
"severity": {
"description": "The severity of the incident for ServiceNow ITSM connectors.",
"type": "string"
},
"severityCode": {
"description": "The severity code of the incident for IBM Resilient connectors.",
"type": "number"
},
"sourceIp": {
"description": "A comma-separated list of source IPs for ServiceNow SecOps connectors.",
"type": "string"
},
"subcategory": {
"description": "The subcategory of the incident for ServiceNow ITSM connectors.",
"type": "string"
},
"urgency": {
"description": "The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.",
"type": "string"
}
},
"example": null
},
"id": {
"description": "The identifier for the connector. To create a case without a connector, use `none`.",
"type": "string",
"example": "none"
},
"name": {
"description": "The name of the connector. To create a case without a connector, use `none`.",
"type": "string",
"example": "none"
},
"type": {
"$ref": "#/components/schemas/connector_types"
}
}
},
"created_at": {
"type": "string",
"format": "date-time",
"example": "2022-05-13T09:16:17.416Z"
},
"created_by": {
"type": "object",
"properties": {
"email": {
"type": "string",
"example": null
},
"full_name": {
"type": "string",
"example": null
},
"username": {
"type": "string",
"example": "elastic"
}
}
},
"description": {
"type": "string",
"example": "A case description."
},
"duration": {
"type": "integer",
"description": "The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero.\n",
"example": 120
},
"external_service": {
"type": "object",
"properties": {
"connector_id": {
"type": "string"
},
"connector_name": {
"type": "string"
},
"external_id": {
"type": "string"
},
"external_title": {
"type": "string"
},
"external_url": {
"type": "string"
},
"pushed_at": {
"type": "string",
"format": "date-time"
},
"pushed_by": {
"type": "object",
"properties": {
"email": {
"type": "string"
},
"full_name": {
"type": "string"
},
"username": {
"type": "string"
}
},
"nullable": true,
"example": null
}
}
},
"id": {
"type": "string",
"example": "66b9aa00-94fa-11ea-9f74-e7e108796192"
},
"owner": {
"$ref": "#/components/schemas/owners"
},
"settings": {
"type": "object",
"properties": {
"syncAlerts": {
"type": "boolean",
"example": true
}
}
},
"severity": {
"$ref": "#/components/schemas/severity_property"
},
"status": {
"$ref": "#/components/schemas/status"
},
"tags": {
"type": "array",
"items": {
"type": "string"
},
"example": [
"tag-1"
]
},
"title": {
"type": "string",
"example": "Case title 1"
},
"totalAlerts": {
"type": "integer",
"example": 0
},
"totalComment": {
"type": "integer",
"example": 0
},
"updated_at": {
"type": "string",
"format": "date-time",
"nullable": true,
"example": null
},
"updated_by": {
"type": "object",
"properties": {
"email": {
"type": "string"
},
"full_name": {
"type": "string"
},
"username": {
"type": "string"
}
},
"nullable": true,
"example": null
},
"version": {
"type": "string",
"example": "WzUzMiwxXQ=="
}
}
},
"examples": {
"getCaseResponse": {
"$ref": "#/components/examples/get_case_response"
}
}
}
}
}
},
"servers": [
{
"url": "https://localhost:5601"
}
]
},
"servers": [
{
"url": "https://localhost:5601"
}
]
},
"/api/cases/{caseId}/comments": {
"post": {
"summary": "Adds a comment or alert to a case in the default space.",
@ -6219,6 +6539,329 @@
}
]
},
"/s/{spaceId}/api/cases/{caseId}": {
"get": {
"summary": "Retrieves information about a case.",
"operationId": "getCase",
"description": "You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're seeking.\n",
"tags": [
"cases",
"kibana"
],
"parameters": [
{
"$ref": "#/components/parameters/case_id"
},
{
"$ref": "#/components/parameters/space_id"
},
{
"in": "query",
"name": "includeComments",
"description": "Determines whether case comments are returned.",
"deprecated": true,
"schema": {
"type": "boolean",
"default": true
}
}
],
"responses": {
"200": {
"description": "Indicates a successful call.",
"content": {
"application/json; charset=utf-8": {
"schema": {
"type": "object",
"properties": {
"closed_at": {
"type": "string",
"format": "date-time",
"nullable": true,
"example": null
},
"closed_by": {
"type": "object",
"properties": {
"email": {
"type": "string"
},
"full_name": {
"type": "string"
},
"username": {
"type": "string"
}
},
"nullable": true,
"example": null
},
"comments": {
"type": "array",
"items": {
"oneOf": [
{
"$ref": "#/components/schemas/alert_comment_response_properties"
},
{
"$ref": "#/components/schemas/user_comment_response_properties"
}
]
},
"example": []
},
"connector": {
"type": "object",
"properties": {
"fields": {
"description": "An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.",
"nullable": true,
"type": "object",
"properties": {
"caseId": {
"description": "The case identifier for Swimlane connectors.",
"type": "string"
},
"category": {
"description": "The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.",
"type": "string"
},
"destIp": {
"description": "A comma-separated list of destination IPs for ServiceNow SecOps connectors.",
"type": "string"
},
"impact": {
"description": "The effect an incident had on business for ServiceNow ITSM connectors.",
"type": "string"
},
"issueType": {
"description": "The type of issue for Jira connectors.",
"type": "string"
},
"issueTypes": {
"description": "The type of incident for IBM Resilient connectors.",
"type": "array",
"items": {
"type": "number"
}
},
"malwareHash": {
"description": "A comma-separated list of malware hashes for ServiceNow SecOps connectors.",
"type": "string"
},
"malwareUrl": {
"description": "A comma-separated list of malware URLs for ServiceNow SecOps connectors.",
"type": "string"
},
"parent": {
"description": "The key of the parent issue, when the issue type is sub-task for Jira connectors.",
"type": "string"
},
"priority": {
"description": "The priority of the issue for Jira and ServiceNow SecOps connectors.",
"type": "string"
},
"severity": {
"description": "The severity of the incident for ServiceNow ITSM connectors.",
"type": "string"
},
"severityCode": {
"description": "The severity code of the incident for IBM Resilient connectors.",
"type": "number"
},
"sourceIp": {
"description": "A comma-separated list of source IPs for ServiceNow SecOps connectors.",
"type": "string"
},
"subcategory": {
"description": "The subcategory of the incident for ServiceNow ITSM connectors.",
"type": "string"
},
"urgency": {
"description": "The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.",
"type": "string"
}
},
"example": null
},
"id": {
"description": "The identifier for the connector. To create a case without a connector, use `none`.",
"type": "string",
"example": "none"
},
"name": {
"description": "The name of the connector. To create a case without a connector, use `none`.",
"type": "string",
"example": "none"
},
"type": {
"$ref": "#/components/schemas/connector_types"
}
}
},
"created_at": {
"type": "string",
"format": "date-time",
"example": "2022-05-13T09:16:17.416Z"
},
"created_by": {
"type": "object",
"properties": {
"email": {
"type": "string",
"example": null
},
"full_name": {
"type": "string",
"example": null
},
"username": {
"type": "string",
"example": "elastic"
}
}
},
"description": {
"type": "string",
"example": "A case description."
},
"duration": {
"type": "integer",
"description": "The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero.\n",
"example": 120
},
"external_service": {
"type": "object",
"properties": {
"connector_id": {
"type": "string"
},
"connector_name": {
"type": "string"
},
"external_id": {
"type": "string"
},
"external_title": {
"type": "string"
},
"external_url": {
"type": "string"
},
"pushed_at": {
"type": "string",
"format": "date-time"
},
"pushed_by": {
"type": "object",
"properties": {
"email": {
"type": "string"
},
"full_name": {
"type": "string"
},
"username": {
"type": "string"
}
},
"nullable": true,
"example": null
}
}
},
"id": {
"type": "string",
"example": "66b9aa00-94fa-11ea-9f74-e7e108796192"
},
"owner": {
"$ref": "#/components/schemas/owners"
},
"settings": {
"type": "object",
"properties": {
"syncAlerts": {
"type": "boolean",
"example": true
}
}
},
"severity": {
"$ref": "#/components/schemas/severity_property"
},
"status": {
"$ref": "#/components/schemas/status"
},
"tags": {
"type": "array",
"items": {
"type": "string"
},
"example": [
"tag-1"
]
},
"title": {
"type": "string",
"example": "Case title 1"
},
"totalAlerts": {
"type": "integer",
"example": 0
},
"totalComment": {
"type": "integer",
"example": 0
},
"updated_at": {
"type": "string",
"format": "date-time",
"nullable": true,
"example": null
},
"updated_by": {
"type": "object",
"properties": {
"email": {
"type": "string"
},
"full_name": {
"type": "string"
},
"username": {
"type": "string"
}
},
"nullable": true,
"example": null
},
"version": {
"type": "string",
"example": "WzUzMiwxXQ=="
}
}
},
"examples": {
"getCaseResponse": {
"$ref": "#/components/examples/get_case_response"
}
}
}
}
}
},
"servers": [
{
"url": "https://localhost:5601"
}
]
},
"servers": [
{
"url": "https://localhost:5601"
}
]
},
"/s/{spaceId}/api/cases/{caseId}/comments": {
"post": {
"summary": "Adds a comment or alert to a case.",
@ -7857,6 +8500,67 @@
"tag 2"
]
},
"get_case_response": {
"summary": "Retrieves information about a case including its comments.",
"value": {
"id": "31cdada0-02c1-11ed-85f2-4f7c222ca2fa",
"version": "WzM2LDFd",
"comments": [
{
"id": "2134c1d0-02c2-11ed-85f2-4f7c222ca2fa",
"version": "WzM3LDFd",
"type": "user",
"owner": "cases",
"comment": "A new comment",
"created_at": "2022-07-13T15:40:32.335Z",
"created_by": {
"email": null,
"full_name": null,
"username": "elastic"
},
"pushed_at": null,
"pushed_by": null,
"updated_at": null,
"updated_by": null
}
],
"totalComment": 1,
"totalAlerts": 0,
"title": "Case title 1",
"tags": [
"tag 1"
],
"settings": {
"syncAlerts": true
},
"owner": "cases",
"description": "A case description",
"duration": null,
"severity": "low",
"closed_at": null,
"closed_by": null,
"created_at": "2022-07-13T15:33:50.604Z",
"created_by": {
"username": "elastic",
"email": null,
"full_name": null
},
"status": "open",
"updated_at": "2022-07-13T15:40:32.335Z",
"updated_by": {
"full_name": null,
"email": null,
"username": "elastic"
},
"connector": {
"id": "none",
"name": "none",
"type": ".none",
"fields": null
},
"external_service": null
}
},
"add_comment_request": {
"summary": "Adds a comment to a case.",
"value": {

571
x-pack/plugins/cases/docs/openapi/bundled.yaml
View file

@ -2259,6 +2259,266 @@ paths:
- url: https://localhost:5601
servers:
- url: https://localhost:5601
/api/cases/{caseId}:
get:
summary: Retrieves information about a case in the default space.
operationId: getCaseDefaultSpace
description: >
You must have `read` privileges for the **Cases** feature in the
**Management**, **Observability**, or **Security** section of the Kibana
feature privileges, depending on the owner of the case you're seeking.
tags:
- cases
- kibana
parameters:
- $ref: '#/components/parameters/case_id'
- in: query
name: includeComments
description: Determines whether case comments are returned.
deprecated: true
schema:
type: boolean
default: true
responses:
'200':
description: Indicates a successful call.
content:
application/json; charset=utf-8:
schema:
type: object
properties:
closed_at:
type: string
format: date-time
nullable: true
example: null
closed_by:
type: object
properties:
email:
type: string
full_name:
type: string
username:
type: string
nullable: true
example: null
comments:
type: array
items:
oneOf:
- $ref: >-
#/components/schemas/alert_comment_response_properties
- $ref: >-
#/components/schemas/user_comment_response_properties
example: []
connector:
type: object
properties:
fields:
description: >-
An object containing the connector fields. To create a
case without a connector, specify null. If you want to
omit any individual field, specify null as its value.
nullable: true
type: object
properties:
caseId:
description: The case identifier for Swimlane connectors.
type: string
category:
description: >-
The category of the incident for ServiceNow ITSM
and ServiceNow SecOps connectors.
type: string
destIp:
description: >-
A comma-separated list of destination IPs for
ServiceNow SecOps connectors.
type: string
impact:
description: >-
The effect an incident had on business for
ServiceNow ITSM connectors.
type: string
issueType:
description: The type of issue for Jira connectors.
type: string
issueTypes:
description: The type of incident for IBM Resilient connectors.
type: array
items:
type: number
malwareHash:
description: >-
A comma-separated list of malware hashes for
ServiceNow SecOps connectors.
type: string
malwareUrl:
description: >-
A comma-separated list of malware URLs for
ServiceNow SecOps connectors.
type: string
parent:
description: >-
The key of the parent issue, when the issue type
is sub-task for Jira connectors.
type: string
priority:
description: >-
The priority of the issue for Jira and ServiceNow
SecOps connectors.
type: string
severity:
description: >-
The severity of the incident for ServiceNow ITSM
connectors.
type: string
severityCode:
description: >-
The severity code of the incident for IBM
Resilient connectors.
type: number
sourceIp:
description: >-
A comma-separated list of source IPs for
ServiceNow SecOps connectors.
type: string
subcategory:
description: >-
The subcategory of the incident for ServiceNow
ITSM connectors.
type: string
urgency:
description: >-
The extent to which the incident resolution can be
delayed for ServiceNow ITSM connectors.
type: string
example: null
id:
description: >-
The identifier for the connector. To create a case
without a connector, use `none`.
type: string
example: none
name:
description: >-
The name of the connector. To create a case without a
connector, use `none`.
type: string
example: none
type:
$ref: '#/components/schemas/connector_types'
created_at:
type: string
format: date-time
example: '2022-05-13T09:16:17.416Z'
created_by:
type: object
properties:
email:
type: string
example: null
full_name:
type: string
example: null
username:
type: string
example: elastic
description:
type: string
example: A case description.
duration:
type: integer
description: >
The elapsed time from the creation of the case to its
closure (in seconds). If the case has not been closed, the
duration is set to null. If the case was closed after less
than half a second, the duration is rounded down to zero.
example: 120
external_service:
type: object
properties:
connector_id:
type: string
connector_name:
type: string
external_id:
type: string
external_title:
type: string
external_url:
type: string
pushed_at:
type: string
format: date-time
pushed_by:
type: object
properties:
email:
type: string
full_name:
type: string
username:
type: string
nullable: true
example: null
id:
type: string
example: 66b9aa00-94fa-11ea-9f74-e7e108796192
owner:
$ref: '#/components/schemas/owners'
settings:
type: object
properties:
syncAlerts:
type: boolean
example: true
severity:
$ref: '#/components/schemas/severity_property'
status:
$ref: '#/components/schemas/status'
tags:
type: array
items:
type: string
example:
- tag-1
title:
type: string
example: Case title 1
totalAlerts:
type: integer
example: 0
totalComment:
type: integer
example: 0
updated_at:
type: string
format: date-time
nullable: true
example: null
updated_by:
type: object
properties:
email:
type: string
full_name:
type: string
username:
type: string
nullable: true
example: null
version:
type: string
example: WzUzMiwxXQ==
examples:
getCaseResponse:
$ref: '#/components/examples/get_case_response'
servers:
- url: https://localhost:5601
servers:
- url: https://localhost:5601
/api/cases/{caseId}/comments:
post:
summary: Adds a comment or alert to a case in the default space.
@ -5139,6 +5399,267 @@ paths:
- url: https://localhost:5601
servers:
- url: https://localhost:5601
/s/{spaceId}/api/cases/{caseId}:
get:
summary: Retrieves information about a case.
operationId: getCase
description: >
You must have `read` privileges for the **Cases** feature in the
**Management**, **Observability**, or **Security** section of the Kibana
feature privileges, depending on the owner of the case you're seeking.
tags:
- cases
- kibana
parameters:
- $ref: '#/components/parameters/case_id'
- $ref: '#/components/parameters/space_id'
- in: query
name: includeComments
description: Determines whether case comments are returned.
deprecated: true
schema:
type: boolean
default: true
responses:
'200':
description: Indicates a successful call.
content:
application/json; charset=utf-8:
schema:
type: object
properties:
closed_at:
type: string
format: date-time
nullable: true
example: null
closed_by:
type: object
properties:
email:
type: string
full_name:
type: string
username:
type: string
nullable: true
example: null
comments:
type: array
items:
oneOf:
- $ref: >-
#/components/schemas/alert_comment_response_properties
- $ref: >-
#/components/schemas/user_comment_response_properties
example: []
connector:
type: object
properties:
fields:
description: >-
An object containing the connector fields. To create a
case without a connector, specify null. If you want to
omit any individual field, specify null as its value.
nullable: true
type: object
properties:
caseId:
description: The case identifier for Swimlane connectors.
type: string
category:
description: >-
The category of the incident for ServiceNow ITSM
and ServiceNow SecOps connectors.
type: string
destIp:
description: >-
A comma-separated list of destination IPs for
ServiceNow SecOps connectors.
type: string
impact:
description: >-
The effect an incident had on business for
ServiceNow ITSM connectors.
type: string
issueType:
description: The type of issue for Jira connectors.
type: string
issueTypes:
description: The type of incident for IBM Resilient connectors.
type: array
items:
type: number
malwareHash:
description: >-
A comma-separated list of malware hashes for
ServiceNow SecOps connectors.
type: string
malwareUrl:
description: >-
A comma-separated list of malware URLs for
ServiceNow SecOps connectors.
type: string
parent:
description: >-
The key of the parent issue, when the issue type
is sub-task for Jira connectors.
type: string
priority:
description: >-
The priority of the issue for Jira and ServiceNow
SecOps connectors.
type: string
severity:
description: >-
The severity of the incident for ServiceNow ITSM
connectors.
type: string
severityCode:
description: >-
The severity code of the incident for IBM
Resilient connectors.
type: number
sourceIp:
description: >-
A comma-separated list of source IPs for
ServiceNow SecOps connectors.
type: string
subcategory:
description: >-
The subcategory of the incident for ServiceNow
ITSM connectors.
type: string
urgency:
description: >-
The extent to which the incident resolution can be
delayed for ServiceNow ITSM connectors.
type: string
example: null
id:
description: >-
The identifier for the connector. To create a case
without a connector, use `none`.
type: string
example: none
name:
description: >-
The name of the connector. To create a case without a
connector, use `none`.
type: string
example: none
type:
$ref: '#/components/schemas/connector_types'
created_at:
type: string
format: date-time
example: '2022-05-13T09:16:17.416Z'
created_by:
type: object
properties:
email:
type: string
example: null
full_name:
type: string
example: null
username:
type: string
example: elastic
description:
type: string
example: A case description.
duration:
type: integer
description: >
The elapsed time from the creation of the case to its
closure (in seconds). If the case has not been closed, the
duration is set to null. If the case was closed after less
than half a second, the duration is rounded down to zero.
example: 120
external_service:
type: object
properties:
connector_id:
type: string
connector_name:
type: string
external_id:
type: string
external_title:
type: string
external_url:
type: string
pushed_at:
type: string
format: date-time
pushed_by:
type: object
properties:
email:
type: string
full_name:
type: string
username:
type: string
nullable: true
example: null
id:
type: string
example: 66b9aa00-94fa-11ea-9f74-e7e108796192
owner:
$ref: '#/components/schemas/owners'
settings:
type: object
properties:
syncAlerts:
type: boolean
example: true
severity:
$ref: '#/components/schemas/severity_property'
status:
$ref: '#/components/schemas/status'
tags:
type: array
items:
type: string
example:
- tag-1
title:
type: string
example: Case title 1
totalAlerts:
type: integer
example: 0
totalComment:
type: integer
example: 0
updated_at:
type: string
format: date-time
nullable: true
example: null
updated_by:
type: object
properties:
email:
type: string
full_name:
type: string
username:
type: string
nullable: true
example: null
version:
type: string
example: WzUzMiwxXQ==
examples:
getCaseResponse:
$ref: '#/components/examples/get_case_response'
servers:
- url: https://localhost:5601
servers:
- url: https://localhost:5601
/s/{spaceId}/api/cases/{caseId}/comments:
post:
summary: Adds a comment or alert to a case.
@ -6432,6 +6953,56 @@ components:
- security
- tag 1
- tag 2
get_case_response:
summary: Retrieves information about a case including its comments.
value:
id: 31cdada0-02c1-11ed-85f2-4f7c222ca2fa
version: WzM2LDFd
comments:
- id: 2134c1d0-02c2-11ed-85f2-4f7c222ca2fa
version: WzM3LDFd
type: user
owner: cases
comment: A new comment
created_at: '2022-07-13T15:40:32.335Z'
created_by:
email: null
full_name: null
username: elastic
pushed_at: null
pushed_by: null
updated_at: null
updated_by: null
totalComment: 1
totalAlerts: 0
title: Case title 1
tags:
- tag 1
settings:
syncAlerts: true
owner: cases
description: A case description
duration: null
severity: low
closed_at: null
closed_by: null
created_at: '2022-07-13T15:33:50.604Z'
created_by:
username: elastic
email: null
full_name: null
status: open
updated_at: '2022-07-13T15:40:32.335Z'
updated_by:
full_name: null
email: null
username: elastic
connector:
id: none
name: none
type: .none
fields: null
external_service: null
add_comment_request:
summary: Adds a comment to a case.
value:

44
x-pack/plugins/cases/docs/openapi/components/examples/get_case_response.yaml Normal file
View file

@ -0,0 +1,44 @@
summary: Retrieves information about a case including its comments.
value:
{
"id":"31cdada0-02c1-11ed-85f2-4f7c222ca2fa",
"version":"WzM2LDFd",
"comments":[{
"id":"2134c1d0-02c2-11ed-85f2-4f7c222ca2fa",
"version":"WzM3LDFd",
"type":"user",
"owner":"cases",
"comment":"A new comment",
"created_at":"2022-07-13T15:40:32.335Z",
"created_by":{
"email":null,
"full_name":null,
"username":"elastic"
},
"pushed_at":null,
"pushed_by":null,
"updated_at":null,
"updated_by":null
}],
"totalComment":1,
"totalAlerts":0,
"title":"Case title 1",
"tags":["tag 1"],
"settings":{"syncAlerts":true},
"owner":"cases",
"description":"A case description",
"duration":null,
"severity":"low",
"closed_at":null,
"closed_by":null,
"created_at":"2022-07-13T15:33:50.604Z",
"created_by":{"username":"elastic","email":null,"full_name":null},"status":"open",
"updated_at":"2022-07-13T15:40:32.335Z",
"updated_by":{"full_name":null,"email":null,"username":"elastic"},"connector":{
"id":"none",
"name":"none",
"type":".none",
"fields":null
},
"external_service":null
}

0
x-pack/plugins/cases/docs/openapi/components/examples/get_status.yaml → x-pack/plugins/cases/docs/openapi/components/examples/get_status_response.yaml
View file

8
x-pack/plugins/cases/docs/openapi/entrypoint.yaml
View file

@ -35,8 +35,8 @@ paths:
$ref: 'paths/api@cases@status.yaml'
'/api/cases/tags':
$ref: 'paths/api@cases@tags.yaml'
# '/api/cases/{caseId}':
# $ref: 'paths/api@cases@{caseid}.yaml'
'/api/cases/{caseId}':
$ref: 'paths/api@cases@{caseid}.yaml'
# '/api/cases/{caseId}/alerts':
# $ref: 'paths/api@cases@{caseid}@alerts.yaml'
'/api/cases/{caseId}/comments':
@ -66,8 +66,8 @@ paths:
$ref: 'paths/s@{spaceid}@api@cases@status.yaml'
'/s/{spaceId}/api/cases/tags':
$ref: 'paths/s@{spaceid}@api@cases@tags.yaml'
# '/s/{spaceId}/api/cases/{caseId}':
# $ref: 'paths/s@{spaceid}@api@cases@{caseid}.yaml'
'/s/{spaceId}/api/cases/{caseId}':
$ref: 'paths/s@{spaceid}@api@cases@{caseid}.yaml'
# '/s/{spaceId}/api/cases/{caseId}/alerts':
# $ref: 'paths/s@{spaceid}@api@cases@{caseid}@alerts.yaml'
'/s/{spaceId}/api/cases/{caseId}/comments':

35
x-pack/plugins/cases/docs/openapi/paths/api@cases@{caseid}.yaml Normal file
View file

@ -0,0 +1,35 @@
get:
summary: Retrieves information about a case in the default space.
operationId: getCaseDefaultSpace
description: >
You must have `read` privileges for the **Cases** feature in the
**Management**, **Observability**, or **Security** section of the Kibana
feature privileges, depending on the owner of the case you're seeking.
tags:
- cases
- kibana
parameters:
- $ref: ../components/parameters/case_id.yaml
- in: query
name: includeComments
description: Determines whether case comments are returned.
deprecated: true
schema:
type: boolean
default: true
responses:
'200':
description: Indicates a successful call.
content:
application/json; charset=utf-8:
schema:
type: object
properties:
$ref: '../components/schemas/case_response_properties.yaml'
examples:
getCaseResponse:
$ref: '../components/examples/get_case_response.yaml'
servers:
- url: https://localhost:5601
servers:
- url: https://localhost:5601

36
x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}.yaml Normal file
View file

@ -0,0 +1,36 @@
get:
summary: Retrieves information about a case.
operationId: getCase
description: >
You must have `read` privileges for the **Cases** feature in the
**Management**, **Observability**, or **Security** section of the Kibana
feature privileges, depending on the owner of the case you're seeking.
tags:
- cases
- kibana
parameters:
- $ref: ../components/parameters/case_id.yaml
- $ref: '../components/parameters/space_id.yaml'
- in: query
name: includeComments
description: Determines whether case comments are returned.
deprecated: true
schema:
type: boolean
default: true
responses:
'200':
description: Indicates a successful call.
content:
application/json; charset=utf-8:
schema:
type: object
properties:
$ref: '../components/schemas/case_response_properties.yaml'
examples:
getCaseResponse:
$ref: '../components/examples/get_case_response.yaml'
servers:
- url: https://localhost:5601
servers:
- url: https://localhost:5601