github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 01:38:56 -04:00
Code Issues Projects Releases Packages Wiki Activity

[DOCS] Add severity field to case APIs (#132289)

Browse source
This commit is contained in:
Lisa Cawley 2022-05-19 08:06:32 -07:00 committed by GitHub
parent 0c2d06dd81
commit d12156ec22
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
16 changed files with 149 additions and 352 deletions
Download patch file Download diff file Expand all files Collapse all files

1
docs/api/cases/cases-api-add-comment.asciidoc
View file

@ -120,6 +120,7 @@ The API returns details about the case and its comments. For example:
},
"owner": "cases",
"duration": null,
"severity": "low",
"closed_at": null,
"closed_by": null,
"created_at": "2022-03-24T00:37:03.906Z",

5
docs/api/cases/cases-api-create.asciidoc
View file

@ -140,6 +140,10 @@ An object that contains the case settings.
(Required, boolean) Turns alert syncing on or off.
====
`severity`::
(Optional,string) The severity of the case. Valid values are: `critical`, `high`,
`low`, and `medium`.
`tags`::
(Required, string array) The words and phrases that help
categorize cases. It can be an empty array.
@ -206,6 +210,7 @@ the case identifier, version, and creation time. For example:
"owner": "securitySolution",
"description": "James Bond clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants. Operation bubblegum is active. Repeat - operation bubblegum is now active",
"duration": null,
"severity": "low",
"closed_at": null,
"closed_by": null,
"created_at": "2022-05-13T09:16:17.416Z",

5
docs/api/cases/cases-api-find-cases.asciidoc
View file

@ -62,6 +62,10 @@ filters the objects in the response.
(Optional, string or array of strings) The fields to perform the
`simple_query_string` parsed query against.
`severity`::
(Optional,string) The severity of the case. Valid values are: `critical`, `high`,
`low`, and `medium`.
`sortField`::
(Optional, string) Determines which field is used to sort the results,
`createdAt` or `updatedAt`. Defaults to `createdAt`.
@ -126,6 +130,7 @@ The API returns a JSON object listing the retrieved cases. For example:
},
"owner": "securitySolution",
"duration": null,
"severity": "low",
"closed_at": null,
"closed_by": null,
"created_at": "2022-03-29T13:03:23.533Z",

398
docs/api/cases/cases-api-get-case-activity.asciidoc
View file

@ -51,362 +51,56 @@ The API returns a JSON object with all the activity for the case. For example:
[source,json]
--------------------------------------------------
[
{
"action": "create",
"action_id": "5275af50-5e7d-11ec-9ee9-cd64f0b77b3c",
"case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
"comment_id": null,
"created_at": "2021-12-16T14:34:48.709Z",
"created_by": {
"email": "",
"full_name": "",
"username": "elastic"
},
"owner": "securitySolution",
"payload": {
"connector": {
"fields": null,
"id": "none",
"name": "none",
"type": ".none"
},
"description": "migrating user actions",
"settings": {
"syncAlerts": true
},
"status": "open",
"tags": [
"user",
"actions"
],
"title": "User actions",
"owner": "securitySolution"
},
"sub_case_id": "",
"type": "create_case"
{
"created_at": "2022-12-16T14:34:48.709Z",
"created_by": {
"email": "",
"full_name": "",
"username": "elastic"
},
{
"action": "create",
"action_id": "72e73240-5e7d-11ec-9ee9-cd64f0b77b3c",
"case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
"comment_id": "72a03e30-5e7d-11ec-9ee9-cd64f0b77b3c",
"created_at": "2021-12-16T14:35:42.872Z",
"created_by": {
"email": "",
"full_name": "",
"username": "elastic"
"owner": "securitySolution",
"action": "create",
"payload": {
"title": "User actions",
"tags": [
"user",
"actions"
],
"connector": {
"fields": null,
"id": "none",
"name": "none",
"type": ".none"
},
"owner": "securitySolution",
"payload": {
"comment": {
"comment": "a comment",
"owner": "securitySolution",
"type": "user"
}
"settings": {
"syncAlerts": true
},
"sub_case_id": "",
"type": "comment"
"owner": "cases",
"severity": "low",
"description": "migrating user actions",
"status": "open"
},
{
"action": "update",
"action_id": "7685b5c0-5e7d-11ec-9ee9-cd64f0b77b3c",
"case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
"comment_id": null,
"created_at": "2021-12-16T14:35:48.826Z",
"created_by": {
"email": "",
"full_name": "",
"username": "elastic"
},
"owner": "securitySolution",
"payload": {
"title": "User actions!"
},
"sub_case_id": "",
"type": "title"
"type": "create_case",
"action_id": "5275af50-5e7d-11ec-9ee9-cd64f0b77b3c",
"case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
"comment_id": null
},
{
"created_at": "2022-12-16T14:35:42.872Z",
"created_by": {
"email": "",
"full_name": "",
"username": "elastic"
},
{
"action": "update",
"action_id": "7a2d8810-5e7d-11ec-9ee9-cd64f0b77b3c",
"case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
"comment_id": null,
"created_at": "2021-12-16T14:35:55.421Z",
"created_by": {
"email": "",
"full_name": "",
"username": "elastic"
},
"owner": "securitySolution",
"payload": {
"description": "migrating user actions and update!"
},
"sub_case_id": "",
"type": "description"
"owner": "cases",
"action": "add",
"payload": {
"tags": ["bubblegum"]
},
{
"action": "update",
"action_id": "7f942160-5e7d-11ec-9ee9-cd64f0b77b3c",
"case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
"comment_id": "72a03e30-5e7d-11ec-9ee9-cd64f0b77b3c",
"created_at": "2021-12-16T14:36:04.120Z",
"created_by": {
"email": "",
"full_name": "",
"username": "elastic"
},
"owner": "securitySolution",
"payload": {
"comment": {
"comment": "a comment updated!",
"owner": "securitySolution",
"type": "user"
}
},
"sub_case_id": "",
"type": "comment"
},
{
"action": "add",
"action_id": "8591a380-5e7d-11ec-9ee9-cd64f0b77b3c",
"case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
"comment_id": null,
"created_at": "2021-12-16T14:36:13.840Z",
"created_by": {
"email": "",
"full_name": "",
"username": "elastic"
},
"owner": "securitySolution",
"payload": {
"tags": [
"migration"
]
},
"sub_case_id": "",
"type": "tags"
},
{
"action": "delete",
"action_id": "8591a381-5e7d-11ec-9ee9-cd64f0b77b3c",
"case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
"comment_id": null,
"created_at": "2021-12-16T14:36:13.840Z",
"created_by": {
"email": "",
"full_name": "",
"username": "elastic"
},
"owner": "securitySolution",
"payload": {
"tags": [
"user"
]
},
"sub_case_id": "",
"type": "tags"
},
{
"action": "update",
"action_id": "87fadb50-5e7d-11ec-9ee9-cd64f0b77b3c",
"case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
"comment_id": null,
"created_at": "2021-12-16T14:36:17.764Z",
"created_by": {
"email": "",
"full_name": "",
"username": "elastic"
},
"owner": "securitySolution",
"payload": {
"settings": {
"syncAlerts": false
}
},
"sub_case_id": "",
"type": "settings"
},
{
"action": "update",
"action_id": "89ca4420-5e7d-11ec-9ee9-cd64f0b77b3c",
"case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
"comment_id": null,
"created_at": "2021-12-16T14:36:21.509Z",
"created_by": {
"email": "",
"full_name": "",
"username": "elastic"
},
"owner": "securitySolution",
"payload": {
"status": "in-progress"
},
"sub_case_id": "",
"type": "status"
},
{
"action": "update",
"action_id": "9060aae0-5e7d-11ec-9ee9-cd64f0b77b3c",
"case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
"comment_id": null,
"created_at": "2021-12-16T14:36:32.716Z",
"created_by": {
"email": "",
"full_name": "",
"username": "elastic"
},
"owner": "securitySolution",
"payload": {
"connector": {
"fields": {
"issueType": "10001",
"parent": null,
"priority": "High"
},
"id": "6773fba0-5e7d-11ec-9ee9-cd64f0b77b3c",
"name": "Jira",
"type": ".jira"
}
},
"sub_case_id": "",
"type": "connector"
},
{
"action": "push_to_service",
"action_id": "988579d0-5e7d-11ec-9ee9-cd64f0b77b3c",
"case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
"comment_id": null,
"created_at": "2021-12-16T14:36:46.443Z",
"created_by": {
"email": "",
"full_name": "",
"username": "elastic"
},
"owner": "securitySolution",
"payload": {
"externalService": {
"connector_id": "6773fba0-5e7d-11ec-9ee9-cd64f0b77b3c",
"connector_name": "Jira",
"external_id": "26225",
"external_title": "CASES-229",
"external_url": "https://example.com/browse/CASES-229",
"pushed_at": "2021-12-16T14:36:46.443Z",
"pushed_by": {
"email": "",
"full_name": "",
"username": "elastic"
}
}
},
"sub_case_id": "",
"type": "pushed"
},
{
"action": "update",
"action_id": "bcb76020-5e7d-11ec-9ee9-cd64f0b77b3c",
"case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
"comment_id": null,
"created_at": "2021-12-16T14:37:46.863Z",
"created_by": {
"email": "",
"full_name": "",
"username": "elastic"
},
"owner": "securitySolution",
"payload": {
"connector": {
"fields": {
"incidentTypes": [
"17",
"4"
],
"severityCode": "5"
},
"id": "b3214df0-5e7d-11ec-9ee9-cd64f0b77b3c",
"name": "IBM",
"type": ".resilient"
}
},
"sub_case_id": "",
"type": "connector"
},
{
"action": "push_to_service",
"action_id": "c0338e90-5e7d-11ec-9ee9-cd64f0b77b3c",
"case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
"comment_id": null,
"created_at": "2021-12-16T14:37:53.016Z",
"created_by": {
"email": "",
"full_name": "",
"username": "elastic"
},
"owner": "securitySolution",
"payload": {
"externalService": {
"connector_id": "b3214df0-5e7d-11ec-9ee9-cd64f0b77b3c",
"connector_name": "IBM",
"external_id": "17574",
"external_title": "17574",
"external_url": "https://example.com/#incidents/17574",
"pushed_at": "2021-12-16T14:37:53.016Z",
"pushed_by": {
"email": "",
"full_name": "",
"username": "elastic"
}
}
},
"sub_case_id": "",
"type": "pushed"
},
{
"action": "update",
"action_id": "c5b6d7a0-5e7d-11ec-9ee9-cd64f0b77b3c",
"case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
"comment_id": null,
"created_at": "2021-12-16T14:38:01.895Z",
"created_by": {
"email": "",
"full_name": "",
"username": "elastic"
},
"owner": "securitySolution",
"payload": {
"connector": {
"fields": {
"issueType": "10001",
"parent": null,
"priority": "Lowest"
},
"id": "6773fba0-5e7d-11ec-9ee9-cd64f0b77b3c",
"name": "Jira",
"type": ".jira"
}
},
"sub_case_id": "",
"type": "connector"
},
{
"action": "create",
"action_id": "ca8f61c0-5e7d-11ec-9ee9-cd64f0b77b3c",
"case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
"comment_id": "ca1d17f0-5e7d-11ec-9ee9-cd64f0b77b3c",
"created_at": "2021-12-16T14:38:09.649Z",
"created_by": {
"email": "",
"full_name": "",
"username": "elastic"
},
"owner": "securitySolution",
"payload": {
"comment": {
"comment": "and another comment!",
"owner": "securitySolution",
"type": "user"
}
},
"sub_case_id": "",
"type": "comment"
}
]
"type": "tags",
"action_id": "72e73240-5e7d-11ec-9ee9-cd64f0b77b3c",
"case_id": "5257a000-5e7d-11ec-9ee9-cd64f0b77b3c",
"comment_id": null
}
]
--------------------------------------------------

1
docs/api/cases/cases-api-get-case.asciidoc
View file

@ -91,6 +91,7 @@ The API returns a JSON object with the retrieved case. For example:
"syncAlerts": true
},
"owner": "securitySolution",
"severity": "low",
"duration": null,
"tags": [
"phishing",

1
docs/api/cases/cases-api-push.asciidoc
View file

@ -68,6 +68,7 @@ The API returns a JSON object representing the pushed case. For example:
"syncAlerts": true
},
"owner": "securitySolution",
"severity": "low",
"duration": null,
"closed_at": null,
"closed_by": null,

1
docs/api/cases/cases-api-update-comment.asciidoc
View file

@ -135,6 +135,7 @@ The API returns details about the case and its comments. For example:
"settings": {"syncAlerts":false},
"owner": "cases",
"duration": null,
"severity": "low",
"closed_at": null,
"closed_by": null,
"created_at": "2022-03-24T00:37:03.906Z",

5
docs/api/cases/cases-api-update.asciidoc
View file

@ -144,6 +144,10 @@ An object that contains the case settings.
(Required, boolean) Turn on or off synching with alerts.
=====
`severity`::
(Optional,string) The severity of the case. Valid values are: `critical`, `high`,
`low`, and `medium`.
`status`::
(Optional, string) The case status. Valid values are: `closed`, `in-progress`,
and `open`.
@ -227,6 +231,7 @@ The API returns the updated case with a new `version` value. For example:
"owner": "securitySolution",
"description": "James Bond clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants. Operation bubblegum is active. Repeat - operation bubblegum is now active!",
"duration": null,
"severity": "low",
"closed_at": null,
"closed_by": null,
"created_at": "2022-05-13T09:16:17.416Z",

37
x-pack/plugins/cases/docs/openapi/bundled.json
View file

@ -157,6 +157,9 @@
}
}
},
"severity": {
"$ref": "#/components/schemas/severity"
},
"tags": {
"description": "The words and phrases that help categorize cases. It can be an empty array.",
"type": "array",
@ -402,6 +405,9 @@
}
}
},
"severity": {
"$ref": "#/components/schemas/severity"
},
"status": {
"$ref": "#/components/schemas/status"
},
@ -636,6 +642,9 @@
}
}
},
"severity": {
"$ref": "#/components/schemas/severity"
},
"status": {
"$ref": "#/components/schemas/status"
},
@ -887,6 +896,9 @@
}
}
},
"severity": {
"$ref": "#/components/schemas/severity"
},
"status": {
"$ref": "#/components/schemas/status"
},
@ -1093,6 +1105,9 @@
}
}
},
"severity": {
"$ref": "#/components/schemas/severity"
},
"tags": {
"description": "The words and phrases that help categorize cases. It can be an empty array.",
"type": "array",
@ -1338,6 +1353,9 @@
}
}
},
"severity": {
"$ref": "#/components/schemas/severity"
},
"status": {
"$ref": "#/components/schemas/status"
},
@ -1578,6 +1596,9 @@
}
}
},
"severity": {
"$ref": "#/components/schemas/severity"
},
"status": {
"$ref": "#/components/schemas/status"
},
@ -1829,6 +1850,9 @@
}
}
},
"severity": {
"$ref": "#/components/schemas/severity"
},
"status": {
"$ref": "#/components/schemas/status"
},
@ -1959,6 +1983,17 @@
"securitySolution"
]
},
"severity": {
"type": "string",
"description": "The severity of the case.",
"enum": [
"critical",
"high",
"low",
"medium"
],
"default": "low"
},
"status": {
"type": "string",
"description": "The status of the case.",
@ -2015,6 +2050,7 @@
"owner": "securitySolution",
"description": "James Bond clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants. Operation bubblegum is active. Repeat - operation bubblegum is now active",
"duration": null,
"severity": "low",
"closed_at": null,
"closed_by": null,
"created_at": "2022-05-13T09:16:17.416Z",
@ -2090,6 +2126,7 @@
"owner": "securitySolution",
"description": "James Bond clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants. Operation bubblegum is active. Repeat - operation bubblegum is now active!",
"duration": null,
"severity": "low",
"closed_at": null,
"closed_by": null,
"created_at": "2022-05-13T09:16:17.416Z",

27
x-pack/plugins/cases/docs/openapi/bundled.yaml
View file

@ -147,6 +147,8 @@ paths:
syncAlerts:
description: Turns alert syncing on or off.
type: boolean
severity:
$ref: '#/components/schemas/severity'
tags:
description: >-
The words and phrases that help categorize cases. It can be
@ -363,6 +365,8 @@ paths:
syncAlerts:
type: boolean
example: true
severity:
$ref: '#/components/schemas/severity'
status:
$ref: '#/components/schemas/status'
tags:
@ -569,6 +573,8 @@ paths:
syncAlerts:
description: Turns alert syncing on or off.
type: boolean
severity:
$ref: '#/components/schemas/severity'
status:
$ref: '#/components/schemas/status'
tags:
@ -784,6 +790,8 @@ paths:
syncAlerts:
type: boolean
example: true
severity:
$ref: '#/components/schemas/severity'
status:
$ref: '#/components/schemas/status'
tags:
@ -960,6 +968,8 @@ paths:
syncAlerts:
description: Turns alert syncing on or off.
type: boolean
severity:
$ref: '#/components/schemas/severity'
tags:
description: >-
The words and phrases that help categorize cases. It can be
@ -1176,6 +1186,8 @@ paths:
syncAlerts:
type: boolean
example: true
severity:
$ref: '#/components/schemas/severity'
status:
$ref: '#/components/schemas/status'
tags:
@ -1384,6 +1396,8 @@ paths:
syncAlerts:
description: Turns alert syncing on or off.
type: boolean
severity:
$ref: '#/components/schemas/severity'
status:
$ref: '#/components/schemas/status'
tags:
@ -1599,6 +1613,8 @@ paths:
syncAlerts:
type: boolean
example: true
severity:
$ref: '#/components/schemas/severity'
status:
$ref: '#/components/schemas/status'
tags:
@ -1686,6 +1702,15 @@ components:
- cases
- observability
- securitySolution
severity:
type: string
description: The severity of the case.
enum:
- critical
- high
- low
- medium
default: low
status:
type: string
description: The status of the case.
@ -1738,6 +1763,7 @@ components:
cheap holidays for underpaid civil servants. Operation bubblegum is
active. Repeat - operation bubblegum is now active
duration: null
severity: low
closed_at: null
closed_by: null
created_at: '2022-05-13T09:16:17.416Z'
@ -1804,6 +1830,7 @@ components:
cheap holidays for underpaid civil servants. Operation bubblegum is
active. Repeat - operation bubblegum is now active!
duration: null
severity: low
closed_at: null
closed_by: null
created_at: '2022-05-13T09:16:17.416Z'

1
x-pack/plugins/cases/docs/openapi/components/examples/create_case_response.yaml
View file

@ -18,6 +18,7 @@ value:
"owner": "securitySolution",
"description": "James Bond clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants. Operation bubblegum is active. Repeat - operation bubblegum is now active",
"duration": null,
"severity": "low",
"closed_at": null,
"closed_by": null,
"created_at": "2022-05-13T09:16:17.416Z",

1
x-pack/plugins/cases/docs/openapi/components/examples/update_case_response.yaml
View file

@ -19,6 +19,7 @@ value:
"owner": "securitySolution",
"description": "James Bond clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants. Operation bubblegum is active. Repeat - operation bubblegum is now active!",
"duration": null,
"severity": "low",
"closed_at": null,
"closed_by": null,
"created_at": "2022-05-13T09:16:17.416Z",

2
x-pack/plugins/cases/docs/openapi/components/schemas/case_response_properties.yaml
View file

@ -84,6 +84,8 @@ settings:
syncAlerts:
type: boolean
example: true
severity:
$ref: 'severity.yaml'
status:
$ref: 'status.yaml'
tags:

8
x-pack/plugins/cases/docs/openapi/components/schemas/severity.yaml Normal file
View file

@ -0,0 +1,8 @@
type: string
description: The severity of the case.
enum:
- critical
- high
- low
- medium
default: low

4
x-pack/plugins/cases/docs/openapi/paths/api@cases.yaml
View file

@ -30,6 +30,8 @@ post:
syncAlerts:
description: Turns alert syncing on or off.
type: boolean
severity:
$ref: '../components/schemas/severity.yaml'
tags:
description: The words and phrases that help categorize cases. It can be an empty array.
type: array
@ -123,6 +125,8 @@ patch:
syncAlerts:
description: Turns alert syncing on or off.
type: boolean
severity:
$ref: '../components/schemas/severity.yaml'
status:
$ref: '../components/schemas/status.yaml'
tags:

4
x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases.yaml
View file

@ -31,6 +31,8 @@ post:
syncAlerts:
description: Turns alert syncing on or off.
type: boolean
severity:
$ref: '../components/schemas/severity.yaml'
tags:
description: The words and phrases that help categorize cases. It can be an empty array.
type: array
@ -126,6 +128,8 @@ patch:
syncAlerts:
description: Turns alert syncing on or off.
type: boolean
severity:
$ref: '../components/schemas/severity.yaml'
status:
$ref: '../components/schemas/status.yaml'
tags: