mirror of
https://github.com/elastic/kibana.git
synced 2025-07-02 13:15:32 -04:00
182 lines
4.7 KiB
Text
182 lines
4.7 KiB
Text
[[cases-api-add-comment]]
|
|
== Add comment to case API
|
|
++++
|
|
<titleabbrev>Add comment</titleabbrev>
|
|
++++
|
|
|
|
Adds a comment or alert to a case.
|
|
|
|
[NOTE]
|
|
====
|
|
For the most up-to-date API details, refer to the
|
|
{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <<case-apis>>.
|
|
====
|
|
|
|
=== {api-request-title}
|
|
|
|
`POST <kibana host>:<port>/api/cases/<case_id>/comments`
|
|
|
|
`POST <kibana host>:<port>/s/<space_id>/api/cases/<case_id>/comments`
|
|
|
|
=== {api-prereq-title}
|
|
|
|
You must have `all` privileges for the *Cases* feature in the *Management*,
|
|
*{observability}*, or *Security* section of the
|
|
<<kibana-feature-privileges,{kib} feature privileges>>, depending on the
|
|
`owner` of the case you're updating.
|
|
|
|
=== {api-description-title}
|
|
|
|
NOTE: Each case can have a maximum of 1,000 alerts.
|
|
|
|
=== {api-path-parms-title}
|
|
|
|
`<case_id>`::
|
|
(Required,string) The identifier for the case. To retrieve case IDs, use
|
|
<<cases-api-find-cases>>.
|
|
|
|
`<space_id>`::
|
|
(Optional, string) An identifier for the space. If it is not specified, the
|
|
default space is used.
|
|
|
|
[role="child_attributes"]
|
|
=== {api-request-body-title}
|
|
|
|
`alertId`::
|
|
(Required*, string or array of strings) The alert identifiers. It is required
|
|
only when `type` is `alert`. You can use an array of strings to add multiple
|
|
alerts to a case, provided that they all relate to the same rule; `index` must
|
|
also be an array with the same length or number of elements. Adding multiple
|
|
alerts in this manner is recommended rather than calling the API multiple times.
|
|
preview:[]
|
|
|
|
`comment`::
|
|
(Required*, string) The new comment. It is required only when `type` is `user`.
|
|
|
|
`index`::
|
|
(Required*, string or array of strings) The alert indices. It is required only
|
|
when `type` is `alert`. If you are adding multiple alerts to a case, use an array
|
|
of strings; the position of each index name in the array must match the position
|
|
of the corresponding alert identifier in the `alertId` array. preview:[]
|
|
|
|
`owner`::
|
|
(Required, string) The application that owns the case. Valid values are:
|
|
`cases`, `observability`, or `securitySolution`.
|
|
|
|
`rule`::
|
|
(Required*, object) The rule that is associated with the alerts. It is required
|
|
only when `type` is `alert`. preview:[]
|
|
+
|
|
.Properties of `rule`
|
|
[%collapsible%open]
|
|
====
|
|
`id`::
|
|
(Required, string) The rule identifier. preview:[]
|
|
|
|
`name`::
|
|
(Required, string) The rule name. preview:[]
|
|
|
|
====
|
|
|
|
`type`::
|
|
(Required, string) The comment type, which must be `user` or `alert`.
|
|
|
|
=== {api-response-codes-title}
|
|
|
|
`200`::
|
|
Indicates a successful call.
|
|
|
|
=== {api-examples-title}
|
|
|
|
Add a comment to case ID `293f1bc0-74f6-11ea-b83a-553aecdb28b6`:
|
|
|
|
[source,sh]
|
|
--------------------------------------------------
|
|
POST api/cases/293f1bc0-74f6-11ea-b83a-553aecdb28b6/comments
|
|
{
|
|
"type": "user",
|
|
"comment": "A new comment.",
|
|
"owner": "cases"
|
|
}
|
|
--------------------------------------------------
|
|
// KIBANA
|
|
|
|
The API returns details about the case and its comments. For example:
|
|
|
|
[source,json]
|
|
--------------------------------------------------
|
|
{
|
|
"comments":[
|
|
{
|
|
"id": "8af6ac20-74f6-11ea-b83a-553aecdb28b6",
|
|
"version": "WzIwNDMxLDFd",
|
|
"type": "user",
|
|
"owner": "cases",
|
|
"comment": "A new comment.",
|
|
"created_at": "2022-03-24T00:49:47.716Z",
|
|
"created_by": {
|
|
"email": null,
|
|
"full_name": null,
|
|
"username": "elastic"
|
|
},
|
|
"pushed_at": null,
|
|
"pushed_by": null,
|
|
"updated_at": null,
|
|
"updated_by": null
|
|
}
|
|
],
|
|
"totalAlerts": 0,
|
|
"id": "293f1bc0-74f6-11ea-b83a-553aecdb28b6",
|
|
"version": "WzIzMzgsMV0=",
|
|
"totalComment": 1,
|
|
"title": "Case title 1",
|
|
"tags": ["tag 1"],
|
|
"description": "A case description.",
|
|
"settings": {
|
|
"syncAlerts": false
|
|
},
|
|
"owner": "cases",
|
|
"duration": null,
|
|
"severity": "low",
|
|
"closed_at": null,
|
|
"closed_by": null,
|
|
"created_at": "2022-03-24T00:37:03.906Z",
|
|
"created_by": {
|
|
"email": null,
|
|
"full_name": null,
|
|
"username": "elastic"
|
|
},
|
|
"status": "open",
|
|
"updated_at": "2022-03-24T00:49:47.716Z",
|
|
"updated_by": {
|
|
"email": null,
|
|
"full_name": null,
|
|
"username": "elastic"
|
|
},
|
|
"connector": {
|
|
"id": "none",
|
|
"name": "none",
|
|
"type": ".none",
|
|
"fields": null
|
|
},
|
|
"external_service": null
|
|
}
|
|
--------------------------------------------------
|
|
|
|
Add an alert to the case:
|
|
|
|
[source,sh]
|
|
--------------------------------------------------
|
|
POST api/cases/293f1bc0-74f6-11ea-b83a-553aecdb28b6/comments
|
|
{
|
|
"alertId": "6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42",
|
|
"index": ".internal.alerts-security.alerts-default-000001",
|
|
"type": "alert",
|
|
"owner": "cases",
|
|
"rule": {
|
|
"id":"94d80550-aaf4-11ec-985f-97e55adae8b9",
|
|
"name":"security_rule"
|
|
}
|
|
}
|
|
--------------------------------------------------
|
|
// KIBANA
|