From fdaa631ad5d257004ab717a72008add13fac1b87 Mon Sep 17 00:00:00 2001 From: Lisa Cawley Date: Tue, 15 Nov 2022 10:11:05 -0800 Subject: [PATCH] [8.5] [DOCS] Automate final case APIs (#145007) (#145272) --- .../cases/docs/openapi/bundled-min.json | 3440 ------------- .../cases/docs/openapi/bundled-min.yaml | 2389 --------- .../plugins/cases/docs/openapi/bundled.json | 4350 ++++++----------- .../plugins/cases/docs/openapi/bundled.yaml | 4111 +++++----------- .../examples/get_case_activity_response.yaml | 107 +- .../openapi/components/schemas/assignees.yaml | 12 + .../case_configure_response_properties.yaml | 24 +- .../schemas/case_response_properties.yaml | 13 +- .../schemas/create_case_request.yaml | 13 +- .../components/schemas/payload_assignees.yaml | 7 +- .../schemas/payload_create_case.yaml | 2 + .../components/schemas/payload_delete.yaml | 3 + .../schemas/payload_user_comment.yaml | 2 +- .../schemas/update_case_request.yaml | 13 +- .../user_actions_response_properties.yaml | 19 +- .../cases/docs/openapi/entrypoint-min.yaml | 59 - .../paths/s@{spaceid}@api@cases@_find.yaml | 2 +- ...@api@cases@configure@connectors@_find.yaml | 2 +- ...s@{spaceid}@api@cases@{caseid}@alerts.yaml | 2 +- ...ceid}@api@cases@{caseid}@user_actions.yaml | 2 +- 20 files changed, 2866 insertions(+), 11706 deletions(-) delete mode 100644 x-pack/plugins/cases/docs/openapi/bundled-min.json delete mode 100644 x-pack/plugins/cases/docs/openapi/bundled-min.yaml create mode 100644 x-pack/plugins/cases/docs/openapi/components/schemas/assignees.yaml create mode 100644 x-pack/plugins/cases/docs/openapi/components/schemas/payload_delete.yaml delete mode 100644 x-pack/plugins/cases/docs/openapi/entrypoint-min.yaml diff --git a/x-pack/plugins/cases/docs/openapi/bundled-min.json b/x-pack/plugins/cases/docs/openapi/bundled-min.json deleted file mode 100644 index c3fc5ebc17443c..00000000000000 --- a/x-pack/plugins/cases/docs/openapi/bundled-min.json +++ /dev/null @@ -1,3440 +0,0 @@ -{ - "openapi": "3.0.1", - "info": { - "title": "Cases", - "description": "OpenAPI schema for Cases endpoints", - "version": "0.2", - "contact": { - "name": "Cases Team" - }, - "license": { - "name": "Elastic License 2.0", - "url": "https://www.elastic.co/licensing/elastic-license" - } - }, - "tags": [ - { - "name": "cases", - "description": "Case APIs enable you to open and track issues." - } - ], - "servers": [ - { - "url": "http://localhost:5601", - "description": "local" - } - ], - "paths": { - "/s/{spaceId}/api/cases": { - "post": { - "summary": "Creates a case.", - "operationId": "createCase", - "description": "You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're creating.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/kbn_xsrf" - }, - { - "$ref": "#/components/parameters/space_id" - } - ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/create_case_request" - }, - "examples": { - "createCaseRequest": { - "$ref": "#/components/examples/create_case_request" - } - } - } - } - }, - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/case_response_properties" - }, - "examples": { - "createCaseResponse": { - "$ref": "#/components/examples/create_case_response" - } - } - } - } - } - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "delete": { - "summary": "Deletes one or more cases.", - "operationId": "deleteCase", - "description": "You must have `read` or `all` privileges and the `delete` sub-feature privilege for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/kbn_xsrf" - }, - { - "$ref": "#/components/parameters/space_id" - }, - { - "name": "ids", - "description": "The cases that you want to removed. All non-ASCII characters must be URL encoded.", - "in": "query", - "required": true, - "schema": { - "type": "string" - }, - "example": "d4e7abb0-b462-11ec-9a8d-698504725a43" - } - ], - "responses": { - "204": { - "description": "Indicates a successful call." - } - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "patch": { - "summary": "Updates one or more cases.", - "operationId": "updateCase", - "description": "You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/kbn_xsrf" - }, - { - "$ref": "#/components/parameters/space_id" - } - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/update_case_request" - }, - "examples": { - "updateCaseRequest": { - "$ref": "#/components/examples/update_case_request" - } - } - } - } - }, - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/case_response_properties" - } - }, - "examples": { - "updateCaseResponse": { - "$ref": "#/components/examples/update_case_response" - } - } - } - } - } - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "/s/{spaceId}/api/cases/alerts/{alertId}": { - "get": { - "summary": "Returns the cases associated with a specific alert.", - "operationId": "getCasesByAlert", - "description": "You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.\n", - "x-technical-preview": true, - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/alert_id" - }, - { - "$ref": "#/components/parameters/space_id" - }, - { - "$ref": "#/components/parameters/owner" - } - ], - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "type": "object", - "properties": { - "id": { - "type": "string", - "description": "The case identifier." - }, - "title": { - "type": "string", - "description": "The case title." - } - } - }, - "example": [ - { - "id": "06116b80-e1c3-11ec-be9b-9b1838238ee6", - "title": "security_case" - } - ] - } - } - } - } - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "/s/{spaceId}/api/cases/configure": { - "get": { - "summary": "Retrieves external connection details, such as the closure type and default connector for cases.", - "operationId": "getCaseConfiguration", - "description": "You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case configuration.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/space_id" - }, - { - "$ref": "#/components/parameters/owner" - } - ], - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "type": "object", - "properties": { - "closure_type": { - "$ref": "#/components/schemas/closure_types" - }, - "connector": { - "type": "object", - "properties": { - "fields": { - "description": "The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`.", - "nullable": true, - "type": "object" - }, - "id": { - "description": "The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API.", - "type": "string", - "example": "none" - }, - "name": { - "description": "The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API.", - "type": "string", - "example": "none" - }, - "type": { - "$ref": "#/components/schemas/connector_types" - } - } - }, - "created_at": { - "type": "string", - "format": "date-time", - "example": "2022-06-01T17:07:17.767Z" - }, - "created_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null, - "nullable": true - }, - "full_name": { - "type": "string", - "example": null, - "nullable": true - }, - "username": { - "type": "string", - "example": "elastic" - } - } - }, - "error": { - "type": "string", - "nullable": true, - "example": null - }, - "id": { - "type": "string", - "example": "4a97a440-e1cd-11ec-be9b-9b1838238ee6" - }, - "mappings": { - "type": "array", - "items": { - "type": "object", - "properties": { - "action_type": { - "type": "string", - "example": "overwrite" - }, - "source": { - "type": "string", - "example": "title" - }, - "target": { - "type": "string", - "example": "summary" - } - } - } - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "updated_at": { - "type": "string", - "format": "date-time", - "nullable": true, - "example": "2022-06-01T19:58:48.169Z" - }, - "updated_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null, - "nullable": true - }, - "full_name": { - "type": "string", - "example": null, - "nullable": true - }, - "username": { - "type": "string", - "example": "elastic" - } - }, - "nullable": true - }, - "version": { - "type": "string", - "example": "WzIwNzMsMV0=" - } - } - } - } - } - } - } - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "post": { - "summary": "Sets external connection details, such as the closure type and default connector for cases.", - "operationId": "setCaseConfiguration", - "description": "You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case configuration. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. Refer to the add connectors API. If you set a default connector, it is automatically selected when you create cases in Kibana. If you use the create case API, however, you must still specify all of the connector details.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/kbn_xsrf" - }, - { - "$ref": "#/components/parameters/space_id" - } - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "type": "object", - "properties": { - "closure_type": { - "$ref": "#/components/schemas/closure_types" - }, - "connector": { - "description": "An object that contains the connector configuration.", - "type": "object", - "properties": { - "fields": { - "description": "The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`.", - "nullable": true, - "type": "object" - }, - "id": { - "description": "The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API.", - "type": "string", - "example": "none" - }, - "name": { - "description": "The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API.", - "type": "string", - "example": "none" - }, - "type": { - "$ref": "#/components/schemas/connector_types" - } - }, - "required": [ - "fields", - "id", - "name", - "type" - ] - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "settings": { - "description": "An object that contains the case settings.", - "type": "object", - "properties": { - "syncAlerts": { - "description": "Turns alert syncing on or off.", - "type": "boolean", - "example": true - } - }, - "required": [ - "syncAlerts" - ] - } - }, - "required": [ - "closure_type", - "connector", - "owner" - ] - }, - "examples": { - "setCaseConfigRequest": { - "$ref": "#/components/examples/set_case_configuration_request" - } - } - } - } - }, - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "type": "object", - "properties": { - "closure_type": { - "$ref": "#/components/schemas/closure_types" - }, - "connector": { - "type": "object", - "properties": { - "fields": { - "description": "The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`.", - "nullable": true, - "type": "object" - }, - "id": { - "description": "The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API.", - "type": "string", - "example": "none" - }, - "name": { - "description": "The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API.", - "type": "string", - "example": "none" - }, - "type": { - "$ref": "#/components/schemas/connector_types" - } - } - }, - "created_at": { - "type": "string", - "format": "date-time", - "example": "2022-06-01T17:07:17.767Z" - }, - "created_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null, - "nullable": true - }, - "full_name": { - "type": "string", - "example": null, - "nullable": true - }, - "username": { - "type": "string", - "example": "elastic" - } - } - }, - "error": { - "type": "string", - "nullable": true, - "example": null - }, - "id": { - "type": "string", - "example": "4a97a440-e1cd-11ec-be9b-9b1838238ee6" - }, - "mappings": { - "type": "array", - "items": { - "type": "object", - "properties": { - "action_type": { - "type": "string", - "example": "overwrite" - }, - "source": { - "type": "string", - "example": "title" - }, - "target": { - "type": "string", - "example": "summary" - } - } - } - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "updated_at": { - "type": "string", - "format": "date-time", - "nullable": true, - "example": "2022-06-01T19:58:48.169Z" - }, - "updated_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null, - "nullable": true - }, - "full_name": { - "type": "string", - "example": null, - "nullable": true - }, - "username": { - "type": "string", - "example": "elastic" - } - }, - "nullable": true - }, - "version": { - "type": "string", - "example": "WzIwNzMsMV0=" - } - } - }, - "examples": { - "setCaseConfigResponse": { - "$ref": "#/components/examples/set_case_configuration_response" - } - } - } - } - } - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "/s/{spaceId}/api/cases/configure/{configurationId}": { - "patch": { - "summary": "Updates external connection details, such as the closure type and default connector for cases.", - "operationId": "updateCaseConfiguration", - "description": "You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case configuration. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. Refer to the add connectors API.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/kbn_xsrf" - }, - { - "$ref": "#/components/parameters/configuration_id" - }, - { - "$ref": "#/components/parameters/space_id" - } - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "type": "object", - "properties": { - "closure_type": { - "$ref": "#/components/schemas/closure_types" - }, - "connector": { - "description": "An object that contains the connector configuration.", - "type": "object", - "properties": { - "fields": { - "description": "The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`.", - "nullable": true, - "type": "object" - }, - "id": { - "description": "The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API.", - "type": "string", - "example": "none" - }, - "name": { - "description": "The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API.", - "type": "string", - "example": "none" - }, - "type": { - "$ref": "#/components/schemas/connector_types" - } - }, - "required": [ - "fields", - "id", - "name", - "type" - ] - }, - "version": { - "description": "The version of the connector. To retrieve the version value, use the get configuration API.\n", - "type": "string", - "example": "WzIwMiwxXQ==" - } - }, - "required": [ - "version" - ] - } - } - } - }, - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "type": "object", - "properties": { - "closure_type": { - "$ref": "#/components/schemas/closure_types" - }, - "connector": { - "type": "object", - "properties": { - "fields": { - "description": "The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`.", - "nullable": true, - "type": "object" - }, - "id": { - "description": "The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API.", - "type": "string", - "example": "none" - }, - "name": { - "description": "The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API.", - "type": "string", - "example": "none" - }, - "type": { - "$ref": "#/components/schemas/connector_types" - } - } - }, - "created_at": { - "type": "string", - "format": "date-time", - "example": "2022-06-01T17:07:17.767Z" - }, - "created_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null, - "nullable": true - }, - "full_name": { - "type": "string", - "example": null, - "nullable": true - }, - "username": { - "type": "string", - "example": "elastic" - } - } - }, - "error": { - "type": "string", - "nullable": true, - "example": null - }, - "id": { - "type": "string", - "example": "4a97a440-e1cd-11ec-be9b-9b1838238ee6" - }, - "mappings": { - "type": "array", - "items": { - "type": "object", - "properties": { - "action_type": { - "type": "string", - "example": "overwrite" - }, - "source": { - "type": "string", - "example": "title" - }, - "target": { - "type": "string", - "example": "summary" - } - } - } - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "updated_at": { - "type": "string", - "format": "date-time", - "nullable": true, - "example": "2022-06-01T19:58:48.169Z" - }, - "updated_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null, - "nullable": true - }, - "full_name": { - "type": "string", - "example": null, - "nullable": true - }, - "username": { - "type": "string", - "example": "elastic" - } - }, - "nullable": true - }, - "version": { - "type": "string", - "example": "WzIwNzMsMV0=" - } - } - } - } - } - } - } - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "/s/{spaceId}/api/cases/reporters": { - "get": { - "summary": "Returns information about the users who opened cases.", - "operationId": "getCaseReporters", - "description": "You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases. The API returns information about the users as they existed at the time of the case creation, including their name, full name, and email address. If any of those details change thereafter or if a user is deleted, the information returned by this API is unchanged.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/space_id" - }, - { - "$ref": "#/components/parameters/owner" - } - ], - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null, - "nullable": true - }, - "full_name": { - "type": "string", - "example": null, - "nullable": true - }, - "username": { - "type": "string", - "example": "elastic", - "nullable": true - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - } - } - }, - "examples": { - "getReportersResponse": { - "$ref": "#/components/examples/get_reporters_response" - } - } - } - } - } - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "/s/{spaceId}/api/cases/status": { - "get": { - "summary": "Returns the number of cases that are open, closed, and in progress.", - "operationId": "getCaseStatus", - "description": "You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.\n", - "deprecated": true, - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/space_id" - }, - { - "$ref": "#/components/parameters/owner" - } - ], - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "type": "object", - "properties": { - "count_closed_cases": { - "type": "integer" - }, - "count_in_progress_cases": { - "type": "integer" - }, - "count_open_cases": { - "type": "integer" - } - } - }, - "examples": { - "getStatusResponse": { - "$ref": "#/components/examples/get_status_response" - } - } - } - } - } - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "/s/{spaceId}/api/cases/tags": { - "get": { - "summary": "Aggregates and returns a list of case tags.", - "operationId": "getCaseTags", - "description": "You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/space_id" - }, - { - "in": "query", - "name": "owner", - "description": "A filter to limit the retrieved case statistics to a specific set of applications. If this parameter is omitted, the response contains tags from all cases that the user has access to read.", - "schema": { - "oneOf": [ - { - "$ref": "#/components/schemas/owners" - }, - { - "type": "array", - "items": { - "$ref": "#/components/schemas/owners" - } - } - ] - } - } - ], - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "type": "string" - } - }, - "examples": { - "getTagsResponse": { - "$ref": "#/components/examples/get_tags_response" - } - } - } - } - } - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "/s/{spaceId}/api/cases/{caseId}": { - "get": { - "summary": "Retrieves information about a case.", - "operationId": "getCase", - "description": "You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're seeking.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/case_id" - }, - { - "$ref": "#/components/parameters/space_id" - }, - { - "in": "query", - "name": "includeComments", - "description": "Determines whether case comments are returned.", - "deprecated": true, - "schema": { - "type": "boolean", - "default": true - } - } - ], - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/case_response_properties" - }, - "examples": { - "getCaseResponse": { - "$ref": "#/components/examples/get_case_response" - } - } - } - } - } - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "/s/{spaceId}/api/cases/{caseId}/comments": { - "post": { - "summary": "Adds a comment or alert to a case.", - "operationId": "addCaseComment", - "description": "You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're creating.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/kbn_xsrf" - }, - { - "$ref": "#/components/parameters/case_id" - }, - { - "$ref": "#/components/parameters/space_id" - } - ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/add_case_comment_request" - }, - "examples": { - "createCaseCommentRequest": { - "$ref": "#/components/examples/add_comment_request" - } - } - } - } - }, - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/case_response_properties" - }, - "examples": { - "createCaseCommentResponse": { - "$ref": "#/components/examples/add_comment_response" - } - } - } - } - } - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "delete": { - "summary": "Deletes all comments and alerts from a case.", - "operationId": "deleteCaseComments", - "description": "You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/kbn_xsrf" - }, - { - "$ref": "#/components/parameters/case_id" - }, - { - "$ref": "#/components/parameters/space_id" - } - ], - "responses": { - "204": { - "description": "Indicates a successful call." - } - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "patch": { - "summary": "Updates a comment or alert in a case.", - "operationId": "updateCaseComment", - "description": "You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating. NOTE: You cannot change the comment type or the owner of a comment.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/kbn_xsrf" - }, - { - "$ref": "#/components/parameters/case_id" - }, - { - "$ref": "#/components/parameters/space_id" - } - ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/update_case_comment_request" - }, - "examples": { - "updateCaseCommentRequest": { - "$ref": "#/components/examples/update_comment_request" - } - } - } - } - }, - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/case_response_properties" - }, - "examples": { - "updateCaseCommentResponse": { - "$ref": "#/components/examples/update_comment_response" - } - } - } - } - } - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "get": { - "summary": "Retrieves all the comments from a case.", - "operationId": "getAllCaseComments", - "description": "You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.\n", - "deprecated": true, - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/case_id" - }, - { - "$ref": "#/components/parameters/space_id" - } - ], - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/case_response_properties" - } - } - } - } - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "/s/{spaceId}/api/cases/{caseId}/comments/{commentId}": { - "delete": { - "summary": "Deletes a comment or alert from a case.", - "operationId": "deleteCaseComment", - "description": "You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/kbn_xsrf" - }, - { - "$ref": "#/components/parameters/case_id" - }, - { - "$ref": "#/components/parameters/comment_id" - }, - { - "$ref": "#/components/parameters/space_id" - } - ], - "responses": { - "204": { - "description": "Indicates a successful call." - } - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "get": { - "summary": "Retrieves a comment from a case.", - "operationId": "getCaseComment", - "description": "You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/case_id" - }, - { - "$ref": "#/components/parameters/comment_id" - }, - { - "$ref": "#/components/parameters/space_id" - } - ], - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "oneOf": [ - { - "$ref": "#/components/schemas/alert_comment_response_properties" - }, - { - "$ref": "#/components/schemas/user_comment_response_properties" - } - ] - }, - "examples": { - "getCaseCommentResponse": { - "$ref": "#/components/examples/get_comment_response" - } - } - } - } - } - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "/s/{spaceId}/api/cases/{caseId}/connector/{connectorId}/_push": { - "post": { - "summary": "Pushes a case to an external service.", - "description": "You must have `all` privileges for the **Actions and Connectors** feature in the **Management** section of the Kibana feature privileges. You must also have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're pushing.\n", - "operationId": "pushCase", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/case_id" - }, - { - "$ref": "#/components/parameters/connector_id" - }, - { - "$ref": "#/components/parameters/kbn_xsrf" - }, - { - "$ref": "#/components/parameters/space_id" - } - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "type": "object", - "nullable": true - } - } - } - }, - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/case_response_properties" - }, - "examples": { - "pushCaseResponse": { - "$ref": "#/components/examples/push_case_response" - } - } - } - } - } - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - }, - "servers": [ - { - "url": "https://localhost:5601" - } - ] - } - }, - "components": { - "securitySchemes": { - "basicAuth": { - "type": "http", - "scheme": "basic" - }, - "apiKeyAuth": { - "type": "apiKey", - "in": "header", - "name": "ApiKey" - } - }, - "parameters": { - "kbn_xsrf": { - "schema": { - "type": "string" - }, - "in": "header", - "name": "kbn-xsrf", - "required": true - }, - "space_id": { - "in": "path", - "name": "spaceId", - "description": "An identifier for the space. If `/s/` and the identifier are omitted from the path, the default space is used.", - "required": true, - "schema": { - "type": "string", - "example": "default" - } - }, - "alert_id": { - "in": "path", - "name": "alertId", - "description": "An identifier for the alert.", - "required": true, - "schema": { - "type": "string", - "example": "09f0c261e39e36351d75995b78bb83673774d1bc2cca9df2d15f0e5c0a99a540" - } - }, - "owner": { - "in": "query", - "name": "owner", - "description": "A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read.\n", - "schema": { - "oneOf": [ - { - "$ref": "#/components/schemas/owners" - }, - { - "type": "array", - "items": { - "$ref": "#/components/schemas/owners" - } - } - ] - }, - "example": "cases" - }, - "configuration_id": { - "in": "path", - "name": "configurationId", - "description": "An identifier for the configuration.", - "required": true, - "schema": { - "type": "string", - "example": "3297a0f0-b5ec-11ec-b141-0fdb20a7f9a9" - } - }, - "case_id": { - "in": "path", - "name": "caseId", - "description": "The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded.", - "required": true, - "schema": { - "type": "string", - "example": "9c235210-6834-11ea-a78c-6ffb38a34414" - } - }, - "comment_id": { - "in": "path", - "name": "commentId", - "description": "The identifier for the comment. To retrieve comment IDs, use the get case or find cases APIs.\n", - "required": true, - "schema": { - "type": "string", - "example": "71ec1870-725b-11ea-a0b2-c51ea50a58e2" - } - }, - "connector_id": { - "in": "path", - "name": "connectorId", - "description": "An identifier for the connector. To retrieve connector IDs, use the find connectors API.", - "required": true, - "schema": { - "type": "string", - "example": "abed3a70-71bd-11ea-a0b2-c51ea50a58e2" - } - } - }, - "schemas": { - "connector_properties_none": { - "title": "Create or update case request properties for no connector", - "required": [ - "fields", - "id", - "name", - "type" - ], - "description": "Defines properties for connectors when type is `.none`.", - "type": "object", - "properties": { - "fields": { - "description": "An object containing the connector fields. To create a case without a connector, specify null. To update a case to remove the connector, specify null.", - "nullable": true, - "type": "string", - "example": null - }, - "id": { - "description": "The identifier for the connector. To create a case without a connector, use `none`. To update a case to remove the connector, specify `none`.", - "type": "string", - "example": "none" - }, - "name": { - "description": "The name of the connector. To create a case without a connector, use `none`. To update a case to remove the connector, specify `none`.", - "type": "string", - "example": "none" - }, - "type": { - "description": "The type of connector. To create a case without a connector, use `.none`. To update a case to remove the connector, specify `.none`.", - "type": "string", - "example": ".none", - "enum": [ - ".none" - ] - } - } - }, - "connector_properties_cases_webhook": { - "title": "Create or upate case request properties for Cases Webhook connector", - "required": [ - "fields", - "id", - "name", - "type" - ], - "description": "Defines properties for connectors when type is `.cases-webhook`.", - "type": "object", - "properties": { - "fields": { - "type": "string", - "nullable": true, - "example": null - }, - "id": { - "description": "The identifier for the connector. To retrieve connector IDs, use the find connectors API.", - "type": "string" - }, - "name": { - "description": "The name of the connector.", - "type": "string" - }, - "type": { - "description": "The type of connector.", - "type": "string", - "example": ".cases-webhook", - "enum": [ - ".cases-webhook" - ] - } - } - }, - "connector_properties_jira": { - "title": "Create or update case request properties for a Jira connector", - "required": [ - "fields", - "id", - "name", - "type" - ], - "description": "Defines properties for connectors when type is `.jira`.", - "type": "object", - "properties": { - "fields": { - "description": "An object containing the connector fields. If you want to omit any individual field, specify null as its value.", - "type": "object", - "required": [ - "issueType", - "parent", - "priority" - ], - "properties": { - "issueType": { - "description": "The type of issue.", - "type": "string", - "nullable": true - }, - "parent": { - "description": "The key of the parent issue, when the issue type is sub-task.", - "type": "string", - "nullable": true - }, - "priority": { - "description": "The priority of the issue.", - "type": "string", - "nullable": true - } - } - }, - "id": { - "description": "The identifier for the connector. To retrieve connector IDs, use the find connectors API.", - "type": "string" - }, - "name": { - "description": "The name of the connector.", - "type": "string" - }, - "type": { - "description": "The type of connector.", - "type": "string", - "example": ".jira", - "enum": [ - ".jira" - ] - } - } - }, - "connector_properties_resilient": { - "title": "Create case request properties for a IBM Resilient connector", - "required": [ - "fields", - "id", - "name", - "type" - ], - "description": "Defines properties for connectors when type is `.resilient`.", - "type": "object", - "properties": { - "fields": { - "description": "An object containing the connector fields. If you want to omit any individual field, specify null as its value.", - "type": "object", - "nullable": true, - "required": [ - "issueTypes", - "severityCode" - ], - "properties": { - "issueTypes": { - "description": "The type of incident.", - "type": "array", - "items": { - "type": "string" - } - }, - "severityCode": { - "description": "The severity code of the incident.", - "type": "string" - } - } - }, - "id": { - "description": "The identifier for the connector.", - "type": "string" - }, - "name": { - "description": "The name of the connector.", - "type": "string" - }, - "type": { - "description": "The type of connector.", - "type": "string", - "example": ".resilient", - "enum": [ - ".resilient" - ] - } - } - }, - "connector_properties_servicenow": { - "title": "Create case request properties for a ServiceNow ITSM connector", - "required": [ - "fields", - "id", - "name", - "type" - ], - "description": "Defines properties for connectors when type is `.servicenow`.", - "type": "object", - "properties": { - "fields": { - "description": "An object containing the connector fields. If you want to omit any individual field, specify null as its value.", - "type": "object", - "required": [ - "category", - "impact", - "severity", - "subcategory", - "urgency" - ], - "properties": { - "category": { - "description": "The category of the incident.", - "type": "string", - "nullable": true - }, - "impact": { - "description": "The effect an incident had on business.", - "type": "string", - "nullable": true - }, - "severity": { - "description": "The severity of the incident.", - "type": "string", - "nullable": true - }, - "subcategory": { - "description": "The subcategory of the incident.", - "type": "string", - "nullable": true - }, - "urgency": { - "description": "The extent to which the incident resolution can be delayed.", - "type": "string", - "nullable": true - } - } - }, - "id": { - "description": "The identifier for the connector. To retrieve connector IDs, use the find connectors API.", - "type": "string" - }, - "name": { - "description": "The name of the connector.", - "type": "string" - }, - "type": { - "description": "The type of connector.", - "type": "string", - "example": ".servicenow", - "enum": [ - ".servicenow" - ] - } - } - }, - "connector_properties_servicenow_sir": { - "title": "Create case request properties for a ServiceNow SecOps connector", - "required": [ - "fields", - "id", - "name", - "type" - ], - "description": "Defines properties for connectors when type is `.servicenow-sir`.", - "type": "object", - "properties": { - "fields": { - "description": "An object containing the connector fields. If you want to omit any individual field, specify null as its value.", - "type": "object", - "required": [ - "category", - "destIp", - "malwareHash", - "malwareUrl", - "priority", - "sourceIp", - "subcategory" - ], - "properties": { - "category": { - "description": "The category of the incident.", - "type": "string", - "nullable": true - }, - "destIp": { - "description": "Indicates whether cases will send a comma-separated list of destination IPs.", - "type": "boolean", - "nullable": true - }, - "malwareHash": { - "description": "Indicates whether cases will send a comma-separated list of malware hashes.", - "type": "boolean", - "nullable": true - }, - "malwareUrl": { - "description": "Indicates whether cases will send a comma-separated list of malware URLs.", - "type": "boolean", - "nullable": true - }, - "priority": { - "description": "The priority of the issue.", - "type": "string", - "nullable": true - }, - "sourceIp": { - "description": "Indicates whether cases will send a comma-separated list of source IPs.", - "type": "boolean", - "nullable": true - }, - "subcategory": { - "description": "The subcategory of the incident.", - "type": "string", - "nullable": true - } - } - }, - "id": { - "description": "The identifier for the connector. To retrieve connector IDs, use the find connectors API.", - "type": "string" - }, - "name": { - "description": "The name of the connector.", - "type": "string" - }, - "type": { - "description": "The type of connector.", - "type": "string", - "example": ".servicenow-sir", - "enum": [ - ".servicenow-sir" - ] - } - } - }, - "connector_properties_swimlane": { - "title": "Create case request properties for a Swimlane connector", - "required": [ - "fields", - "id", - "name", - "type" - ], - "description": "Defines properties for connectors when type is `.swimlane`.", - "type": "object", - "properties": { - "fields": { - "description": "An object containing the connector fields. If you want to omit any individual field, specify null as its value.", - "type": "object", - "required": [ - "caseId" - ], - "properties": { - "caseId": { - "description": "The case identifier for Swimlane connectors.", - "type": "string", - "nullable": true - } - } - }, - "id": { - "description": "The identifier for the connector. To retrieve connector IDs, use the find connectors API.", - "type": "string" - }, - "name": { - "description": "The name of the connector.", - "type": "string" - }, - "type": { - "description": "The type of connector.", - "type": "string", - "example": ".swimlane", - "enum": [ - ".swimlane" - ] - } - } - }, - "owners": { - "type": "string", - "description": "The application that owns the cases: Stack Management, Observability, or Elastic Security.\n", - "enum": [ - "cases", - "observability", - "securitySolution" - ], - "example": "cases" - }, - "settings": { - "type": "object", - "description": "An object that contains the case settings.", - "required": [ - "syncAlerts" - ], - "properties": { - "syncAlerts": { - "description": "Turns alert syncing on or off.", - "type": "boolean", - "example": true - } - } - }, - "severity_property": { - "type": "string", - "description": "The severity of the case.", - "enum": [ - "critical", - "high", - "low", - "medium" - ], - "default": "low" - }, - "create_case_request": { - "title": "Create case request", - "description": "The create case API request body varies depending on the type of connector.", - "type": "object", - "required": [ - "connector", - "description", - "owner", - "settings", - "tags", - "title" - ], - "properties": { - "assignees": { - "type": "array", - "description": "An array containing users that are assigned to the case.", - "nullable": true, - "items": { - "type": "object", - "required": [ - "uid" - ], - "properties": { - "uid": { - "type": "string", - "description": "A unique identifier for the user profile. These identifiers can be found by using the suggest user profile API.", - "example": "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0" - } - } - } - }, - "connector": { - "oneOf": [ - { - "$ref": "#/components/schemas/connector_properties_none" - }, - { - "$ref": "#/components/schemas/connector_properties_cases_webhook" - }, - { - "$ref": "#/components/schemas/connector_properties_jira" - }, - { - "$ref": "#/components/schemas/connector_properties_resilient" - }, - { - "$ref": "#/components/schemas/connector_properties_servicenow" - }, - { - "$ref": "#/components/schemas/connector_properties_servicenow_sir" - }, - { - "$ref": "#/components/schemas/connector_properties_swimlane" - } - ] - }, - "description": { - "description": "The description for the case.", - "type": "string" - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "settings": { - "$ref": "#/components/schemas/settings" - }, - "severity": { - "$ref": "#/components/schemas/severity_property" - }, - "tags": { - "description": "The words and phrases that help categorize cases. It can be an empty array.", - "type": "array", - "items": { - "type": "string" - } - }, - "title": { - "description": "A title for the case.", - "type": "string" - } - } - }, - "case_response_closed_by_properties": { - "title": "Case response properties for closed_by", - "type": "object", - "nullable": true, - "properties": { - "email": { - "type": "string", - "example": null, - "nullable": true - }, - "full_name": { - "type": "string", - "example": null, - "nullable": true - }, - "username": { - "type": "string", - "example": "elastic", - "nullable": true - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "required": [ - "email", - "full_name", - "username" - ] - }, - "alert_comment_response_properties": { - "title": "Add case comment response properties for alerts", - "type": "object", - "required": [ - "type" - ], - "properties": { - "alertId": { - "type": "string", - "example": "6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42" - }, - "created_at": { - "type": "string", - "format": "date-time", - "example": "2022-03-24T02:31:03.210Z" - }, - "created_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null, - "nullable": true - }, - "full_name": { - "type": "string", - "example": null, - "nullable": true - }, - "username": { - "type": "string", - "example": "elastic", - "nullable": true - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - } - }, - "id": { - "type": "string", - "example": "73362370-ab1a-11ec-985f-97e55adae8b9" - }, - "index": { - "type": "string", - "example": ".internal.alerts-security.alerts-default-000001" - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "pushed_at": { - "type": "string", - "format": "date-time", - "example": null, - "nullable": true - }, - "pushed_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null, - "nullable": true - }, - "full_name": { - "type": "string", - "example": null, - "nullable": true - }, - "username": { - "type": "string", - "example": "elastic", - "nullable": true - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "nullable": true - }, - "rule": { - "type": "object", - "properties": { - "id": { - "description": "The rule identifier.", - "type": "string", - "example": "94d80550-aaf4-11ec-985f-97e55adae8b9" - }, - "name": { - "description": "The rule name.", - "type": "string", - "example": "security_rule" - } - } - }, - "type": { - "type": "string", - "example": "alert", - "enum": [ - "alert" - ] - }, - "updated_at": { - "type": "string", - "format": "date-time", - "example": null - }, - "updated_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null, - "nullable": true - }, - "full_name": { - "type": "string", - "example": null, - "nullable": true - }, - "username": { - "type": "string", - "example": "elastic", - "nullable": true - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - } - }, - "version": { - "type": "string", - "example": "WzMwNDgsMV0=" - } - } - }, - "case_response_created_by_properties": { - "title": "Case response properties for created_by", - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null, - "nullable": true - }, - "full_name": { - "type": "string", - "example": null, - "nullable": true - }, - "username": { - "type": "string", - "example": "elastic", - "nullable": true - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "required": [ - "email", - "full_name", - "username" - ] - }, - "case_response_pushed_by_properties": { - "title": "Case response properties for pushed_by", - "type": "object", - "nullable": true, - "properties": { - "email": { - "type": "string", - "example": null, - "nullable": true - }, - "full_name": { - "type": "string", - "example": null, - "nullable": true - }, - "username": { - "type": "string", - "example": "elastic", - "nullable": true - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "required": [ - "email", - "full_name", - "username" - ] - }, - "case_response_updated_by_properties": { - "title": "Case response properties for updated_by", - "type": "object", - "nullable": true, - "properties": { - "email": { - "type": "string", - "example": null, - "nullable": true - }, - "full_name": { - "type": "string", - "example": null, - "nullable": true - }, - "username": { - "type": "string", - "example": "elastic", - "nullable": true - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "required": [ - "email", - "full_name", - "username" - ] - }, - "user_comment_response_properties": { - "title": "Case response properties for user comments", - "type": "object", - "required": [ - "type" - ], - "properties": { - "comment": { - "type": "string", - "example": "A new comment." - }, - "created_at": { - "type": "string", - "format": "date-time", - "example": "2022-05-13T09:16:17.416Z" - }, - "created_by": { - "$ref": "#/components/schemas/case_response_created_by_properties" - }, - "id": { - "type": "string", - "example": "8af6ac20-74f6-11ea-b83a-553aecdb28b6" - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "pushed_at": { - "type": "string", - "format": "date-time", - "nullable": true, - "example": null - }, - "pushed_by": { - "$ref": "#/components/schemas/case_response_pushed_by_properties" - }, - "type": { - "type": "string", - "example": "user", - "enum": [ - "user" - ] - }, - "updated_at": { - "type": "string", - "format": "date-time", - "nullable": true, - "example": null - }, - "updated_by": { - "$ref": "#/components/schemas/case_response_updated_by_properties" - }, - "version": { - "type": "string", - "example": "WzIwNDMxLDFd" - } - } - }, - "external_service": { - "type": "object", - "nullable": true, - "properties": { - "connector_id": { - "type": "string" - }, - "connector_name": { - "type": "string" - }, - "external_id": { - "type": "string" - }, - "external_title": { - "type": "string" - }, - "external_url": { - "type": "string" - }, - "pushed_at": { - "type": "string", - "format": "date-time" - }, - "pushed_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null, - "nullable": true - }, - "full_name": { - "type": "string", - "example": null, - "nullable": true - }, - "username": { - "type": "string", - "example": "elastic", - "nullable": true - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "nullable": true - } - } - }, - "status": { - "type": "string", - "description": "The status of the case.", - "enum": [ - "closed", - "in-progress", - "open" - ] - }, - "case_response_properties": { - "title": "Case response properties", - "type": "object", - "required": [ - "closed_at", - "closed_by", - "comments", - "connector", - "created_at", - "created_by", - "description", - "duration", - "external_service", - "id", - "owner", - "settings", - "severity", - "status", - "tags", - "title", - "totalAlerts", - "totalComment", - "updated_at", - "updated_by", - "version" - ], - "properties": { - "assignees": { - "type": "array", - "description": "An array containing users that are assigned to the case.", - "nullable": true, - "items": { - "type": "object", - "required": [ - "uid" - ], - "properties": { - "uid": { - "type": "string", - "description": "A unique identifier for the user profile. You can use the get user profile API to retrieve more details.", - "example": "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0" - } - } - } - }, - "closed_at": { - "type": "string", - "format": "date-time", - "nullable": true - }, - "closed_by": { - "$ref": "#/components/schemas/case_response_closed_by_properties" - }, - "comments": { - "title": "Case response properties for comments", - "description": "An array of comment objects for the case.", - "type": "array", - "items": { - "discriminator": { - "propertyName": "type" - }, - "oneOf": [ - { - "$ref": "#/components/schemas/alert_comment_response_properties" - }, - { - "$ref": "#/components/schemas/user_comment_response_properties" - } - ] - } - }, - "connector": { - "title": "Case response properties for connectors", - "discriminator": { - "propertyName": "type" - }, - "oneOf": [ - { - "$ref": "#/components/schemas/connector_properties_none" - }, - { - "$ref": "#/components/schemas/connector_properties_cases_webhook" - }, - { - "$ref": "#/components/schemas/connector_properties_jira" - }, - { - "$ref": "#/components/schemas/connector_properties_resilient" - }, - { - "$ref": "#/components/schemas/connector_properties_servicenow" - }, - { - "$ref": "#/components/schemas/connector_properties_servicenow_sir" - }, - { - "$ref": "#/components/schemas/connector_properties_swimlane" - } - ] - }, - "created_at": { - "type": "string", - "format": "date-time", - "example": "2022-05-13T09:16:17.416Z" - }, - "created_by": { - "$ref": "#/components/schemas/case_response_created_by_properties" - }, - "description": { - "type": "string", - "example": "A case description." - }, - "duration": { - "type": "integer", - "description": "The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero.\n", - "nullable": true, - "example": 120 - }, - "external_service": { - "$ref": "#/components/schemas/external_service" - }, - "id": { - "type": "string", - "example": "66b9aa00-94fa-11ea-9f74-e7e108796192" - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "settings": { - "$ref": "#/components/schemas/settings" - }, - "severity": { - "$ref": "#/components/schemas/severity_property" - }, - "status": { - "$ref": "#/components/schemas/status" - }, - "tags": { - "type": "array", - "items": { - "type": "string" - }, - "example": [ - "tag-1" - ] - }, - "title": { - "type": "string", - "example": "Case title 1" - }, - "totalAlerts": { - "type": "integer", - "example": 0 - }, - "totalComment": { - "type": "integer", - "example": 0 - }, - "updated_at": { - "type": "string", - "format": "date-time", - "nullable": true - }, - "updated_by": { - "$ref": "#/components/schemas/case_response_updated_by_properties" - }, - "version": { - "type": "string", - "example": "WzUzMiwxXQ==" - } - } - }, - "update_case_request": { - "title": "Update case request", - "description": "The update case API request body varies depending on the type of connector.", - "type": "object", - "required": [ - "cases" - ], - "properties": { - "cases": { - "type": "array", - "description": "An array containing one or more case objects.", - "items": { - "type": "object", - "required": [ - "id", - "version" - ], - "properties": { - "assignees": { - "type": "array", - "description": "An array containing users that are assigned to the case.", - "nullable": true, - "items": { - "type": "object", - "required": [ - "uid" - ], - "properties": { - "uid": { - "type": "string", - "description": "A unique identifier for the user profile. These identifiers can be found by using the suggest user profile API.", - "example": "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0" - } - } - } - }, - "connector": { - "oneOf": [ - { - "$ref": "#/components/schemas/connector_properties_none" - }, - { - "$ref": "#/components/schemas/connector_properties_cases_webhook" - }, - { - "$ref": "#/components/schemas/connector_properties_jira" - }, - { - "$ref": "#/components/schemas/connector_properties_resilient" - }, - { - "$ref": "#/components/schemas/connector_properties_servicenow" - }, - { - "$ref": "#/components/schemas/connector_properties_servicenow_sir" - }, - { - "$ref": "#/components/schemas/connector_properties_swimlane" - } - ] - }, - "description": { - "description": "An updated description for the case.", - "type": "string" - }, - "id": { - "description": "The identifier for the case.", - "type": "string" - }, - "settings": { - "$ref": "#/components/schemas/settings" - }, - "severity": { - "$ref": "#/components/schemas/severity_property" - }, - "status": { - "$ref": "#/components/schemas/status" - }, - "tags": { - "description": "The words and phrases that help categorize cases.", - "type": "array", - "items": { - "type": "string" - } - }, - "title": { - "description": "A title for the case.", - "type": "string" - }, - "version": { - "description": "The current version of the case. To determine this value, use the get case or find cases APIs.", - "type": "string" - } - } - } - } - } - }, - "closure_types": { - "type": "string", - "description": "Indicates whether a case is automatically closed when it is pushed to external systems (`close-by-pushing`) or not automatically closed (`close-by-user`).", - "enum": [ - "close-by-pushing", - "close-by-user" - ], - "example": "close-by-user" - }, - "connector_types": { - "type": "string", - "description": "The type of connector.", - "enum": [ - ".cases-webhook", - ".jira", - ".none", - ".resilient", - ".servicenow", - ".servicenow-sir", - ".swimlane" - ], - "example": ".none" - }, - "alert_identifiers": { - "title": "Alert identifiers", - "description": "The alert identifier. It is required only when `type` is `alert`. If it is an array, `index` must also be an array with the same length or number of elements. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.\n", - "oneOf": [ - { - "type": "string" - }, - { - "type": "array", - "items": { - "type": "string" - } - } - ], - "x-technical-preview": true, - "example": "6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42" - }, - "alert_indices": { - "title": "Alert indices", - "description": "The alert index. It is required only when `type` is `alert`. If it is an array, `alertId` must also be an array with the same length or number of elements. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.\n", - "oneOf": [ - { - "type": "string" - }, - { - "type": "array", - "items": { - "type": "string" - } - } - ], - "x-technical-preview": true - }, - "rule": { - "title": "Alerting rule", - "description": "The rule that is associated with the alert. It is required only when `type` is `alert`. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.\n", - "type": "object", - "x-technical-preview": true, - "properties": { - "id": { - "description": "The rule identifier.", - "type": "string", - "example": "94d80550-aaf4-11ec-985f-97e55adae8b9" - }, - "name": { - "description": "The rule name.", - "type": "string", - "example": "security_rule" - } - } - }, - "add_alert_comment_request_properties": { - "title": "Add case comment request properties for alerts", - "required": [ - "alertId", - "index", - "owner", - "rule", - "type" - ], - "description": "Defines properties for case comment requests when type is alert.", - "type": "object", - "properties": { - "alertId": { - "$ref": "#/components/schemas/alert_identifiers" - }, - "index": { - "$ref": "#/components/schemas/alert_indices" - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "rule": { - "$ref": "#/components/schemas/rule" - }, - "type": { - "description": "The type of comment.", - "type": "string", - "example": "alert", - "enum": [ - "alert" - ] - } - } - }, - "add_user_comment_request_properties": { - "title": "Add case comment request properties for user comments", - "description": "Defines properties for case comment requests when type is user.", - "type": "object", - "properties": { - "comment": { - "description": "The new comment. It is required only when `type` is `user`.", - "type": "string", - "example": "A new comment." - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "type": { - "type": "string", - "description": "The type of comment.", - "example": "user", - "enum": [ - "user" - ] - } - }, - "required": [ - "comment", - "owner", - "type" - ] - }, - "add_case_comment_request": { - "title": "Add case comment request", - "description": "The add comment to case API request body varies depending on whether you are adding an alert or a comment.", - "discriminator": { - "propertyName": "type" - }, - "oneOf": [ - { - "$ref": "#/components/schemas/add_alert_comment_request_properties" - }, - { - "$ref": "#/components/schemas/add_user_comment_request_properties" - } - ] - }, - "update_alert_comment_request_properties": { - "title": "Update case comment request properties for alerts", - "description": "Defines properties for case comment requests when type is alert.", - "required": [ - "alertId", - "id", - "index", - "owner", - "rule", - "type", - "version" - ], - "type": "object", - "properties": { - "alertId": { - "$ref": "#/components/schemas/alert_identifiers" - }, - "id": { - "type": "string", - "description": "The identifier for the comment. To retrieve comment IDs, use the get comments API.\n", - "example": "8af6ac20-74f6-11ea-b83a-553aecdb28b6" - }, - "index": { - "$ref": "#/components/schemas/alert_indices" - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "rule": { - "$ref": "#/components/schemas/rule" - }, - "type": { - "description": "The type of comment.", - "type": "string", - "enum": [ - "alert" - ], - "example": "alert" - }, - "version": { - "description": "The current comment version. To retrieve version values, use the get comments API.\n", - "type": "string", - "example": "Wzk1LDFd" - } - } - }, - "update_user_comment_request_properties": { - "title": "Update case comment request properties for user comments", - "description": "Defines properties for case comment requests when type is user.", - "type": "object", - "properties": { - "comment": { - "description": "The new comment. It is required only when `type` is `user`.", - "type": "string", - "example": "A new comment." - }, - "id": { - "type": "string", - "description": "The identifier for the comment. To retrieve comment IDs, use the get comments API.\n", - "example": "8af6ac20-74f6-11ea-b83a-553aecdb28b6" - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "type": { - "type": "string", - "description": "The type of comment.", - "enum": [ - "user" - ], - "example": "user" - }, - "version": { - "description": "The current comment version. To retrieve version values, use the get comments API.\n", - "type": "string", - "example": "Wzk1LDFd" - } - }, - "required": [ - "comment", - "id", - "owner", - "type", - "version" - ] - }, - "update_case_comment_request": { - "title": "Update case comment request", - "description": "The update case comment API request body varies depending on whether you are updating an alert or a comment.", - "discriminator": { - "propertyName": "type" - }, - "oneOf": [ - { - "$ref": "#/components/schemas/update_alert_comment_request_properties" - }, - { - "$ref": "#/components/schemas/update_user_comment_request_properties" - } - ] - } - }, - "examples": { - "create_case_request": { - "summary": "Create a security case that uses a Jira connector.", - "value": { - "description": "A case description.", - "title": "Case title 1", - "tags": [ - "tag-1" - ], - "connector": { - "id": "131d4448-abe0-4789-939d-8ef60680b498", - "name": "My connector", - "type": ".jira", - "fields": { - "issueType": "10006", - "priority": "High", - "parent": null - } - }, - "settings": { - "syncAlerts": true - }, - "owner": "cases" - } - }, - "create_case_response": { - "summary": "The create case API returns a JSON object that contains details about the case.", - "value": { - "comments": [], - "totalAlerts": 0, - "id": "66b9aa00-94fa-11ea-9f74-e7e108796192", - "version": "WzUzMiwxXQ==", - "totalComment": 1, - "title": "Case title 1", - "tags": [ - "tag 1" - ], - "assignees": [], - "description": "A case description.", - "settings": { - "syncAlerts": false - }, - "owner": "cases", - "duration": null, - "severity": "low", - "closed_at": null, - "closed_by": null, - "created_at": "2022-03-24T00:37:03.906Z", - "created_by": { - "username": "elastic", - "full_name": null, - "email": null - }, - "status": "open", - "updated_at": null, - "updated_by": null, - "connector": { - "id": "131d4448-abe0-4789-939d-8ef60680b498", - "name": "My connector", - "type": ".jira", - "fields": { - "issueType": "10006", - "parent": null, - "priority": "High" - } - }, - "external_service": null - } - }, - "update_case_request": { - "summary": "Update the case description, tags, and connector.", - "value": { - "cases": [ - { - "id": "a18b38a0-71b0-11ea-a0b2-c51ea50a58e2", - "version": "WzIzLDFd", - "connector": { - "id": "131d4448-abe0-4789-939d-8ef60680b498", - "name": "My connector", - "type": ".jira", - "fields": { - "issueType": "10006", - "priority": null, - "parent": null - } - }, - "description": "A case description.", - "tags": [ - "tag-1" - ], - "settings": { - "syncAlerts": true - } - } - ] - } - }, - "update_case_response": { - "summary": "This is an example response when the case description, tags, and connector were updated.", - "value": [ - { - "id": "66b9aa00-94fa-11ea-9f74-e7e108796192", - "version": "WzU0OCwxXQ==", - "comments": [], - "totalComment": 0, - "totalAlerts": 0, - "title": "Case title 1", - "tags": [ - "tag-1" - ], - "settings": { - "syncAlerts": true - }, - "owner": "cases", - "description": "A case description.", - "duration": null, - "severity": "low", - "closed_at": null, - "closed_by": null, - "created_at": "2022-05-13T09:16:17.416Z", - "created_by": { - "email": null, - "full_name": null, - "username": "elastic" - }, - "status": "open", - "updated_at": "2022-05-13T09:48:33.043Z", - "updated_by": { - "email": null, - "full_name": null, - "username": "elastic" - }, - "assignees": [], - "connector": { - "id": "131d4448-abe0-4789-939d-8ef60680b498", - "name": "My connector", - "type": ".jira", - "fields": { - "issueType": "10006", - "parent": null, - "priority": null - } - }, - "external_service": { - "external_title": "IS-4", - "pushed_by": { - "full_name": null, - "email": null, - "username": "elastic" - }, - "external_url": "https://hms.atlassian.net/browse/IS-4", - "pushed_at": "2022-05-13T09:20:40.672Z", - "connector_id": "05da469f-1fde-4058-99a3-91e4807e2de8", - "external_id": "10003", - "connector_name": "Jira" - } - } - ] - }, - "set_case_configuration_request": { - "summary": "Set the closure type and default connector for Stack Management cases.", - "value": { - "owner": "cases", - "connector": { - "id": "5e656730-e1ca-11ec-be9b-9b1838238ee6", - "name": "my-jira-connector", - "type": ".jira", - "fields": null - }, - "closure_type": "close-by-user" - } - }, - "set_case_configuration_response": { - "summary": "This is an example response when the case configuration was updated.", - "value": { - "closure_type": "close-by-user", - "owner": "cases", - "created_at": "2022-06-01T17:07:17.767Z", - "created_by": { - "username": "elastic", - "email": "null,", - "full_name": null - }, - "updated_at": null, - "updated_by": null, - "connector": { - "id": "5e656730-e1ca-11ec-be9b-9b1838238ee6", - "name": "my-jira-connector", - "type": ".jira", - "fields": null - }, - "mappings": [ - { - "source": "title", - "target": "summary", - "action_type": "overwrite" - }, - { - "source": "description", - "target": "description", - "action_type": "overwrite" - }, - { - "source": "comments", - "target": "comments", - "action_type": "append" - } - ], - "version": "WzIwNzMsMV0=", - "error": null, - "id": "4a97a440-e1cd-11ec-be9b-9b1838238ee6" - } - }, - "get_reporters_response": { - "summary": "A list of three users that opened cases", - "value": [ - { - "username": "elastic", - "full_name": null, - "email": null - }, - { - "username": "user1", - "full_name": "User 1", - "email": "user1@elastic.co" - }, - { - "username": "user2", - "full_name": "User 2", - "email": "user2@elastic.co" - } - ] - }, - "get_status_response": { - "summary": "Get the number of cases in each state.", - "value": { - "count_open_cases": 27, - "count_in_progress_cases": 50, - "count_closed_cases": 198 - } - }, - "get_tags_response": { - "summary": "A list of tags that are used in cases", - "value": [ - "observability", - "security", - "tag 1", - "tag 2" - ] - }, - "get_case_response": { - "summary": "Retrieves information about a case including its comments.", - "value": { - "id": "31cdada0-02c1-11ed-85f2-4f7c222ca2fa", - "version": "WzM2LDFd", - "comments": [ - { - "id": "2134c1d0-02c2-11ed-85f2-4f7c222ca2fa", - "version": "WzM3LDFd", - "type": "user", - "owner": "cases", - "comment": "A new comment", - "created_at": "2022-07-13T15:40:32.335Z", - "created_by": { - "email": null, - "full_name": null, - "username": "elastic" - }, - "pushed_at": null, - "pushed_by": null, - "updated_at": null, - "updated_by": null - } - ], - "totalComment": 1, - "totalAlerts": 0, - "title": "Case title 1", - "tags": [ - "tag 1" - ], - "settings": { - "syncAlerts": true - }, - "owner": "cases", - "description": "A case description", - "duration": null, - "severity": "low", - "closed_at": null, - "closed_by": null, - "created_at": "2022-07-13T15:33:50.604Z", - "created_by": { - "username": "elastic", - "email": null, - "full_name": null - }, - "status": "open", - "updated_at": "2022-07-13T15:40:32.335Z", - "updated_by": { - "full_name": null, - "email": null, - "username": "elastic" - }, - "assignees": [ - { - "uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0" - } - ], - "connector": { - "id": "none", - "name": "none", - "type": ".none", - "fields": null - }, - "external_service": null - } - }, - "add_comment_request": { - "summary": "Adds a comment to a case.", - "value": { - "type": "user", - "comment": "A new comment.", - "owner": "cases" - } - }, - "add_comment_response": { - "summary": "The add comment to case API returns a JSON object that contains details about the case and its comments.", - "value": { - "comments": [ - { - "id": "8af6ac20-74f6-11ea-b83a-553aecdb28b6", - "version": "WzIwNDMxLDFd", - "type": "user", - "owner": "cases", - "comment": "A new comment.", - "created_at": "2022-06-02T00:49:47.716Z", - "created_by": { - "username": "elastic", - "email": null, - "full_name": null - } - } - ], - "totalAlerts": 0, - "id": "293f1bc0-74f6-11ea-b83a-553aecdb28b6", - "version": "WzIzMzgsMV0=", - "totalComment": 1, - "title": "Case title 1", - "tags": [ - "tag 1" - ], - "description": "A case description.", - "settings": { - "syncAlerts": false - }, - "owner": "cases", - "duration": null, - "severity": "low", - "closed_at": null, - "closed_by": null, - "created_at": "2022-03-24T00:37:03.906Z", - "created_by": { - "username": "elastic", - "full_name": null, - "email": null - }, - "status": "open", - "updated_at": "2022-06-03T00:49:47.716Z", - "updated_by": { - "username": "elastic", - "email": null, - "full_name": null - }, - "connector": { - "id": "none", - "name": "none", - "type": ".none", - "fields": null - }, - "external_service": null - } - }, - "update_comment_request": { - "summary": "Updates a comment of a case.", - "value": { - "id": "8af6ac20-74f6-11ea-b83a-553aecdb28b6", - "version": "Wzk1LDFd", - "type": "user", - "comment": "An updated comment.", - "owner": "cases" - } - }, - "update_comment_response": { - "summary": "The add comment to case API returns a JSON object that contains details about the case and its comments.", - "value": { - "comments": [ - { - "id": "8af6ac20-74f6-11ea-b83a-553aecdb28b6", - "version": "WzIwNjM3LDFd", - "comment": "An updated comment.", - "type": "user", - "owner": "cases", - "created_at": "2022-03-24T00:37:10.832Z", - "created_by": { - "username": "elastic", - "full_name": null, - "email": null - }, - "pushed_at": null, - "pushed_by": null, - "updated_at": "2022-03-24T01:27:06.210Z", - "updated_by": { - "username": "elastic", - "full_name": null, - "email": null - } - } - ], - "totalAlerts": 0, - "id": "293f1bc0-74f6-11ea-b83a-553aecdb28b6", - "version": "WzIwNjM2LDFd", - "totalComment": 1, - "title": "Case title 1", - "tags": [ - "tag 1" - ], - "description": "A case description.", - "settings": { - "syncAlerts": false - }, - "owner": "cases", - "duration": null, - "severity": "low", - "closed_at": null, - "closed_by": null, - "created_at": "2022-03-24T00:37:03.906Z", - "created_by": { - "username": "elastic", - "full_name": null, - "email": null - }, - "status": "open", - "updated_at": "2022-03-24T01:27:06.210Z", - "updated_by": { - "username": "elastic", - "full_name": null, - "email": null - }, - "connector": { - "id": "none", - "name": "none", - "type": ".none", - "fields": null - }, - "external_service": null - } - }, - "get_comment_response": { - "summary": "A single user comment retrieved from a case", - "value": { - "id": "8048b460-fe2b-11ec-b15d-779a7c8bbcc3", - "version": "WzIzLDFd", - "type": "user", - "owner": "cases", - "comment": "A new comment", - "created_at": "2022-07-07T19:32:13.104Z", - "created_by": { - "email": null, - "full_name": null, - "username": "elastic" - }, - "pushed_at": null, - "pushed_by": null, - "updated_at": null, - "updated_by": null - } - }, - "push_case_response": { - "summary": "The push case API returns a JSON object with details about the case and the external service.", - "value": { - "id": "b917f300-0ed9-11ed-bd18-65557fe66949", - "version": "WzE3NjgsM10=", - "comments": [], - "totalComment": 0, - "totalAlerts": 0, - "description": "A case description.", - "title": "Case title 1", - "tags": [ - "tag 1" - ], - "settings": { - "syncAlerts": true - }, - "owner": "cases", - "duration": null, - "severity": "low", - "closed_at": null, - "closed_by": null, - "created_at": "2022-07-29T00:59:39.444Z", - "created_by": { - "username": "elastic", - "email": null, - "full_name": null - }, - "status": "open", - "updated_at": "2022-07-29T01:20:58.436Z", - "updated_by": { - "username": "elastic", - "full_name": null, - "email": null - }, - "connector": { - "id": "09f8c0b0-0eda-11ed-bd18-65557fe66949", - "name": "My connector", - "type": ".jira", - "fields": { - "issueType": "10006", - "parent": null, - "priority": "Low" - } - }, - "external_service": { - "pushed_at": "2022-07-29T01:20:58.436Z", - "pushed_by": { - "username": "elastic", - "full_name": null, - "email": null - }, - "connector_name": "My connector", - "external_id": "71926", - "external_title": "ES-554", - "external_url": "https://cases.jira.com", - "connector_id": "09f8c0b0-0eda-11ed-bd18-65557fe66949" - } - } - } - } - }, - "security": [ - { - "basicAuth": [] - }, - { - "apiKeyAuth": [] - } - ] -} \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/bundled-min.yaml b/x-pack/plugins/cases/docs/openapi/bundled-min.yaml deleted file mode 100644 index e255439def5dbf..00000000000000 --- a/x-pack/plugins/cases/docs/openapi/bundled-min.yaml +++ /dev/null @@ -1,2389 +0,0 @@ -openapi: 3.0.1 -info: - title: Cases - description: OpenAPI schema for Cases endpoints - version: '0.2' - contact: - name: Cases Team - license: - name: Elastic License 2.0 - url: https://www.elastic.co/licensing/elastic-license -tags: - - name: cases - description: Case APIs enable you to open and track issues. -servers: - - url: http://localhost:5601 - description: local -paths: - /s/{spaceId}/api/cases: - post: - summary: Creates a case. - operationId: createCase - description: | - You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're creating. - tags: - - cases - parameters: - - $ref: '#/components/parameters/kbn_xsrf' - - $ref: '#/components/parameters/space_id' - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/create_case_request' - examples: - createCaseRequest: - $ref: '#/components/examples/create_case_request' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - $ref: '#/components/schemas/case_response_properties' - examples: - createCaseResponse: - $ref: '#/components/examples/create_case_response' - servers: - - url: https://localhost:5601 - delete: - summary: Deletes one or more cases. - operationId: deleteCase - description: | - You must have `read` or `all` privileges and the `delete` sub-feature privilege for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting. - tags: - - cases - parameters: - - $ref: '#/components/parameters/kbn_xsrf' - - $ref: '#/components/parameters/space_id' - - name: ids - description: The cases that you want to removed. All non-ASCII characters must be URL encoded. - in: query - required: true - schema: - type: string - example: d4e7abb0-b462-11ec-9a8d-698504725a43 - responses: - '204': - description: Indicates a successful call. - servers: - - url: https://localhost:5601 - patch: - summary: Updates one or more cases. - operationId: updateCase - description: | - You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating. - tags: - - cases - parameters: - - $ref: '#/components/parameters/kbn_xsrf' - - $ref: '#/components/parameters/space_id' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/update_case_request' - examples: - updateCaseRequest: - $ref: '#/components/examples/update_case_request' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - type: array - items: - $ref: '#/components/schemas/case_response_properties' - examples: - updateCaseResponse: - $ref: '#/components/examples/update_case_response' - servers: - - url: https://localhost:5601 - servers: - - url: https://localhost:5601 - /s/{spaceId}/api/cases/alerts/{alertId}: - get: - summary: Returns the cases associated with a specific alert. - operationId: getCasesByAlert - description: | - You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. - x-technical-preview: true - tags: - - cases - parameters: - - $ref: '#/components/parameters/alert_id' - - $ref: '#/components/parameters/space_id' - - $ref: '#/components/parameters/owner' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - type: array - items: - type: object - properties: - id: - type: string - description: The case identifier. - title: - type: string - description: The case title. - example: - - id: 06116b80-e1c3-11ec-be9b-9b1838238ee6 - title: security_case - servers: - - url: https://localhost:5601 - servers: - - url: https://localhost:5601 - /s/{spaceId}/api/cases/configure: - get: - summary: Retrieves external connection details, such as the closure type and default connector for cases. - operationId: getCaseConfiguration - description: | - You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case configuration. - tags: - - cases - parameters: - - $ref: '#/components/parameters/space_id' - - $ref: '#/components/parameters/owner' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - type: array - items: - type: object - properties: - closure_type: - $ref: '#/components/schemas/closure_types' - connector: - type: object - properties: - fields: - description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. - nullable: true - type: object - id: - description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. - type: string - example: none - name: - description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. - type: string - example: none - type: - $ref: '#/components/schemas/connector_types' - created_at: - type: string - format: date-time - example: '2022-06-01T17:07:17.767Z' - created_by: - type: object - properties: - email: - type: string - example: null - nullable: true - full_name: - type: string - example: null - nullable: true - username: - type: string - example: elastic - error: - type: string - nullable: true - example: null - id: - type: string - example: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 - mappings: - type: array - items: - type: object - properties: - action_type: - type: string - example: overwrite - source: - type: string - example: title - target: - type: string - example: summary - owner: - $ref: '#/components/schemas/owners' - updated_at: - type: string - format: date-time - nullable: true - example: '2022-06-01T19:58:48.169Z' - updated_by: - type: object - properties: - email: - type: string - example: null - nullable: true - full_name: - type: string - example: null - nullable: true - username: - type: string - example: elastic - nullable: true - version: - type: string - example: WzIwNzMsMV0= - servers: - - url: https://localhost:5601 - post: - summary: Sets external connection details, such as the closure type and default connector for cases. - operationId: setCaseConfiguration - description: | - You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case configuration. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. Refer to the add connectors API. If you set a default connector, it is automatically selected when you create cases in Kibana. If you use the create case API, however, you must still specify all of the connector details. - tags: - - cases - parameters: - - $ref: '#/components/parameters/kbn_xsrf' - - $ref: '#/components/parameters/space_id' - requestBody: - content: - application/json: - schema: - type: object - properties: - closure_type: - $ref: '#/components/schemas/closure_types' - connector: - description: An object that contains the connector configuration. - type: object - properties: - fields: - description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. - nullable: true - type: object - id: - description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. - type: string - example: none - name: - description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. - type: string - example: none - type: - $ref: '#/components/schemas/connector_types' - required: - - fields - - id - - name - - type - owner: - $ref: '#/components/schemas/owners' - settings: - description: An object that contains the case settings. - type: object - properties: - syncAlerts: - description: Turns alert syncing on or off. - type: boolean - example: true - required: - - syncAlerts - required: - - closure_type - - connector - - owner - examples: - setCaseConfigRequest: - $ref: '#/components/examples/set_case_configuration_request' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - type: object - properties: - closure_type: - $ref: '#/components/schemas/closure_types' - connector: - type: object - properties: - fields: - description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. - nullable: true - type: object - id: - description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. - type: string - example: none - name: - description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. - type: string - example: none - type: - $ref: '#/components/schemas/connector_types' - created_at: - type: string - format: date-time - example: '2022-06-01T17:07:17.767Z' - created_by: - type: object - properties: - email: - type: string - example: null - nullable: true - full_name: - type: string - example: null - nullable: true - username: - type: string - example: elastic - error: - type: string - nullable: true - example: null - id: - type: string - example: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 - mappings: - type: array - items: - type: object - properties: - action_type: - type: string - example: overwrite - source: - type: string - example: title - target: - type: string - example: summary - owner: - $ref: '#/components/schemas/owners' - updated_at: - type: string - format: date-time - nullable: true - example: '2022-06-01T19:58:48.169Z' - updated_by: - type: object - properties: - email: - type: string - example: null - nullable: true - full_name: - type: string - example: null - nullable: true - username: - type: string - example: elastic - nullable: true - version: - type: string - example: WzIwNzMsMV0= - examples: - setCaseConfigResponse: - $ref: '#/components/examples/set_case_configuration_response' - servers: - - url: https://localhost:5601 - servers: - - url: https://localhost:5601 - /s/{spaceId}/api/cases/configure/{configurationId}: - patch: - summary: Updates external connection details, such as the closure type and default connector for cases. - operationId: updateCaseConfiguration - description: | - You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case configuration. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. Refer to the add connectors API. - tags: - - cases - parameters: - - $ref: '#/components/parameters/kbn_xsrf' - - $ref: '#/components/parameters/configuration_id' - - $ref: '#/components/parameters/space_id' - requestBody: - content: - application/json: - schema: - type: object - properties: - closure_type: - $ref: '#/components/schemas/closure_types' - connector: - description: An object that contains the connector configuration. - type: object - properties: - fields: - description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. - nullable: true - type: object - id: - description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. - type: string - example: none - name: - description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. - type: string - example: none - type: - $ref: '#/components/schemas/connector_types' - required: - - fields - - id - - name - - type - version: - description: | - The version of the connector. To retrieve the version value, use the get configuration API. - type: string - example: WzIwMiwxXQ== - required: - - version - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - type: array - items: - type: object - properties: - closure_type: - $ref: '#/components/schemas/closure_types' - connector: - type: object - properties: - fields: - description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. - nullable: true - type: object - id: - description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. - type: string - example: none - name: - description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. - type: string - example: none - type: - $ref: '#/components/schemas/connector_types' - created_at: - type: string - format: date-time - example: '2022-06-01T17:07:17.767Z' - created_by: - type: object - properties: - email: - type: string - example: null - nullable: true - full_name: - type: string - example: null - nullable: true - username: - type: string - example: elastic - error: - type: string - nullable: true - example: null - id: - type: string - example: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 - mappings: - type: array - items: - type: object - properties: - action_type: - type: string - example: overwrite - source: - type: string - example: title - target: - type: string - example: summary - owner: - $ref: '#/components/schemas/owners' - updated_at: - type: string - format: date-time - nullable: true - example: '2022-06-01T19:58:48.169Z' - updated_by: - type: object - properties: - email: - type: string - example: null - nullable: true - full_name: - type: string - example: null - nullable: true - username: - type: string - example: elastic - nullable: true - version: - type: string - example: WzIwNzMsMV0= - servers: - - url: https://localhost:5601 - servers: - - url: https://localhost:5601 - /s/{spaceId}/api/cases/reporters: - get: - summary: Returns information about the users who opened cases. - operationId: getCaseReporters - description: | - You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases. The API returns information about the users as they existed at the time of the case creation, including their name, full name, and email address. If any of those details change thereafter or if a user is deleted, the information returned by this API is unchanged. - tags: - - cases - parameters: - - $ref: '#/components/parameters/space_id' - - $ref: '#/components/parameters/owner' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - type: array - items: - type: object - properties: - email: - type: string - example: null - nullable: true - full_name: - type: string - example: null - nullable: true - username: - type: string - example: elastic - nullable: true - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - examples: - getReportersResponse: - $ref: '#/components/examples/get_reporters_response' - servers: - - url: https://localhost:5601 - servers: - - url: https://localhost:5601 - /s/{spaceId}/api/cases/status: - get: - summary: Returns the number of cases that are open, closed, and in progress. - operationId: getCaseStatus - description: | - You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. - deprecated: true - tags: - - cases - parameters: - - $ref: '#/components/parameters/space_id' - - $ref: '#/components/parameters/owner' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - type: object - properties: - count_closed_cases: - type: integer - count_in_progress_cases: - type: integer - count_open_cases: - type: integer - examples: - getStatusResponse: - $ref: '#/components/examples/get_status_response' - servers: - - url: https://localhost:5601 - servers: - - url: https://localhost:5601 - /s/{spaceId}/api/cases/tags: - get: - summary: Aggregates and returns a list of case tags. - operationId: getCaseTags - description: | - You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. - tags: - - cases - parameters: - - $ref: '#/components/parameters/space_id' - - in: query - name: owner - description: A filter to limit the retrieved case statistics to a specific set of applications. If this parameter is omitted, the response contains tags from all cases that the user has access to read. - schema: - oneOf: - - $ref: '#/components/schemas/owners' - - type: array - items: - $ref: '#/components/schemas/owners' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - type: array - items: - type: string - examples: - getTagsResponse: - $ref: '#/components/examples/get_tags_response' - servers: - - url: https://localhost:5601 - servers: - - url: https://localhost:5601 - /s/{spaceId}/api/cases/{caseId}: - get: - summary: Retrieves information about a case. - operationId: getCase - description: | - You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're seeking. - tags: - - cases - parameters: - - $ref: '#/components/parameters/case_id' - - $ref: '#/components/parameters/space_id' - - in: query - name: includeComments - description: Determines whether case comments are returned. - deprecated: true - schema: - type: boolean - default: true - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - $ref: '#/components/schemas/case_response_properties' - examples: - getCaseResponse: - $ref: '#/components/examples/get_case_response' - servers: - - url: https://localhost:5601 - servers: - - url: https://localhost:5601 - /s/{spaceId}/api/cases/{caseId}/comments: - post: - summary: Adds a comment or alert to a case. - operationId: addCaseComment - description: | - You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're creating. - tags: - - cases - parameters: - - $ref: '#/components/parameters/kbn_xsrf' - - $ref: '#/components/parameters/case_id' - - $ref: '#/components/parameters/space_id' - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/add_case_comment_request' - examples: - createCaseCommentRequest: - $ref: '#/components/examples/add_comment_request' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - $ref: '#/components/schemas/case_response_properties' - examples: - createCaseCommentResponse: - $ref: '#/components/examples/add_comment_response' - servers: - - url: https://localhost:5601 - delete: - summary: Deletes all comments and alerts from a case. - operationId: deleteCaseComments - description: | - You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting. - tags: - - cases - parameters: - - $ref: '#/components/parameters/kbn_xsrf' - - $ref: '#/components/parameters/case_id' - - $ref: '#/components/parameters/space_id' - responses: - '204': - description: Indicates a successful call. - servers: - - url: https://localhost:5601 - patch: - summary: Updates a comment or alert in a case. - operationId: updateCaseComment - description: | - You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating. NOTE: You cannot change the comment type or the owner of a comment. - tags: - - cases - parameters: - - $ref: '#/components/parameters/kbn_xsrf' - - $ref: '#/components/parameters/case_id' - - $ref: '#/components/parameters/space_id' - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/update_case_comment_request' - examples: - updateCaseCommentRequest: - $ref: '#/components/examples/update_comment_request' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - $ref: '#/components/schemas/case_response_properties' - examples: - updateCaseCommentResponse: - $ref: '#/components/examples/update_comment_response' - servers: - - url: https://localhost:5601 - get: - summary: Retrieves all the comments from a case. - operationId: getAllCaseComments - description: | - You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking. - deprecated: true - tags: - - cases - parameters: - - $ref: '#/components/parameters/case_id' - - $ref: '#/components/parameters/space_id' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - $ref: '#/components/schemas/case_response_properties' - servers: - - url: https://localhost:5601 - servers: - - url: https://localhost:5601 - /s/{spaceId}/api/cases/{caseId}/comments/{commentId}: - delete: - summary: Deletes a comment or alert from a case. - operationId: deleteCaseComment - description: | - You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting. - tags: - - cases - parameters: - - $ref: '#/components/parameters/kbn_xsrf' - - $ref: '#/components/parameters/case_id' - - $ref: '#/components/parameters/comment_id' - - $ref: '#/components/parameters/space_id' - responses: - '204': - description: Indicates a successful call. - servers: - - url: https://localhost:5601 - get: - summary: Retrieves a comment from a case. - operationId: getCaseComment - description: | - You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking. - tags: - - cases - parameters: - - $ref: '#/components/parameters/case_id' - - $ref: '#/components/parameters/comment_id' - - $ref: '#/components/parameters/space_id' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - oneOf: - - $ref: '#/components/schemas/alert_comment_response_properties' - - $ref: '#/components/schemas/user_comment_response_properties' - examples: - getCaseCommentResponse: - $ref: '#/components/examples/get_comment_response' - servers: - - url: https://localhost:5601 - servers: - - url: https://localhost:5601 - /s/{spaceId}/api/cases/{caseId}/connector/{connectorId}/_push: - post: - summary: Pushes a case to an external service. - description: | - You must have `all` privileges for the **Actions and Connectors** feature in the **Management** section of the Kibana feature privileges. You must also have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're pushing. - operationId: pushCase - tags: - - cases - parameters: - - $ref: '#/components/parameters/case_id' - - $ref: '#/components/parameters/connector_id' - - $ref: '#/components/parameters/kbn_xsrf' - - $ref: '#/components/parameters/space_id' - requestBody: - content: - application/json: - schema: - type: object - nullable: true - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - $ref: '#/components/schemas/case_response_properties' - examples: - pushCaseResponse: - $ref: '#/components/examples/push_case_response' - servers: - - url: https://localhost:5601 - servers: - - url: https://localhost:5601 -components: - securitySchemes: - basicAuth: - type: http - scheme: basic - apiKeyAuth: - type: apiKey - in: header - name: ApiKey - parameters: - kbn_xsrf: - schema: - type: string - in: header - name: kbn-xsrf - required: true - space_id: - in: path - name: spaceId - description: An identifier for the space. If `/s/` and the identifier are omitted from the path, the default space is used. - required: true - schema: - type: string - example: default - alert_id: - in: path - name: alertId - description: An identifier for the alert. - required: true - schema: - type: string - example: 09f0c261e39e36351d75995b78bb83673774d1bc2cca9df2d15f0e5c0a99a540 - owner: - in: query - name: owner - description: | - A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read. - schema: - oneOf: - - $ref: '#/components/schemas/owners' - - type: array - items: - $ref: '#/components/schemas/owners' - example: cases - configuration_id: - in: path - name: configurationId - description: An identifier for the configuration. - required: true - schema: - type: string - example: 3297a0f0-b5ec-11ec-b141-0fdb20a7f9a9 - case_id: - in: path - name: caseId - description: The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. - required: true - schema: - type: string - example: 9c235210-6834-11ea-a78c-6ffb38a34414 - comment_id: - in: path - name: commentId - description: | - The identifier for the comment. To retrieve comment IDs, use the get case or find cases APIs. - required: true - schema: - type: string - example: 71ec1870-725b-11ea-a0b2-c51ea50a58e2 - connector_id: - in: path - name: connectorId - description: An identifier for the connector. To retrieve connector IDs, use the find connectors API. - required: true - schema: - type: string - example: abed3a70-71bd-11ea-a0b2-c51ea50a58e2 - schemas: - connector_properties_none: - title: Create or update case request properties for no connector - required: - - fields - - id - - name - - type - description: Defines properties for connectors when type is `.none`. - type: object - properties: - fields: - description: An object containing the connector fields. To create a case without a connector, specify null. To update a case to remove the connector, specify null. - nullable: true - type: string - example: null - id: - description: The identifier for the connector. To create a case without a connector, use `none`. To update a case to remove the connector, specify `none`. - type: string - example: none - name: - description: The name of the connector. To create a case without a connector, use `none`. To update a case to remove the connector, specify `none`. - type: string - example: none - type: - description: The type of connector. To create a case without a connector, use `.none`. To update a case to remove the connector, specify `.none`. - type: string - example: .none - enum: - - .none - connector_properties_cases_webhook: - title: Create or upate case request properties for Cases Webhook connector - required: - - fields - - id - - name - - type - description: Defines properties for connectors when type is `.cases-webhook`. - type: object - properties: - fields: - type: string - nullable: true - example: null - id: - description: The identifier for the connector. To retrieve connector IDs, use the find connectors API. - type: string - name: - description: The name of the connector. - type: string - type: - description: The type of connector. - type: string - example: .cases-webhook - enum: - - .cases-webhook - connector_properties_jira: - title: Create or update case request properties for a Jira connector - required: - - fields - - id - - name - - type - description: Defines properties for connectors when type is `.jira`. - type: object - properties: - fields: - description: An object containing the connector fields. If you want to omit any individual field, specify null as its value. - type: object - required: - - issueType - - parent - - priority - properties: - issueType: - description: The type of issue. - type: string - nullable: true - parent: - description: The key of the parent issue, when the issue type is sub-task. - type: string - nullable: true - priority: - description: The priority of the issue. - type: string - nullable: true - id: - description: The identifier for the connector. To retrieve connector IDs, use the find connectors API. - type: string - name: - description: The name of the connector. - type: string - type: - description: The type of connector. - type: string - example: .jira - enum: - - .jira - connector_properties_resilient: - title: Create case request properties for a IBM Resilient connector - required: - - fields - - id - - name - - type - description: Defines properties for connectors when type is `.resilient`. - type: object - properties: - fields: - description: An object containing the connector fields. If you want to omit any individual field, specify null as its value. - type: object - nullable: true - required: - - issueTypes - - severityCode - properties: - issueTypes: - description: The type of incident. - type: array - items: - type: string - severityCode: - description: The severity code of the incident. - type: string - id: - description: The identifier for the connector. - type: string - name: - description: The name of the connector. - type: string - type: - description: The type of connector. - type: string - example: .resilient - enum: - - .resilient - connector_properties_servicenow: - title: Create case request properties for a ServiceNow ITSM connector - required: - - fields - - id - - name - - type - description: Defines properties for connectors when type is `.servicenow`. - type: object - properties: - fields: - description: An object containing the connector fields. If you want to omit any individual field, specify null as its value. - type: object - required: - - category - - impact - - severity - - subcategory - - urgency - properties: - category: - description: The category of the incident. - type: string - nullable: true - impact: - description: The effect an incident had on business. - type: string - nullable: true - severity: - description: The severity of the incident. - type: string - nullable: true - subcategory: - description: The subcategory of the incident. - type: string - nullable: true - urgency: - description: The extent to which the incident resolution can be delayed. - type: string - nullable: true - id: - description: The identifier for the connector. To retrieve connector IDs, use the find connectors API. - type: string - name: - description: The name of the connector. - type: string - type: - description: The type of connector. - type: string - example: .servicenow - enum: - - .servicenow - connector_properties_servicenow_sir: - title: Create case request properties for a ServiceNow SecOps connector - required: - - fields - - id - - name - - type - description: Defines properties for connectors when type is `.servicenow-sir`. - type: object - properties: - fields: - description: An object containing the connector fields. If you want to omit any individual field, specify null as its value. - type: object - required: - - category - - destIp - - malwareHash - - malwareUrl - - priority - - sourceIp - - subcategory - properties: - category: - description: The category of the incident. - type: string - nullable: true - destIp: - description: Indicates whether cases will send a comma-separated list of destination IPs. - type: boolean - nullable: true - malwareHash: - description: Indicates whether cases will send a comma-separated list of malware hashes. - type: boolean - nullable: true - malwareUrl: - description: Indicates whether cases will send a comma-separated list of malware URLs. - type: boolean - nullable: true - priority: - description: The priority of the issue. - type: string - nullable: true - sourceIp: - description: Indicates whether cases will send a comma-separated list of source IPs. - type: boolean - nullable: true - subcategory: - description: The subcategory of the incident. - type: string - nullable: true - id: - description: The identifier for the connector. To retrieve connector IDs, use the find connectors API. - type: string - name: - description: The name of the connector. - type: string - type: - description: The type of connector. - type: string - example: .servicenow-sir - enum: - - .servicenow-sir - connector_properties_swimlane: - title: Create case request properties for a Swimlane connector - required: - - fields - - id - - name - - type - description: Defines properties for connectors when type is `.swimlane`. - type: object - properties: - fields: - description: An object containing the connector fields. If you want to omit any individual field, specify null as its value. - type: object - required: - - caseId - properties: - caseId: - description: The case identifier for Swimlane connectors. - type: string - nullable: true - id: - description: The identifier for the connector. To retrieve connector IDs, use the find connectors API. - type: string - name: - description: The name of the connector. - type: string - type: - description: The type of connector. - type: string - example: .swimlane - enum: - - .swimlane - owners: - type: string - description: | - The application that owns the cases: Stack Management, Observability, or Elastic Security. - enum: - - cases - - observability - - securitySolution - example: cases - settings: - type: object - description: An object that contains the case settings. - required: - - syncAlerts - properties: - syncAlerts: - description: Turns alert syncing on or off. - type: boolean - example: true - severity_property: - type: string - description: The severity of the case. - enum: - - critical - - high - - low - - medium - default: low - create_case_request: - title: Create case request - description: The create case API request body varies depending on the type of connector. - type: object - required: - - connector - - description - - owner - - settings - - tags - - title - properties: - assignees: - type: array - description: An array containing users that are assigned to the case. - nullable: true - items: - type: object - required: - - uid - properties: - uid: - type: string - description: A unique identifier for the user profile. These identifiers can be found by using the suggest user profile API. - example: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 - connector: - oneOf: - - $ref: '#/components/schemas/connector_properties_none' - - $ref: '#/components/schemas/connector_properties_cases_webhook' - - $ref: '#/components/schemas/connector_properties_jira' - - $ref: '#/components/schemas/connector_properties_resilient' - - $ref: '#/components/schemas/connector_properties_servicenow' - - $ref: '#/components/schemas/connector_properties_servicenow_sir' - - $ref: '#/components/schemas/connector_properties_swimlane' - description: - description: The description for the case. - type: string - owner: - $ref: '#/components/schemas/owners' - settings: - $ref: '#/components/schemas/settings' - severity: - $ref: '#/components/schemas/severity_property' - tags: - description: The words and phrases that help categorize cases. It can be an empty array. - type: array - items: - type: string - title: - description: A title for the case. - type: string - case_response_closed_by_properties: - title: Case response properties for closed_by - type: object - nullable: true - properties: - email: - type: string - example: null - nullable: true - full_name: - type: string - example: null - nullable: true - username: - type: string - example: elastic - nullable: true - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - required: - - email - - full_name - - username - alert_comment_response_properties: - title: Add case comment response properties for alerts - type: object - required: - - type - properties: - alertId: - type: string - example: 6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42 - created_at: - type: string - format: date-time - example: '2022-03-24T02:31:03.210Z' - created_by: - type: object - properties: - email: - type: string - example: null - nullable: true - full_name: - type: string - example: null - nullable: true - username: - type: string - example: elastic - nullable: true - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - id: - type: string - example: 73362370-ab1a-11ec-985f-97e55adae8b9 - index: - type: string - example: .internal.alerts-security.alerts-default-000001 - owner: - $ref: '#/components/schemas/owners' - pushed_at: - type: string - format: date-time - example: null - nullable: true - pushed_by: - type: object - properties: - email: - type: string - example: null - nullable: true - full_name: - type: string - example: null - nullable: true - username: - type: string - example: elastic - nullable: true - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - nullable: true - rule: - type: object - properties: - id: - description: The rule identifier. - type: string - example: 94d80550-aaf4-11ec-985f-97e55adae8b9 - name: - description: The rule name. - type: string - example: security_rule - type: - type: string - example: alert - enum: - - alert - updated_at: - type: string - format: date-time - example: null - updated_by: - type: object - properties: - email: - type: string - example: null - nullable: true - full_name: - type: string - example: null - nullable: true - username: - type: string - example: elastic - nullable: true - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - version: - type: string - example: WzMwNDgsMV0= - case_response_created_by_properties: - title: Case response properties for created_by - type: object - properties: - email: - type: string - example: null - nullable: true - full_name: - type: string - example: null - nullable: true - username: - type: string - example: elastic - nullable: true - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - required: - - email - - full_name - - username - case_response_pushed_by_properties: - title: Case response properties for pushed_by - type: object - nullable: true - properties: - email: - type: string - example: null - nullable: true - full_name: - type: string - example: null - nullable: true - username: - type: string - example: elastic - nullable: true - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - required: - - email - - full_name - - username - case_response_updated_by_properties: - title: Case response properties for updated_by - type: object - nullable: true - properties: - email: - type: string - example: null - nullable: true - full_name: - type: string - example: null - nullable: true - username: - type: string - example: elastic - nullable: true - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - required: - - email - - full_name - - username - user_comment_response_properties: - title: Case response properties for user comments - type: object - required: - - type - properties: - comment: - type: string - example: A new comment. - created_at: - type: string - format: date-time - example: '2022-05-13T09:16:17.416Z' - created_by: - $ref: '#/components/schemas/case_response_created_by_properties' - id: - type: string - example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 - owner: - $ref: '#/components/schemas/owners' - pushed_at: - type: string - format: date-time - nullable: true - example: null - pushed_by: - $ref: '#/components/schemas/case_response_pushed_by_properties' - type: - type: string - example: user - enum: - - user - updated_at: - type: string - format: date-time - nullable: true - example: null - updated_by: - $ref: '#/components/schemas/case_response_updated_by_properties' - version: - type: string - example: WzIwNDMxLDFd - external_service: - type: object - nullable: true - properties: - connector_id: - type: string - connector_name: - type: string - external_id: - type: string - external_title: - type: string - external_url: - type: string - pushed_at: - type: string - format: date-time - pushed_by: - type: object - properties: - email: - type: string - example: null - nullable: true - full_name: - type: string - example: null - nullable: true - username: - type: string - example: elastic - nullable: true - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - nullable: true - status: - type: string - description: The status of the case. - enum: - - closed - - in-progress - - open - case_response_properties: - title: Case response properties - type: object - required: - - closed_at - - closed_by - - comments - - connector - - created_at - - created_by - - description - - duration - - external_service - - id - - owner - - settings - - severity - - status - - tags - - title - - totalAlerts - - totalComment - - updated_at - - updated_by - - version - properties: - assignees: - type: array - description: An array containing users that are assigned to the case. - nullable: true - items: - type: object - required: - - uid - properties: - uid: - type: string - description: A unique identifier for the user profile. You can use the get user profile API to retrieve more details. - example: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 - closed_at: - type: string - format: date-time - nullable: true - closed_by: - $ref: '#/components/schemas/case_response_closed_by_properties' - comments: - title: Case response properties for comments - description: An array of comment objects for the case. - type: array - items: - discriminator: - propertyName: type - oneOf: - - $ref: '#/components/schemas/alert_comment_response_properties' - - $ref: '#/components/schemas/user_comment_response_properties' - connector: - title: Case response properties for connectors - discriminator: - propertyName: type - oneOf: - - $ref: '#/components/schemas/connector_properties_none' - - $ref: '#/components/schemas/connector_properties_cases_webhook' - - $ref: '#/components/schemas/connector_properties_jira' - - $ref: '#/components/schemas/connector_properties_resilient' - - $ref: '#/components/schemas/connector_properties_servicenow' - - $ref: '#/components/schemas/connector_properties_servicenow_sir' - - $ref: '#/components/schemas/connector_properties_swimlane' - created_at: - type: string - format: date-time - example: '2022-05-13T09:16:17.416Z' - created_by: - $ref: '#/components/schemas/case_response_created_by_properties' - description: - type: string - example: A case description. - duration: - type: integer - description: | - The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero. - nullable: true - example: 120 - external_service: - $ref: '#/components/schemas/external_service' - id: - type: string - example: 66b9aa00-94fa-11ea-9f74-e7e108796192 - owner: - $ref: '#/components/schemas/owners' - settings: - $ref: '#/components/schemas/settings' - severity: - $ref: '#/components/schemas/severity_property' - status: - $ref: '#/components/schemas/status' - tags: - type: array - items: - type: string - example: - - tag-1 - title: - type: string - example: Case title 1 - totalAlerts: - type: integer - example: 0 - totalComment: - type: integer - example: 0 - updated_at: - type: string - format: date-time - nullable: true - updated_by: - $ref: '#/components/schemas/case_response_updated_by_properties' - version: - type: string - example: WzUzMiwxXQ== - update_case_request: - title: Update case request - description: The update case API request body varies depending on the type of connector. - type: object - required: - - cases - properties: - cases: - type: array - description: An array containing one or more case objects. - items: - type: object - required: - - id - - version - properties: - assignees: - type: array - description: An array containing users that are assigned to the case. - nullable: true - items: - type: object - required: - - uid - properties: - uid: - type: string - description: A unique identifier for the user profile. These identifiers can be found by using the suggest user profile API. - example: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 - connector: - oneOf: - - $ref: '#/components/schemas/connector_properties_none' - - $ref: '#/components/schemas/connector_properties_cases_webhook' - - $ref: '#/components/schemas/connector_properties_jira' - - $ref: '#/components/schemas/connector_properties_resilient' - - $ref: '#/components/schemas/connector_properties_servicenow' - - $ref: '#/components/schemas/connector_properties_servicenow_sir' - - $ref: '#/components/schemas/connector_properties_swimlane' - description: - description: An updated description for the case. - type: string - id: - description: The identifier for the case. - type: string - settings: - $ref: '#/components/schemas/settings' - severity: - $ref: '#/components/schemas/severity_property' - status: - $ref: '#/components/schemas/status' - tags: - description: The words and phrases that help categorize cases. - type: array - items: - type: string - title: - description: A title for the case. - type: string - version: - description: The current version of the case. To determine this value, use the get case or find cases APIs. - type: string - closure_types: - type: string - description: Indicates whether a case is automatically closed when it is pushed to external systems (`close-by-pushing`) or not automatically closed (`close-by-user`). - enum: - - close-by-pushing - - close-by-user - example: close-by-user - connector_types: - type: string - description: The type of connector. - enum: - - .cases-webhook - - .jira - - .none - - .resilient - - .servicenow - - .servicenow-sir - - .swimlane - example: .none - alert_identifiers: - title: Alert identifiers - description: | - The alert identifier. It is required only when `type` is `alert`. If it is an array, `index` must also be an array with the same length or number of elements. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. - oneOf: - - type: string - - type: array - items: - type: string - x-technical-preview: true - example: 6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42 - alert_indices: - title: Alert indices - description: | - The alert index. It is required only when `type` is `alert`. If it is an array, `alertId` must also be an array with the same length or number of elements. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. - oneOf: - - type: string - - type: array - items: - type: string - x-technical-preview: true - rule: - title: Alerting rule - description: | - The rule that is associated with the alert. It is required only when `type` is `alert`. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. - type: object - x-technical-preview: true - properties: - id: - description: The rule identifier. - type: string - example: 94d80550-aaf4-11ec-985f-97e55adae8b9 - name: - description: The rule name. - type: string - example: security_rule - add_alert_comment_request_properties: - title: Add case comment request properties for alerts - required: - - alertId - - index - - owner - - rule - - type - description: Defines properties for case comment requests when type is alert. - type: object - properties: - alertId: - $ref: '#/components/schemas/alert_identifiers' - index: - $ref: '#/components/schemas/alert_indices' - owner: - $ref: '#/components/schemas/owners' - rule: - $ref: '#/components/schemas/rule' - type: - description: The type of comment. - type: string - example: alert - enum: - - alert - add_user_comment_request_properties: - title: Add case comment request properties for user comments - description: Defines properties for case comment requests when type is user. - type: object - properties: - comment: - description: The new comment. It is required only when `type` is `user`. - type: string - example: A new comment. - owner: - $ref: '#/components/schemas/owners' - type: - type: string - description: The type of comment. - example: user - enum: - - user - required: - - comment - - owner - - type - add_case_comment_request: - title: Add case comment request - description: The add comment to case API request body varies depending on whether you are adding an alert or a comment. - discriminator: - propertyName: type - oneOf: - - $ref: '#/components/schemas/add_alert_comment_request_properties' - - $ref: '#/components/schemas/add_user_comment_request_properties' - update_alert_comment_request_properties: - title: Update case comment request properties for alerts - description: Defines properties for case comment requests when type is alert. - required: - - alertId - - id - - index - - owner - - rule - - type - - version - type: object - properties: - alertId: - $ref: '#/components/schemas/alert_identifiers' - id: - type: string - description: | - The identifier for the comment. To retrieve comment IDs, use the get comments API. - example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 - index: - $ref: '#/components/schemas/alert_indices' - owner: - $ref: '#/components/schemas/owners' - rule: - $ref: '#/components/schemas/rule' - type: - description: The type of comment. - type: string - enum: - - alert - example: alert - version: - description: | - The current comment version. To retrieve version values, use the get comments API. - type: string - example: Wzk1LDFd - update_user_comment_request_properties: - title: Update case comment request properties for user comments - description: Defines properties for case comment requests when type is user. - type: object - properties: - comment: - description: The new comment. It is required only when `type` is `user`. - type: string - example: A new comment. - id: - type: string - description: | - The identifier for the comment. To retrieve comment IDs, use the get comments API. - example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 - owner: - $ref: '#/components/schemas/owners' - type: - type: string - description: The type of comment. - enum: - - user - example: user - version: - description: | - The current comment version. To retrieve version values, use the get comments API. - type: string - example: Wzk1LDFd - required: - - comment - - id - - owner - - type - - version - update_case_comment_request: - title: Update case comment request - description: The update case comment API request body varies depending on whether you are updating an alert or a comment. - discriminator: - propertyName: type - oneOf: - - $ref: '#/components/schemas/update_alert_comment_request_properties' - - $ref: '#/components/schemas/update_user_comment_request_properties' - examples: - create_case_request: - summary: Create a security case that uses a Jira connector. - value: - description: A case description. - title: Case title 1 - tags: - - tag-1 - connector: - id: 131d4448-abe0-4789-939d-8ef60680b498 - name: My connector - type: .jira - fields: - issueType: '10006' - priority: High - parent: null - settings: - syncAlerts: true - owner: cases - create_case_response: - summary: The create case API returns a JSON object that contains details about the case. - value: - comments: [] - totalAlerts: 0 - id: 66b9aa00-94fa-11ea-9f74-e7e108796192 - version: WzUzMiwxXQ== - totalComment: 1 - title: Case title 1 - tags: - - tag 1 - assignees: [] - description: A case description. - settings: - syncAlerts: false - owner: cases - duration: null - severity: low - closed_at: null - closed_by: null - created_at: '2022-03-24T00:37:03.906Z' - created_by: - username: elastic - full_name: null - email: null - status: open - updated_at: null - updated_by: null - connector: - id: 131d4448-abe0-4789-939d-8ef60680b498 - name: My connector - type: .jira - fields: - issueType: '10006' - parent: null - priority: High - external_service: null - update_case_request: - summary: Update the case description, tags, and connector. - value: - cases: - - id: a18b38a0-71b0-11ea-a0b2-c51ea50a58e2 - version: WzIzLDFd - connector: - id: 131d4448-abe0-4789-939d-8ef60680b498 - name: My connector - type: .jira - fields: - issueType: '10006' - priority: null - parent: null - description: A case description. - tags: - - tag-1 - settings: - syncAlerts: true - update_case_response: - summary: This is an example response when the case description, tags, and connector were updated. - value: - - id: 66b9aa00-94fa-11ea-9f74-e7e108796192 - version: WzU0OCwxXQ== - comments: [] - totalComment: 0 - totalAlerts: 0 - title: Case title 1 - tags: - - tag-1 - settings: - syncAlerts: true - owner: cases - description: A case description. - duration: null - severity: low - closed_at: null - closed_by: null - created_at: '2022-05-13T09:16:17.416Z' - created_by: - email: null - full_name: null - username: elastic - status: open - updated_at: '2022-05-13T09:48:33.043Z' - updated_by: - email: null - full_name: null - username: elastic - assignees: [] - connector: - id: 131d4448-abe0-4789-939d-8ef60680b498 - name: My connector - type: .jira - fields: - issueType: '10006' - parent: null - priority: null - external_service: - external_title: IS-4 - pushed_by: - full_name: null - email: null - username: elastic - external_url: https://hms.atlassian.net/browse/IS-4 - pushed_at: '2022-05-13T09:20:40.672Z' - connector_id: 05da469f-1fde-4058-99a3-91e4807e2de8 - external_id: '10003' - connector_name: Jira - set_case_configuration_request: - summary: Set the closure type and default connector for Stack Management cases. - value: - owner: cases - connector: - id: 5e656730-e1ca-11ec-be9b-9b1838238ee6 - name: my-jira-connector - type: .jira - fields: null - closure_type: close-by-user - set_case_configuration_response: - summary: This is an example response when the case configuration was updated. - value: - closure_type: close-by-user - owner: cases - created_at: '2022-06-01T17:07:17.767Z' - created_by: - username: elastic - email: null, - full_name: null - updated_at: null - updated_by: null - connector: - id: 5e656730-e1ca-11ec-be9b-9b1838238ee6 - name: my-jira-connector - type: .jira - fields: null - mappings: - - source: title - target: summary - action_type: overwrite - - source: description - target: description - action_type: overwrite - - source: comments - target: comments - action_type: append - version: WzIwNzMsMV0= - error: null - id: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 - get_reporters_response: - summary: A list of three users that opened cases - value: - - username: elastic - full_name: null - email: null - - username: user1 - full_name: User 1 - email: user1@elastic.co - - username: user2 - full_name: User 2 - email: user2@elastic.co - get_status_response: - summary: Get the number of cases in each state. - value: - count_open_cases: 27 - count_in_progress_cases: 50 - count_closed_cases: 198 - get_tags_response: - summary: A list of tags that are used in cases - value: - - observability - - security - - tag 1 - - tag 2 - get_case_response: - summary: Retrieves information about a case including its comments. - value: - id: 31cdada0-02c1-11ed-85f2-4f7c222ca2fa - version: WzM2LDFd - comments: - - id: 2134c1d0-02c2-11ed-85f2-4f7c222ca2fa - version: WzM3LDFd - type: user - owner: cases - comment: A new comment - created_at: '2022-07-13T15:40:32.335Z' - created_by: - email: null - full_name: null - username: elastic - pushed_at: null - pushed_by: null - updated_at: null - updated_by: null - totalComment: 1 - totalAlerts: 0 - title: Case title 1 - tags: - - tag 1 - settings: - syncAlerts: true - owner: cases - description: A case description - duration: null - severity: low - closed_at: null - closed_by: null - created_at: '2022-07-13T15:33:50.604Z' - created_by: - username: elastic - email: null - full_name: null - status: open - updated_at: '2022-07-13T15:40:32.335Z' - updated_by: - full_name: null - email: null - username: elastic - assignees: - - uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - connector: - id: none - name: none - type: .none - fields: null - external_service: null - add_comment_request: - summary: Adds a comment to a case. - value: - type: user - comment: A new comment. - owner: cases - add_comment_response: - summary: The add comment to case API returns a JSON object that contains details about the case and its comments. - value: - comments: - - id: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 - version: WzIwNDMxLDFd - type: user - owner: cases - comment: A new comment. - created_at: '2022-06-02T00:49:47.716Z' - created_by: - username: elastic - email: null - full_name: null - totalAlerts: 0 - id: 293f1bc0-74f6-11ea-b83a-553aecdb28b6 - version: WzIzMzgsMV0= - totalComment: 1 - title: Case title 1 - tags: - - tag 1 - description: A case description. - settings: - syncAlerts: false - owner: cases - duration: null - severity: low - closed_at: null - closed_by: null - created_at: '2022-03-24T00:37:03.906Z' - created_by: - username: elastic - full_name: null - email: null - status: open - updated_at: '2022-06-03T00:49:47.716Z' - updated_by: - username: elastic - email: null - full_name: null - connector: - id: none - name: none - type: .none - fields: null - external_service: null - update_comment_request: - summary: Updates a comment of a case. - value: - id: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 - version: Wzk1LDFd - type: user - comment: An updated comment. - owner: cases - update_comment_response: - summary: The add comment to case API returns a JSON object that contains details about the case and its comments. - value: - comments: - - id: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 - version: WzIwNjM3LDFd - comment: An updated comment. - type: user - owner: cases - created_at: '2022-03-24T00:37:10.832Z' - created_by: - username: elastic - full_name: null - email: null - pushed_at: null - pushed_by: null - updated_at: '2022-03-24T01:27:06.210Z' - updated_by: - username: elastic - full_name: null - email: null - totalAlerts: 0 - id: 293f1bc0-74f6-11ea-b83a-553aecdb28b6 - version: WzIwNjM2LDFd - totalComment: 1 - title: Case title 1 - tags: - - tag 1 - description: A case description. - settings: - syncAlerts: false - owner: cases - duration: null - severity: low - closed_at: null - closed_by: null - created_at: '2022-03-24T00:37:03.906Z' - created_by: - username: elastic - full_name: null - email: null - status: open - updated_at: '2022-03-24T01:27:06.210Z' - updated_by: - username: elastic - full_name: null - email: null - connector: - id: none - name: none - type: .none - fields: null - external_service: null - get_comment_response: - summary: A single user comment retrieved from a case - value: - id: 8048b460-fe2b-11ec-b15d-779a7c8bbcc3 - version: WzIzLDFd - type: user - owner: cases - comment: A new comment - created_at: '2022-07-07T19:32:13.104Z' - created_by: - email: null - full_name: null - username: elastic - pushed_at: null - pushed_by: null - updated_at: null - updated_by: null - push_case_response: - summary: The push case API returns a JSON object with details about the case and the external service. - value: - id: b917f300-0ed9-11ed-bd18-65557fe66949 - version: WzE3NjgsM10= - comments: [] - totalComment: 0 - totalAlerts: 0 - description: A case description. - title: Case title 1 - tags: - - tag 1 - settings: - syncAlerts: true - owner: cases - duration: null - severity: low - closed_at: null - closed_by: null - created_at: '2022-07-29T00:59:39.444Z' - created_by: - username: elastic - email: null - full_name: null - status: open - updated_at: '2022-07-29T01:20:58.436Z' - updated_by: - username: elastic - full_name: null - email: null - connector: - id: 09f8c0b0-0eda-11ed-bd18-65557fe66949 - name: My connector - type: .jira - fields: - issueType: '10006' - parent: null - priority: Low - external_service: - pushed_at: '2022-07-29T01:20:58.436Z' - pushed_by: - username: elastic - full_name: null - email: null - connector_name: My connector - external_id: '71926' - external_title: ES-554 - external_url: https://cases.jira.com - connector_id: 09f8c0b0-0eda-11ed-bd18-65557fe66949 -security: - - basicAuth: [] - - apiKeyAuth: [] diff --git a/x-pack/plugins/cases/docs/openapi/bundled.json b/x-pack/plugins/cases/docs/openapi/bundled.json index 4202c658ee4ffa..ebdc5cb9cf8592 100644 --- a/x-pack/plugins/cases/docs/openapi/bundled.json +++ b/x-pack/plugins/cases/docs/openapi/bundled.json @@ -16,10 +16,6 @@ { "name": "cases", "description": "Case APIs enable you to open and track issues." - }, - { - "name": "kibana", - "description": "Kibana APIs enable you to interact with Kibana features." } ], "servers": [ @@ -46,140 +42,11 @@ } ], "requestBody": { + "required": true, "content": { "application/json": { "schema": { - "type": "object", - "properties": { - "connector": { - "description": "An object that contains the connector configuration.", - "type": "object", - "properties": { - "fields": { - "description": "An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.", - "nullable": true, - "type": "object", - "properties": { - "caseId": { - "description": "The case identifier for Swimlane connectors.", - "type": "string" - }, - "category": { - "description": "The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.", - "type": "string" - }, - "destIp": { - "description": "A comma-separated list of destination IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "impact": { - "description": "The effect an incident had on business for ServiceNow ITSM connectors.", - "type": "string" - }, - "issueType": { - "description": "The type of issue for Jira connectors.", - "type": "string" - }, - "issueTypes": { - "description": "The type of incident for IBM Resilient connectors.", - "type": "array", - "items": { - "type": "number" - } - }, - "malwareHash": { - "description": "A comma-separated list of malware hashes for ServiceNow SecOps connectors.", - "type": "string" - }, - "malwareUrl": { - "description": "A comma-separated list of malware URLs for ServiceNow SecOps connectors.", - "type": "string" - }, - "parent": { - "description": "The key of the parent issue, when the issue type is sub-task for Jira connectors.", - "type": "string" - }, - "priority": { - "description": "The priority of the issue for Jira and ServiceNow SecOps connectors.", - "type": "string" - }, - "severity": { - "description": "The severity of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "severityCode": { - "description": "The severity code of the incident for IBM Resilient connectors.", - "type": "number" - }, - "sourceIp": { - "description": "A comma-separated list of source IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "subcategory": { - "description": "The subcategory of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "urgency": { - "description": "The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.", - "type": "string" - } - }, - "example": null - }, - "id": { - "description": "The identifier for the connector. To create a case without a connector, use `none`.", - "type": "string", - "example": "none" - }, - "name": { - "description": "The name of the connector. To create a case without a connector, use `none`.", - "type": "string", - "example": "none" - }, - "type": { - "$ref": "#/components/schemas/connector_types" - } - }, - "required": [ - "fields", - "id", - "name", - "type" - ] - }, - "description": { - "description": "The description for the case.", - "type": "string" - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "settings": { - "$ref": "#/components/schemas/settings" - }, - "severity": { - "$ref": "#/components/schemas/severity_property" - }, - "tags": { - "description": "The words and phrases that help categorize cases. It can be an empty array.", - "type": "array", - "items": { - "type": "string" - } - }, - "title": { - "description": "A title for the case.", - "type": "string" - } - }, - "required": [ - "connector", - "description", - "owner", - "settings", - "tags", - "title" - ] + "$ref": "#/components/schemas/create_case_request" }, "examples": { "createCaseRequest": { @@ -193,251 +60,9 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { - "type": "object", - "properties": { - "closed_at": { - "type": "string", - "format": "date-time", - "nullable": true, - "example": null - }, - "closed_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "nullable": true, - "example": null - }, - "comments": { - "type": "array", - "items": { - "oneOf": [ - { - "$ref": "#/components/schemas/alert_comment_response_properties" - }, - { - "$ref": "#/components/schemas/user_comment_response_properties" - } - ] - }, - "example": [] - }, - "connector": { - "type": "object", - "properties": { - "fields": { - "description": "An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.", - "nullable": true, - "type": "object", - "properties": { - "caseId": { - "description": "The case identifier for Swimlane connectors.", - "type": "string" - }, - "category": { - "description": "The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.", - "type": "string" - }, - "destIp": { - "description": "A comma-separated list of destination IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "impact": { - "description": "The effect an incident had on business for ServiceNow ITSM connectors.", - "type": "string" - }, - "issueType": { - "description": "The type of issue for Jira connectors.", - "type": "string" - }, - "issueTypes": { - "description": "The type of incident for IBM Resilient connectors.", - "type": "array", - "items": { - "type": "number" - } - }, - "malwareHash": { - "description": "A comma-separated list of malware hashes for ServiceNow SecOps connectors.", - "type": "string" - }, - "malwareUrl": { - "description": "A comma-separated list of malware URLs for ServiceNow SecOps connectors.", - "type": "string" - }, - "parent": { - "description": "The key of the parent issue, when the issue type is sub-task for Jira connectors.", - "type": "string" - }, - "priority": { - "description": "The priority of the issue for Jira and ServiceNow SecOps connectors.", - "type": "string" - }, - "severity": { - "description": "The severity of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "severityCode": { - "description": "The severity code of the incident for IBM Resilient connectors.", - "type": "number" - }, - "sourceIp": { - "description": "A comma-separated list of source IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "subcategory": { - "description": "The subcategory of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "urgency": { - "description": "The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.", - "type": "string" - } - }, - "example": null - }, - "id": { - "description": "The identifier for the connector. To create a case without a connector, use `none`.", - "type": "string", - "example": "none" - }, - "name": { - "description": "The name of the connector. To create a case without a connector, use `none`.", - "type": "string", - "example": "none" - }, - "type": { - "$ref": "#/components/schemas/connector_types" - } - } - }, - "created_at": { - "type": "string", - "format": "date-time", - "example": "2022-05-13T09:16:17.416Z" - }, - "created_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - } - }, - "description": { - "type": "string", - "example": "A case description." - }, - "duration": { - "type": "integer", - "description": "The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero.\n", - "example": 120 - }, - "external_service": { - "$ref": "#/components/schemas/external_service" - }, - "id": { - "type": "string", - "example": "66b9aa00-94fa-11ea-9f74-e7e108796192" - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "settings": { - "$ref": "#/components/schemas/settings" - }, - "severity": { - "$ref": "#/components/schemas/severity_property" - }, - "status": { - "$ref": "#/components/schemas/status" - }, - "tags": { - "type": "array", - "items": { - "type": "string" - }, - "example": [ - "tag-1" - ] - }, - "title": { - "type": "string", - "example": "Case title 1" - }, - "totalAlerts": { - "type": "integer", - "example": 0 - }, - "totalComment": { - "type": "integer", - "example": 0 - }, - "updated_at": { - "type": "string", - "format": "date-time", - "nullable": true, - "example": null - }, - "updated_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "nullable": true, - "example": null - }, - "version": { - "type": "string", - "example": "WzUzMiwxXQ==" - } - } + "$ref": "#/components/schemas/case_response_properties" }, "examples": { "createCaseResponse": { @@ -509,149 +134,7 @@ "content": { "application/json": { "schema": { - "type": "object", - "properties": { - "cases": { - "type": "array", - "items": { - "type": "object", - "properties": { - "connector": { - "description": "An object that contains the connector configuration.", - "type": "object", - "properties": { - "fields": { - "description": "An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.", - "nullable": true, - "type": "object", - "properties": { - "caseId": { - "description": "The case identifier for Swimlane connectors.", - "type": "string" - }, - "category": { - "description": "The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.", - "type": "string" - }, - "destIp": { - "description": "A comma-separated list of destination IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "impact": { - "description": "The effect an incident had on business for ServiceNow ITSM connectors.", - "type": "string" - }, - "issueType": { - "description": "The type of issue for Jira connectors.", - "type": "string" - }, - "issueTypes": { - "description": "The type of incident for IBM Resilient connectors.", - "type": "array", - "items": { - "type": "number" - } - }, - "malwareHash": { - "description": "A comma-separated list of malware hashes for ServiceNow SecOps connectors.", - "type": "string" - }, - "malwareUrl": { - "description": "A comma-separated list of malware URLs for ServiceNow SecOps connectors.", - "type": "string" - }, - "parent": { - "description": "The key of the parent issue, when the issue type is sub-task for Jira connectors.", - "type": "string" - }, - "priority": { - "description": "The priority of the issue for Jira and ServiceNow SecOps connectors.", - "type": "string" - }, - "severity": { - "description": "The severity of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "severityCode": { - "description": "The severity code of the incident for IBM Resilient connectors.", - "type": "number" - }, - "sourceIp": { - "description": "A comma-separated list of source IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "subcategory": { - "description": "The subcategory of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "urgency": { - "description": "The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.", - "type": "string" - } - }, - "example": null - }, - "id": { - "description": "The identifier for the connector. To create a case without a connector, use `none`.", - "type": "string", - "example": "none" - }, - "name": { - "description": "The name of the connector. To create a case without a connector, use `none`.", - "type": "string", - "example": "none" - }, - "type": { - "$ref": "#/components/schemas/connector_types" - } - }, - "required": [ - "fields", - "id", - "name", - "type" - ] - }, - "description": { - "description": "The description for the case.", - "type": "string" - }, - "id": { - "description": "The identifier for the case.", - "type": "string" - }, - "settings": { - "$ref": "#/components/schemas/settings" - }, - "severity": { - "$ref": "#/components/schemas/severity_property" - }, - "status": { - "$ref": "#/components/schemas/status" - }, - "tags": { - "description": "The words and phrases that help categorize cases.", - "type": "array", - "items": { - "type": "string" - } - }, - "title": { - "description": "A title for the case.", - "type": "string" - }, - "version": { - "description": "The current version of the case.", - "type": "string" - } - }, - "required": [ - "id", - "version" - ] - } - } - } + "$ref": "#/components/schemas/update_case_request" }, "examples": { "updateCaseRequest": { @@ -665,250 +148,11 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { - "type": "object", - "properties": { - "closed_at": { - "type": "string", - "format": "date-time", - "nullable": true, - "example": null - }, - "closed_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "nullable": true, - "example": null - }, - "comments": { - "type": "array", - "items": { - "oneOf": [ - { - "$ref": "#/components/schemas/alert_comment_response_properties" - }, - { - "$ref": "#/components/schemas/user_comment_response_properties" - } - ] - }, - "example": [] - }, - "connector": { - "type": "object", - "properties": { - "fields": { - "description": "An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.", - "nullable": true, - "type": "object", - "properties": { - "caseId": { - "description": "The case identifier for Swimlane connectors.", - "type": "string" - }, - "category": { - "description": "The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.", - "type": "string" - }, - "destIp": { - "description": "A comma-separated list of destination IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "impact": { - "description": "The effect an incident had on business for ServiceNow ITSM connectors.", - "type": "string" - }, - "issueType": { - "description": "The type of issue for Jira connectors.", - "type": "string" - }, - "issueTypes": { - "description": "The type of incident for IBM Resilient connectors.", - "type": "array", - "items": { - "type": "number" - } - }, - "malwareHash": { - "description": "A comma-separated list of malware hashes for ServiceNow SecOps connectors.", - "type": "string" - }, - "malwareUrl": { - "description": "A comma-separated list of malware URLs for ServiceNow SecOps connectors.", - "type": "string" - }, - "parent": { - "description": "The key of the parent issue, when the issue type is sub-task for Jira connectors.", - "type": "string" - }, - "priority": { - "description": "The priority of the issue for Jira and ServiceNow SecOps connectors.", - "type": "string" - }, - "severity": { - "description": "The severity of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "severityCode": { - "description": "The severity code of the incident for IBM Resilient connectors.", - "type": "number" - }, - "sourceIp": { - "description": "A comma-separated list of source IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "subcategory": { - "description": "The subcategory of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "urgency": { - "description": "The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.", - "type": "string" - } - }, - "example": null - }, - "id": { - "description": "The identifier for the connector. To create a case without a connector, use `none`.", - "type": "string", - "example": "none" - }, - "name": { - "description": "The name of the connector. To create a case without a connector, use `none`.", - "type": "string", - "example": "none" - }, - "type": { - "$ref": "#/components/schemas/connector_types" - } - } - }, - "created_at": { - "type": "string", - "format": "date-time", - "example": "2022-05-13T09:16:17.416Z" - }, - "created_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - } - }, - "description": { - "type": "string", - "example": "A case description." - }, - "duration": { - "type": "integer", - "description": "The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero.\n", - "example": 120 - }, - "external_service": { - "$ref": "#/components/schemas/external_service" - }, - "id": { - "type": "string", - "example": "66b9aa00-94fa-11ea-9f74-e7e108796192" - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "settings": { - "$ref": "#/components/schemas/settings" - }, - "severity": { - "$ref": "#/components/schemas/severity_property" - }, - "status": { - "$ref": "#/components/schemas/status" - }, - "tags": { - "type": "array", - "items": { - "type": "string" - }, - "example": [ - "tag-1" - ] - }, - "title": { - "type": "string", - "example": "Case title 1" - }, - "totalAlerts": { - "type": "integer", - "example": 0 - }, - "totalComment": { - "type": "integer", - "example": 0 - }, - "updated_at": { - "type": "string", - "format": "date-time", - "nullable": true, - "example": null - }, - "updated_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "nullable": true, - "example": null - }, - "version": { - "type": "string", - "example": "WzUzMiwxXQ==" - } + "type": "array", + "items": { + "$ref": "#/components/schemas/case_response_properties" } }, "examples": { @@ -1120,256 +364,14 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { "type": "object", "properties": { "cases": { "type": "array", "items": { - "type": "object", - "properties": { - "closed_at": { - "type": "string", - "format": "date-time", - "nullable": true, - "example": null - }, - "closed_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "nullable": true, - "example": null - }, - "comments": { - "type": "array", - "items": { - "oneOf": [ - { - "$ref": "#/components/schemas/alert_comment_response_properties" - }, - { - "$ref": "#/components/schemas/user_comment_response_properties" - } - ] - }, - "example": [] - }, - "connector": { - "type": "object", - "properties": { - "fields": { - "description": "An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.", - "nullable": true, - "type": "object", - "properties": { - "caseId": { - "description": "The case identifier for Swimlane connectors.", - "type": "string" - }, - "category": { - "description": "The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.", - "type": "string" - }, - "destIp": { - "description": "A comma-separated list of destination IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "impact": { - "description": "The effect an incident had on business for ServiceNow ITSM connectors.", - "type": "string" - }, - "issueType": { - "description": "The type of issue for Jira connectors.", - "type": "string" - }, - "issueTypes": { - "description": "The type of incident for IBM Resilient connectors.", - "type": "array", - "items": { - "type": "number" - } - }, - "malwareHash": { - "description": "A comma-separated list of malware hashes for ServiceNow SecOps connectors.", - "type": "string" - }, - "malwareUrl": { - "description": "A comma-separated list of malware URLs for ServiceNow SecOps connectors.", - "type": "string" - }, - "parent": { - "description": "The key of the parent issue, when the issue type is sub-task for Jira connectors.", - "type": "string" - }, - "priority": { - "description": "The priority of the issue for Jira and ServiceNow SecOps connectors.", - "type": "string" - }, - "severity": { - "description": "The severity of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "severityCode": { - "description": "The severity code of the incident for IBM Resilient connectors.", - "type": "number" - }, - "sourceIp": { - "description": "A comma-separated list of source IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "subcategory": { - "description": "The subcategory of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "urgency": { - "description": "The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.", - "type": "string" - } - }, - "example": null - }, - "id": { - "description": "The identifier for the connector. To create a case without a connector, use `none`.", - "type": "string", - "example": "none" - }, - "name": { - "description": "The name of the connector. To create a case without a connector, use `none`.", - "type": "string", - "example": "none" - }, - "type": { - "$ref": "#/components/schemas/connector_types" - } - } - }, - "created_at": { - "type": "string", - "format": "date-time", - "example": "2022-05-13T09:16:17.416Z" - }, - "created_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - } - }, - "description": { - "type": "string", - "example": "A case description." - }, - "duration": { - "type": "integer", - "description": "The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero.\n", - "example": 120 - }, - "external_service": { - "$ref": "#/components/schemas/external_service" - }, - "id": { - "type": "string", - "example": "66b9aa00-94fa-11ea-9f74-e7e108796192" - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "settings": { - "$ref": "#/components/schemas/settings" - }, - "severity": { - "$ref": "#/components/schemas/severity_property" - }, - "status": { - "$ref": "#/components/schemas/status" - }, - "tags": { - "type": "array", - "items": { - "type": "string" - }, - "example": [ - "tag-1" - ] - }, - "title": { - "type": "string", - "example": "Case title 1" - }, - "totalAlerts": { - "type": "integer", - "example": 0 - }, - "totalComment": { - "type": "integer", - "example": 0 - }, - "updated_at": { - "type": "string", - "format": "date-time", - "nullable": true, - "example": null - }, - "updated_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "nullable": true, - "example": null - }, - "version": { - "type": "string", - "example": "WzUzMiwxXQ==" - } - } + "$ref": "#/components/schemas/case_response_properties" } }, "count_closed_cases": { @@ -1437,7 +439,7 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { "type": "array", "items": { @@ -1496,7 +498,7 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { "type": "array", "items": { @@ -1509,83 +511,17 @@ "type": "object", "properties": { "fields": { - "description": "An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.", + "description": "The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`.", "nullable": true, - "type": "object", - "properties": { - "caseId": { - "description": "The case identifier for Swimlane connectors.", - "type": "string" - }, - "category": { - "description": "The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.", - "type": "string" - }, - "destIp": { - "description": "A comma-separated list of destination IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "impact": { - "description": "The effect an incident had on business for ServiceNow ITSM connectors.", - "type": "string" - }, - "issueType": { - "description": "The type of issue for Jira connectors.", - "type": "string" - }, - "issueTypes": { - "description": "The type of incident for IBM Resilient connectors.", - "type": "array", - "items": { - "type": "number" - } - }, - "malwareHash": { - "description": "A comma-separated list of malware hashes for ServiceNow SecOps connectors.", - "type": "string" - }, - "malwareUrl": { - "description": "A comma-separated list of malware URLs for ServiceNow SecOps connectors.", - "type": "string" - }, - "parent": { - "description": "The key of the parent issue, when the issue type is sub-task for Jira connectors.", - "type": "string" - }, - "priority": { - "description": "The priority of the issue for Jira and ServiceNow SecOps connectors.", - "type": "string" - }, - "severity": { - "description": "The severity of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "severityCode": { - "description": "The severity code of the incident for IBM Resilient connectors.", - "type": "number" - }, - "sourceIp": { - "description": "A comma-separated list of source IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "subcategory": { - "description": "The subcategory of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "urgency": { - "description": "The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.", - "type": "string" - } - }, - "example": null + "type": "object" }, "id": { - "description": "The identifier for the connector. To create a case without a connector, use `none`.", + "description": "The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API.", "type": "string", "example": "none" }, "name": { - "description": "The name of the connector. To create a case without a connector, use `none`.", + "description": "The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API.", "type": "string", "example": "none" }, @@ -1604,20 +540,28 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", - "example": "elastic" + "example": "elastic", + "nullable": true + }, + "profile_uid": { + "type": "string", + "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" } } }, "error": { "type": "string", + "nullable": true, "example": null }, "id": { @@ -1658,15 +602,22 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", - "example": "elastic" + "example": "elastic", + "nullable": true + }, + "profile_uid": { + "type": "string", + "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" } }, "nullable": true @@ -1717,83 +668,17 @@ "type": "object", "properties": { "fields": { - "description": "An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.", + "description": "The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`.", "nullable": true, - "type": "object", - "properties": { - "caseId": { - "description": "The case identifier for Swimlane connectors.", - "type": "string" - }, - "category": { - "description": "The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.", - "type": "string" - }, - "destIp": { - "description": "A comma-separated list of destination IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "impact": { - "description": "The effect an incident had on business for ServiceNow ITSM connectors.", - "type": "string" - }, - "issueType": { - "description": "The type of issue for Jira connectors.", - "type": "string" - }, - "issueTypes": { - "description": "The type of incident for IBM Resilient connectors.", - "type": "array", - "items": { - "type": "number" - } - }, - "malwareHash": { - "description": "A comma-separated list of malware hashes for ServiceNow SecOps connectors.", - "type": "string" - }, - "malwareUrl": { - "description": "A comma-separated list of malware URLs for ServiceNow SecOps connectors.", - "type": "string" - }, - "parent": { - "description": "The key of the parent issue, when the issue type is sub-task for Jira connectors.", - "type": "string" - }, - "priority": { - "description": "The priority of the issue for Jira and ServiceNow SecOps connectors.", - "type": "string" - }, - "severity": { - "description": "The severity of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "severityCode": { - "description": "The severity code of the incident for IBM Resilient connectors.", - "type": "number" - }, - "sourceIp": { - "description": "A comma-separated list of source IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "subcategory": { - "description": "The subcategory of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "urgency": { - "description": "The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.", - "type": "string" - } - }, - "example": null + "type": "object" }, "id": { - "description": "The identifier for the connector. To create a case without a connector, use `none`.", + "description": "The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API.", "type": "string", "example": "none" }, "name": { - "description": "The name of the connector. To create a case without a connector, use `none`.", + "description": "The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API.", "type": "string", "example": "none" }, @@ -1831,6 +716,11 @@ "connector", "owner" ] + }, + "examples": { + "setCaseConfigRequest": { + "$ref": "#/components/examples/set_case_configuration_request" + } } } } @@ -1839,187 +729,138 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { - "type": "array", - "items": { - "type": "object", - "properties": { - "closure_type": { - "$ref": "#/components/schemas/closure_types" - }, - "connector": { - "type": "object", - "properties": { - "fields": { - "description": "An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.", - "nullable": true, - "type": "object", - "properties": { - "caseId": { - "description": "The case identifier for Swimlane connectors.", - "type": "string" - }, - "category": { - "description": "The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.", - "type": "string" - }, - "destIp": { - "description": "A comma-separated list of destination IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "impact": { - "description": "The effect an incident had on business for ServiceNow ITSM connectors.", - "type": "string" - }, - "issueType": { - "description": "The type of issue for Jira connectors.", - "type": "string" - }, - "issueTypes": { - "description": "The type of incident for IBM Resilient connectors.", - "type": "array", - "items": { - "type": "number" - } - }, - "malwareHash": { - "description": "A comma-separated list of malware hashes for ServiceNow SecOps connectors.", - "type": "string" - }, - "malwareUrl": { - "description": "A comma-separated list of malware URLs for ServiceNow SecOps connectors.", - "type": "string" - }, - "parent": { - "description": "The key of the parent issue, when the issue type is sub-task for Jira connectors.", - "type": "string" - }, - "priority": { - "description": "The priority of the issue for Jira and ServiceNow SecOps connectors.", - "type": "string" - }, - "severity": { - "description": "The severity of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "severityCode": { - "description": "The severity code of the incident for IBM Resilient connectors.", - "type": "number" - }, - "sourceIp": { - "description": "A comma-separated list of source IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "subcategory": { - "description": "The subcategory of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "urgency": { - "description": "The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.", - "type": "string" - } - }, - "example": null - }, - "id": { - "description": "The identifier for the connector. To create a case without a connector, use `none`.", - "type": "string", - "example": "none" - }, - "name": { - "description": "The name of the connector. To create a case without a connector, use `none`.", - "type": "string", - "example": "none" - }, - "type": { - "$ref": "#/components/schemas/connector_types" - } - } - }, - "created_at": { - "type": "string", - "format": "date-time", - "example": "2022-06-01T17:07:17.767Z" - }, - "created_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - } + "type": "object", + "properties": { + "closure_type": { + "$ref": "#/components/schemas/closure_types" + }, + "connector": { + "type": "object", + "properties": { + "fields": { + "description": "The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`.", + "nullable": true, + "type": "object" + }, + "id": { + "description": "The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API.", + "type": "string", + "example": "none" + }, + "name": { + "description": "The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API.", + "type": "string", + "example": "none" + }, + "type": { + "$ref": "#/components/schemas/connector_types" } - }, - "error": { - "type": "string", - "example": null - }, - "id": { - "type": "string", - "example": "4a97a440-e1cd-11ec-be9b-9b1838238ee6" - }, - "mappings": { - "type": "array", - "items": { - "type": "object", - "properties": { - "action_type": { - "type": "string", - "example": "overwrite" - }, - "source": { - "type": "string", - "example": "title" - }, - "target": { - "type": "string", - "example": "summary" - } - } + } + }, + "created_at": { + "type": "string", + "format": "date-time", + "example": "2022-06-01T17:07:17.767Z" + }, + "created_by": { + "type": "object", + "properties": { + "email": { + "type": "string", + "example": null, + "nullable": true + }, + "full_name": { + "type": "string", + "example": null, + "nullable": true + }, + "username": { + "type": "string", + "example": "elastic", + "nullable": true + }, + "profile_uid": { + "type": "string", + "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" } - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "updated_at": { - "type": "string", - "format": "date-time", - "nullable": true, - "example": "2022-06-01T19:58:48.169Z" - }, - "updated_by": { + } + }, + "error": { + "type": "string", + "nullable": true, + "example": null + }, + "id": { + "type": "string", + "example": "4a97a440-e1cd-11ec-be9b-9b1838238ee6" + }, + "mappings": { + "type": "array", + "items": { "type": "object", "properties": { - "email": { + "action_type": { "type": "string", - "example": null + "example": "overwrite" }, - "full_name": { + "source": { "type": "string", - "example": null + "example": "title" }, - "username": { + "target": { "type": "string", - "example": "elastic" + "example": "summary" } + } + } + }, + "owner": { + "$ref": "#/components/schemas/owners" + }, + "updated_at": { + "type": "string", + "format": "date-time", + "nullable": true, + "example": "2022-06-01T19:58:48.169Z" + }, + "updated_by": { + "type": "object", + "properties": { + "email": { + "type": "string", + "example": null, + "nullable": true }, - "nullable": true + "full_name": { + "type": "string", + "example": null, + "nullable": true + }, + "username": { + "type": "string", + "example": "elastic", + "nullable": true + }, + "profile_uid": { + "type": "string", + "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" + } }, - "version": { - "type": "string", - "example": "WzIwNzMsMV0=" - } + "nullable": true + }, + "version": { + "type": "string", + "example": "WzIwNzMsMV0=" } } + }, + "examples": { + "setCaseConfigResponse": { + "$ref": "#/components/examples/set_case_configuration_response" + } } } } @@ -2070,83 +911,17 @@ "type": "object", "properties": { "fields": { - "description": "An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.", + "description": "The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`.", "nullable": true, - "type": "object", - "properties": { - "caseId": { - "description": "The case identifier for Swimlane connectors.", - "type": "string" - }, - "category": { - "description": "The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.", - "type": "string" - }, - "destIp": { - "description": "A comma-separated list of destination IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "impact": { - "description": "The effect an incident had on business for ServiceNow ITSM connectors.", - "type": "string" - }, - "issueType": { - "description": "The type of issue for Jira connectors.", - "type": "string" - }, - "issueTypes": { - "description": "The type of incident for IBM Resilient connectors.", - "type": "array", - "items": { - "type": "number" - } - }, - "malwareHash": { - "description": "A comma-separated list of malware hashes for ServiceNow SecOps connectors.", - "type": "string" - }, - "malwareUrl": { - "description": "A comma-separated list of malware URLs for ServiceNow SecOps connectors.", - "type": "string" - }, - "parent": { - "description": "The key of the parent issue, when the issue type is sub-task for Jira connectors.", - "type": "string" - }, - "priority": { - "description": "The priority of the issue for Jira and ServiceNow SecOps connectors.", - "type": "string" - }, - "severity": { - "description": "The severity of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "severityCode": { - "description": "The severity code of the incident for IBM Resilient connectors.", - "type": "number" - }, - "sourceIp": { - "description": "A comma-separated list of source IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "subcategory": { - "description": "The subcategory of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "urgency": { - "description": "The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.", - "type": "string" - } - }, - "example": null + "type": "object" }, "id": { - "description": "The identifier for the connector. To create a case without a connector, use `none`.", + "description": "The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API.", "type": "string", "example": "none" }, "name": { - "description": "The name of the connector. To create a case without a connector, use `none`.", + "description": "The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API.", "type": "string", "example": "none" }, @@ -2178,7 +953,7 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { "type": "array", "items": { @@ -2191,83 +966,17 @@ "type": "object", "properties": { "fields": { - "description": "An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.", + "description": "The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`.", "nullable": true, - "type": "object", - "properties": { - "caseId": { - "description": "The case identifier for Swimlane connectors.", - "type": "string" - }, - "category": { - "description": "The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.", - "type": "string" - }, - "destIp": { - "description": "A comma-separated list of destination IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "impact": { - "description": "The effect an incident had on business for ServiceNow ITSM connectors.", - "type": "string" - }, - "issueType": { - "description": "The type of issue for Jira connectors.", - "type": "string" - }, - "issueTypes": { - "description": "The type of incident for IBM Resilient connectors.", - "type": "array", - "items": { - "type": "number" - } - }, - "malwareHash": { - "description": "A comma-separated list of malware hashes for ServiceNow SecOps connectors.", - "type": "string" - }, - "malwareUrl": { - "description": "A comma-separated list of malware URLs for ServiceNow SecOps connectors.", - "type": "string" - }, - "parent": { - "description": "The key of the parent issue, when the issue type is sub-task for Jira connectors.", - "type": "string" - }, - "priority": { - "description": "The priority of the issue for Jira and ServiceNow SecOps connectors.", - "type": "string" - }, - "severity": { - "description": "The severity of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "severityCode": { - "description": "The severity code of the incident for IBM Resilient connectors.", - "type": "number" - }, - "sourceIp": { - "description": "A comma-separated list of source IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "subcategory": { - "description": "The subcategory of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "urgency": { - "description": "The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.", - "type": "string" - } - }, - "example": null + "type": "object" }, "id": { - "description": "The identifier for the connector. To create a case without a connector, use `none`.", + "description": "The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API.", "type": "string", "example": "none" }, "name": { - "description": "The name of the connector. To create a case without a connector, use `none`.", + "description": "The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API.", "type": "string", "example": "none" }, @@ -2286,20 +995,28 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", - "example": "elastic" + "example": "elastic", + "nullable": true + }, + "profile_uid": { + "type": "string", + "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" } } }, "error": { "type": "string", + "nullable": true, "example": null }, "id": { @@ -2340,15 +1057,22 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", - "example": "elastic" + "example": "elastic", + "nullable": true + }, + "profile_uid": { + "type": "string", + "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" } }, "nullable": true @@ -2393,7 +1117,7 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { "type": "array", "items": { @@ -2476,7 +1200,7 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { "type": "array", "items": { @@ -2484,15 +1208,18 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", - "example": "elastic" + "example": "elastic", + "nullable": true }, "profile_uid": { "type": "string", @@ -2543,7 +1270,7 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { "type": "object", "properties": { @@ -2583,7 +1310,7 @@ "get": { "summary": "Aggregates and returns a list of case tags.", "operationId": "getCaseTags", - "description": "You must have read privileges for the **Cases*** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.\n", + "description": "You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.\n", "tags": [ "cases" ], @@ -2614,7 +1341,7 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { "type": "array", "items": { @@ -2672,251 +1399,9 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { - "type": "object", - "properties": { - "closed_at": { - "type": "string", - "format": "date-time", - "nullable": true, - "example": null - }, - "closed_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "nullable": true, - "example": null - }, - "comments": { - "type": "array", - "items": { - "oneOf": [ - { - "$ref": "#/components/schemas/alert_comment_response_properties" - }, - { - "$ref": "#/components/schemas/user_comment_response_properties" - } - ] - }, - "example": [] - }, - "connector": { - "type": "object", - "properties": { - "fields": { - "description": "An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.", - "nullable": true, - "type": "object", - "properties": { - "caseId": { - "description": "The case identifier for Swimlane connectors.", - "type": "string" - }, - "category": { - "description": "The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.", - "type": "string" - }, - "destIp": { - "description": "A comma-separated list of destination IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "impact": { - "description": "The effect an incident had on business for ServiceNow ITSM connectors.", - "type": "string" - }, - "issueType": { - "description": "The type of issue for Jira connectors.", - "type": "string" - }, - "issueTypes": { - "description": "The type of incident for IBM Resilient connectors.", - "type": "array", - "items": { - "type": "number" - } - }, - "malwareHash": { - "description": "A comma-separated list of malware hashes for ServiceNow SecOps connectors.", - "type": "string" - }, - "malwareUrl": { - "description": "A comma-separated list of malware URLs for ServiceNow SecOps connectors.", - "type": "string" - }, - "parent": { - "description": "The key of the parent issue, when the issue type is sub-task for Jira connectors.", - "type": "string" - }, - "priority": { - "description": "The priority of the issue for Jira and ServiceNow SecOps connectors.", - "type": "string" - }, - "severity": { - "description": "The severity of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "severityCode": { - "description": "The severity code of the incident for IBM Resilient connectors.", - "type": "number" - }, - "sourceIp": { - "description": "A comma-separated list of source IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "subcategory": { - "description": "The subcategory of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "urgency": { - "description": "The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.", - "type": "string" - } - }, - "example": null - }, - "id": { - "description": "The identifier for the connector. To create a case without a connector, use `none`.", - "type": "string", - "example": "none" - }, - "name": { - "description": "The name of the connector. To create a case without a connector, use `none`.", - "type": "string", - "example": "none" - }, - "type": { - "$ref": "#/components/schemas/connector_types" - } - } - }, - "created_at": { - "type": "string", - "format": "date-time", - "example": "2022-05-13T09:16:17.416Z" - }, - "created_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - } - }, - "description": { - "type": "string", - "example": "A case description." - }, - "duration": { - "type": "integer", - "description": "The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero.\n", - "example": 120 - }, - "external_service": { - "$ref": "#/components/schemas/external_service" - }, - "id": { - "type": "string", - "example": "66b9aa00-94fa-11ea-9f74-e7e108796192" - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "settings": { - "$ref": "#/components/schemas/settings" - }, - "severity": { - "$ref": "#/components/schemas/severity_property" - }, - "status": { - "$ref": "#/components/schemas/status" - }, - "tags": { - "type": "array", - "items": { - "type": "string" - }, - "example": [ - "tag-1" - ] - }, - "title": { - "type": "string", - "example": "Case title 1" - }, - "totalAlerts": { - "type": "integer", - "example": 0 - }, - "totalComment": { - "type": "integer", - "example": 0 - }, - "updated_at": { - "type": "string", - "format": "date-time", - "nullable": true, - "example": null - }, - "updated_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "nullable": true, - "example": null - }, - "version": { - "type": "string", - "example": "WzUzMiwxXQ==" - } - } + "$ref": "#/components/schemas/case_response_properties" }, "examples": { "getCaseResponse": { @@ -2960,7 +1445,7 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { "type": "array", "items": { @@ -2968,7 +1453,7 @@ } }, "examples": { - "createCaseCommentResponse": { + "getCaseAlertsResponse": { "$ref": "#/components/examples/get_case_alerts_response" } } @@ -3008,17 +1493,11 @@ } ], "requestBody": { + "required": true, "content": { "application/json": { "schema": { - "oneOf": [ - { - "$ref": "#/components/schemas/add_alert_comment_request_properties" - }, - { - "$ref": "#/components/schemas/add_user_comment_request_properties" - } - ] + "$ref": "#/components/schemas/add_case_comment_request" }, "examples": { "createCaseCommentRequest": { @@ -3032,251 +1511,9 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { - "type": "object", - "properties": { - "closed_at": { - "type": "string", - "format": "date-time", - "nullable": true, - "example": null - }, - "closed_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "nullable": true, - "example": null - }, - "comments": { - "type": "array", - "items": { - "oneOf": [ - { - "$ref": "#/components/schemas/alert_comment_response_properties" - }, - { - "$ref": "#/components/schemas/user_comment_response_properties" - } - ] - }, - "example": [] - }, - "connector": { - "type": "object", - "properties": { - "fields": { - "description": "An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.", - "nullable": true, - "type": "object", - "properties": { - "caseId": { - "description": "The case identifier for Swimlane connectors.", - "type": "string" - }, - "category": { - "description": "The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.", - "type": "string" - }, - "destIp": { - "description": "A comma-separated list of destination IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "impact": { - "description": "The effect an incident had on business for ServiceNow ITSM connectors.", - "type": "string" - }, - "issueType": { - "description": "The type of issue for Jira connectors.", - "type": "string" - }, - "issueTypes": { - "description": "The type of incident for IBM Resilient connectors.", - "type": "array", - "items": { - "type": "number" - } - }, - "malwareHash": { - "description": "A comma-separated list of malware hashes for ServiceNow SecOps connectors.", - "type": "string" - }, - "malwareUrl": { - "description": "A comma-separated list of malware URLs for ServiceNow SecOps connectors.", - "type": "string" - }, - "parent": { - "description": "The key of the parent issue, when the issue type is sub-task for Jira connectors.", - "type": "string" - }, - "priority": { - "description": "The priority of the issue for Jira and ServiceNow SecOps connectors.", - "type": "string" - }, - "severity": { - "description": "The severity of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "severityCode": { - "description": "The severity code of the incident for IBM Resilient connectors.", - "type": "number" - }, - "sourceIp": { - "description": "A comma-separated list of source IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "subcategory": { - "description": "The subcategory of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "urgency": { - "description": "The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.", - "type": "string" - } - }, - "example": null - }, - "id": { - "description": "The identifier for the connector. To create a case without a connector, use `none`.", - "type": "string", - "example": "none" - }, - "name": { - "description": "The name of the connector. To create a case without a connector, use `none`.", - "type": "string", - "example": "none" - }, - "type": { - "$ref": "#/components/schemas/connector_types" - } - } - }, - "created_at": { - "type": "string", - "format": "date-time", - "example": "2022-05-13T09:16:17.416Z" - }, - "created_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - } - }, - "description": { - "type": "string", - "example": "A case description." - }, - "duration": { - "type": "integer", - "description": "The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero.\n", - "example": 120 - }, - "external_service": { - "$ref": "#/components/schemas/external_service" - }, - "id": { - "type": "string", - "example": "66b9aa00-94fa-11ea-9f74-e7e108796192" - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "settings": { - "$ref": "#/components/schemas/settings" - }, - "severity": { - "$ref": "#/components/schemas/severity_property" - }, - "status": { - "$ref": "#/components/schemas/status" - }, - "tags": { - "type": "array", - "items": { - "type": "string" - }, - "example": [ - "tag-1" - ] - }, - "title": { - "type": "string", - "example": "Case title 1" - }, - "totalAlerts": { - "type": "integer", - "example": 0 - }, - "totalComment": { - "type": "integer", - "example": 0 - }, - "updated_at": { - "type": "string", - "format": "date-time", - "nullable": true, - "example": null - }, - "updated_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "nullable": true, - "example": null - }, - "version": { - "type": "string", - "example": "WzUzMiwxXQ==" - } - } + "$ref": "#/components/schemas/case_response_properties" }, "examples": { "createCaseCommentResponse": { @@ -3341,17 +1578,11 @@ } ], "requestBody": { + "required": true, "content": { "application/json": { "schema": { - "oneOf": [ - { - "$ref": "#/components/schemas/update_alert_comment_request_properties" - }, - { - "$ref": "#/components/schemas/update_user_comment_request_properties" - } - ] + "$ref": "#/components/schemas/update_case_comment_request" }, "examples": { "updateCaseCommentRequest": { @@ -3365,251 +1596,9 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { - "type": "object", - "properties": { - "closed_at": { - "type": "string", - "format": "date-time", - "nullable": true, - "example": null - }, - "closed_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "nullable": true, - "example": null - }, - "comments": { - "type": "array", - "items": { - "oneOf": [ - { - "$ref": "#/components/schemas/alert_comment_response_properties" - }, - { - "$ref": "#/components/schemas/user_comment_response_properties" - } - ] - }, - "example": [] - }, - "connector": { - "type": "object", - "properties": { - "fields": { - "description": "An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.", - "nullable": true, - "type": "object", - "properties": { - "caseId": { - "description": "The case identifier for Swimlane connectors.", - "type": "string" - }, - "category": { - "description": "The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.", - "type": "string" - }, - "destIp": { - "description": "A comma-separated list of destination IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "impact": { - "description": "The effect an incident had on business for ServiceNow ITSM connectors.", - "type": "string" - }, - "issueType": { - "description": "The type of issue for Jira connectors.", - "type": "string" - }, - "issueTypes": { - "description": "The type of incident for IBM Resilient connectors.", - "type": "array", - "items": { - "type": "number" - } - }, - "malwareHash": { - "description": "A comma-separated list of malware hashes for ServiceNow SecOps connectors.", - "type": "string" - }, - "malwareUrl": { - "description": "A comma-separated list of malware URLs for ServiceNow SecOps connectors.", - "type": "string" - }, - "parent": { - "description": "The key of the parent issue, when the issue type is sub-task for Jira connectors.", - "type": "string" - }, - "priority": { - "description": "The priority of the issue for Jira and ServiceNow SecOps connectors.", - "type": "string" - }, - "severity": { - "description": "The severity of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "severityCode": { - "description": "The severity code of the incident for IBM Resilient connectors.", - "type": "number" - }, - "sourceIp": { - "description": "A comma-separated list of source IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "subcategory": { - "description": "The subcategory of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "urgency": { - "description": "The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.", - "type": "string" - } - }, - "example": null - }, - "id": { - "description": "The identifier for the connector. To create a case without a connector, use `none`.", - "type": "string", - "example": "none" - }, - "name": { - "description": "The name of the connector. To create a case without a connector, use `none`.", - "type": "string", - "example": "none" - }, - "type": { - "$ref": "#/components/schemas/connector_types" - } - } - }, - "created_at": { - "type": "string", - "format": "date-time", - "example": "2022-05-13T09:16:17.416Z" - }, - "created_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - } - }, - "description": { - "type": "string", - "example": "A case description." - }, - "duration": { - "type": "integer", - "description": "The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero.\n", - "example": 120 - }, - "external_service": { - "$ref": "#/components/schemas/external_service" - }, - "id": { - "type": "string", - "example": "66b9aa00-94fa-11ea-9f74-e7e108796192" - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "settings": { - "$ref": "#/components/schemas/settings" - }, - "severity": { - "$ref": "#/components/schemas/severity_property" - }, - "status": { - "$ref": "#/components/schemas/status" - }, - "tags": { - "type": "array", - "items": { - "type": "string" - }, - "example": [ - "tag-1" - ] - }, - "title": { - "type": "string", - "example": "Case title 1" - }, - "totalAlerts": { - "type": "integer", - "example": 0 - }, - "totalComment": { - "type": "integer", - "example": 0 - }, - "updated_at": { - "type": "string", - "format": "date-time", - "nullable": true, - "example": null - }, - "updated_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "nullable": true, - "example": null - }, - "version": { - "type": "string", - "example": "WzUzMiwxXQ==" - } - } + "$ref": "#/components/schemas/case_response_properties" }, "examples": { "updateCaseCommentResponse": { @@ -3646,22 +1635,11 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { - "type": "array", - "items": { - "anyOf": [ - { - "$ref": "#/components/schemas/alert_comment_response_properties" - }, - { - "$ref": "#/components/schemas/user_comment_response_properties" - } - ] - } + "$ref": "#/components/schemas/case_response_properties" } - }, - "examples": {} + } } } }, @@ -3713,7 +1691,7 @@ "get": { "summary": "Retrieves a comment from a case.", "operationId": "getCaseComment", - "description": "You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security*** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.\n", + "description": "You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.\n", "tags": [ "cases" ], @@ -3732,7 +1710,7 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { "oneOf": [ { @@ -3788,258 +1766,21 @@ ], "requestBody": { "content": { - "application/json": {} + "application/json": { + "schema": { + "type": "object", + "nullable": true + } + } } }, "responses": { "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { - "type": "object", - "properties": { - "closed_at": { - "type": "string", - "format": "date-time", - "nullable": true, - "example": null - }, - "closed_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "nullable": true, - "example": null - }, - "comments": { - "type": "array", - "items": { - "oneOf": [ - { - "$ref": "#/components/schemas/alert_comment_response_properties" - }, - { - "$ref": "#/components/schemas/user_comment_response_properties" - } - ] - }, - "example": [] - }, - "connector": { - "type": "object", - "properties": { - "fields": { - "description": "An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.", - "nullable": true, - "type": "object", - "properties": { - "caseId": { - "description": "The case identifier for Swimlane connectors.", - "type": "string" - }, - "category": { - "description": "The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.", - "type": "string" - }, - "destIp": { - "description": "A comma-separated list of destination IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "impact": { - "description": "The effect an incident had on business for ServiceNow ITSM connectors.", - "type": "string" - }, - "issueType": { - "description": "The type of issue for Jira connectors.", - "type": "string" - }, - "issueTypes": { - "description": "The type of incident for IBM Resilient connectors.", - "type": "array", - "items": { - "type": "number" - } - }, - "malwareHash": { - "description": "A comma-separated list of malware hashes for ServiceNow SecOps connectors.", - "type": "string" - }, - "malwareUrl": { - "description": "A comma-separated list of malware URLs for ServiceNow SecOps connectors.", - "type": "string" - }, - "parent": { - "description": "The key of the parent issue, when the issue type is sub-task for Jira connectors.", - "type": "string" - }, - "priority": { - "description": "The priority of the issue for Jira and ServiceNow SecOps connectors.", - "type": "string" - }, - "severity": { - "description": "The severity of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "severityCode": { - "description": "The severity code of the incident for IBM Resilient connectors.", - "type": "number" - }, - "sourceIp": { - "description": "A comma-separated list of source IPs for ServiceNow SecOps connectors.", - "type": "string" - }, - "subcategory": { - "description": "The subcategory of the incident for ServiceNow ITSM connectors.", - "type": "string" - }, - "urgency": { - "description": "The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.", - "type": "string" - } - }, - "example": null - }, - "id": { - "description": "The identifier for the connector. To create a case without a connector, use `none`.", - "type": "string", - "example": "none" - }, - "name": { - "description": "The name of the connector. To create a case without a connector, use `none`.", - "type": "string", - "example": "none" - }, - "type": { - "$ref": "#/components/schemas/connector_types" - } - } - }, - "created_at": { - "type": "string", - "format": "date-time", - "example": "2022-05-13T09:16:17.416Z" - }, - "created_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - } - }, - "description": { - "type": "string", - "example": "A case description." - }, - "duration": { - "type": "integer", - "description": "The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero.\n", - "example": 120 - }, - "external_service": { - "$ref": "#/components/schemas/external_service" - }, - "id": { - "type": "string", - "example": "66b9aa00-94fa-11ea-9f74-e7e108796192" - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "settings": { - "$ref": "#/components/schemas/settings" - }, - "severity": { - "$ref": "#/components/schemas/severity_property" - }, - "status": { - "$ref": "#/components/schemas/status" - }, - "tags": { - "type": "array", - "items": { - "type": "string" - }, - "example": [ - "tag-1" - ] - }, - "title": { - "type": "string", - "example": "Case title 1" - }, - "totalAlerts": { - "type": "integer", - "example": 0 - }, - "totalComment": { - "type": "integer", - "example": 0 - }, - "updated_at": { - "type": "string", - "format": "date-time", - "nullable": true, - "example": null - }, - "updated_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "nullable": true, - "example": null - }, - "version": { - "type": "string", - "example": "WzUzMiwxXQ==" - } - } + "$ref": "#/components/schemas/case_response_properties" }, "examples": { "pushCaseResponse": { @@ -4083,7 +1824,7 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { "type": "array", "items": { @@ -4228,211 +1969,570 @@ } }, "schemas": { - "connector_types": { - "type": "string", - "description": "The type of connector.", - "enum": [ - ".cases-webhook", - ".jira", - ".none", - ".resilient", - ".servicenow", - ".servicenow-sir", - ".swimlane" - ], - "example": ".none" + "assignees": { + "type": "array", + "description": "An array containing users that are assigned to the case.", + "nullable": true, + "items": { + "type": "object", + "required": [ + "uid" + ], + "properties": { + "uid": { + "type": "string", + "description": "A unique identifier for the user profile. These identifiers can be found by using the suggest user profile API.", + "example": "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0" + } + } + } }, - "owners": { - "type": "string", - "description": "The application that owns the cases: Stack Management, Observability, or Elastic Security.\n", - "enum": [ - "cases", - "observability", - "securitySolution" + "connector_properties_none": { + "title": "Create or update case request properties for no connector", + "required": [ + "fields", + "id", + "name", + "type" ], - "example": "cases" - }, - "settings": { + "description": "Defines properties for connectors when type is `.none`.", "type": "object", - "description": "An object that contains the case settings.", "properties": { - "syncAlerts": { - "description": "Turns alert syncing on or off.", - "type": "boolean", - "example": true + "fields": { + "description": "An object containing the connector fields. To create a case without a connector, specify null. To update a case to remove the connector, specify null.", + "nullable": true, + "type": "string", + "example": null + }, + "id": { + "description": "The identifier for the connector. To create a case without a connector, use `none`. To update a case to remove the connector, specify `none`.", + "type": "string", + "example": "none" + }, + "name": { + "description": "The name of the connector. To create a case without a connector, use `none`. To update a case to remove the connector, specify `none`.", + "type": "string", + "example": "none" + }, + "type": { + "description": "The type of connector. To create a case without a connector, use `.none`. To update a case to remove the connector, specify `.none`.", + "type": "string", + "example": ".none", + "enum": [ + ".none" + ] } } }, - "severity_property": { - "type": "string", - "description": "The severity of the case.", - "enum": [ - "critical", - "high", - "low", - "medium" + "connector_properties_cases_webhook": { + "title": "Create or upate case request properties for Cases Webhook connector", + "required": [ + "fields", + "id", + "name", + "type" ], - "default": "low" - }, - "alert_comment_response_properties": { + "description": "Defines properties for connectors when type is `.cases-webhook`.", "type": "object", "properties": { - "alertId": { + "fields": { "type": "string", - "example": "6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42" + "nullable": true, + "example": null }, - "created_at": { - "type": "string", - "format": "date-time", - "example": "2022-03-24T02:31:03.210Z" + "id": { + "description": "The identifier for the connector. To retrieve connector IDs, use the find connectors API.", + "type": "string" }, - "created_by": { + "name": { + "description": "The name of the connector.", + "type": "string" + }, + "type": { + "description": "The type of connector.", + "type": "string", + "example": ".cases-webhook", + "enum": [ + ".cases-webhook" + ] + } + } + }, + "connector_properties_jira": { + "title": "Create or update case request properties for a Jira connector", + "required": [ + "fields", + "id", + "name", + "type" + ], + "description": "Defines properties for connectors when type is `.jira`.", + "type": "object", + "properties": { + "fields": { + "description": "An object containing the connector fields. If you want to omit any individual field, specify null as its value.", "type": "object", + "required": [ + "issueType", + "parent", + "priority" + ], "properties": { - "email": { + "issueType": { + "description": "The type of issue.", "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null + "nullable": true }, - "username": { + "parent": { + "description": "The key of the parent issue, when the issue type is sub-task.", "type": "string", - "example": "elastic" + "nullable": true }, - "profile_uid": { + "priority": { + "description": "The priority of the issue.", "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" + "nullable": true } } }, "id": { - "type": "string", - "example": "73362370-ab1a-11ec-985f-97e55adae8b9" - }, - "index": { - "type": "string", - "example": ".internal.alerts-security.alerts-default-000001" + "description": "The identifier for the connector. To retrieve connector IDs, use the find connectors API.", + "type": "string" }, - "owner": { - "$ref": "#/components/schemas/owners" + "name": { + "description": "The name of the connector.", + "type": "string" }, - "pushed_at": { + "type": { + "description": "The type of connector.", "type": "string", - "format": "date-time", - "example": null, - "nullable": true - }, - "pushed_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "nullable": true - }, - "rule": { + "example": ".jira", + "enum": [ + ".jira" + ] + } + } + }, + "connector_properties_resilient": { + "title": "Create case request properties for a IBM Resilient connector", + "required": [ + "fields", + "id", + "name", + "type" + ], + "description": "Defines properties for connectors when type is `.resilient`.", + "type": "object", + "properties": { + "fields": { + "description": "An object containing the connector fields. If you want to omit any individual field, specify null as its value.", "type": "object", + "nullable": true, + "required": [ + "issueTypes", + "severityCode" + ], "properties": { - "id": { - "description": "The rule identifier.", - "type": "string", - "example": "94d80550-aaf4-11ec-985f-97e55adae8b9" + "issueTypes": { + "description": "The type of incident.", + "type": "array", + "items": { + "type": "string" + } }, - "name": { - "description": "The rule name.", - "type": "string", - "example": "security_rule" + "severityCode": { + "description": "The severity code of the incident.", + "type": "string" } } }, - "type": { - "type": "string", - "example": "alert" + "id": { + "description": "The identifier for the connector.", + "type": "string" }, - "updated_at": { - "type": "string", - "format": "date-time", - "example": null + "name": { + "description": "The name of the connector.", + "type": "string" }, - "updated_by": { + "type": { + "description": "The type of connector.", + "type": "string", + "example": ".resilient", + "enum": [ + ".resilient" + ] + } + } + }, + "connector_properties_servicenow": { + "title": "Create case request properties for a ServiceNow ITSM connector", + "required": [ + "fields", + "id", + "name", + "type" + ], + "description": "Defines properties for connectors when type is `.servicenow`.", + "type": "object", + "properties": { + "fields": { + "description": "An object containing the connector fields. If you want to omit any individual field, specify null as its value.", "type": "object", + "required": [ + "category", + "impact", + "severity", + "subcategory", + "urgency" + ], "properties": { - "email": { + "category": { + "description": "The category of the incident.", "type": "string", - "example": null + "nullable": true }, - "full_name": { + "impact": { + "description": "The effect an incident had on business.", "type": "string", - "example": null + "nullable": true }, - "username": { + "severity": { + "description": "The severity of the incident.", "type": "string", - "example": "elastic" + "nullable": true }, - "profile_uid": { + "subcategory": { + "description": "The subcategory of the incident.", "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" + "nullable": true + }, + "urgency": { + "description": "The extent to which the incident resolution can be delayed.", + "type": "string", + "nullable": true } } }, - "version": { + "id": { + "description": "The identifier for the connector. To retrieve connector IDs, use the find connectors API.", + "type": "string" + }, + "name": { + "description": "The name of the connector.", + "type": "string" + }, + "type": { + "description": "The type of connector.", "type": "string", - "example": "WzMwNDgsMV0=" + "example": ".servicenow", + "enum": [ + ".servicenow" + ] } } }, - "user_comment_response_properties": { + "connector_properties_servicenow_sir": { + "title": "Create case request properties for a ServiceNow SecOps connector", + "required": [ + "fields", + "id", + "name", + "type" + ], + "description": "Defines properties for connectors when type is `.servicenow-sir`.", "type": "object", "properties": { - "comment": { - "type": "string", - "example": "A new comment." - }, - "created_at": { - "type": "string", - "format": "date-time", - "example": "2022-05-13T09:16:17.416Z" - }, - "created_by": { + "fields": { + "description": "An object containing the connector fields. If you want to omit any individual field, specify null as its value.", "type": "object", + "required": [ + "category", + "destIp", + "malwareHash", + "malwareUrl", + "priority", + "sourceIp", + "subcategory" + ], "properties": { - "email": { + "category": { + "description": "The category of the incident.", "type": "string", - "example": null + "nullable": true }, - "full_name": { - "type": "string", - "example": null + "destIp": { + "description": "Indicates whether cases will send a comma-separated list of destination IPs.", + "type": "boolean", + "nullable": true }, - "username": { + "malwareHash": { + "description": "Indicates whether cases will send a comma-separated list of malware hashes.", + "type": "boolean", + "nullable": true + }, + "malwareUrl": { + "description": "Indicates whether cases will send a comma-separated list of malware URLs.", + "type": "boolean", + "nullable": true + }, + "priority": { + "description": "The priority of the issue.", "type": "string", - "example": "elastic" + "nullable": true }, - "profile_uid": { + "sourceIp": { + "description": "Indicates whether cases will send a comma-separated list of source IPs.", + "type": "boolean", + "nullable": true + }, + "subcategory": { + "description": "The subcategory of the incident.", "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" + "nullable": true } } }, "id": { - "type": "string", - "example": "8af6ac20-74f6-11ea-b83a-553aecdb28b6" + "description": "The identifier for the connector. To retrieve connector IDs, use the find connectors API.", + "type": "string" + }, + "name": { + "description": "The name of the connector.", + "type": "string" + }, + "type": { + "description": "The type of connector.", + "type": "string", + "example": ".servicenow-sir", + "enum": [ + ".servicenow-sir" + ] + } + } + }, + "connector_properties_swimlane": { + "title": "Create case request properties for a Swimlane connector", + "required": [ + "fields", + "id", + "name", + "type" + ], + "description": "Defines properties for connectors when type is `.swimlane`.", + "type": "object", + "properties": { + "fields": { + "description": "An object containing the connector fields. If you want to omit any individual field, specify null as its value.", + "type": "object", + "required": [ + "caseId" + ], + "properties": { + "caseId": { + "description": "The case identifier for Swimlane connectors.", + "type": "string", + "nullable": true + } + } + }, + "id": { + "description": "The identifier for the connector. To retrieve connector IDs, use the find connectors API.", + "type": "string" + }, + "name": { + "description": "The name of the connector.", + "type": "string" + }, + "type": { + "description": "The type of connector.", + "type": "string", + "example": ".swimlane", + "enum": [ + ".swimlane" + ] + } + } + }, + "owners": { + "type": "string", + "description": "The application that owns the cases: Stack Management, Observability, or Elastic Security.\n", + "enum": [ + "cases", + "observability", + "securitySolution" + ], + "example": "cases" + }, + "settings": { + "type": "object", + "description": "An object that contains the case settings.", + "required": [ + "syncAlerts" + ], + "properties": { + "syncAlerts": { + "description": "Turns alert syncing on or off.", + "type": "boolean", + "example": true + } + } + }, + "severity_property": { + "type": "string", + "description": "The severity of the case.", + "enum": [ + "critical", + "high", + "low", + "medium" + ], + "default": "low" + }, + "create_case_request": { + "title": "Create case request", + "description": "The create case API request body varies depending on the type of connector.", + "type": "object", + "required": [ + "connector", + "description", + "owner", + "settings", + "tags", + "title" + ], + "properties": { + "assignees": { + "$ref": "#/components/schemas/assignees" + }, + "connector": { + "oneOf": [ + { + "$ref": "#/components/schemas/connector_properties_none" + }, + { + "$ref": "#/components/schemas/connector_properties_cases_webhook" + }, + { + "$ref": "#/components/schemas/connector_properties_jira" + }, + { + "$ref": "#/components/schemas/connector_properties_resilient" + }, + { + "$ref": "#/components/schemas/connector_properties_servicenow" + }, + { + "$ref": "#/components/schemas/connector_properties_servicenow_sir" + }, + { + "$ref": "#/components/schemas/connector_properties_swimlane" + } + ] + }, + "description": { + "description": "The description for the case.", + "type": "string" + }, + "owner": { + "$ref": "#/components/schemas/owners" + }, + "settings": { + "$ref": "#/components/schemas/settings" + }, + "severity": { + "$ref": "#/components/schemas/severity_property" + }, + "tags": { + "description": "The words and phrases that help categorize cases. It can be an empty array.", + "type": "array", + "items": { + "type": "string" + } + }, + "title": { + "description": "A title for the case.", + "type": "string" + } + } + }, + "case_response_closed_by_properties": { + "title": "Case response properties for closed_by", + "type": "object", + "nullable": true, + "properties": { + "email": { + "type": "string", + "example": null, + "nullable": true + }, + "full_name": { + "type": "string", + "example": null, + "nullable": true + }, + "username": { + "type": "string", + "example": "elastic", + "nullable": true + }, + "profile_uid": { + "type": "string", + "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" + } + }, + "required": [ + "email", + "full_name", + "username" + ] + }, + "alert_comment_response_properties": { + "title": "Add case comment response properties for alerts", + "type": "object", + "required": [ + "type" + ], + "properties": { + "alertId": { + "type": "string", + "example": "6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42" + }, + "created_at": { + "type": "string", + "format": "date-time", + "example": "2022-03-24T02:31:03.210Z" + }, + "created_by": { + "type": "object", + "properties": { + "email": { + "type": "string", + "example": null, + "nullable": true + }, + "full_name": { + "type": "string", + "example": null, + "nullable": true + }, + "username": { + "type": "string", + "example": "elastic", + "nullable": true + }, + "profile_uid": { + "type": "string", + "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" + } + } + }, + "id": { + "type": "string", + "example": "73362370-ab1a-11ec-985f-97e55adae8b9" + }, + "index": { + "type": "string", + "example": ".internal.alerts-security.alerts-default-000001" }, "owner": { "$ref": "#/components/schemas/owners" @@ -4440,35 +2540,224 @@ "pushed_at": { "type": "string", "format": "date-time", - "nullable": true, - "example": null + "example": null, + "nullable": true }, "pushed_by": { "type": "object", "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", - "example": "elastic" + "example": "elastic", + "nullable": true }, "profile_uid": { "type": "string", "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" } }, + "nullable": true + }, + "rule": { + "type": "object", + "properties": { + "id": { + "description": "The rule identifier.", + "type": "string", + "example": "94d80550-aaf4-11ec-985f-97e55adae8b9" + }, + "name": { + "description": "The rule name.", + "type": "string", + "example": "security_rule" + } + } + }, + "type": { + "type": "string", + "example": "alert", + "enum": [ + "alert" + ] + }, + "updated_at": { + "type": "string", + "format": "date-time", + "example": null + }, + "updated_by": { + "type": "object", + "properties": { + "email": { + "type": "string", + "example": null, + "nullable": true + }, + "full_name": { + "type": "string", + "example": null, + "nullable": true + }, + "username": { + "type": "string", + "example": "elastic", + "nullable": true + }, + "profile_uid": { + "type": "string", + "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" + } + } + }, + "version": { + "type": "string", + "example": "WzMwNDgsMV0=" + } + } + }, + "case_response_created_by_properties": { + "title": "Case response properties for created_by", + "type": "object", + "properties": { + "email": { + "type": "string", + "example": null, + "nullable": true + }, + "full_name": { + "type": "string", + "example": null, + "nullable": true + }, + "username": { + "type": "string", + "example": "elastic", + "nullable": true + }, + "profile_uid": { + "type": "string", + "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" + } + }, + "required": [ + "email", + "full_name", + "username" + ] + }, + "case_response_pushed_by_properties": { + "title": "Case response properties for pushed_by", + "type": "object", + "nullable": true, + "properties": { + "email": { + "type": "string", + "example": null, + "nullable": true + }, + "full_name": { + "type": "string", + "example": null, + "nullable": true + }, + "username": { + "type": "string", + "example": "elastic", + "nullable": true + }, + "profile_uid": { + "type": "string", + "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" + } + }, + "required": [ + "email", + "full_name", + "username" + ] + }, + "case_response_updated_by_properties": { + "title": "Case response properties for updated_by", + "type": "object", + "nullable": true, + "properties": { + "email": { + "type": "string", + "example": null, + "nullable": true + }, + "full_name": { + "type": "string", + "example": null, + "nullable": true + }, + "username": { + "type": "string", + "example": "elastic", + "nullable": true + }, + "profile_uid": { + "type": "string", + "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" + } + }, + "required": [ + "email", + "full_name", + "username" + ] + }, + "user_comment_response_properties": { + "title": "Case response properties for user comments", + "type": "object", + "required": [ + "type" + ], + "properties": { + "comment": { + "type": "string", + "example": "A new comment." + }, + "created_at": { + "type": "string", + "format": "date-time", + "example": "2022-05-13T09:16:17.416Z" + }, + "created_by": { + "$ref": "#/components/schemas/case_response_created_by_properties" + }, + "id": { + "type": "string", + "example": "8af6ac20-74f6-11ea-b83a-553aecdb28b6" + }, + "owner": { + "$ref": "#/components/schemas/owners" + }, + "pushed_at": { + "type": "string", + "format": "date-time", "nullable": true, "example": null }, + "pushed_by": { + "$ref": "#/components/schemas/case_response_pushed_by_properties" + }, "type": { "type": "string", - "example": "user" + "example": "user", + "enum": [ + "user" + ] }, "updated_at": { "type": "string", @@ -4477,27 +2766,7 @@ "example": null }, "updated_by": { - "type": "object", - "properties": { - "email": { - "type": "string", - "example": null - }, - "full_name": { - "type": "string", - "example": null - }, - "username": { - "type": "string", - "example": "elastic" - }, - "profile_uid": { - "type": "string", - "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - } - }, - "nullable": true, - "example": null + "$ref": "#/components/schemas/case_response_updated_by_properties" }, "version": { "type": "string", @@ -4507,6 +2776,7 @@ }, "external_service": { "type": "object", + "nullable": true, "properties": { "connector_id": { "type": "string" @@ -4532,15 +2802,18 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", - "example": "elastic" + "example": "elastic", + "nullable": true }, "profile_uid": { "type": "string", @@ -4560,6 +2833,246 @@ "open" ] }, + "case_response_properties": { + "title": "Case response properties", + "type": "object", + "required": [ + "closed_at", + "closed_by", + "comments", + "connector", + "created_at", + "created_by", + "description", + "duration", + "external_service", + "id", + "owner", + "settings", + "severity", + "status", + "tags", + "title", + "totalAlerts", + "totalComment", + "updated_at", + "updated_by", + "version" + ], + "properties": { + "assignees": { + "$ref": "#/components/schemas/assignees" + }, + "closed_at": { + "type": "string", + "format": "date-time", + "nullable": true + }, + "closed_by": { + "$ref": "#/components/schemas/case_response_closed_by_properties" + }, + "comments": { + "title": "Case response properties for comments", + "description": "An array of comment objects for the case.", + "type": "array", + "items": { + "discriminator": { + "propertyName": "type" + }, + "oneOf": [ + { + "$ref": "#/components/schemas/alert_comment_response_properties" + }, + { + "$ref": "#/components/schemas/user_comment_response_properties" + } + ] + } + }, + "connector": { + "title": "Case response properties for connectors", + "discriminator": { + "propertyName": "type" + }, + "oneOf": [ + { + "$ref": "#/components/schemas/connector_properties_none" + }, + { + "$ref": "#/components/schemas/connector_properties_cases_webhook" + }, + { + "$ref": "#/components/schemas/connector_properties_jira" + }, + { + "$ref": "#/components/schemas/connector_properties_resilient" + }, + { + "$ref": "#/components/schemas/connector_properties_servicenow" + }, + { + "$ref": "#/components/schemas/connector_properties_servicenow_sir" + }, + { + "$ref": "#/components/schemas/connector_properties_swimlane" + } + ] + }, + "created_at": { + "type": "string", + "format": "date-time", + "example": "2022-05-13T09:16:17.416Z" + }, + "created_by": { + "$ref": "#/components/schemas/case_response_created_by_properties" + }, + "description": { + "type": "string", + "example": "A case description." + }, + "duration": { + "type": "integer", + "description": "The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero.\n", + "nullable": true, + "example": 120 + }, + "external_service": { + "$ref": "#/components/schemas/external_service" + }, + "id": { + "type": "string", + "example": "66b9aa00-94fa-11ea-9f74-e7e108796192" + }, + "owner": { + "$ref": "#/components/schemas/owners" + }, + "settings": { + "$ref": "#/components/schemas/settings" + }, + "severity": { + "$ref": "#/components/schemas/severity_property" + }, + "status": { + "$ref": "#/components/schemas/status" + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "tag-1" + ] + }, + "title": { + "type": "string", + "example": "Case title 1" + }, + "totalAlerts": { + "type": "integer", + "example": 0 + }, + "totalComment": { + "type": "integer", + "example": 0 + }, + "updated_at": { + "type": "string", + "format": "date-time", + "nullable": true + }, + "updated_by": { + "$ref": "#/components/schemas/case_response_updated_by_properties" + }, + "version": { + "type": "string", + "example": "WzUzMiwxXQ==" + } + } + }, + "update_case_request": { + "title": "Update case request", + "description": "The update case API request body varies depending on the type of connector.", + "type": "object", + "required": [ + "cases" + ], + "properties": { + "cases": { + "type": "array", + "description": "An array containing one or more case objects.", + "items": { + "type": "object", + "required": [ + "id", + "version" + ], + "properties": { + "assignees": { + "$ref": "#/components/schemas/assignees" + }, + "connector": { + "oneOf": [ + { + "$ref": "#/components/schemas/connector_properties_none" + }, + { + "$ref": "#/components/schemas/connector_properties_cases_webhook" + }, + { + "$ref": "#/components/schemas/connector_properties_jira" + }, + { + "$ref": "#/components/schemas/connector_properties_resilient" + }, + { + "$ref": "#/components/schemas/connector_properties_servicenow" + }, + { + "$ref": "#/components/schemas/connector_properties_servicenow_sir" + }, + { + "$ref": "#/components/schemas/connector_properties_swimlane" + } + ] + }, + "description": { + "description": "An updated description for the case.", + "type": "string" + }, + "id": { + "description": "The identifier for the case.", + "type": "string" + }, + "settings": { + "$ref": "#/components/schemas/settings" + }, + "severity": { + "$ref": "#/components/schemas/severity_property" + }, + "status": { + "$ref": "#/components/schemas/status" + }, + "tags": { + "description": "The words and phrases that help categorize cases.", + "type": "array", + "items": { + "type": "string" + } + }, + "title": { + "description": "A title for the case.", + "type": "string" + }, + "version": { + "description": "The current version of the case. To determine this value, use the get case or find cases APIs.", + "type": "string" + } + } + } + } + } + }, "closure_types": { "type": "string", "description": "Indicates whether a case is automatically closed when it is pushed to external systems (`close-by-pushing`) or not automatically closed (`close-by-user`).", @@ -4569,6 +3082,20 @@ ], "example": "close-by-user" }, + "connector_types": { + "type": "string", + "description": "The type of connector.", + "enum": [ + ".cases-webhook", + ".jira", + ".none", + ".resilient", + ".servicenow", + ".servicenow-sir", + ".swimlane" + ], + "example": ".none" + }, "alert_response_properties": { "type": "object", "properties": { @@ -4586,78 +3113,94 @@ } } }, - "add_alert_comment_request_properties": { + "alert_identifiers": { + "title": "Alert identifiers", + "description": "The alert identifier. It is required only when `type` is `alert`. If it is an array, `index` must also be an array with the same length or number of elements. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.\n", + "oneOf": [ + { + "type": "string" + }, + { + "type": "array", + "items": { + "type": "string" + } + } + ], + "x-technical-preview": true, + "example": "6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42" + }, + "alert_indices": { + "title": "Alert indices", + "description": "The alert index. It is required only when `type` is `alert`. If it is an array, `alertId` must also be an array with the same length or number of elements. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.\n", + "oneOf": [ + { + "type": "string" + }, + { + "type": "array", + "items": { + "type": "string" + } + } + ], + "x-technical-preview": true + }, + "rule": { + "title": "Alerting rule", + "description": "The rule that is associated with the alert. It is required only when `type` is `alert`. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.\n", "type": "object", + "x-technical-preview": true, "properties": { - "alertId": { - "description": "The alert identifier. It is required only when `type` is `alert`. If it is an array, `index` must also be an array. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.\n", - "oneOf": [ - { - "type": "string" - }, - { - "type": "array", - "items": { - "type": "string" - } - } - ], - "x-technical-preview": true, - "example": "6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42" + "id": { + "description": "The rule identifier.", + "type": "string", + "example": "94d80550-aaf4-11ec-985f-97e55adae8b9" + }, + "name": { + "description": "The rule name.", + "type": "string", + "example": "security_rule" + } + } + }, + "add_alert_comment_request_properties": { + "title": "Add case comment request properties for alerts", + "required": [ + "alertId", + "index", + "owner", + "rule", + "type" + ], + "description": "Defines properties for case comment requests when type is alert.", + "type": "object", + "properties": { + "alertId": { + "$ref": "#/components/schemas/alert_identifiers" }, "index": { - "description": "The alert index. It is required only when `type` is `alert`. If it is an array, `alertId` must also be an array. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.\n", - "oneOf": [ - { - "type": "string" - }, - { - "type": "array", - "items": { - "type": "string" - } - } - ], - "x-technical-preview": true + "$ref": "#/components/schemas/alert_indices" }, "owner": { "$ref": "#/components/schemas/owners" }, "rule": { - "description": "The rule that is associated with the alert. It is required only when `type` is `alert`. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.\n", - "type": "object", - "x-technical-preview": true, - "properties": { - "id": { - "description": "The rule identifier.", - "type": "string", - "example": "94d80550-aaf4-11ec-985f-97e55adae8b9" - }, - "name": { - "description": "The rule name.", - "type": "string", - "example": "security_rule" - } - } + "$ref": "#/components/schemas/rule" }, "type": { "description": "The type of comment.", "type": "string", + "example": "alert", "enum": [ "alert" - ], - "example": "alert" + ] } - }, - "required": [ - "alertId", - "index", - "owner", - "rule", - "type" - ] + } }, "add_user_comment_request_properties": { + "title": "Add case comment request properties for user comments", + "description": "Defines properties for case comment requests when type is user.", "type": "object", "properties": { "comment": { @@ -4671,10 +3214,10 @@ "type": { "type": "string", "description": "The type of comment.", + "example": "user", "enum": [ "user" - ], - "example": "user" + ] } }, "required": [ @@ -4683,24 +3226,37 @@ "type" ] }, + "add_case_comment_request": { + "title": "Add case comment request", + "description": "The add comment to case API request body varies depending on whether you are adding an alert or a comment.", + "discriminator": { + "propertyName": "type" + }, + "oneOf": [ + { + "$ref": "#/components/schemas/add_alert_comment_request_properties" + }, + { + "$ref": "#/components/schemas/add_user_comment_request_properties" + } + ] + }, "update_alert_comment_request_properties": { + "title": "Update case comment request properties for alerts", + "description": "Defines properties for case comment requests when type is alert.", + "required": [ + "alertId", + "id", + "index", + "owner", + "rule", + "type", + "version" + ], "type": "object", "properties": { "alertId": { - "description": "The alert identifier. It is required only when `type` is `alert`. If it is an array, `index` must also be an array. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.\n", - "oneOf": [ - { - "type": "string" - }, - { - "type": "array", - "items": { - "type": "string" - } - } - ], - "x-technical-preview": true, - "example": "6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42" + "$ref": "#/components/schemas/alert_identifiers" }, "id": { "type": "string", @@ -4708,39 +3264,13 @@ "example": "8af6ac20-74f6-11ea-b83a-553aecdb28b6" }, "index": { - "description": "The alert index. It is required only when `type` is `alert`. If it is an array, `alertId` must also be an array. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.\n", - "oneOf": [ - { - "type": "string" - }, - { - "type": "array", - "items": { - "type": "string" - } - } - ], - "x-technical-preview": true + "$ref": "#/components/schemas/alert_indices" }, "owner": { "$ref": "#/components/schemas/owners" }, "rule": { - "description": "The rule that is associated with the alert. It is required only when `type` is `alert`. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.\n", - "type": "object", - "x-technical-preview": true, - "properties": { - "id": { - "description": "The rule identifier.", - "type": "string", - "example": "94d80550-aaf4-11ec-985f-97e55adae8b9" - }, - "name": { - "description": "The rule name.", - "type": "string", - "example": "security_rule" - } - } + "$ref": "#/components/schemas/rule" }, "type": { "description": "The type of comment.", @@ -4755,18 +3285,11 @@ "type": "string", "example": "Wzk1LDFd" } - }, - "required": [ - "alertId", - "id", - "index", - "owner", - "rule", - "type", - "version" - ] + } }, "update_user_comment_request_properties": { + "title": "Update case comment request properties for user comments", + "description": "Defines properties for case comment requests when type is user.", "type": "object", "properties": { "comment": { @@ -4804,6 +3327,21 @@ "version" ] }, + "update_case_comment_request": { + "title": "Update case comment request", + "description": "The update case comment API request body varies depending on whether you are updating an alert or a comment.", + "discriminator": { + "propertyName": "type" + }, + "oneOf": [ + { + "$ref": "#/components/schemas/update_alert_comment_request_properties" + }, + { + "$ref": "#/components/schemas/update_user_comment_request_properties" + } + ] + }, "actions": { "type": "string", "enum": [ @@ -4877,6 +3415,14 @@ } } }, + "payload_assignees": { + "type": "object", + "properties": { + "assignees": { + "$ref": "#/components/schemas/assignees" + } + } + }, "payload_connector": { "type": "object", "properties": { @@ -4897,8 +3443,9 @@ "type": "string" }, "destIp": { - "description": "A comma-separated list of destination IPs for ServiceNow SecOps connectors.", - "type": "string" + "description": "Indicates whether cases will send a comma-separated list of destination IPs for ServiceNow SecOps connectors.", + "type": "boolean", + "nullable": true }, "impact": { "description": "The effect an incident had on business for ServiceNow ITSM connectors.", @@ -4912,16 +3459,18 @@ "description": "The type of incident for IBM Resilient connectors.", "type": "array", "items": { - "type": "number" + "type": "string" } }, "malwareHash": { - "description": "A comma-separated list of malware hashes for ServiceNow SecOps connectors.", - "type": "string" + "description": "Indicates whether cases will send a comma-separated list of malware hashes for ServiceNow SecOps connectors.", + "type": "boolean", + "nullable": true }, "malwareUrl": { - "description": "A comma-separated list of malware URLs for ServiceNow SecOps connectors.", - "type": "string" + "description": "Indicates whether cases will send a comma-separated list of malware URLs for ServiceNow SecOps connectors.", + "type": "boolean", + "nullable": true }, "parent": { "description": "The key of the parent issue, when the issue type is sub-task for Jira connectors.", @@ -4937,11 +3486,12 @@ }, "severityCode": { "description": "The severity code of the incident for IBM Resilient connectors.", - "type": "number" + "type": "string" }, "sourceIp": { - "description": "A comma-separated list of source IPs for ServiceNow SecOps connectors.", - "type": "string" + "description": "Indicates whether cases will send a comma-separated list of source IPs for ServiceNow SecOps connectors.", + "type": "boolean", + "nullable": true }, "subcategory": { "description": "The subcategory of the incident for ServiceNow ITSM connectors.", @@ -4974,6 +3524,9 @@ "payload_create_case": { "type": "object", "properties": { + "assignees": { + "$ref": "#/components/schemas/assignees" + }, "connector": { "type": "object", "properties": { @@ -4991,8 +3544,9 @@ "type": "string" }, "destIp": { - "description": "A comma-separated list of destination IPs for ServiceNow SecOps connectors.", - "type": "string" + "description": "Indicates whether cases will send a comma-separated list of destination IPs for ServiceNow SecOps connectors.", + "type": "boolean", + "nullable": true }, "impact": { "description": "The effect an incident had on business for ServiceNow ITSM connectors.", @@ -5006,16 +3560,18 @@ "description": "The type of incident for IBM Resilient connectors.", "type": "array", "items": { - "type": "number" + "type": "string" } }, "malwareHash": { - "description": "A comma-separated list of malware hashes for ServiceNow SecOps connectors.", - "type": "string" + "description": "Indicates whether cases will send a comma-separated list of malware hashes for ServiceNow SecOps connectors.", + "type": "boolean", + "nullable": true }, "malwareUrl": { - "description": "A comma-separated list of malware URLs for ServiceNow SecOps connectors.", - "type": "string" + "description": "Indicates whether cases will send a comma-separated list of malware URLs for ServiceNow SecOps connectors.", + "type": "boolean", + "nullable": true }, "parent": { "description": "The key of the parent issue, when the issue type is sub-task for Jira connectors.", @@ -5031,11 +3587,12 @@ }, "severityCode": { "description": "The severity code of the incident for IBM Resilient connectors.", - "type": "number" + "type": "string" }, "sourceIp": { - "description": "A comma-separated list of source IPs for ServiceNow SecOps connectors.", - "type": "string" + "description": "Indicates whether cases will send a comma-separated list of source IPs for ServiceNow SecOps connectors.", + "type": "boolean", + "nullable": true }, "subcategory": { "description": "The subcategory of the incident for ServiceNow ITSM connectors.", @@ -5092,6 +3649,11 @@ } } }, + "payload_delete": { + "type": "object", + "description": "If the `action` is `delete` and the `type` is `delete_case`, the payload is nullable.", + "nullable": true + }, "payload_description": { "type": "object", "properties": { @@ -5180,6 +3742,7 @@ "type": "string", "description": "The type of action.", "enum": [ + "assignees", "create_case", "comment", "connector", @@ -5196,6 +3759,17 @@ }, "user_actions_response_properties": { "type": "object", + "required": [ + "action", + "action_id", + "case_id", + "comment_id", + "created_at", + "created_by", + "owner", + "payload", + "type" + ], "properties": { "action": { "$ref": "#/components/schemas/actions" @@ -5210,6 +3784,7 @@ }, "comment_id": { "type": "string", + "nullable": true, "example": "578608d0-03b1-11ed-920c-974bfa104448" }, "created_at": { @@ -5222,21 +3797,29 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", - "example": "elastic" + "example": "elastic", + "nullable": true }, "profile_uid": { "type": "string", "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" } - } + }, + "required": [ + "email", + "full_name", + "username" + ] }, "owner": { "$ref": "#/components/schemas/owners" @@ -5246,12 +3829,18 @@ { "$ref": "#/components/schemas/payload_alert_comment" }, + { + "$ref": "#/components/schemas/payload_assignees" + }, { "$ref": "#/components/schemas/payload_connector" }, { "$ref": "#/components/schemas/payload_create_case" }, + { + "$ref": "#/components/schemas/payload_delete" + }, { "$ref": "#/components/schemas/payload_description" }, @@ -5276,8 +3865,7 @@ { "$ref": "#/components/schemas/payload_user_comment" } - ], - "nullable": true + ] }, "type": { "$ref": "#/components/schemas/action_types" @@ -5311,31 +3899,32 @@ } }, "create_case_response": { - "summary": "The create case API returns a JSON object that includes the user who created the case and the case identifier, version, and creation time.", + "summary": "The create case API returns a JSON object that contains details about the case.", "value": { - "id": "66b9aa00-94fa-11ea-9f74-e7e108796192", - "version": "WzUzMiwxXQ==", "comments": [], - "totalComment": 0, "totalAlerts": 0, + "id": "66b9aa00-94fa-11ea-9f74-e7e108796192", + "version": "WzUzMiwxXQ==", + "totalComment": 1, "title": "Case title 1", "tags": [ - "tag-1" + "tag 1" ], + "assignees": [], + "description": "A case description.", "settings": { - "syncAlerts": true + "syncAlerts": false }, "owner": "cases", - "description": "A case description.", "duration": null, "severity": "low", "closed_at": null, "closed_by": null, - "created_at": "2022-05-13T09:16:17.416Z", + "created_at": "2022-03-24T00:37:03.906Z", "created_by": { - "email": null, + "username": "elastic", "full_name": null, - "username": "elastic" + "email": null }, "status": "open", "updated_at": null, @@ -5416,6 +4005,7 @@ "full_name": null, "username": "elastic" }, + "assignees": [], "connector": { "id": "131d4448-abe0-4789-939d-8ef60680b498", "name": "My connector", @@ -5481,6 +4071,7 @@ "full_name": null, "username": "elastic" }, + "assignees": [], "connector": { "id": "none", "name": "none", @@ -5495,6 +4086,60 @@ "count_closed_cases": 0 } }, + "set_case_configuration_request": { + "summary": "Set the closure type and default connector for Stack Management cases.", + "value": { + "owner": "cases", + "connector": { + "id": "5e656730-e1ca-11ec-be9b-9b1838238ee6", + "name": "my-jira-connector", + "type": ".jira", + "fields": null + }, + "closure_type": "close-by-user" + } + }, + "set_case_configuration_response": { + "summary": "This is an example response when the case configuration was updated.", + "value": { + "closure_type": "close-by-user", + "owner": "cases", + "created_at": "2022-06-01T17:07:17.767Z", + "created_by": { + "username": "elastic", + "email": "null,", + "full_name": null + }, + "updated_at": null, + "updated_by": null, + "connector": { + "id": "5e656730-e1ca-11ec-be9b-9b1838238ee6", + "name": "my-jira-connector", + "type": ".jira", + "fields": null + }, + "mappings": [ + { + "source": "title", + "target": "summary", + "action_type": "overwrite" + }, + { + "source": "description", + "target": "description", + "action_type": "overwrite" + }, + { + "source": "comments", + "target": "comments", + "action_type": "append" + } + ], + "version": "WzIwNzMsMV0=", + "error": null, + "id": "4a97a440-e1cd-11ec-be9b-9b1838238ee6" + } + }, "find_connector_response": { "summary": "Retrieve information about the connectors and their settings.", "value": [ @@ -5602,6 +4247,11 @@ "email": null, "username": "elastic" }, + "assignees": [ + { + "uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0" + } + ], "connector": { "id": "none", "name": "none", @@ -5644,11 +4294,7 @@ "username": "elastic", "email": null, "full_name": null - }, - "pushed_at": null, - "pushed_by": null, - "updated_at": null, - "updated_by": null + } } ], "totalAlerts": 0, @@ -5670,9 +4316,9 @@ "closed_by": null, "created_at": "2022-03-24T00:37:03.906Z", "created_by": { - "email": null, + "username": "elastic", "full_name": null, - "username": "elastic" + "email": null }, "status": "open", "updated_at": "2022-06-03T00:49:47.716Z", @@ -5696,7 +4342,8 @@ "id": "8af6ac20-74f6-11ea-b83a-553aecdb28b6", "version": "Wzk1LDFd", "type": "user", - "comment": "An updated comment." + "comment": "An updated comment.", + "owner": "cases" } }, "update_comment_response": { @@ -5847,39 +4494,45 @@ "summary": "Retrieves all activity for a case", "value": [ { - "created_at": "2022-07-14T20:11:24.947Z", + "action_id": "b4cd0770-07c9-11ed-a5fd-47154cb8767e", + "action": "create", + "case_id": "22df07d0-03b1-11ed-920c-974bfa104448", + "comment_id": "578608d0-03b1-11ed-920c-974bfa104448", + "created_at": "2022-07-20T01:17:22.150Z", "created_by": { "username": "elastic", "email": null, "full_name": null }, "owner": "cases", - "action": "create", "payload": { - "description": "A case description", - "title": "Case title 1", - "tags": [ - "tag 1" - ], + "assignees": null, "connector": { "name": "none", "type": ".none", "fields": null, "id": "none" }, + "description": "test", + "tags": [ + "mine" + ], + "title": "test-case", + "owner": "cases", "settings": { - "syncAlerts": true + "syncAlerts": false }, - "owner": "cases", "severity": "low", - "status": "open" + "status": "open", + "type": "create_case" }, - "type": "create_case", - "action_id": "22fd3e30-03b1-11ed-920c-974bfa104448", - "case_id": "22df07d0-03b1-11ed-920c-974bfa104448", - "comment_id": null + "type": "comment" }, { + "action_id": "57af14a0-03b1-11ed-920c-974bfa104448", + "action": "create", + "case_id": "22df07d0-03b1-11ed-920c-974bfa104448", + "comment_id": "578608d0-03b1-11ed-920c-974bfa104448", "created_at": "2022-07-14T20:12:53.354Z", "created_by": { "username": "elastic", @@ -5887,18 +4540,47 @@ "full_name": null }, "owner": "cases", - "action": "create", "payload": { - "comment": { - "type": "user", - "owner": "cases", - "comment": "A new comment" + "comment": "A new comment", + "owner": "cases", + "type": "user" + }, + "type": "comment" + }, + { + "action_id": "573c6980-6123-11ed-aa41-81a0a61fe447", + "action": "add", + "case_id": "22df07d0-03b1-11ed-920c-974bfa104448", + "comment_id": null, + "created_at": "2022-07-20T01:10:28.238Z", + "created_by": { + "username": "elastic", + "email": null, + "full_name": null, + "profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0" + }, + "owner": "cases", + "payload": { + "assignees": { + "uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0" } }, - "type": "comment", - "action_id": "57af14a0-03b1-11ed-920c-974bfa104448", + "type": "assignees" + }, + { + "action_id": "fff460e0-07c9-11ed-a5fd-47154cb8767e", + "action": "delete", "case_id": "22df07d0-03b1-11ed-920c-974bfa104448", - "comment_id": "578608d0-03b1-11ed-920c-974bfa104448" + "comment_id": null, + "created_at": "2022-07-20T01:19:28.238Z", + "created_by": { + "username": "elastic", + "email": null, + "full_name": null + }, + "owner": "cases", + "payload": null, + "type": "delete_case" } ] } diff --git a/x-pack/plugins/cases/docs/openapi/bundled.yaml b/x-pack/plugins/cases/docs/openapi/bundled.yaml index 7f02703b161a69..b99f1c74e2d0af 100644 --- a/x-pack/plugins/cases/docs/openapi/bundled.yaml +++ b/x-pack/plugins/cases/docs/openapi/bundled.yaml @@ -11,8 +11,6 @@ info: tags: - name: cases description: Case APIs enable you to open and track issues. - - name: kibana - description: Kibana APIs enable you to interact with Kibana features. servers: - url: http://localhost:5601 description: local @@ -21,151 +19,19 @@ paths: post: summary: Creates a case. operationId: createCase - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the - Kibana feature privileges, depending on the owner of the case you're - creating. + description: | + You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're creating. tags: - cases parameters: - $ref: '#/components/parameters/kbn_xsrf' - $ref: '#/components/parameters/space_id' requestBody: + required: true content: application/json: schema: - type: object - properties: - connector: - description: An object that contains the connector configuration. - type: object - properties: - fields: - description: >- - An object containing the connector fields. To create a - case without a connector, specify null. If you want to - omit any individual field, specify null as its value. - nullable: true - type: object - properties: - caseId: - description: The case identifier for Swimlane connectors. - type: string - category: - description: >- - The category of the incident for ServiceNow ITSM and - ServiceNow SecOps connectors. - type: string - destIp: - description: >- - A comma-separated list of destination IPs for - ServiceNow SecOps connectors. - type: string - impact: - description: >- - The effect an incident had on business for - ServiceNow ITSM connectors. - type: string - issueType: - description: The type of issue for Jira connectors. - type: string - issueTypes: - description: The type of incident for IBM Resilient connectors. - type: array - items: - type: number - malwareHash: - description: >- - A comma-separated list of malware hashes for - ServiceNow SecOps connectors. - type: string - malwareUrl: - description: >- - A comma-separated list of malware URLs for - ServiceNow SecOps connectors. - type: string - parent: - description: >- - The key of the parent issue, when the issue type is - sub-task for Jira connectors. - type: string - priority: - description: >- - The priority of the issue for Jira and ServiceNow - SecOps connectors. - type: string - severity: - description: >- - The severity of the incident for ServiceNow ITSM - connectors. - type: string - severityCode: - description: >- - The severity code of the incident for IBM Resilient - connectors. - type: number - sourceIp: - description: >- - A comma-separated list of source IPs for ServiceNow - SecOps connectors. - type: string - subcategory: - description: >- - The subcategory of the incident for ServiceNow ITSM - connectors. - type: string - urgency: - description: >- - The extent to which the incident resolution can be - delayed for ServiceNow ITSM connectors. - type: string - example: null - id: - description: >- - The identifier for the connector. To create a case - without a connector, use `none`. - type: string - example: none - name: - description: >- - The name of the connector. To create a case without a - connector, use `none`. - type: string - example: none - type: - $ref: '#/components/schemas/connector_types' - required: - - fields - - id - - name - - type - description: - description: The description for the case. - type: string - owner: - $ref: '#/components/schemas/owners' - settings: - $ref: '#/components/schemas/settings' - severity: - $ref: '#/components/schemas/severity_property' - tags: - description: >- - The words and phrases that help categorize cases. It can be - an empty array. - type: array - items: - type: string - title: - description: A title for the case. - type: string - required: - - connector - - description - - owner - - settings - - tags - - title + $ref: '#/components/schemas/create_case_request' examples: createCaseRequest: $ref: '#/components/examples/create_case_request' @@ -173,221 +39,9 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: - type: object - properties: - closed_at: - type: string - format: date-time - nullable: true - example: null - closed_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - nullable: true - example: null - comments: - type: array - items: - oneOf: - - $ref: >- - #/components/schemas/alert_comment_response_properties - - $ref: >- - #/components/schemas/user_comment_response_properties - example: [] - connector: - type: object - properties: - fields: - description: >- - An object containing the connector fields. To create a - case without a connector, specify null. If you want to - omit any individual field, specify null as its value. - nullable: true - type: object - properties: - caseId: - description: The case identifier for Swimlane connectors. - type: string - category: - description: >- - The category of the incident for ServiceNow ITSM - and ServiceNow SecOps connectors. - type: string - destIp: - description: >- - A comma-separated list of destination IPs for - ServiceNow SecOps connectors. - type: string - impact: - description: >- - The effect an incident had on business for - ServiceNow ITSM connectors. - type: string - issueType: - description: The type of issue for Jira connectors. - type: string - issueTypes: - description: The type of incident for IBM Resilient connectors. - type: array - items: - type: number - malwareHash: - description: >- - A comma-separated list of malware hashes for - ServiceNow SecOps connectors. - type: string - malwareUrl: - description: >- - A comma-separated list of malware URLs for - ServiceNow SecOps connectors. - type: string - parent: - description: >- - The key of the parent issue, when the issue type - is sub-task for Jira connectors. - type: string - priority: - description: >- - The priority of the issue for Jira and ServiceNow - SecOps connectors. - type: string - severity: - description: >- - The severity of the incident for ServiceNow ITSM - connectors. - type: string - severityCode: - description: >- - The severity code of the incident for IBM - Resilient connectors. - type: number - sourceIp: - description: >- - A comma-separated list of source IPs for - ServiceNow SecOps connectors. - type: string - subcategory: - description: >- - The subcategory of the incident for ServiceNow - ITSM connectors. - type: string - urgency: - description: >- - The extent to which the incident resolution can be - delayed for ServiceNow ITSM connectors. - type: string - example: null - id: - description: >- - The identifier for the connector. To create a case - without a connector, use `none`. - type: string - example: none - name: - description: >- - The name of the connector. To create a case without a - connector, use `none`. - type: string - example: none - type: - $ref: '#/components/schemas/connector_types' - created_at: - type: string - format: date-time - example: '2022-05-13T09:16:17.416Z' - created_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - description: - type: string - example: A case description. - duration: - type: integer - description: > - The elapsed time from the creation of the case to its - closure (in seconds). If the case has not been closed, the - duration is set to null. If the case was closed after less - than half a second, the duration is rounded down to zero. - example: 120 - external_service: - $ref: '#/components/schemas/external_service' - id: - type: string - example: 66b9aa00-94fa-11ea-9f74-e7e108796192 - owner: - $ref: '#/components/schemas/owners' - settings: - $ref: '#/components/schemas/settings' - severity: - $ref: '#/components/schemas/severity_property' - status: - $ref: '#/components/schemas/status' - tags: - type: array - items: - type: string - example: - - tag-1 - title: - type: string - example: Case title 1 - totalAlerts: - type: integer - example: 0 - totalComment: - type: integer - example: 0 - updated_at: - type: string - format: date-time - nullable: true - example: null - updated_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - nullable: true - example: null - version: - type: string - example: WzUzMiwxXQ== + $ref: '#/components/schemas/case_response_properties' examples: createCaseResponse: $ref: '#/components/examples/create_case_response' @@ -396,20 +50,15 @@ paths: delete: summary: Deletes one or more cases. operationId: deleteCase - description: > - You must have `read` or `all` privileges and the `delete` sub-feature - privilege for the **Cases** feature in the **Management**, - **Observability**, or **Security** section of the Kibana feature - privileges, depending on the owner of the cases you're deleting. + description: | + You must have `read` or `all` privileges and the `delete` sub-feature privilege for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting. tags: - cases parameters: - $ref: '#/components/parameters/kbn_xsrf' - $ref: '#/components/parameters/space_id' - name: ids - description: >- - The cases that you want to removed. All non-ASCII characters must be - URL encoded. + description: The cases that you want to removed. All non-ASCII characters must be URL encoded. in: query required: true schema: @@ -423,11 +72,8 @@ paths: patch: summary: Updates one or more cases. operationId: updateCase - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the - Kibana feature privileges, depending on the owner of the case you're - updating. + description: | + You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating. tags: - cases parameters: @@ -437,145 +83,7 @@ paths: content: application/json: schema: - type: object - properties: - cases: - type: array - items: - type: object - properties: - connector: - description: An object that contains the connector configuration. - type: object - properties: - fields: - description: >- - An object containing the connector fields. To - create a case without a connector, specify null. - If you want to omit any individual field, specify - null as its value. - nullable: true - type: object - properties: - caseId: - description: The case identifier for Swimlane connectors. - type: string - category: - description: >- - The category of the incident for ServiceNow - ITSM and ServiceNow SecOps connectors. - type: string - destIp: - description: >- - A comma-separated list of destination IPs for - ServiceNow SecOps connectors. - type: string - impact: - description: >- - The effect an incident had on business for - ServiceNow ITSM connectors. - type: string - issueType: - description: The type of issue for Jira connectors. - type: string - issueTypes: - description: >- - The type of incident for IBM Resilient - connectors. - type: array - items: - type: number - malwareHash: - description: >- - A comma-separated list of malware hashes for - ServiceNow SecOps connectors. - type: string - malwareUrl: - description: >- - A comma-separated list of malware URLs for - ServiceNow SecOps connectors. - type: string - parent: - description: >- - The key of the parent issue, when the issue - type is sub-task for Jira connectors. - type: string - priority: - description: >- - The priority of the issue for Jira and - ServiceNow SecOps connectors. - type: string - severity: - description: >- - The severity of the incident for ServiceNow - ITSM connectors. - type: string - severityCode: - description: >- - The severity code of the incident for IBM - Resilient connectors. - type: number - sourceIp: - description: >- - A comma-separated list of source IPs for - ServiceNow SecOps connectors. - type: string - subcategory: - description: >- - The subcategory of the incident for ServiceNow - ITSM connectors. - type: string - urgency: - description: >- - The extent to which the incident resolution - can be delayed for ServiceNow ITSM connectors. - type: string - example: null - id: - description: >- - The identifier for the connector. To create a case - without a connector, use `none`. - type: string - example: none - name: - description: >- - The name of the connector. To create a case - without a connector, use `none`. - type: string - example: none - type: - $ref: '#/components/schemas/connector_types' - required: - - fields - - id - - name - - type - description: - description: The description for the case. - type: string - id: - description: The identifier for the case. - type: string - settings: - $ref: '#/components/schemas/settings' - severity: - $ref: '#/components/schemas/severity_property' - status: - $ref: '#/components/schemas/status' - tags: - description: The words and phrases that help categorize cases. - type: array - items: - type: string - title: - description: A title for the case. - type: string - version: - description: The current version of the case. - type: string - required: - - id - - version + $ref: '#/components/schemas/update_case_request' examples: updateCaseRequest: $ref: '#/components/examples/update_case_request' @@ -583,221 +91,11 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: - type: object - properties: - closed_at: - type: string - format: date-time - nullable: true - example: null - closed_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - nullable: true - example: null - comments: - type: array - items: - oneOf: - - $ref: >- - #/components/schemas/alert_comment_response_properties - - $ref: >- - #/components/schemas/user_comment_response_properties - example: [] - connector: - type: object - properties: - fields: - description: >- - An object containing the connector fields. To create a - case without a connector, specify null. If you want to - omit any individual field, specify null as its value. - nullable: true - type: object - properties: - caseId: - description: The case identifier for Swimlane connectors. - type: string - category: - description: >- - The category of the incident for ServiceNow ITSM - and ServiceNow SecOps connectors. - type: string - destIp: - description: >- - A comma-separated list of destination IPs for - ServiceNow SecOps connectors. - type: string - impact: - description: >- - The effect an incident had on business for - ServiceNow ITSM connectors. - type: string - issueType: - description: The type of issue for Jira connectors. - type: string - issueTypes: - description: The type of incident for IBM Resilient connectors. - type: array - items: - type: number - malwareHash: - description: >- - A comma-separated list of malware hashes for - ServiceNow SecOps connectors. - type: string - malwareUrl: - description: >- - A comma-separated list of malware URLs for - ServiceNow SecOps connectors. - type: string - parent: - description: >- - The key of the parent issue, when the issue type - is sub-task for Jira connectors. - type: string - priority: - description: >- - The priority of the issue for Jira and ServiceNow - SecOps connectors. - type: string - severity: - description: >- - The severity of the incident for ServiceNow ITSM - connectors. - type: string - severityCode: - description: >- - The severity code of the incident for IBM - Resilient connectors. - type: number - sourceIp: - description: >- - A comma-separated list of source IPs for - ServiceNow SecOps connectors. - type: string - subcategory: - description: >- - The subcategory of the incident for ServiceNow - ITSM connectors. - type: string - urgency: - description: >- - The extent to which the incident resolution can be - delayed for ServiceNow ITSM connectors. - type: string - example: null - id: - description: >- - The identifier for the connector. To create a case - without a connector, use `none`. - type: string - example: none - name: - description: >- - The name of the connector. To create a case without a - connector, use `none`. - type: string - example: none - type: - $ref: '#/components/schemas/connector_types' - created_at: - type: string - format: date-time - example: '2022-05-13T09:16:17.416Z' - created_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - description: - type: string - example: A case description. - duration: - type: integer - description: > - The elapsed time from the creation of the case to its - closure (in seconds). If the case has not been closed, the - duration is set to null. If the case was closed after less - than half a second, the duration is rounded down to zero. - example: 120 - external_service: - $ref: '#/components/schemas/external_service' - id: - type: string - example: 66b9aa00-94fa-11ea-9f74-e7e108796192 - owner: - $ref: '#/components/schemas/owners' - settings: - $ref: '#/components/schemas/settings' - severity: - $ref: '#/components/schemas/severity_property' - status: - $ref: '#/components/schemas/status' - tags: - type: array - items: - type: string - example: - - tag-1 - title: - type: string - example: Case title 1 - totalAlerts: - type: integer - example: 0 - totalComment: - type: integer - example: 0 - updated_at: - type: string - format: date-time - nullable: true - example: null - updated_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - nullable: true - example: null - version: - type: string - example: WzUzMiwxXQ== + type: array + items: + $ref: '#/components/schemas/case_response_properties' examples: updateCaseResponse: $ref: '#/components/examples/update_case_response' @@ -809,10 +107,8 @@ paths: get: summary: Retrieves a paginated subset of cases. operationId: getCases - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're seeking. + description: | + You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. tags: - cases parameters: @@ -833,13 +129,8 @@ paths: type: string - name: from in: query - description: > - [preview] Returns only cases that were created after a specific - date. The date must be specified as a KQL data range or date match - expression. This functionality is in technical preview and may be - changed or removed in a future release. Elastic will apply best - effort to fix any issues, but features in technical preview are not - subject to the support SLA of official GA features. + description: | + [preview] Returns only cases that were created after a specific date. The date must be specified as a KQL data range or date match expression. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. schema: type: string example: now-1d @@ -870,9 +161,7 @@ paths: example: elastic - name: search in: query - description: >- - An Elasticsearch simple_query_string query that filters the objects - in the response. + description: An Elasticsearch simple_query_string query that filters the objects in the response. schema: type: string - name: searchFields @@ -927,13 +216,8 @@ paths: example: tag-1 - name: to in: query - description: > - [preview] Returns only cases that were created before a specific - date. The date must be specified as a KQL data range or date match - expression. This functionality is in technical preview and may be - changed or removed in a future release. Elastic will apply best - effort to fix any issues, but features in technical preview are not - subject to the support SLA of official GA features. + description: | + [preview] Returns only cases that were created before a specific date. The date must be specified as a KQL data range or date match expression. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. schema: type: string example: now+1d @@ -941,231 +225,14 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: object properties: cases: type: array items: - type: object - properties: - closed_at: - type: string - format: date-time - nullable: true - example: null - closed_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - nullable: true - example: null - comments: - type: array - items: - oneOf: - - $ref: >- - #/components/schemas/alert_comment_response_properties - - $ref: >- - #/components/schemas/user_comment_response_properties - example: [] - connector: - type: object - properties: - fields: - description: >- - An object containing the connector fields. To - create a case without a connector, specify null. - If you want to omit any individual field, - specify null as its value. - nullable: true - type: object - properties: - caseId: - description: The case identifier for Swimlane connectors. - type: string - category: - description: >- - The category of the incident for ServiceNow - ITSM and ServiceNow SecOps connectors. - type: string - destIp: - description: >- - A comma-separated list of destination IPs - for ServiceNow SecOps connectors. - type: string - impact: - description: >- - The effect an incident had on business for - ServiceNow ITSM connectors. - type: string - issueType: - description: The type of issue for Jira connectors. - type: string - issueTypes: - description: >- - The type of incident for IBM Resilient - connectors. - type: array - items: - type: number - malwareHash: - description: >- - A comma-separated list of malware hashes for - ServiceNow SecOps connectors. - type: string - malwareUrl: - description: >- - A comma-separated list of malware URLs for - ServiceNow SecOps connectors. - type: string - parent: - description: >- - The key of the parent issue, when the issue - type is sub-task for Jira connectors. - type: string - priority: - description: >- - The priority of the issue for Jira and - ServiceNow SecOps connectors. - type: string - severity: - description: >- - The severity of the incident for ServiceNow - ITSM connectors. - type: string - severityCode: - description: >- - The severity code of the incident for IBM - Resilient connectors. - type: number - sourceIp: - description: >- - A comma-separated list of source IPs for - ServiceNow SecOps connectors. - type: string - subcategory: - description: >- - The subcategory of the incident for - ServiceNow ITSM connectors. - type: string - urgency: - description: >- - The extent to which the incident resolution - can be delayed for ServiceNow ITSM - connectors. - type: string - example: null - id: - description: >- - The identifier for the connector. To create a - case without a connector, use `none`. - type: string - example: none - name: - description: >- - The name of the connector. To create a case - without a connector, use `none`. - type: string - example: none - type: - $ref: '#/components/schemas/connector_types' - created_at: - type: string - format: date-time - example: '2022-05-13T09:16:17.416Z' - created_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - description: - type: string - example: A case description. - duration: - type: integer - description: > - The elapsed time from the creation of the case to - its closure (in seconds). If the case has not been - closed, the duration is set to null. If the case was - closed after less than half a second, the duration - is rounded down to zero. - example: 120 - external_service: - $ref: '#/components/schemas/external_service' - id: - type: string - example: 66b9aa00-94fa-11ea-9f74-e7e108796192 - owner: - $ref: '#/components/schemas/owners' - settings: - $ref: '#/components/schemas/settings' - severity: - $ref: '#/components/schemas/severity_property' - status: - $ref: '#/components/schemas/status' - tags: - type: array - items: - type: string - example: - - tag-1 - title: - type: string - example: Case title 1 - totalAlerts: - type: integer - example: 0 - totalComment: - type: integer - example: 0 - updated_at: - type: string - format: date-time - nullable: true - example: null - updated_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - nullable: true - example: null - version: - type: string - example: WzUzMiwxXQ== + $ref: '#/components/schemas/case_response_properties' count_closed_cases: type: integer count_in_progress_cases: @@ -1189,10 +256,8 @@ paths: get: summary: Returns the cases associated with a specific alert. operationId: getCasesByAlert - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're seeking. + description: | + You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. x-technical-preview: true tags: - cases @@ -1204,7 +269,7 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: array items: @@ -1225,14 +290,10 @@ paths: - url: https://localhost:5601 /s/{spaceId}/api/cases/configure: get: - summary: >- - Retrieves external connection details, such as the closure type and - default connector for cases. + summary: Retrieves external connection details, such as the closure type and default connector for cases. operationId: getCaseConfiguration - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case configuration. + description: | + You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case configuration. tags: - cases parameters: @@ -1242,7 +303,7 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: array items: @@ -1254,98 +315,15 @@ paths: type: object properties: fields: - description: >- - An object containing the connector fields. To create - a case without a connector, specify null. If you - want to omit any individual field, specify null as - its value. + description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. nullable: true type: object - properties: - caseId: - description: The case identifier for Swimlane connectors. - type: string - category: - description: >- - The category of the incident for ServiceNow ITSM - and ServiceNow SecOps connectors. - type: string - destIp: - description: >- - A comma-separated list of destination IPs for - ServiceNow SecOps connectors. - type: string - impact: - description: >- - The effect an incident had on business for - ServiceNow ITSM connectors. - type: string - issueType: - description: The type of issue for Jira connectors. - type: string - issueTypes: - description: >- - The type of incident for IBM Resilient - connectors. - type: array - items: - type: number - malwareHash: - description: >- - A comma-separated list of malware hashes for - ServiceNow SecOps connectors. - type: string - malwareUrl: - description: >- - A comma-separated list of malware URLs for - ServiceNow SecOps connectors. - type: string - parent: - description: >- - The key of the parent issue, when the issue type - is sub-task for Jira connectors. - type: string - priority: - description: >- - The priority of the issue for Jira and - ServiceNow SecOps connectors. - type: string - severity: - description: >- - The severity of the incident for ServiceNow ITSM - connectors. - type: string - severityCode: - description: >- - The severity code of the incident for IBM - Resilient connectors. - type: number - sourceIp: - description: >- - A comma-separated list of source IPs for - ServiceNow SecOps connectors. - type: string - subcategory: - description: >- - The subcategory of the incident for ServiceNow - ITSM connectors. - type: string - urgency: - description: >- - The extent to which the incident resolution can - be delayed for ServiceNow ITSM connectors. - type: string - example: null id: - description: >- - The identifier for the connector. To create a case - without a connector, use `none`. + description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. type: string example: none name: - description: >- - The name of the connector. To create a case without - a connector, use `none`. + description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. type: string example: none type: @@ -1360,14 +338,21 @@ paths: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 error: type: string + nullable: true example: null id: type: string @@ -1399,12 +384,18 @@ paths: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 nullable: true version: type: string @@ -1412,19 +403,10 @@ paths: servers: - url: https://localhost:5601 post: - summary: >- - Sets external connection details, such as the closure type and default - connector for cases. + summary: Sets external connection details, such as the closure type and default connector for cases. operationId: setCaseConfiguration - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case configuration. - Connectors are used to interface with external systems. You must create - a connector before you can use it in your cases. Refer to the add - connectors API. If you set a default connector, it is automatically - selected when you create cases in Kibana. If you use the create case - API, however, you must still specify all of the connector details. + description: | + You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case configuration. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. Refer to the add connectors API. If you set a default connector, it is automatically selected when you create cases in Kibana. If you use the create case API, however, you must still specify all of the connector details. tags: - cases parameters: @@ -1443,95 +425,15 @@ paths: type: object properties: fields: - description: >- - An object containing the connector fields. To create a - case without a connector, specify null. If you want to - omit any individual field, specify null as its value. + description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. nullable: true type: object - properties: - caseId: - description: The case identifier for Swimlane connectors. - type: string - category: - description: >- - The category of the incident for ServiceNow ITSM and - ServiceNow SecOps connectors. - type: string - destIp: - description: >- - A comma-separated list of destination IPs for - ServiceNow SecOps connectors. - type: string - impact: - description: >- - The effect an incident had on business for - ServiceNow ITSM connectors. - type: string - issueType: - description: The type of issue for Jira connectors. - type: string - issueTypes: - description: The type of incident for IBM Resilient connectors. - type: array - items: - type: number - malwareHash: - description: >- - A comma-separated list of malware hashes for - ServiceNow SecOps connectors. - type: string - malwareUrl: - description: >- - A comma-separated list of malware URLs for - ServiceNow SecOps connectors. - type: string - parent: - description: >- - The key of the parent issue, when the issue type is - sub-task for Jira connectors. - type: string - priority: - description: >- - The priority of the issue for Jira and ServiceNow - SecOps connectors. - type: string - severity: - description: >- - The severity of the incident for ServiceNow ITSM - connectors. - type: string - severityCode: - description: >- - The severity code of the incident for IBM Resilient - connectors. - type: number - sourceIp: - description: >- - A comma-separated list of source IPs for ServiceNow - SecOps connectors. - type: string - subcategory: - description: >- - The subcategory of the incident for ServiceNow ITSM - connectors. - type: string - urgency: - description: >- - The extent to which the incident resolution can be - delayed for ServiceNow ITSM connectors. - type: string - example: null id: - description: >- - The identifier for the connector. To create a case - without a connector, use `none`. + description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. type: string example: none name: - description: >- - The name of the connector. To create a case without a - connector, use `none`. + description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. type: string example: none type: @@ -1557,194 +459,121 @@ paths: - closure_type - connector - owner + examples: + setCaseConfigRequest: + $ref: '#/components/examples/set_case_configuration_request' responses: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: - type: array - items: - type: object - properties: - closure_type: - $ref: '#/components/schemas/closure_types' - connector: - type: object - properties: - fields: - description: >- - An object containing the connector fields. To create - a case without a connector, specify null. If you - want to omit any individual field, specify null as - its value. - nullable: true - type: object - properties: - caseId: - description: The case identifier for Swimlane connectors. - type: string - category: - description: >- - The category of the incident for ServiceNow ITSM - and ServiceNow SecOps connectors. - type: string - destIp: - description: >- - A comma-separated list of destination IPs for - ServiceNow SecOps connectors. - type: string - impact: - description: >- - The effect an incident had on business for - ServiceNow ITSM connectors. - type: string - issueType: - description: The type of issue for Jira connectors. - type: string - issueTypes: - description: >- - The type of incident for IBM Resilient - connectors. - type: array - items: - type: number - malwareHash: - description: >- - A comma-separated list of malware hashes for - ServiceNow SecOps connectors. - type: string - malwareUrl: - description: >- - A comma-separated list of malware URLs for - ServiceNow SecOps connectors. - type: string - parent: - description: >- - The key of the parent issue, when the issue type - is sub-task for Jira connectors. - type: string - priority: - description: >- - The priority of the issue for Jira and - ServiceNow SecOps connectors. - type: string - severity: - description: >- - The severity of the incident for ServiceNow ITSM - connectors. - type: string - severityCode: - description: >- - The severity code of the incident for IBM - Resilient connectors. - type: number - sourceIp: - description: >- - A comma-separated list of source IPs for - ServiceNow SecOps connectors. - type: string - subcategory: - description: >- - The subcategory of the incident for ServiceNow - ITSM connectors. - type: string - urgency: - description: >- - The extent to which the incident resolution can - be delayed for ServiceNow ITSM connectors. - type: string - example: null - id: - description: >- - The identifier for the connector. To create a case - without a connector, use `none`. - type: string - example: none - name: - description: >- - The name of the connector. To create a case without - a connector, use `none`. - type: string - example: none - type: - $ref: '#/components/schemas/connector_types' - created_at: - type: string - format: date-time - example: '2022-06-01T17:07:17.767Z' - created_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - error: - type: string - example: null - id: - type: string - example: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 - mappings: - type: array - items: + type: object + properties: + closure_type: + $ref: '#/components/schemas/closure_types' + connector: + type: object + properties: + fields: + description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. + nullable: true type: object - properties: - action_type: - type: string - example: overwrite - source: - type: string - example: title - target: - type: string - example: summary - owner: - $ref: '#/components/schemas/owners' - updated_at: - type: string - format: date-time - nullable: true - example: '2022-06-01T19:58:48.169Z' - updated_by: + id: + description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. + type: string + example: none + name: + description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. + type: string + example: none + type: + $ref: '#/components/schemas/connector_types' + created_at: + type: string + format: date-time + example: '2022-06-01T17:07:17.767Z' + created_by: + type: object + properties: + email: + type: string + example: null + nullable: true + full_name: + type: string + example: null + nullable: true + username: + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + error: + type: string + nullable: true + example: null + id: + type: string + example: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 + mappings: + type: array + items: type: object properties: - email: + action_type: type: string - example: null - full_name: + example: overwrite + source: type: string - example: null - username: + example: title + target: type: string - example: elastic - nullable: true - version: - type: string - example: WzIwNzMsMV0= + example: summary + owner: + $ref: '#/components/schemas/owners' + updated_at: + type: string + format: date-time + nullable: true + example: '2022-06-01T19:58:48.169Z' + updated_by: + type: object + properties: + email: + type: string + example: null + nullable: true + full_name: + type: string + example: null + nullable: true + username: + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + nullable: true + version: + type: string + example: WzIwNzMsMV0= + examples: + setCaseConfigResponse: + $ref: '#/components/examples/set_case_configuration_response' servers: - url: https://localhost:5601 servers: - url: https://localhost:5601 /s/{spaceId}/api/cases/configure/{configurationId}: patch: - summary: >- - Updates external connection details, such as the closure type and - default connector for cases. + summary: Updates external connection details, such as the closure type and default connector for cases. operationId: updateCaseConfiguration - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case configuration. - Connectors are used to interface with external systems. You must create - a connector before you can use it in your cases. Refer to the add - connectors API. + description: | + You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case configuration. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. Refer to the add connectors API. tags: - cases parameters: @@ -1764,95 +593,15 @@ paths: type: object properties: fields: - description: >- - An object containing the connector fields. To create a - case without a connector, specify null. If you want to - omit any individual field, specify null as its value. + description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. nullable: true type: object - properties: - caseId: - description: The case identifier for Swimlane connectors. - type: string - category: - description: >- - The category of the incident for ServiceNow ITSM and - ServiceNow SecOps connectors. - type: string - destIp: - description: >- - A comma-separated list of destination IPs for - ServiceNow SecOps connectors. - type: string - impact: - description: >- - The effect an incident had on business for - ServiceNow ITSM connectors. - type: string - issueType: - description: The type of issue for Jira connectors. - type: string - issueTypes: - description: The type of incident for IBM Resilient connectors. - type: array - items: - type: number - malwareHash: - description: >- - A comma-separated list of malware hashes for - ServiceNow SecOps connectors. - type: string - malwareUrl: - description: >- - A comma-separated list of malware URLs for - ServiceNow SecOps connectors. - type: string - parent: - description: >- - The key of the parent issue, when the issue type is - sub-task for Jira connectors. - type: string - priority: - description: >- - The priority of the issue for Jira and ServiceNow - SecOps connectors. - type: string - severity: - description: >- - The severity of the incident for ServiceNow ITSM - connectors. - type: string - severityCode: - description: >- - The severity code of the incident for IBM Resilient - connectors. - type: number - sourceIp: - description: >- - A comma-separated list of source IPs for ServiceNow - SecOps connectors. - type: string - subcategory: - description: >- - The subcategory of the incident for ServiceNow ITSM - connectors. - type: string - urgency: - description: >- - The extent to which the incident resolution can be - delayed for ServiceNow ITSM connectors. - type: string - example: null id: - description: >- - The identifier for the connector. To create a case - without a connector, use `none`. + description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. type: string example: none name: - description: >- - The name of the connector. To create a case without a - connector, use `none`. + description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. type: string example: none type: @@ -1863,9 +612,8 @@ paths: - name - type version: - description: > - The version of the connector. To retrieve the version value, - use the get configuration API. + description: | + The version of the connector. To retrieve the version value, use the get configuration API. type: string example: WzIwMiwxXQ== required: @@ -1874,7 +622,7 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: array items: @@ -1886,98 +634,15 @@ paths: type: object properties: fields: - description: >- - An object containing the connector fields. To create - a case without a connector, specify null. If you - want to omit any individual field, specify null as - its value. + description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. nullable: true type: object - properties: - caseId: - description: The case identifier for Swimlane connectors. - type: string - category: - description: >- - The category of the incident for ServiceNow ITSM - and ServiceNow SecOps connectors. - type: string - destIp: - description: >- - A comma-separated list of destination IPs for - ServiceNow SecOps connectors. - type: string - impact: - description: >- - The effect an incident had on business for - ServiceNow ITSM connectors. - type: string - issueType: - description: The type of issue for Jira connectors. - type: string - issueTypes: - description: >- - The type of incident for IBM Resilient - connectors. - type: array - items: - type: number - malwareHash: - description: >- - A comma-separated list of malware hashes for - ServiceNow SecOps connectors. - type: string - malwareUrl: - description: >- - A comma-separated list of malware URLs for - ServiceNow SecOps connectors. - type: string - parent: - description: >- - The key of the parent issue, when the issue type - is sub-task for Jira connectors. - type: string - priority: - description: >- - The priority of the issue for Jira and - ServiceNow SecOps connectors. - type: string - severity: - description: >- - The severity of the incident for ServiceNow ITSM - connectors. - type: string - severityCode: - description: >- - The severity code of the incident for IBM - Resilient connectors. - type: number - sourceIp: - description: >- - A comma-separated list of source IPs for - ServiceNow SecOps connectors. - type: string - subcategory: - description: >- - The subcategory of the incident for ServiceNow - ITSM connectors. - type: string - urgency: - description: >- - The extent to which the incident resolution can - be delayed for ServiceNow ITSM connectors. - type: string - example: null id: - description: >- - The identifier for the connector. To create a case - without a connector, use `none`. + description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. type: string example: none name: - description: >- - The name of the connector. To create a case without - a connector, use `none`. + description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. type: string example: none type: @@ -1992,14 +657,21 @@ paths: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 error: type: string + nullable: true example: null id: type: string @@ -2031,12 +703,18 @@ paths: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 nullable: true version: type: string @@ -2049,11 +727,8 @@ paths: get: summary: Retrieves information about connectors. operationId: getCaseConnectors - description: > - In particular, only the connectors that are supported for use in cases - are returned. You must have `read` privileges for the **Actions and - Connectors** feature in the **Management** section of the Kibana feature - privileges. + description: | + In particular, only the connectors that are supported for use in cases are returned. You must have `read` privileges for the **Actions and Connectors** feature in the **Management** section of the Kibana feature privileges. tags: - cases parameters: @@ -2062,7 +737,7 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: array items: @@ -2101,14 +776,8 @@ paths: get: summary: Returns information about the users who opened cases. operationId: getCaseReporters - description: > - You must have read privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases. The API returns - information about the users as they existed at the time of the case - creation, including their name, full name, and email address. If any of - those details change thereafter or if a user is deleted, the information - returned by this API is unchanged. + description: | + You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases. The API returns information about the users as they existed at the time of the case creation, including their name, full name, and email address. If any of those details change thereafter or if a user is deleted, the information returned by this API is unchanged. tags: - cases parameters: @@ -2118,7 +787,7 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: array items: @@ -2127,12 +796,15 @@ paths: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic + nullable: true profile_uid: type: string example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 @@ -2147,10 +819,8 @@ paths: get: summary: Returns the number of cases that are open, closed, and in progress. operationId: getCaseStatus - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're seeking. + description: | + You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. deprecated: true tags: - cases @@ -2161,7 +831,7 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: object properties: @@ -2182,20 +852,15 @@ paths: get: summary: Aggregates and returns a list of case tags. operationId: getCaseTags - description: > - You must have read privileges for the **Cases*** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're seeking. + description: | + You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. tags: - cases parameters: - $ref: '#/components/parameters/space_id' - in: query name: owner - description: >- - A filter to limit the retrieved case statistics to a specific set of - applications. If this parameter is omitted, the response contains - tags from all cases that the user has access to read. + description: A filter to limit the retrieved case statistics to a specific set of applications. If this parameter is omitted, the response contains tags from all cases that the user has access to read. schema: oneOf: - $ref: '#/components/schemas/owners' @@ -2206,7 +871,7 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: array items: @@ -2222,10 +887,8 @@ paths: get: summary: Retrieves information about a case. operationId: getCase - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case you're seeking. + description: | + You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're seeking. tags: - cases parameters: @@ -2242,221 +905,9 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: - type: object - properties: - closed_at: - type: string - format: date-time - nullable: true - example: null - closed_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - nullable: true - example: null - comments: - type: array - items: - oneOf: - - $ref: >- - #/components/schemas/alert_comment_response_properties - - $ref: >- - #/components/schemas/user_comment_response_properties - example: [] - connector: - type: object - properties: - fields: - description: >- - An object containing the connector fields. To create a - case without a connector, specify null. If you want to - omit any individual field, specify null as its value. - nullable: true - type: object - properties: - caseId: - description: The case identifier for Swimlane connectors. - type: string - category: - description: >- - The category of the incident for ServiceNow ITSM - and ServiceNow SecOps connectors. - type: string - destIp: - description: >- - A comma-separated list of destination IPs for - ServiceNow SecOps connectors. - type: string - impact: - description: >- - The effect an incident had on business for - ServiceNow ITSM connectors. - type: string - issueType: - description: The type of issue for Jira connectors. - type: string - issueTypes: - description: The type of incident for IBM Resilient connectors. - type: array - items: - type: number - malwareHash: - description: >- - A comma-separated list of malware hashes for - ServiceNow SecOps connectors. - type: string - malwareUrl: - description: >- - A comma-separated list of malware URLs for - ServiceNow SecOps connectors. - type: string - parent: - description: >- - The key of the parent issue, when the issue type - is sub-task for Jira connectors. - type: string - priority: - description: >- - The priority of the issue for Jira and ServiceNow - SecOps connectors. - type: string - severity: - description: >- - The severity of the incident for ServiceNow ITSM - connectors. - type: string - severityCode: - description: >- - The severity code of the incident for IBM - Resilient connectors. - type: number - sourceIp: - description: >- - A comma-separated list of source IPs for - ServiceNow SecOps connectors. - type: string - subcategory: - description: >- - The subcategory of the incident for ServiceNow - ITSM connectors. - type: string - urgency: - description: >- - The extent to which the incident resolution can be - delayed for ServiceNow ITSM connectors. - type: string - example: null - id: - description: >- - The identifier for the connector. To create a case - without a connector, use `none`. - type: string - example: none - name: - description: >- - The name of the connector. To create a case without a - connector, use `none`. - type: string - example: none - type: - $ref: '#/components/schemas/connector_types' - created_at: - type: string - format: date-time - example: '2022-05-13T09:16:17.416Z' - created_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - description: - type: string - example: A case description. - duration: - type: integer - description: > - The elapsed time from the creation of the case to its - closure (in seconds). If the case has not been closed, the - duration is set to null. If the case was closed after less - than half a second, the duration is rounded down to zero. - example: 120 - external_service: - $ref: '#/components/schemas/external_service' - id: - type: string - example: 66b9aa00-94fa-11ea-9f74-e7e108796192 - owner: - $ref: '#/components/schemas/owners' - settings: - $ref: '#/components/schemas/settings' - severity: - $ref: '#/components/schemas/severity_property' - status: - $ref: '#/components/schemas/status' - tags: - type: array - items: - type: string - example: - - tag-1 - title: - type: string - example: Case title 1 - totalAlerts: - type: integer - example: 0 - totalComment: - type: integer - example: 0 - updated_at: - type: string - format: date-time - nullable: true - example: null - updated_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - nullable: true - example: null - version: - type: string - example: WzUzMiwxXQ== + $ref: '#/components/schemas/case_response_properties' examples: getCaseResponse: $ref: '#/components/examples/get_case_response' @@ -2467,10 +918,8 @@ paths: /s/{spaceId}/api/cases/{caseId}/alerts: get: summary: Gets all alerts attached to a case. - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're seeking. + description: | + You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. x-technical-preview: true operationId: getCaseAlerts tags: @@ -2482,13 +931,13 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: array items: $ref: '#/components/schemas/alert_response_properties' examples: - createCaseCommentResponse: + getCaseAlertsResponse: $ref: '#/components/examples/get_case_alerts_response' servers: - url: https://localhost:5601 @@ -2496,513 +945,80 @@ paths: - url: https://localhost:5601 /s/{spaceId}/api/cases/{caseId}/comments: post: - summary: Adds a comment or alert to a case. - operationId: addCaseComment - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case you're creating. - tags: - - cases - parameters: - - $ref: '#/components/parameters/kbn_xsrf' - - $ref: '#/components/parameters/case_id' - - $ref: '#/components/parameters/space_id' - requestBody: - content: - application/json: - schema: - oneOf: - - $ref: '#/components/schemas/add_alert_comment_request_properties' - - $ref: '#/components/schemas/add_user_comment_request_properties' - examples: - createCaseCommentRequest: - $ref: '#/components/examples/add_comment_request' - responses: - '200': - description: Indicates a successful call. - content: - application/json; charset=utf-8: - schema: - type: object - properties: - closed_at: - type: string - format: date-time - nullable: true - example: null - closed_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - nullable: true - example: null - comments: - type: array - items: - oneOf: - - $ref: >- - #/components/schemas/alert_comment_response_properties - - $ref: >- - #/components/schemas/user_comment_response_properties - example: [] - connector: - type: object - properties: - fields: - description: >- - An object containing the connector fields. To create a - case without a connector, specify null. If you want to - omit any individual field, specify null as its value. - nullable: true - type: object - properties: - caseId: - description: The case identifier for Swimlane connectors. - type: string - category: - description: >- - The category of the incident for ServiceNow ITSM - and ServiceNow SecOps connectors. - type: string - destIp: - description: >- - A comma-separated list of destination IPs for - ServiceNow SecOps connectors. - type: string - impact: - description: >- - The effect an incident had on business for - ServiceNow ITSM connectors. - type: string - issueType: - description: The type of issue for Jira connectors. - type: string - issueTypes: - description: The type of incident for IBM Resilient connectors. - type: array - items: - type: number - malwareHash: - description: >- - A comma-separated list of malware hashes for - ServiceNow SecOps connectors. - type: string - malwareUrl: - description: >- - A comma-separated list of malware URLs for - ServiceNow SecOps connectors. - type: string - parent: - description: >- - The key of the parent issue, when the issue type - is sub-task for Jira connectors. - type: string - priority: - description: >- - The priority of the issue for Jira and ServiceNow - SecOps connectors. - type: string - severity: - description: >- - The severity of the incident for ServiceNow ITSM - connectors. - type: string - severityCode: - description: >- - The severity code of the incident for IBM - Resilient connectors. - type: number - sourceIp: - description: >- - A comma-separated list of source IPs for - ServiceNow SecOps connectors. - type: string - subcategory: - description: >- - The subcategory of the incident for ServiceNow - ITSM connectors. - type: string - urgency: - description: >- - The extent to which the incident resolution can be - delayed for ServiceNow ITSM connectors. - type: string - example: null - id: - description: >- - The identifier for the connector. To create a case - without a connector, use `none`. - type: string - example: none - name: - description: >- - The name of the connector. To create a case without a - connector, use `none`. - type: string - example: none - type: - $ref: '#/components/schemas/connector_types' - created_at: - type: string - format: date-time - example: '2022-05-13T09:16:17.416Z' - created_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - description: - type: string - example: A case description. - duration: - type: integer - description: > - The elapsed time from the creation of the case to its - closure (in seconds). If the case has not been closed, the - duration is set to null. If the case was closed after less - than half a second, the duration is rounded down to zero. - example: 120 - external_service: - $ref: '#/components/schemas/external_service' - id: - type: string - example: 66b9aa00-94fa-11ea-9f74-e7e108796192 - owner: - $ref: '#/components/schemas/owners' - settings: - $ref: '#/components/schemas/settings' - severity: - $ref: '#/components/schemas/severity_property' - status: - $ref: '#/components/schemas/status' - tags: - type: array - items: - type: string - example: - - tag-1 - title: - type: string - example: Case title 1 - totalAlerts: - type: integer - example: 0 - totalComment: - type: integer - example: 0 - updated_at: - type: string - format: date-time - nullable: true - example: null - updated_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - nullable: true - example: null - version: - type: string - example: WzUzMiwxXQ== - examples: - createCaseCommentResponse: - $ref: '#/components/examples/add_comment_response' - servers: - - url: https://localhost:5601 - delete: - summary: Deletes all comments and alerts from a case. - operationId: deleteCaseComments - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're deleting. - tags: - - cases - parameters: - - $ref: '#/components/parameters/kbn_xsrf' - - $ref: '#/components/parameters/case_id' - - $ref: '#/components/parameters/space_id' - responses: - '204': - description: Indicates a successful call. - servers: - - url: https://localhost:5601 - patch: - summary: Updates a comment or alert in a case. - operationId: updateCaseComment - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case you're updating. - NOTE: You cannot change the comment type or the owner of a comment. - tags: - - cases - parameters: - - $ref: '#/components/parameters/kbn_xsrf' - - $ref: '#/components/parameters/case_id' - - $ref: '#/components/parameters/space_id' - requestBody: - content: - application/json: - schema: - oneOf: - - $ref: '#/components/schemas/update_alert_comment_request_properties' - - $ref: '#/components/schemas/update_user_comment_request_properties' - examples: - updateCaseCommentRequest: - $ref: '#/components/examples/update_comment_request' - responses: - '200': - description: Indicates a successful call. - content: - application/json; charset=utf-8: - schema: - type: object - properties: - closed_at: - type: string - format: date-time - nullable: true - example: null - closed_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - nullable: true - example: null - comments: - type: array - items: - oneOf: - - $ref: >- - #/components/schemas/alert_comment_response_properties - - $ref: >- - #/components/schemas/user_comment_response_properties - example: [] - connector: - type: object - properties: - fields: - description: >- - An object containing the connector fields. To create a - case without a connector, specify null. If you want to - omit any individual field, specify null as its value. - nullable: true - type: object - properties: - caseId: - description: The case identifier for Swimlane connectors. - type: string - category: - description: >- - The category of the incident for ServiceNow ITSM - and ServiceNow SecOps connectors. - type: string - destIp: - description: >- - A comma-separated list of destination IPs for - ServiceNow SecOps connectors. - type: string - impact: - description: >- - The effect an incident had on business for - ServiceNow ITSM connectors. - type: string - issueType: - description: The type of issue for Jira connectors. - type: string - issueTypes: - description: The type of incident for IBM Resilient connectors. - type: array - items: - type: number - malwareHash: - description: >- - A comma-separated list of malware hashes for - ServiceNow SecOps connectors. - type: string - malwareUrl: - description: >- - A comma-separated list of malware URLs for - ServiceNow SecOps connectors. - type: string - parent: - description: >- - The key of the parent issue, when the issue type - is sub-task for Jira connectors. - type: string - priority: - description: >- - The priority of the issue for Jira and ServiceNow - SecOps connectors. - type: string - severity: - description: >- - The severity of the incident for ServiceNow ITSM - connectors. - type: string - severityCode: - description: >- - The severity code of the incident for IBM - Resilient connectors. - type: number - sourceIp: - description: >- - A comma-separated list of source IPs for - ServiceNow SecOps connectors. - type: string - subcategory: - description: >- - The subcategory of the incident for ServiceNow - ITSM connectors. - type: string - urgency: - description: >- - The extent to which the incident resolution can be - delayed for ServiceNow ITSM connectors. - type: string - example: null - id: - description: >- - The identifier for the connector. To create a case - without a connector, use `none`. - type: string - example: none - name: - description: >- - The name of the connector. To create a case without a - connector, use `none`. - type: string - example: none - type: - $ref: '#/components/schemas/connector_types' - created_at: - type: string - format: date-time - example: '2022-05-13T09:16:17.416Z' - created_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - description: - type: string - example: A case description. - duration: - type: integer - description: > - The elapsed time from the creation of the case to its - closure (in seconds). If the case has not been closed, the - duration is set to null. If the case was closed after less - than half a second, the duration is rounded down to zero. - example: 120 - external_service: - $ref: '#/components/schemas/external_service' - id: - type: string - example: 66b9aa00-94fa-11ea-9f74-e7e108796192 - owner: - $ref: '#/components/schemas/owners' - settings: - $ref: '#/components/schemas/settings' - severity: - $ref: '#/components/schemas/severity_property' - status: - $ref: '#/components/schemas/status' - tags: - type: array - items: - type: string - example: - - tag-1 - title: - type: string - example: Case title 1 - totalAlerts: - type: integer - example: 0 - totalComment: - type: integer - example: 0 - updated_at: - type: string - format: date-time - nullable: true - example: null - updated_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - nullable: true - example: null - version: - type: string - example: WzUzMiwxXQ== + summary: Adds a comment or alert to a case. + operationId: addCaseComment + description: | + You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're creating. + tags: + - cases + parameters: + - $ref: '#/components/parameters/kbn_xsrf' + - $ref: '#/components/parameters/case_id' + - $ref: '#/components/parameters/space_id' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/add_case_comment_request' + examples: + createCaseCommentRequest: + $ref: '#/components/examples/add_comment_request' + responses: + '200': + description: Indicates a successful call. + content: + application/json: + schema: + $ref: '#/components/schemas/case_response_properties' + examples: + createCaseCommentResponse: + $ref: '#/components/examples/add_comment_response' + servers: + - url: https://localhost:5601 + delete: + summary: Deletes all comments and alerts from a case. + operationId: deleteCaseComments + description: | + You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting. + tags: + - cases + parameters: + - $ref: '#/components/parameters/kbn_xsrf' + - $ref: '#/components/parameters/case_id' + - $ref: '#/components/parameters/space_id' + responses: + '204': + description: Indicates a successful call. + servers: + - url: https://localhost:5601 + patch: + summary: Updates a comment or alert in a case. + operationId: updateCaseComment + description: | + You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating. NOTE: You cannot change the comment type or the owner of a comment. + tags: + - cases + parameters: + - $ref: '#/components/parameters/kbn_xsrf' + - $ref: '#/components/parameters/case_id' + - $ref: '#/components/parameters/space_id' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/update_case_comment_request' + examples: + updateCaseCommentRequest: + $ref: '#/components/examples/update_comment_request' + responses: + '200': + description: Indicates a successful call. + content: + application/json: + schema: + $ref: '#/components/schemas/case_response_properties' examples: updateCaseCommentResponse: $ref: '#/components/examples/update_comment_response' @@ -3011,11 +1027,8 @@ paths: get: summary: Retrieves all the comments from a case. operationId: getAllCaseComments - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases with the - comments you're seeking. + description: | + You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking. deprecated: true tags: - cases @@ -3026,14 +1039,9 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: - type: array - items: - anyOf: - - $ref: '#/components/schemas/alert_comment_response_properties' - - $ref: '#/components/schemas/user_comment_response_properties' - examples: {} + $ref: '#/components/schemas/case_response_properties' servers: - url: https://localhost:5601 servers: @@ -3042,10 +1050,8 @@ paths: delete: summary: Deletes a comment or alert from a case. operationId: deleteCaseComment - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're deleting. + description: | + You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting. tags: - cases parameters: @@ -3061,11 +1067,8 @@ paths: get: summary: Retrieves a comment from a case. operationId: getCaseComment - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security*** section of the - Kibana feature privileges, depending on the owner of the cases with the - comments you're seeking. + description: | + You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking. tags: - cases parameters: @@ -3076,7 +1079,7 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: oneOf: - $ref: '#/components/schemas/alert_comment_response_properties' @@ -3091,12 +1094,8 @@ paths: /s/{spaceId}/api/cases/{caseId}/connector/{connectorId}/_push: post: summary: Pushes a case to an external service. - description: > - You must have `all` privileges for the **Actions and Connectors** - feature in the **Management** section of the Kibana feature privileges. - You must also have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case you're pushing. + description: | + You must have `all` privileges for the **Actions and Connectors** feature in the **Management** section of the Kibana feature privileges. You must also have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're pushing. operationId: pushCase tags: - cases @@ -3107,226 +1106,17 @@ paths: - $ref: '#/components/parameters/space_id' requestBody: content: - application/json: {} + application/json: + schema: + type: object + nullable: true responses: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: - type: object - properties: - closed_at: - type: string - format: date-time - nullable: true - example: null - closed_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - nullable: true - example: null - comments: - type: array - items: - oneOf: - - $ref: >- - #/components/schemas/alert_comment_response_properties - - $ref: >- - #/components/schemas/user_comment_response_properties - example: [] - connector: - type: object - properties: - fields: - description: >- - An object containing the connector fields. To create a - case without a connector, specify null. If you want to - omit any individual field, specify null as its value. - nullable: true - type: object - properties: - caseId: - description: The case identifier for Swimlane connectors. - type: string - category: - description: >- - The category of the incident for ServiceNow ITSM - and ServiceNow SecOps connectors. - type: string - destIp: - description: >- - A comma-separated list of destination IPs for - ServiceNow SecOps connectors. - type: string - impact: - description: >- - The effect an incident had on business for - ServiceNow ITSM connectors. - type: string - issueType: - description: The type of issue for Jira connectors. - type: string - issueTypes: - description: The type of incident for IBM Resilient connectors. - type: array - items: - type: number - malwareHash: - description: >- - A comma-separated list of malware hashes for - ServiceNow SecOps connectors. - type: string - malwareUrl: - description: >- - A comma-separated list of malware URLs for - ServiceNow SecOps connectors. - type: string - parent: - description: >- - The key of the parent issue, when the issue type - is sub-task for Jira connectors. - type: string - priority: - description: >- - The priority of the issue for Jira and ServiceNow - SecOps connectors. - type: string - severity: - description: >- - The severity of the incident for ServiceNow ITSM - connectors. - type: string - severityCode: - description: >- - The severity code of the incident for IBM - Resilient connectors. - type: number - sourceIp: - description: >- - A comma-separated list of source IPs for - ServiceNow SecOps connectors. - type: string - subcategory: - description: >- - The subcategory of the incident for ServiceNow - ITSM connectors. - type: string - urgency: - description: >- - The extent to which the incident resolution can be - delayed for ServiceNow ITSM connectors. - type: string - example: null - id: - description: >- - The identifier for the connector. To create a case - without a connector, use `none`. - type: string - example: none - name: - description: >- - The name of the connector. To create a case without a - connector, use `none`. - type: string - example: none - type: - $ref: '#/components/schemas/connector_types' - created_at: - type: string - format: date-time - example: '2022-05-13T09:16:17.416Z' - created_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - description: - type: string - example: A case description. - duration: - type: integer - description: > - The elapsed time from the creation of the case to its - closure (in seconds). If the case has not been closed, the - duration is set to null. If the case was closed after less - than half a second, the duration is rounded down to zero. - example: 120 - external_service: - $ref: '#/components/schemas/external_service' - id: - type: string - example: 66b9aa00-94fa-11ea-9f74-e7e108796192 - owner: - $ref: '#/components/schemas/owners' - settings: - $ref: '#/components/schemas/settings' - severity: - $ref: '#/components/schemas/severity_property' - status: - $ref: '#/components/schemas/status' - tags: - type: array - items: - type: string - example: - - tag-1 - title: - type: string - example: Case title 1 - totalAlerts: - type: integer - example: 0 - totalComment: - type: integer - example: 0 - updated_at: - type: string - format: date-time - nullable: true - example: null - updated_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - nullable: true - example: null - version: - type: string - example: WzUzMiwxXQ== + $ref: '#/components/schemas/case_response_properties' examples: pushCaseResponse: $ref: '#/components/examples/push_case_response' @@ -3337,10 +1127,8 @@ paths: /s/{spaceId}/api/cases/{caseId}/user_actions: get: summary: Returns all user activity for a case. - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case you're seeking. + description: | + You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're seeking. deprecated: true operationId: getCaseActivity tags: @@ -3352,7 +1140,7 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: array items: @@ -3383,9 +1171,7 @@ components: space_id: in: path name: spaceId - description: >- - An identifier for the space. If `/s/` and the identifier are omitted - from the path, the default space is used. + description: An identifier for the space. If `/s/` and the identifier are omitted from the path, the default space is used. required: true schema: type: string @@ -3393,10 +1179,8 @@ components: owner: in: query name: owner - description: > - A filter to limit the response to a specific set of applications. If - this parameter is omitted, the response contains information about all - the cases that the user has access to read. + description: | + A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read. schema: oneOf: - $ref: '#/components/schemas/owners' @@ -3434,9 +1218,7 @@ components: case_id: in: path name: caseId - description: >- - The identifier for the case. To retrieve case IDs, use the find cases - API. All non-ASCII characters must be URL encoded. + description: The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. required: true schema: type: string @@ -3444,9 +1226,8 @@ components: comment_id: in: path name: commentId - description: > - The identifier for the comment. To retrieve comment IDs, use the get - case or find cases APIs. + description: | + The identifier for the comment. To retrieve comment IDs, use the get case or find cases APIs. required: true schema: type: string @@ -3454,31 +1235,310 @@ components: connector_id: in: path name: connectorId - description: >- - An identifier for the connector. To retrieve connector IDs, use the find - connectors API. + description: An identifier for the connector. To retrieve connector IDs, use the find connectors API. required: true schema: type: string example: abed3a70-71bd-11ea-a0b2-c51ea50a58e2 schemas: - connector_types: - type: string - description: The type of connector. - enum: - - .cases-webhook - - .jira - - .none - - .resilient - - .servicenow - - .servicenow-sir - - .swimlane - example: .none + assignees: + type: array + description: An array containing users that are assigned to the case. + nullable: true + items: + type: object + required: + - uid + properties: + uid: + type: string + description: A unique identifier for the user profile. These identifiers can be found by using the suggest user profile API. + example: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 + connector_properties_none: + title: Create or update case request properties for no connector + required: + - fields + - id + - name + - type + description: Defines properties for connectors when type is `.none`. + type: object + properties: + fields: + description: An object containing the connector fields. To create a case without a connector, specify null. To update a case to remove the connector, specify null. + nullable: true + type: string + example: null + id: + description: The identifier for the connector. To create a case without a connector, use `none`. To update a case to remove the connector, specify `none`. + type: string + example: none + name: + description: The name of the connector. To create a case without a connector, use `none`. To update a case to remove the connector, specify `none`. + type: string + example: none + type: + description: The type of connector. To create a case without a connector, use `.none`. To update a case to remove the connector, specify `.none`. + type: string + example: .none + enum: + - .none + connector_properties_cases_webhook: + title: Create or upate case request properties for Cases Webhook connector + required: + - fields + - id + - name + - type + description: Defines properties for connectors when type is `.cases-webhook`. + type: object + properties: + fields: + type: string + nullable: true + example: null + id: + description: The identifier for the connector. To retrieve connector IDs, use the find connectors API. + type: string + name: + description: The name of the connector. + type: string + type: + description: The type of connector. + type: string + example: .cases-webhook + enum: + - .cases-webhook + connector_properties_jira: + title: Create or update case request properties for a Jira connector + required: + - fields + - id + - name + - type + description: Defines properties for connectors when type is `.jira`. + type: object + properties: + fields: + description: An object containing the connector fields. If you want to omit any individual field, specify null as its value. + type: object + required: + - issueType + - parent + - priority + properties: + issueType: + description: The type of issue. + type: string + nullable: true + parent: + description: The key of the parent issue, when the issue type is sub-task. + type: string + nullable: true + priority: + description: The priority of the issue. + type: string + nullable: true + id: + description: The identifier for the connector. To retrieve connector IDs, use the find connectors API. + type: string + name: + description: The name of the connector. + type: string + type: + description: The type of connector. + type: string + example: .jira + enum: + - .jira + connector_properties_resilient: + title: Create case request properties for a IBM Resilient connector + required: + - fields + - id + - name + - type + description: Defines properties for connectors when type is `.resilient`. + type: object + properties: + fields: + description: An object containing the connector fields. If you want to omit any individual field, specify null as its value. + type: object + nullable: true + required: + - issueTypes + - severityCode + properties: + issueTypes: + description: The type of incident. + type: array + items: + type: string + severityCode: + description: The severity code of the incident. + type: string + id: + description: The identifier for the connector. + type: string + name: + description: The name of the connector. + type: string + type: + description: The type of connector. + type: string + example: .resilient + enum: + - .resilient + connector_properties_servicenow: + title: Create case request properties for a ServiceNow ITSM connector + required: + - fields + - id + - name + - type + description: Defines properties for connectors when type is `.servicenow`. + type: object + properties: + fields: + description: An object containing the connector fields. If you want to omit any individual field, specify null as its value. + type: object + required: + - category + - impact + - severity + - subcategory + - urgency + properties: + category: + description: The category of the incident. + type: string + nullable: true + impact: + description: The effect an incident had on business. + type: string + nullable: true + severity: + description: The severity of the incident. + type: string + nullable: true + subcategory: + description: The subcategory of the incident. + type: string + nullable: true + urgency: + description: The extent to which the incident resolution can be delayed. + type: string + nullable: true + id: + description: The identifier for the connector. To retrieve connector IDs, use the find connectors API. + type: string + name: + description: The name of the connector. + type: string + type: + description: The type of connector. + type: string + example: .servicenow + enum: + - .servicenow + connector_properties_servicenow_sir: + title: Create case request properties for a ServiceNow SecOps connector + required: + - fields + - id + - name + - type + description: Defines properties for connectors when type is `.servicenow-sir`. + type: object + properties: + fields: + description: An object containing the connector fields. If you want to omit any individual field, specify null as its value. + type: object + required: + - category + - destIp + - malwareHash + - malwareUrl + - priority + - sourceIp + - subcategory + properties: + category: + description: The category of the incident. + type: string + nullable: true + destIp: + description: Indicates whether cases will send a comma-separated list of destination IPs. + type: boolean + nullable: true + malwareHash: + description: Indicates whether cases will send a comma-separated list of malware hashes. + type: boolean + nullable: true + malwareUrl: + description: Indicates whether cases will send a comma-separated list of malware URLs. + type: boolean + nullable: true + priority: + description: The priority of the issue. + type: string + nullable: true + sourceIp: + description: Indicates whether cases will send a comma-separated list of source IPs. + type: boolean + nullable: true + subcategory: + description: The subcategory of the incident. + type: string + nullable: true + id: + description: The identifier for the connector. To retrieve connector IDs, use the find connectors API. + type: string + name: + description: The name of the connector. + type: string + type: + description: The type of connector. + type: string + example: .servicenow-sir + enum: + - .servicenow-sir + connector_properties_swimlane: + title: Create case request properties for a Swimlane connector + required: + - fields + - id + - name + - type + description: Defines properties for connectors when type is `.swimlane`. + type: object + properties: + fields: + description: An object containing the connector fields. If you want to omit any individual field, specify null as its value. + type: object + required: + - caseId + properties: + caseId: + description: The case identifier for Swimlane connectors. + type: string + nullable: true + id: + description: The identifier for the connector. To retrieve connector IDs, use the find connectors API. + type: string + name: + description: The name of the connector. + type: string + type: + description: The type of connector. + type: string + example: .swimlane + enum: + - .swimlane owners: type: string - description: > - The application that owns the cases: Stack Management, Observability, or - Elastic Security. + description: | + The application that owns the cases: Stack Management, Observability, or Elastic Security. enum: - cases - observability @@ -3487,6 +1547,8 @@ components: settings: type: object description: An object that contains the case settings. + required: + - syncAlerts properties: syncAlerts: description: Turns alert syncing on or off. @@ -3501,8 +1563,75 @@ components: - low - medium default: low + create_case_request: + title: Create case request + description: The create case API request body varies depending on the type of connector. + type: object + required: + - connector + - description + - owner + - settings + - tags + - title + properties: + assignees: + $ref: '#/components/schemas/assignees' + connector: + oneOf: + - $ref: '#/components/schemas/connector_properties_none' + - $ref: '#/components/schemas/connector_properties_cases_webhook' + - $ref: '#/components/schemas/connector_properties_jira' + - $ref: '#/components/schemas/connector_properties_resilient' + - $ref: '#/components/schemas/connector_properties_servicenow' + - $ref: '#/components/schemas/connector_properties_servicenow_sir' + - $ref: '#/components/schemas/connector_properties_swimlane' + description: + description: The description for the case. + type: string + owner: + $ref: '#/components/schemas/owners' + settings: + $ref: '#/components/schemas/settings' + severity: + $ref: '#/components/schemas/severity_property' + tags: + description: The words and phrases that help categorize cases. It can be an empty array. + type: array + items: + type: string + title: + description: A title for the case. + type: string + case_response_closed_by_properties: + title: Case response properties for closed_by + type: object + nullable: true + properties: + email: + type: string + example: null + nullable: true + full_name: + type: string + example: null + nullable: true + username: + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + required: + - email + - full_name + - username alert_comment_response_properties: + title: Add case comment response properties for alerts type: object + required: + - type properties: alertId: type: string @@ -3517,12 +1646,15 @@ components: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic + nullable: true profile_uid: type: string example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 @@ -3545,12 +1677,15 @@ components: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic + nullable: true profile_uid: type: string example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 @@ -3569,6 +1704,8 @@ components: type: type: string example: alert + enum: + - alert updated_at: type: string format: date-time @@ -3579,20 +1716,97 @@ components: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic + nullable: true profile_uid: type: string example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 version: type: string example: WzMwNDgsMV0= + case_response_created_by_properties: + title: Case response properties for created_by + type: object + properties: + email: + type: string + example: null + nullable: true + full_name: + type: string + example: null + nullable: true + username: + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + required: + - email + - full_name + - username + case_response_pushed_by_properties: + title: Case response properties for pushed_by + type: object + nullable: true + properties: + email: + type: string + example: null + nullable: true + full_name: + type: string + example: null + nullable: true + username: + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + required: + - email + - full_name + - username + case_response_updated_by_properties: + title: Case response properties for updated_by + type: object + nullable: true + properties: + email: + type: string + example: null + nullable: true + full_name: + type: string + example: null + nullable: true + username: + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + required: + - email + - full_name + - username user_comment_response_properties: + title: Case response properties for user comments type: object + required: + - type properties: comment: type: string @@ -3602,20 +1816,7 @@ components: format: date-time example: '2022-05-13T09:16:17.416Z' created_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + $ref: '#/components/schemas/case_response_created_by_properties' id: type: string example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 @@ -3626,100 +1827,243 @@ components: format: date-time nullable: true example: null + pushed_by: + $ref: '#/components/schemas/case_response_pushed_by_properties' + type: + type: string + example: user + enum: + - user + updated_at: + type: string + format: date-time + nullable: true + example: null + updated_by: + $ref: '#/components/schemas/case_response_updated_by_properties' + version: + type: string + example: WzIwNDMxLDFd + external_service: + type: object + nullable: true + properties: + connector_id: + type: string + connector_name: + type: string + external_id: + type: string + external_title: + type: string + external_url: + type: string + pushed_at: + type: string + format: date-time pushed_by: type: object properties: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic + nullable: true profile_uid: type: string example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 nullable: true - example: null - type: + status: + type: string + description: The status of the case. + enum: + - closed + - in-progress + - open + case_response_properties: + title: Case response properties + type: object + required: + - closed_at + - closed_by + - comments + - connector + - created_at + - created_by + - description + - duration + - external_service + - id + - owner + - settings + - severity + - status + - tags + - title + - totalAlerts + - totalComment + - updated_at + - updated_by + - version + properties: + assignees: + $ref: '#/components/schemas/assignees' + closed_at: type: string - example: user + format: date-time + nullable: true + closed_by: + $ref: '#/components/schemas/case_response_closed_by_properties' + comments: + title: Case response properties for comments + description: An array of comment objects for the case. + type: array + items: + discriminator: + propertyName: type + oneOf: + - $ref: '#/components/schemas/alert_comment_response_properties' + - $ref: '#/components/schemas/user_comment_response_properties' + connector: + title: Case response properties for connectors + discriminator: + propertyName: type + oneOf: + - $ref: '#/components/schemas/connector_properties_none' + - $ref: '#/components/schemas/connector_properties_cases_webhook' + - $ref: '#/components/schemas/connector_properties_jira' + - $ref: '#/components/schemas/connector_properties_resilient' + - $ref: '#/components/schemas/connector_properties_servicenow' + - $ref: '#/components/schemas/connector_properties_servicenow_sir' + - $ref: '#/components/schemas/connector_properties_swimlane' + created_at: + type: string + format: date-time + example: '2022-05-13T09:16:17.416Z' + created_by: + $ref: '#/components/schemas/case_response_created_by_properties' + description: + type: string + example: A case description. + duration: + type: integer + description: | + The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero. + nullable: true + example: 120 + external_service: + $ref: '#/components/schemas/external_service' + id: + type: string + example: 66b9aa00-94fa-11ea-9f74-e7e108796192 + owner: + $ref: '#/components/schemas/owners' + settings: + $ref: '#/components/schemas/settings' + severity: + $ref: '#/components/schemas/severity_property' + status: + $ref: '#/components/schemas/status' + tags: + type: array + items: + type: string + example: + - tag-1 + title: + type: string + example: Case title 1 + totalAlerts: + type: integer + example: 0 + totalComment: + type: integer + example: 0 updated_at: type: string format: date-time nullable: true - example: null updated_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - nullable: true - example: null + $ref: '#/components/schemas/case_response_updated_by_properties' version: type: string - example: WzIwNDMxLDFd - external_service: + example: WzUzMiwxXQ== + update_case_request: + title: Update case request + description: The update case API request body varies depending on the type of connector. type: object + required: + - cases properties: - connector_id: - type: string - connector_name: - type: string - external_id: - type: string - external_title: - type: string - external_url: - type: string - pushed_at: - type: string - format: date-time - pushed_by: - type: object - properties: - email: - type: string - example: null - full_name: - type: string - example: null - username: - type: string - example: elastic - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - nullable: true - status: - type: string - description: The status of the case. - enum: - - closed - - in-progress - - open + cases: + type: array + description: An array containing one or more case objects. + items: + type: object + required: + - id + - version + properties: + assignees: + $ref: '#/components/schemas/assignees' + connector: + oneOf: + - $ref: '#/components/schemas/connector_properties_none' + - $ref: '#/components/schemas/connector_properties_cases_webhook' + - $ref: '#/components/schemas/connector_properties_jira' + - $ref: '#/components/schemas/connector_properties_resilient' + - $ref: '#/components/schemas/connector_properties_servicenow' + - $ref: '#/components/schemas/connector_properties_servicenow_sir' + - $ref: '#/components/schemas/connector_properties_swimlane' + description: + description: An updated description for the case. + type: string + id: + description: The identifier for the case. + type: string + settings: + $ref: '#/components/schemas/settings' + severity: + $ref: '#/components/schemas/severity_property' + status: + $ref: '#/components/schemas/status' + tags: + description: The words and phrases that help categorize cases. + type: array + items: + type: string + title: + description: A title for the case. + type: string + version: + description: The current version of the case. To determine this value, use the get case or find cases APIs. + type: string closure_types: type: string - description: >- - Indicates whether a case is automatically closed when it is pushed to - external systems (`close-by-pushing`) or not automatically closed - (`close-by-user`). + description: Indicates whether a case is automatically closed when it is pushed to external systems (`close-by-pushing`) or not automatically closed (`close-by-user`). enum: - close-by-pushing - close-by-user example: close-by-user + connector_types: + type: string + description: The type of connector. + enum: + - .cases-webhook + - .jira + - .none + - .resilient + - .servicenow + - .servicenow-sir + - .swimlane + example: .none alert_response_properties: type: object properties: @@ -3732,71 +2076,70 @@ components: index: description: The alert index. type: string + alert_identifiers: + title: Alert identifiers + description: | + The alert identifier. It is required only when `type` is `alert`. If it is an array, `index` must also be an array with the same length or number of elements. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. + oneOf: + - type: string + - type: array + items: + type: string + x-technical-preview: true + example: 6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42 + alert_indices: + title: Alert indices + description: | + The alert index. It is required only when `type` is `alert`. If it is an array, `alertId` must also be an array with the same length or number of elements. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. + oneOf: + - type: string + - type: array + items: + type: string + x-technical-preview: true + rule: + title: Alerting rule + description: | + The rule that is associated with the alert. It is required only when `type` is `alert`. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. + type: object + x-technical-preview: true + properties: + id: + description: The rule identifier. + type: string + example: 94d80550-aaf4-11ec-985f-97e55adae8b9 + name: + description: The rule name. + type: string + example: security_rule add_alert_comment_request_properties: + title: Add case comment request properties for alerts + required: + - alertId + - index + - owner + - rule + - type + description: Defines properties for case comment requests when type is alert. type: object properties: alertId: - description: > - The alert identifier. It is required only when `type` is `alert`. If - it is an array, `index` must also be an array. This functionality is - in technical preview and may be changed or removed in a future - release. Elastic will apply best effort to fix any issues, but - features in technical preview are not subject to the support SLA of - official GA features. - oneOf: - - type: string - - type: array - items: - type: string - x-technical-preview: true - example: 6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42 + $ref: '#/components/schemas/alert_identifiers' index: - description: > - The alert index. It is required only when `type` is `alert`. If it - is an array, `alertId` must also be an array. This functionality is - in technical preview and may be changed or removed in a future - release. Elastic will apply best effort to fix any issues, but - features in technical preview are not subject to the support SLA of - official GA features. - oneOf: - - type: string - - type: array - items: - type: string - x-technical-preview: true + $ref: '#/components/schemas/alert_indices' owner: $ref: '#/components/schemas/owners' rule: - description: > - The rule that is associated with the alert. It is required only when - `type` is `alert`. This functionality is in technical preview and - may be changed or removed in a future release. Elastic will apply - best effort to fix any issues, but features in technical preview are - not subject to the support SLA of official GA features. - type: object - x-technical-preview: true - properties: - id: - description: The rule identifier. - type: string - example: 94d80550-aaf4-11ec-985f-97e55adae8b9 - name: - description: The rule name. - type: string - example: security_rule + $ref: '#/components/schemas/rule' type: description: The type of comment. type: string + example: alert enum: - alert - example: alert - required: - - alertId - - index - - owner - - rule - - type add_user_comment_request_properties: + title: Add case comment request properties for user comments + description: Defines properties for case comment requests when type is user. type: object properties: comment: @@ -3808,71 +2151,47 @@ components: type: type: string description: The type of comment. + example: user enum: - user - example: user required: - comment - owner - type + add_case_comment_request: + title: Add case comment request + description: The add comment to case API request body varies depending on whether you are adding an alert or a comment. + discriminator: + propertyName: type + oneOf: + - $ref: '#/components/schemas/add_alert_comment_request_properties' + - $ref: '#/components/schemas/add_user_comment_request_properties' update_alert_comment_request_properties: + title: Update case comment request properties for alerts + description: Defines properties for case comment requests when type is alert. + required: + - alertId + - id + - index + - owner + - rule + - type + - version type: object properties: alertId: - description: > - The alert identifier. It is required only when `type` is `alert`. If - it is an array, `index` must also be an array. This functionality is - in technical preview and may be changed or removed in a future - release. Elastic will apply best effort to fix any issues, but - features in technical preview are not subject to the support SLA of - official GA features. - oneOf: - - type: string - - type: array - items: - type: string - x-technical-preview: true - example: 6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42 + $ref: '#/components/schemas/alert_identifiers' id: type: string - description: > - The identifier for the comment. To retrieve comment IDs, use the get - comments API. + description: | + The identifier for the comment. To retrieve comment IDs, use the get comments API. example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 index: - description: > - The alert index. It is required only when `type` is `alert`. If it - is an array, `alertId` must also be an array. This functionality is - in technical preview and may be changed or removed in a future - release. Elastic will apply best effort to fix any issues, but - features in technical preview are not subject to the support SLA of - official GA features. - oneOf: - - type: string - - type: array - items: - type: string - x-technical-preview: true + $ref: '#/components/schemas/alert_indices' owner: $ref: '#/components/schemas/owners' rule: - description: > - The rule that is associated with the alert. It is required only when - `type` is `alert`. This functionality is in technical preview and - may be changed or removed in a future release. Elastic will apply - best effort to fix any issues, but features in technical preview are - not subject to the support SLA of official GA features. - type: object - x-technical-preview: true - properties: - id: - description: The rule identifier. - type: string - example: 94d80550-aaf4-11ec-985f-97e55adae8b9 - name: - description: The rule name. - type: string - example: security_rule + $ref: '#/components/schemas/rule' type: description: The type of comment. type: string @@ -3880,20 +2199,13 @@ components: - alert example: alert version: - description: > - The current comment version. To retrieve version values, use the get - comments API. + description: | + The current comment version. To retrieve version values, use the get comments API. type: string example: Wzk1LDFd - required: - - alertId - - id - - index - - owner - - rule - - type - - version update_user_comment_request_properties: + title: Update case comment request properties for user comments + description: Defines properties for case comment requests when type is user. type: object properties: comment: @@ -3902,9 +2214,8 @@ components: example: A new comment. id: type: string - description: > - The identifier for the comment. To retrieve comment IDs, use the get - comments API. + description: | + The identifier for the comment. To retrieve comment IDs, use the get comments API. example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 owner: $ref: '#/components/schemas/owners' @@ -3915,9 +2226,8 @@ components: - user example: user version: - description: > - The current comment version. To retrieve version values, use the get - comments API. + description: | + The current comment version. To retrieve version values, use the get comments API. type: string example: Wzk1LDFd required: @@ -3926,6 +2236,14 @@ components: - owner - type - version + update_case_comment_request: + title: Update case comment request + description: The update case comment API request body varies depending on whether you are updating an alert or a comment. + discriminator: + propertyName: type + oneOf: + - $ref: '#/components/schemas/update_alert_comment_request_properties' + - $ref: '#/components/schemas/update_user_comment_request_properties' actions: type: string enum: @@ -3972,6 +2290,11 @@ components: type: string enum: - alert + payload_assignees: + type: object + properties: + assignees: + $ref: '#/components/schemas/assignees' payload_connector: type: object properties: @@ -3979,10 +2302,7 @@ components: type: object properties: fields: - description: >- - An object containing the connector fields. To create a case - without a connector, specify null. If you want to omit any - individual field, specify null as its value. + description: An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value. nullable: true type: object properties: @@ -3990,19 +2310,14 @@ components: description: The case identifier for Swimlane connectors. type: string category: - description: >- - The category of the incident for ServiceNow ITSM and - ServiceNow SecOps connectors. + description: The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. type: string destIp: - description: >- - A comma-separated list of destination IPs for ServiceNow - SecOps connectors. - type: string + description: Indicates whether cases will send a comma-separated list of destination IPs for ServiceNow SecOps connectors. + type: boolean + nullable: true impact: - description: >- - The effect an incident had on business for ServiceNow ITSM - connectors. + description: The effect an incident had on business for ServiceNow ITSM connectors. type: string issueType: description: The type of issue for Jira connectors. @@ -4011,61 +2326,44 @@ components: description: The type of incident for IBM Resilient connectors. type: array items: - type: number + type: string malwareHash: - description: >- - A comma-separated list of malware hashes for ServiceNow - SecOps connectors. - type: string + description: Indicates whether cases will send a comma-separated list of malware hashes for ServiceNow SecOps connectors. + type: boolean + nullable: true malwareUrl: - description: >- - A comma-separated list of malware URLs for ServiceNow SecOps - connectors. - type: string + description: Indicates whether cases will send a comma-separated list of malware URLs for ServiceNow SecOps connectors. + type: boolean + nullable: true parent: - description: >- - The key of the parent issue, when the issue type is sub-task - for Jira connectors. + description: The key of the parent issue, when the issue type is sub-task for Jira connectors. type: string priority: - description: >- - The priority of the issue for Jira and ServiceNow SecOps - connectors. + description: The priority of the issue for Jira and ServiceNow SecOps connectors. type: string severity: description: The severity of the incident for ServiceNow ITSM connectors. type: string severityCode: - description: >- - The severity code of the incident for IBM Resilient - connectors. - type: number - sourceIp: - description: >- - A comma-separated list of source IPs for ServiceNow SecOps - connectors. + description: The severity code of the incident for IBM Resilient connectors. type: string + sourceIp: + description: Indicates whether cases will send a comma-separated list of source IPs for ServiceNow SecOps connectors. + type: boolean + nullable: true subcategory: - description: >- - The subcategory of the incident for ServiceNow ITSM - connectors. + description: The subcategory of the incident for ServiceNow ITSM connectors. type: string urgency: - description: >- - The extent to which the incident resolution can be delayed - for ServiceNow ITSM connectors. + description: The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors. type: string example: null id: - description: >- - The identifier for the connector. To create a case without a - connector, use `none`. + description: The identifier for the connector. To create a case without a connector, use `none`. type: string example: none name: - description: >- - The name of the connector. To create a case without a connector, - use `none`. + description: The name of the connector. To create a case without a connector, use `none`. type: string example: none type: @@ -4073,14 +2371,13 @@ components: payload_create_case: type: object properties: + assignees: + $ref: '#/components/schemas/assignees' connector: type: object properties: fields: - description: >- - An object containing the connector fields. To create a case - without a connector, specify null. If you want to omit any - individual field, specify null as its value. + description: An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value. nullable: true type: object properties: @@ -4088,19 +2385,14 @@ components: description: The case identifier for Swimlane connectors. type: string category: - description: >- - The category of the incident for ServiceNow ITSM and - ServiceNow SecOps connectors. + description: The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. type: string destIp: - description: >- - A comma-separated list of destination IPs for ServiceNow - SecOps connectors. - type: string + description: Indicates whether cases will send a comma-separated list of destination IPs for ServiceNow SecOps connectors. + type: boolean + nullable: true impact: - description: >- - The effect an incident had on business for ServiceNow ITSM - connectors. + description: The effect an incident had on business for ServiceNow ITSM connectors. type: string issueType: description: The type of issue for Jira connectors. @@ -4109,61 +2401,44 @@ components: description: The type of incident for IBM Resilient connectors. type: array items: - type: number + type: string malwareHash: - description: >- - A comma-separated list of malware hashes for ServiceNow - SecOps connectors. - type: string + description: Indicates whether cases will send a comma-separated list of malware hashes for ServiceNow SecOps connectors. + type: boolean + nullable: true malwareUrl: - description: >- - A comma-separated list of malware URLs for ServiceNow SecOps - connectors. - type: string + description: Indicates whether cases will send a comma-separated list of malware URLs for ServiceNow SecOps connectors. + type: boolean + nullable: true parent: - description: >- - The key of the parent issue, when the issue type is sub-task - for Jira connectors. + description: The key of the parent issue, when the issue type is sub-task for Jira connectors. type: string priority: - description: >- - The priority of the issue for Jira and ServiceNow SecOps - connectors. + description: The priority of the issue for Jira and ServiceNow SecOps connectors. type: string severity: description: The severity of the incident for ServiceNow ITSM connectors. type: string severityCode: - description: >- - The severity code of the incident for IBM Resilient - connectors. - type: number - sourceIp: - description: >- - A comma-separated list of source IPs for ServiceNow SecOps - connectors. + description: The severity code of the incident for IBM Resilient connectors. type: string + sourceIp: + description: Indicates whether cases will send a comma-separated list of source IPs for ServiceNow SecOps connectors. + type: boolean + nullable: true subcategory: - description: >- - The subcategory of the incident for ServiceNow ITSM - connectors. + description: The subcategory of the incident for ServiceNow ITSM connectors. type: string urgency: - description: >- - The extent to which the incident resolution can be delayed - for ServiceNow ITSM connectors. + description: The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors. type: string example: null id: - description: >- - The identifier for the connector. To create a case without a - connector, use `none`. + description: The identifier for the connector. To create a case without a connector, use `none`. type: string example: none name: - description: >- - The name of the connector. To create a case without a connector, - use `none`. + description: The name of the connector. To create a case without a connector, use `none`. type: string example: none type: @@ -4186,6 +2461,10 @@ components: - tag-1 title: type: string + payload_delete: + type: object + description: If the `action` is `delete` and the `type` is `delete_case`, the payload is nullable. + nullable: true payload_description: type: object properties: @@ -4243,6 +2522,7 @@ components: type: string description: The type of action. enum: + - assignees - create_case - comment - connector @@ -4257,6 +2537,16 @@ components: example: create_case user_actions_response_properties: type: object + required: + - action + - action_id + - case_id + - comment_id + - created_at + - created_by + - owner + - payload + - type properties: action: $ref: '#/components/schemas/actions' @@ -4268,6 +2558,7 @@ components: example: 22df07d0-03b1-11ed-920c-974bfa104448 comment_id: type: string + nullable: true example: 578608d0-03b1-11ed-920c-974bfa104448 created_at: type: string @@ -4279,22 +2570,31 @@ components: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic + nullable: true profile_uid: type: string example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + required: + - email + - full_name + - username owner: $ref: '#/components/schemas/owners' payload: oneOf: - $ref: '#/components/schemas/payload_alert_comment' + - $ref: '#/components/schemas/payload_assignees' - $ref: '#/components/schemas/payload_connector' - $ref: '#/components/schemas/payload_create_case' + - $ref: '#/components/schemas/payload_delete' - $ref: '#/components/schemas/payload_description' - $ref: '#/components/schemas/payload_pushed' - $ref: '#/components/schemas/payload_settings' @@ -4303,7 +2603,6 @@ components: - $ref: '#/components/schemas/payload_tags' - $ref: '#/components/schemas/payload_title' - $ref: '#/components/schemas/payload_user_comment' - nullable: true type: $ref: '#/components/schemas/action_types' examples: @@ -4326,31 +2625,30 @@ components: syncAlerts: true owner: cases create_case_response: - summary: >- - The create case API returns a JSON object that includes the user who - created the case and the case identifier, version, and creation time. + summary: The create case API returns a JSON object that contains details about the case. value: - id: 66b9aa00-94fa-11ea-9f74-e7e108796192 - version: WzUzMiwxXQ== comments: [] - totalComment: 0 totalAlerts: 0 + id: 66b9aa00-94fa-11ea-9f74-e7e108796192 + version: WzUzMiwxXQ== + totalComment: 1 title: Case title 1 tags: - - tag-1 + - tag 1 + assignees: [] + description: A case description. settings: - syncAlerts: true + syncAlerts: false owner: cases - description: A case description. duration: null severity: low closed_at: null closed_by: null - created_at: '2022-05-13T09:16:17.416Z' + created_at: '2022-03-24T00:37:03.906Z' created_by: - email: null - full_name: null username: elastic + full_name: null + email: null status: open updated_at: null updated_by: null @@ -4383,9 +2681,7 @@ components: settings: syncAlerts: true update_case_response: - summary: >- - This is an example response when the case description, tags, and - connector were updated. + summary: This is an example response when the case description, tags, and connector were updated. value: - id: 66b9aa00-94fa-11ea-9f74-e7e108796192 version: WzU0OCwxXQ== @@ -4414,6 +2710,7 @@ components: email: null full_name: null username: elastic + assignees: [] connector: id: 131d4448-abe0-4789-939d-8ef60680b498 name: My connector @@ -4434,9 +2731,7 @@ components: external_id: '10003' connector_name: Jira find_case_response: - summary: >- - Retrieve the first five cases with the `tag-1` tag, in ascending order - by last update time. + summary: Retrieve the first five cases with the `tag-1` tag, in ascending order by last update time. value: page: 1 per_page: 5 @@ -4469,6 +2764,7 @@ components: email: null full_name: null username: elastic + assignees: [] connector: id: none name: none @@ -4478,6 +2774,46 @@ components: count_open_cases: 1 count_in_progress_cases: 0 count_closed_cases: 0 + set_case_configuration_request: + summary: Set the closure type and default connector for Stack Management cases. + value: + owner: cases + connector: + id: 5e656730-e1ca-11ec-be9b-9b1838238ee6 + name: my-jira-connector + type: .jira + fields: null + closure_type: close-by-user + set_case_configuration_response: + summary: This is an example response when the case configuration was updated. + value: + closure_type: close-by-user + owner: cases + created_at: '2022-06-01T17:07:17.767Z' + created_by: + username: elastic + email: null, + full_name: null + updated_at: null + updated_by: null + connector: + id: 5e656730-e1ca-11ec-be9b-9b1838238ee6 + name: my-jira-connector + type: .jira + fields: null + mappings: + - source: title + target: summary + action_type: overwrite + - source: description + target: description + action_type: overwrite + - source: comments + target: comments + action_type: append + version: WzIwNzMsMV0= + error: null + id: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 find_connector_response: summary: Retrieve information about the connectors and their settings. value: @@ -4560,6 +2896,8 @@ components: full_name: null email: null username: elastic + assignees: + - uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 connector: id: none name: none @@ -4579,9 +2917,7 @@ components: comment: A new comment. owner: cases add_comment_response: - summary: >- - The add comment to case API returns a JSON object that contains details - about the case and its comments. + summary: The add comment to case API returns a JSON object that contains details about the case and its comments. value: comments: - id: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 @@ -4594,10 +2930,6 @@ components: username: elastic email: null full_name: null - pushed_at: null - pushed_by: null - updated_at: null - updated_by: null totalAlerts: 0 id: 293f1bc0-74f6-11ea-b83a-553aecdb28b6 version: WzIzMzgsMV0= @@ -4615,9 +2947,9 @@ components: closed_by: null created_at: '2022-03-24T00:37:03.906Z' created_by: - email: null - full_name: null username: elastic + full_name: null + email: null status: open updated_at: '2022-06-03T00:49:47.716Z' updated_by: @@ -4637,10 +2969,9 @@ components: version: Wzk1LDFd type: user comment: An updated comment. + owner: cases update_comment_response: - summary: >- - The add comment to case API returns a JSON object that contains details - about the case and its comments. + summary: The add comment to case API returns a JSON object that contains details about the case and its comments. value: comments: - id: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 @@ -4710,9 +3041,7 @@ components: updated_at: null updated_by: null push_case_response: - summary: >- - The push case API returns a JSON object with details about the case and - the external service. + summary: The push case API returns a JSON object with details about the case and the external service. value: id: b917f300-0ed9-11ed-bd18-65557fe66949 version: WzE3NjgsM10= @@ -4763,48 +3092,76 @@ components: get_case_activity_response: summary: Retrieves all activity for a case value: - - created_at: '2022-07-14T20:11:24.947Z' + - action_id: b4cd0770-07c9-11ed-a5fd-47154cb8767e + action: create + case_id: 22df07d0-03b1-11ed-920c-974bfa104448 + comment_id: 578608d0-03b1-11ed-920c-974bfa104448 + created_at: '2022-07-20T01:17:22.150Z' created_by: username: elastic email: null full_name: null owner: cases - action: create payload: - description: A case description - title: Case title 1 - tags: - - tag 1 + assignees: null connector: name: none type: .none fields: null id: none - settings: - syncAlerts: true + description: test + tags: + - mine + title: test-case owner: cases + settings: + syncAlerts: false severity: low status: open - type: create_case - action_id: 22fd3e30-03b1-11ed-920c-974bfa104448 + type: create_case + type: comment + - action_id: 57af14a0-03b1-11ed-920c-974bfa104448 + action: create case_id: 22df07d0-03b1-11ed-920c-974bfa104448 - comment_id: null - - created_at: '2022-07-14T20:12:53.354Z' + comment_id: 578608d0-03b1-11ed-920c-974bfa104448 + created_at: '2022-07-14T20:12:53.354Z' created_by: username: elastic email: null full_name: null owner: cases - action: create payload: - comment: - type: user - owner: cases - comment: A new comment + comment: A new comment + owner: cases + type: user type: comment - action_id: 57af14a0-03b1-11ed-920c-974bfa104448 + - action_id: 573c6980-6123-11ed-aa41-81a0a61fe447 + action: add case_id: 22df07d0-03b1-11ed-920c-974bfa104448 - comment_id: 578608d0-03b1-11ed-920c-974bfa104448 + comment_id: null + created_at: '2022-07-20T01:10:28.238Z' + created_by: + username: elastic + email: null + full_name: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + owner: cases + payload: + assignees: + uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + type: assignees + - action_id: fff460e0-07c9-11ed-a5fd-47154cb8767e + action: delete + case_id: 22df07d0-03b1-11ed-920c-974bfa104448 + comment_id: null + created_at: '2022-07-20T01:19:28.238Z' + created_by: + username: elastic + email: null + full_name: null + owner: cases + payload: null + type: delete_case security: - basicAuth: [] - apiKeyAuth: [] diff --git a/x-pack/plugins/cases/docs/openapi/components/examples/get_case_activity_response.yaml b/x-pack/plugins/cases/docs/openapi/components/examples/get_case_activity_response.yaml index 22487da290011a..3cdafb4b26ef89 100644 --- a/x-pack/plugins/cases/docs/openapi/components/examples/get_case_activity_response.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/examples/get_case_activity_response.yaml @@ -1,37 +1,72 @@ summary: Retrieves all activity for a case -value: - [ - { - "created_at":"2022-07-14T20:11:24.947Z", - "created_by":{"username":"elastic","email":null,"full_name":null}, - "owner":"cases", - "action":"create", - "payload":{ - "description":"A case description", - "title":"Case title 1", - "tags":["tag 1"], - "connector":{"name":"none","type":".none","fields":null,"id":"none"}, - "settings":{"syncAlerts":true}, - "owner":"cases", - "severity":"low", - "status":"open" - }, - "type":"create_case", - "action_id":"22fd3e30-03b1-11ed-920c-974bfa104448", - "case_id":"22df07d0-03b1-11ed-920c-974bfa104448", - "comment_id":null - }, - { - "created_at":"2022-07-14T20:12:53.354Z", - "created_by":{"username":"elastic","email":null,"full_name":null}, - "owner":"cases", - "action":"create", - "payload":{ - "comment":{"type":"user","owner":"cases","comment":"A new comment"} - }, - "type":"comment", - "action_id":"57af14a0-03b1-11ed-920c-974bfa104448", - "case_id":"22df07d0-03b1-11ed-920c-974bfa104448", - "comment_id":"578608d0-03b1-11ed-920c-974bfa104448" - } - ] \ No newline at end of file +value: + - action_id: b4cd0770-07c9-11ed-a5fd-47154cb8767e + action: create + case_id: 22df07d0-03b1-11ed-920c-974bfa104448 + comment_id: 578608d0-03b1-11ed-920c-974bfa104448 + created_at: 2022-07-20T01:17:22.150Z + created_by: + username: elastic + email: null + full_name: null + owner: cases + payload: + assignees: + connector: + name: none + type: .none + fields: null + id: none + description: test + tags: + - mine + title: test-case + owner: cases + settings: + syncAlerts: false + severity: low + status: open + type: create_case + type: comment + - action_id: 57af14a0-03b1-11ed-920c-974bfa104448 + action: create + case_id: 22df07d0-03b1-11ed-920c-974bfa104448 + comment_id: 578608d0-03b1-11ed-920c-974bfa104448 + created_at: 2022-07-14T20:12:53.354Z + created_by: + username: elastic + email: null + full_name: null + owner: cases + payload: + comment: A new comment + owner: cases + type: user + type: comment + - action_id: 573c6980-6123-11ed-aa41-81a0a61fe447 + action: add + case_id: 22df07d0-03b1-11ed-920c-974bfa104448 + comment_id: null + created_at: 2022-07-20T01:10:28.238Z + created_by: + username: elastic + email: null + full_name: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + owner: cases + payload: + assignees: + uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + type: assignees + - action_id: fff460e0-07c9-11ed-a5fd-47154cb8767e + action: delete + case_id: 22df07d0-03b1-11ed-920c-974bfa104448 + comment_id: null + created_at: 2022-07-20T01:19:28.238Z + created_by: + username: elastic + email: null + full_name: null + owner: cases + payload: + type: delete_case \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/assignees.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/assignees.yaml new file mode 100644 index 00000000000000..97f7dc115b215d --- /dev/null +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/assignees.yaml @@ -0,0 +1,12 @@ +type: array +description: An array containing users that are assigned to the case. +nullable: true +items: + type: object + required: + - uid + properties: + uid: + type: string + description: A unique identifier for the user profile. These identifiers can be found by using the suggest user profile API. + example: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/case_configure_response_properties.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/case_configure_response_properties.yaml index 96feee871358f1..90c969990f2e5f 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/case_configure_response_properties.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/case_configure_response_properties.yaml @@ -11,17 +11,7 @@ created_at: created_by: type: object properties: - email: - type: string - example: null - nullable: true - full_name: - type: string - example: null - nullable: true - username: - type: string - example: elastic + $ref: 'user_properties.yaml' error: type: string nullable: true @@ -53,17 +43,7 @@ updated_at: updated_by: type: object properties: - email: - type: string - example: null - nullable: true - full_name: - type: string - example: null - nullable: true - username: - type: string - example: elastic + $ref: 'user_properties.yaml' nullable: true version: type: string diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/case_response_properties.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/case_response_properties.yaml index 1caa1643476d5e..e20bfe664221ac 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/case_response_properties.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/case_response_properties.yaml @@ -24,18 +24,7 @@ required: - version properties: assignees: - type: array - description: An array containing users that are assigned to the case. - nullable: true - items: - type: object - required: - - uid - properties: - uid: - type: string - description: A unique identifier for the user profile. You can use the get user profile API to retrieve more details. - example: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 + $ref: 'assignees.yaml' closed_at: type: string format: date-time diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/create_case_request.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/create_case_request.yaml index 715bfaf112042a..9f6b039fb2563a 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/create_case_request.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/create_case_request.yaml @@ -11,18 +11,7 @@ required: - title properties: assignees: - type: array - description: An array containing users that are assigned to the case. - nullable: true - items: - type: object - required: - - uid - properties: - uid: - type: string - description: A unique identifier for the user profile. These identifiers can be found by using the suggest user profile API. - example: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 + $ref: 'assignees.yaml' connector: oneOf: - $ref: 'connector_properties_none.yaml' diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/payload_assignees.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/payload_assignees.yaml index 122541dfe4fe6d..f1fedf6598f95e 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/payload_assignees.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/payload_assignees.yaml @@ -1,9 +1,4 @@ type: object properties: assignees: - type: array - items: - type: object - properties: - uid: - type: string \ No newline at end of file + $ref: 'assignees.yaml' \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/payload_create_case.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/payload_create_case.yaml index 7fc04b3db416a5..4c3043a25c7b8d 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/payload_create_case.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/payload_create_case.yaml @@ -1,5 +1,7 @@ type: object properties: + assignees: + $ref: 'assignees.yaml' connector: type: object properties: diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/payload_delete.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/payload_delete.yaml new file mode 100644 index 00000000000000..933d91305dca77 --- /dev/null +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/payload_delete.yaml @@ -0,0 +1,3 @@ +type: object +description: If the `action` is `delete` and the `type` is `delete_case`, the payload is nullable. +nullable: true \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/payload_user_comment.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/payload_user_comment.yaml index fb309afd82b69f..e07d5f81359b20 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/payload_user_comment.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/payload_user_comment.yaml @@ -10,4 +10,4 @@ properties: type: type: string enum: - - user \ No newline at end of file + - user \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/update_case_request.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/update_case_request.yaml index ee4249aeaf9d3c..35170dc4ef3eb1 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/update_case_request.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/update_case_request.yaml @@ -15,18 +15,7 @@ properties: - version properties: assignees: - type: array - description: An array containing users that are assigned to the case. - nullable: true - items: - type: object - required: - - uid - properties: - uid: - type: string - description: A unique identifier for the user profile. These identifiers can be found by using the suggest user profile API. - example: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 + $ref: 'assignees.yaml' connector: oneOf: - $ref: 'connector_properties_none.yaml' diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/user_actions_response_properties.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/user_actions_response_properties.yaml index a3f57ed53297d9..d7e30dfecac19c 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/user_actions_response_properties.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/user_actions_response_properties.yaml @@ -1,4 +1,14 @@ type: object +required: + - action + - action_id + - case_id + - comment_id + - created_at + - created_by + - owner + - payload + - type properties: action: $ref: 'actions.yaml' @@ -10,6 +20,7 @@ properties: example: 22df07d0-03b1-11ed-920c-974bfa104448 comment_id: type: string + nullable: true example: 578608d0-03b1-11ed-920c-974bfa104448 created_at: type: string @@ -19,6 +30,10 @@ properties: type: object properties: $ref: 'user_properties.yaml' + required: + - email + - full_name + - username owner: $ref: 'owners.yaml' payload: @@ -27,6 +42,7 @@ properties: - $ref: 'payload_assignees.yaml' - $ref: 'payload_connector.yaml' - $ref: 'payload_create_case.yaml' + - $ref: 'payload_delete.yaml' - $ref: 'payload_description.yaml' - $ref: 'payload_pushed.yaml' - $ref: 'payload_settings.yaml' @@ -35,6 +51,5 @@ properties: - $ref: 'payload_tags.yaml' - $ref: 'payload_title.yaml' - $ref: 'payload_user_comment.yaml' - nullable: true - type: + type: $ref: 'action_types.yaml' \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/entrypoint-min.yaml b/x-pack/plugins/cases/docs/openapi/entrypoint-min.yaml deleted file mode 100644 index 16e2bba6673975..00000000000000 --- a/x-pack/plugins/cases/docs/openapi/entrypoint-min.yaml +++ /dev/null @@ -1,59 +0,0 @@ -openapi: 3.0.1 -info: - title: Cases - description: OpenAPI schema for Cases endpoints - version: '0.2' - contact: - name: Cases Team - license: - name: Elastic License 2.0 - url: https://www.elastic.co/licensing/elastic-license -tags: - - name: cases - description: Case APIs enable you to open and track issues. -servers: - - url: 'http://localhost:5601' - description: local -paths: - '/s/{spaceId}/api/cases': - $ref: 'paths/s@{spaceid}@api@cases.yaml' -# '/s/{spaceId}/api/cases/_find': -# $ref: 'paths/s@{spaceid}@api@cases@_find.yaml' - '/s/{spaceId}/api/cases/alerts/{alertId}': - $ref: 'paths/s@{spaceid}@api@cases@alerts@{alertid}.yaml' - '/s/{spaceId}/api/cases/configure': - $ref: paths/s@{spaceid}@api@cases@configure.yaml - '/s/{spaceId}/api/cases/configure/{configurationId}': - $ref: paths/s@{spaceid}@api@cases@configure@{configurationid}.yaml -# '/s/{spaceId}/api/cases/configure/connectors/_find': -# $ref: paths/s@{spaceid}@api@cases@configure@connectors@_find.yaml - '/s/{spaceId}/api/cases/reporters': - $ref: 'paths/s@{spaceid}@api@cases@reporters.yaml' - '/s/{spaceId}/api/cases/status': - $ref: 'paths/s@{spaceid}@api@cases@status.yaml' - '/s/{spaceId}/api/cases/tags': - $ref: 'paths/s@{spaceid}@api@cases@tags.yaml' - '/s/{spaceId}/api/cases/{caseId}': - $ref: 'paths/s@{spaceid}@api@cases@{caseid}.yaml' -# '/s/{spaceId}/api/cases/{caseId}/alerts': -# $ref: 'paths/s@{spaceid}@api@cases@{caseid}@alerts.yaml' - '/s/{spaceId}/api/cases/{caseId}/comments': - $ref: 'paths/s@{spaceid}@api@cases@{caseid}@comments.yaml' - '/s/{spaceId}/api/cases/{caseId}/comments/{commentId}': - $ref: 'paths/s@{spaceid}@api@cases@{caseid}@comments@{commentid}.yaml' - '/s/{spaceId}/api/cases/{caseId}/connector/{connectorId}/_push': - $ref: 'paths/s@{spaceid}@api@cases@{caseid}@connector@{connectorid}@_push.yaml' -# '/s/{spaceId}/api/cases/{caseId}/user_actions': -# $ref: 'paths/s@{spaceid}@api@cases@{caseid}@user_actions.yaml' -components: - securitySchemes: - basicAuth: - type: http - scheme: basic - apiKeyAuth: - type: apiKey - in: header - name: ApiKey -security: - - basicAuth: [] - - apiKeyAuth: [] diff --git a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@_find.yaml b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@_find.yaml index 6d5bb0c2812cdd..89c8a0eb9876c9 100644 --- a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@_find.yaml +++ b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@_find.yaml @@ -131,7 +131,7 @@ get: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: object properties: diff --git a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@configure@connectors@_find.yaml b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@configure@connectors@_find.yaml index 0755225bad71a4..d6328b4426f7bd 100644 --- a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@configure@connectors@_find.yaml +++ b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@configure@connectors@_find.yaml @@ -13,7 +13,7 @@ get: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: array items: diff --git a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@alerts.yaml b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@alerts.yaml index 66b8d6cc276bfc..abf2f26ce357bc 100644 --- a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@alerts.yaml +++ b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@alerts.yaml @@ -21,7 +21,7 @@ get: items: $ref: '../components/schemas/alert_response_properties.yaml' examples: - createCaseCommentResponse: + getCaseAlertsResponse: $ref: '../components/examples/get_case_alerts_response.yaml' servers: - url: https://localhost:5601 diff --git a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@user_actions.yaml b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@user_actions.yaml index 71301cf67a731b..43a6ec096dfaaf 100644 --- a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@user_actions.yaml +++ b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@user_actions.yaml @@ -15,7 +15,7 @@ get: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: array items: