diff --git a/x-pack/plugins/cases/common/openapi/README.md b/x-pack/plugins/cases/common/openapi/README.md new file mode 100644 index 0000000000000..44c6025cd0898 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/README.md @@ -0,0 +1,29 @@ +# OpenAPI (Experimental) + +The current self-contained spec file is [as JSON](https://raw.githubusercontent.com/elastic/kibana/master/x-pack/plugins/cases/common/openapi/bundled.json) or [as YAML](https://raw.githubusercontent.com/elastic/kibana/master/x-pack/plugins/cases/common/openapi/bundled.yaml) and can be used for online tools like those found at https://openapi.tools/. +This spec is experimental and may be incomplete or change later. + +A guide about the openApi specification can be found at [https://swagger.io/docs/specification/about/](https://swagger.io/docs/specification/about/). + +## The `openapi` folder + +* `entrypoint.yaml` is the overview file which pulls together all the paths and components. +* [Paths](paths/README.md): this defines each endpoint. A path can have one operation per http method. +* [Components](components/README.md): Reusable components + +## Tools + +It is possible to validate the docs before bundling them with the following +command in the `x-pack/plugins/cases/common/openapi/` folder: + + ``` + npx swagger-cli validate entrypoint.yaml + ``` + +Then you can generate the `bundled` files by running the following commands: + + ``` + npx @redocly/openapi-cli bundle --ext yaml --output bundled.yaml entrypoint.yaml + npx @redocly/openapi-cli bundle --ext json --output bundled.json entrypoint.yaml + ``` + diff --git a/x-pack/plugins/cases/common/openapi/bundled.json b/x-pack/plugins/cases/common/openapi/bundled.json new file mode 100644 index 0000000000000..7151d64f1b8d6 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/bundled.json @@ -0,0 +1,3007 @@ +{ + "openapi": "3.0.1", + "info": { + "title": "Cases", + "description": "OpenAPI schema for Cases endpoints", + "version": "0.1", + "contact": { + "name": "Cases Team" + }, + "license": { + "name": "Elastic License 2.0", + "url": "https://www.elastic.co/licensing/elastic-license" + } + }, + "tags": [ + { + "name": "cases" + }, + { + "name": "kibana" + } + ], + "servers": [ + { + "url": "http://localhost:5601", + "description": "local" + } + ], + "paths": { + "/api/cases": { + "post": { + "description": "Creates a case. You must have all privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're creating.\n", + "parameters": [ + { + "$ref": "#/components/parameters/kbn_xsrf" + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "connector": { + "description": "An object that contains the connector configuration.", + "type": "object", + "properties": { + "fields": { + "description": "An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.", + "nullable": true, + "type": "object", + "properties": { + "caseId": { + "description": "The case identifier for Swimlane connectors.", + "type": "string" + }, + "category": { + "description": "The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.", + "type": "string" + }, + "destIp": { + "description": "A comma-separated list of destination IPs for ServiceNow SecOps connectors.", + "type": "string" + }, + "impact": { + "description": "The effect an incident had on business for ServiceNow ITSM connectors.", + "type": "string" + }, + "issueType": { + "description": "The type of issue for Jira connectors.", + "type": "string" + }, + "issueTypes": { + "description": "The type of incident for IBM Resilient connectors.", + "type": "array", + "items": { + "type": "number" + } + }, + "malwareHash": { + "description": "A comma-separated list of malware hashes for ServiceNow SecOps connectors.", + "type": "string" + }, + "malwareUrl": { + "description": "A comma-separated list of malware URLs for ServiceNow SecOps connectors.", + "type": "string" + }, + "parent": { + "description": "The key of the parent issue, when the issue type is sub-task for Jira connectors.", + "type": "string" + }, + "priority": { + "description": "The priority of the issue for Jira and ServiceNow SecOps connectors.", + "type": "string" + }, + "severity": { + "description": "The severity of the incident for ServiceNow ITSM connectors.", + "type": "string" + }, + "severityCode": { + "description": "The severity code of the incident for IBM Resilient connectors.", + "type": "number" + }, + "sourceIp": { + "description": "A comma-separated list of source IPs for ServiceNow SecOps connectors.", + "type": "string" + }, + "subcategory": { + "description": "The subcategory of the incident for ServiceNow ITSM connectors.", + "type": "string" + }, + "urgency": { + "description": "The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.", + "type": "string" + } + }, + "required": [ + "fields", + "id", + "name", + "type" + ] + }, + "id": { + "description": "The identifier for the connector. To create a case without a connector, use `none`.", + "type": "string" + }, + "name": { + "description": "The name of the connector. To create a case without a connector, use `none`.", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/connector_types" + } + } + }, + "description": { + "description": "The description for the case.", + "type": "string" + }, + "owner": { + "$ref": "#/components/schemas/owners" + }, + "settings": { + "description": "An object that contains the case settings.", + "type": "object", + "properties": { + "syncAlerts": { + "description": "Turns alert syncing on or off.", + "type": "boolean" + } + } + }, + "tags": { + "description": "The words and phrases that help categorize cases. It can be an empty array.", + "type": "array", + "items": { + "type": "string" + } + }, + "title": { + "description": "A title for the case.", + "type": "string" + } + }, + "required": [ + "connector", + "description", + "owner", + "settings", + "tags", + "title" + ] + } + } + } + }, + "responses": { + "200": { + "description": "Indicates a successful call.", + "content": { + "application/json; charset=utf-8": { + "schema": { + "type": "string" + }, + "examples": {} + } + } + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "delete": { + "description": "Deletes one or more cases. You must have all privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting.\n", + "parameters": [ + { + "$ref": "#/components/parameters/kbn_xsrf" + }, + { + "name": "ids", + "description": "The cases that you want to removed. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded.", + "in": "query", + "required": true, + "schema": { + "type": "string" + }, + "example": "%5B%22d4e7abb0-b462-11ec-9a8d-698504725a43%22%5D" + } + ], + "responses": { + "204": { + "description": "Indicates a successful call." + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "patch": { + "description": "Updates one or more cases. You must have all privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating.\n", + "parameters": [ + { + "$ref": "#/components/parameters/kbn_xsrf" + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "connector": { + "description": "An object that contains the connector configuration.", + "type": "object", + "properties": { + "fields": { + "description": "An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.", + "nullable": true, + "type": "object", + "properties": { + "caseId": { + "description": "The case identifier for Swimlane connectors.", + "type": "string" + }, + "category": { + "description": "The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.", + "type": "string" + }, + "destIp": { + "description": "A comma-separated list of destination IPs for ServiceNow SecOps connectors.", + "type": "string" + }, + "impact": { + "description": "The effect an incident had on business for ServiceNow ITSM connectors.", + "type": "string" + }, + "issueType": { + "description": "The type of issue for Jira connectors.", + "type": "string" + }, + "issueTypes": { + "description": "The type of incident for IBM Resilient connectors.", + "type": "array", + "items": { + "type": "number" + } + }, + "malwareHash": { + "description": "A comma-separated list of malware hashes for ServiceNow SecOps connectors.", + "type": "string" + }, + "malwareUrl": { + "description": "A comma-separated list of malware URLs for ServiceNow SecOps connectors.", + "type": "string" + }, + "parent": { + "description": "The key of the parent issue, when the issue type is sub-task for Jira connectors.", + "type": "string" + }, + "priority": { + "description": "The priority of the issue for Jira and ServiceNow SecOps connectors.", + "type": "string" + }, + "severity": { + "description": "The severity of the incident for ServiceNow ITSM connectors.", + "type": "string" + }, + "severityCode": { + "description": "The severity code of the incident for IBM Resilient connectors.", + "type": "number" + }, + "sourceIp": { + "description": "A comma-separated list of source IPs for ServiceNow SecOps connectors.", + "type": "string" + }, + "subcategory": { + "description": "The subcategory of the incident for ServiceNow ITSM connectors.", + "type": "string" + }, + "urgency": { + "description": "The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.", + "type": "string" + } + }, + "required": [ + "fields", + "id", + "name", + "type" + ] + }, + "id": { + "description": "The identifier for the connector. To create a case without a connector, use `none`.", + "type": "string" + }, + "name": { + "description": "The name of the connector. To create a case without a connector, use `none`.", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/connector_types" + } + } + }, + "description": { + "description": "The description for the case.", + "type": "string" + }, + "id": { + "description": "The identifier for the case.", + "type": "string" + }, + "settings": { + "description": "An object that contains the case settings.", + "type": "object", + "properties": { + "syncAlerts": { + "description": "Turns alert syncing on or off.", + "type": "boolean" + } + } + }, + "status": { + "$ref": "#/components/schemas/status" + }, + "tags": { + "description": "The words and phrases that help categorize cases.", + "type": "array", + "items": { + "type": "string" + } + }, + "title": { + "description": "A title for the case.", + "type": "string" + }, + "version": { + "description": "The current version of the case.", + "type": "string" + } + }, + "required": [ + "id", + "version" + ] + } + } + } + }, + "responses": { + "200": { + "description": "Indicates a successful call.", + "content": { + "application/json; charset=utf-8": { + "schema": { + "type": "string" + }, + "examples": {} + } + } + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "/api/cases/_find": { + "get": { + "description": "Retrieves a paginated subset of cases. You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.\n", + "parameters": [ + { + "$ref": "#/components/parameters/default_search_operator" + }, + { + "$ref": "#/components/parameters/fields" + }, + { + "$ref": "#/components/parameters/from" + }, + { + "$ref": "#/components/parameters/owner" + }, + { + "$ref": "#/components/parameters/page" + }, + { + "$ref": "#/components/parameters/per_page" + }, + { + "$ref": "#/components/parameters/reporters" + }, + { + "$ref": "#/components/parameters/search" + }, + { + "$ref": "#/components/parameters/search_fields" + }, + { + "$ref": "#/components/parameters/sort_field" + }, + { + "$ref": "#/components/parameters/sort_order" + }, + { + "$ref": "#/components/parameters/status" + }, + { + "$ref": "#/components/parameters/tags" + }, + { + "$ref": "#/components/parameters/to" + } + ], + "responses": { + "200": { + "description": "Indicates a successful call.", + "content": { + "application/json; charset=utf-8": { + "schema": { + "type": "string" + } + }, + "examples": {} + } + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "/api/cases/alerts/{alertId}": { + "get": { + "description": "Returns the cases associated with a specific alert. You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.\n", + "x-technical-preview": true, + "parameters": [ + { + "$ref": "#/components/parameters/alert_id" + }, + { + "in": "query", + "name": "owner", + "description": "A filter to limit the retrieved case statistics to a specific set of applications. If this parameter is omitted, the response contains all cases that the user has access to read.", + "schema": { + "oneOf": [ + { + "$ref": "#/components/schemas/owners" + }, + { + "type": "array", + "items": { + "$ref": "#/components/schemas/owners" + } + } + ] + } + } + ], + "responses": { + "200": { + "description": "Indicates a successful call.", + "content": { + "application/json; charset=utf-8": { + "schema": { + "type": "string" + }, + "examples": {} + } + } + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "/api/cases/configure": { + "get": { + "description": "Retrieves external connection details, such as the closure type and default connector for cases. You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case configuration.\n", + "parameters": [ + { + "in": "query", + "name": "owner", + "description": "A filter to limit the retrieved case statistics to a specific set of applications. If this parameter is omitted, the response contains all cases that the user has access to read.", + "schema": { + "oneOf": [ + { + "$ref": "#/components/schemas/owners" + }, + { + "type": "array", + "items": { + "$ref": "#/components/schemas/owners" + } + } + ] + } + } + ], + "responses": { + "200": { + "description": "Indicates a successful call.", + "content": { + "application/json; charset=utf-8": { + "schema": { + "type": "string" + }, + "examples": {} + } + } + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "post": { + "description": "Sets external connection details, such as the closure type and default connector for cases. You must have all privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case configuration. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. Refer to the add connectors API. If you set a default connector, it is automatically selected when you create cases in Kibana. If you use the create case API, however, you must still specify all of the connector details.\n", + "parameters": [ + { + "$ref": "#/components/parameters/kbn_xsrf" + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "closure_type": { + "$ref": "#/components/schemas/closure_types" + }, + "connector": { + "description": "An object that contains the connector configuration.", + "type": "object", + "properties": { + "fields": { + "description": "An object that contains the connector fields. TIP: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to null.\n", + "type": "object", + "additionalProperties": true, + "example": null + }, + "id": { + "description": "The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API.", + "type": "string", + "example": "none" + }, + "name": { + "description": "The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API.", + "type": "string", + "example": "none" + }, + "type": { + "$ref": "#/components/schemas/connector_types" + } + }, + "required": [ + "fields", + "id", + "name", + "type" + ] + }, + "owner": { + "$ref": "#/components/schemas/owners" + }, + "settings": { + "description": "An object that contains the case settings.", + "type": "object", + "properties": { + "syncAlerts": { + "description": "Turns alert syncing on or off.", + "type": "boolean" + } + }, + "required": [ + "syncAlerts" + ] + } + }, + "required": [ + "closure_type", + "connector", + "owner" + ] + } + } + } + }, + "responses": { + "200": { + "description": "Indicates a successful call.", + "content": { + "application/json; charset=utf-8": { + "schema": { + "type": "string" + }, + "examples": {} + } + } + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "/api/cases/configure/{configurationId}": { + "patch": { + "description": "Updates external connection details, such as the closure type and default connector for cases. You must have all privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case configuration. Connectors are used to interface with external systems. You must create a connector before you can it in your cases. Refer to the add connectors API.\n", + "parameters": [ + { + "$ref": "#/components/parameters/kbn_xsrf" + }, + { + "$ref": "#/components/parameters/configuration_id" + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "closure_type": { + "$ref": "#/components/schemas/closure_types" + }, + "connector": { + "description": "An object that contains the connector configuration.", + "type": "object", + "properties": { + "fields": { + "description": "An object that contains the connector fields. TIP: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to null.\n", + "type": "object", + "additionalProperties": true, + "example": null + }, + "id": { + "description": "The identifier for the connector. To To retrieve connector IDs, use the find connectors API.", + "type": "string", + "example": "none" + }, + "name": { + "description": "The name of the connector.", + "type": "string", + "example": "none" + }, + "type": { + "$ref": "#/components/schemas/connector_types" + } + }, + "required": [ + "fields", + "id", + "name", + "type" + ] + }, + "version": { + "description": "The version of the connector. To retrieve the version value, use the get configuration API.", + "type": "string", + "example": "WzIwMiwxXQ==" + } + }, + "required": [ + "version" + ] + } + } + } + }, + "responses": { + "200": { + "description": "Indicates a successful call.", + "content": { + "application/json; charset=utf-8": { + "schema": { + "type": "string" + }, + "examples": {} + } + } + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "/api/cases/configure/connectors/_find": { + "get": { + "description": "Retrieves information about connectors. In particular, only the connectors that are supported for use in cases are returned. You must have read privileges for the **Actions and Connectors** feature in the **Management** section of the Kibana feature privileges.\n", + "responses": { + "200": { + "description": "Indicates a successful call.", + "content": { + "application/json; charset=utf-8": { + "schema": { + "type": "string" + } + }, + "examples": {} + } + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "/api/cases/reporters": { + "get": { + "description": "Returns information about the users who opened cases. You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.\n", + "parameters": [ + { + "$ref": "#/components/parameters/owner" + } + ], + "responses": { + "200": { + "description": "Indicates a successful call.", + "content": { + "application/json; charset=utf-8": { + "schema": { + "type": "string" + } + }, + "examples": {} + } + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "/api/cases/status": { + "get": { + "description": "Returns the number of cases that are open, closed, and in progress. You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.\n", + "deprecated": true, + "parameters": [ + { + "$ref": "#/components/parameters/owner" + } + ], + "responses": { + "200": { + "description": "Indicates a successful call.", + "content": { + "application/json; charset=utf-8": { + "schema": { + "type": "string" + } + }, + "examples": {} + } + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "/api/cases/tags": { + "get": { + "description": "Aggregates and returns a list of case tags. You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.\n", + "parameters": [ + { + "in": "query", + "name": "owner", + "description": "A filter to limit the retrieved case statistics to a specific set of applications. If this parameter is omitted, the response contains tags from all cases that the user has access to read.", + "schema": { + "oneOf": [ + { + "$ref": "#/components/schemas/owners" + }, + { + "type": "array", + "items": { + "$ref": "#/components/schemas/owners" + } + } + ] + } + } + ], + "responses": { + "200": { + "description": "Indicates a successful call.", + "content": { + "application/json; charset=utf-8": { + "schema": { + "type": "string" + } + }, + "examples": {} + } + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "/api/cases/{caseId}": { + "get": { + "description": "Retrieves a specified case. You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.\n", + "parameters": [ + { + "$ref": "#/components/parameters/case_id" + }, + { + "in": "query", + "name": "includeComments", + "description": "Determines whether case comments are returned.", + "deprecated": true, + "schema": { + "type": "boolean", + "default": true + } + } + ], + "responses": { + "200": { + "description": "Indicates a successful call.", + "content": { + "application/json; charset=utf-8": { + "schema": { + "type": "string" + } + }, + "examples": {} + } + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "/api/cases/{caseId}/alerts": { + "get": { + "description": "Gets all alerts attached to a case. You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.\n", + "x-technical-preview": true, + "parameters": [ + { + "$ref": "#/components/parameters/case_id" + } + ], + "responses": { + "200": { + "description": "Indicates a successful call.", + "content": { + "application/json; charset=utf-8": { + "schema": { + "type": "string" + }, + "examples": {} + } + } + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "/api/cases/{caseId}/comments": { + "post": { + "description": "Adds a comment to a case. You must have all privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating.\n", + "parameters": [ + { + "$ref": "#/components/parameters/kbn_xsrf" + }, + { + "$ref": "#/components/parameters/case_id" + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "alertId": { + "description": "The alert identifier. It is required only when `type` is `alert`. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.", + "type": "string" + }, + "comment": { + "description": "The new comment. It is required only when `type` is `user`.", + "type": "string" + }, + "index": { + "description": "The alert index. It is required only when `type` is `alert`. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.", + "type": "string" + }, + "owner": { + "$ref": "#/components/schemas/owners" + }, + "rule": { + "description": "The rule that is associated with the alert. It is required only when type is alert. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.", + "type": "object", + "properties": { + "id": { + "description": "The rule identifier.", + "type": "string" + }, + "name": { + "description": "The rule name.", + "type": "string" + } + } + }, + "type": { + "$ref": "#/components/schemas/comment_types" + } + }, + "required": [ + "owner", + "type" + ] + }, + "examples": { + "0": { + "value": "{\n\n \"type\": \"user\",\n\n \"owner\": \"cases\",\n\n \"comment\": \"That is nothing - Ethan Hunt answered a targeted\n social media campaign promoting phishy pension schemes to IMF\n operatives.\"\n\n}\n" + } + } + } + } + }, + "responses": { + "200": { + "description": "Indicates a successful call.", + "content": { + "application/json; charset=utf-8": { + "schema": { + "type": "string" + }, + "examples": {} + } + } + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "patch": { + "description": "Updates a comment in a case. You must have all privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating.\n", + "parameters": [ + { + "$ref": "#/components/parameters/kbn_xsrf" + }, + { + "$ref": "#/components/parameters/case_id" + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "alertId": { + "description": "The alert identifier. It is required only when `type` is `alert`. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.", + "type": "string" + }, + "comment": { + "description": "The new comment. It is required only when `type` is `user`.", + "type": "string" + }, + "id": { + "description": "The identifier for the comment.", + "type": "string" + }, + "index": { + "description": "The alert index. It is required only when `type` is `alert`. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.", + "type": "string" + }, + "owner": { + "$ref": "#/components/schemas/owners" + }, + "rule": { + "description": "The rule that is associated with the alert. It is required only when type is alert. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.", + "type": "object", + "properties": { + "id": { + "description": "The rule identifier.", + "type": "string" + }, + "name": { + "description": "The rule name.", + "type": "string" + } + } + }, + "type": { + "$ref": "#/components/schemas/comment_types" + }, + "version": { + "description": "The current version of the comment.", + "type": "string" + } + }, + "required": [ + "id", + "owner", + "type", + "version" + ] + }, + "examples": { + "0": { + "value": "{\n \"id\": \"c7740680-b5e9-11ec-b141-0fdb20a7f9a9\",\n \"version\": \"WzI2NiwzXQ==\",\n \"type\": \"user\",\n \"comment\": \"Updated comment\",\n \"owner\": \"cases\"\n }\n'1':\n value: |\n {\n \"type\": \"user\",\n \"owner\": \"cases\",\n \"comment\": \"no2.\"\n}" + } + } + } + } + }, + "responses": { + "200": { + "description": "Indicates a successful call.", + "content": { + "application/json; charset=utf-8": { + "schema": { + "type": "string" + }, + "examples": {} + } + } + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "delete": { + "description": "Deletes all comments from a case. You must have all privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're updating.\n", + "parameters": [ + { + "$ref": "#/components/parameters/kbn_xsrf" + }, + { + "$ref": "#/components/parameters/case_id" + } + ], + "responses": { + "204": { + "description": "Indicates a successful call." + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "get": { + "description": "Retrieves all the comments from a case. You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.\n", + "deprecated": true, + "parameters": [ + { + "$ref": "#/components/parameters/case_id" + } + ], + "responses": { + "200": { + "description": "Indicates a successful call.", + "content": { + "application/json; charset=utf-8": { + "schema": { + "type": "string" + } + }, + "examples": {} + } + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "/api/cases/{caseId}/comments/{commentId}": { + "delete": { + "description": "Deletes a comment from a case. You must have all privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're updating.\n", + "parameters": [ + { + "$ref": "#/components/parameters/kbn_xsrf" + }, + { + "$ref": "#/components/parameters/case_id" + }, + { + "$ref": "#/components/parameters/comment_id" + } + ], + "responses": { + "204": { + "description": "Indicates a successful call." + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "get": { + "description": "Retrieves a comment from a case. You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.\n", + "parameters": [ + { + "$ref": "#/components/parameters/case_id" + }, + { + "$ref": "#/components/parameters/comment_id" + } + ], + "responses": { + "200": { + "description": "Indicates a successful call.", + "content": { + "application/json; charset=utf-8": { + "schema": { + "type": "string" + } + }, + "examples": {} + } + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "/api/cases/{caseId}/connector/{connectorId}/_push": { + "post": { + "description": "Pushes a case to an external service. You must have all privileges for the **Actions and Connectors** feature in the ***Management*** section of the Kibana feature privileges. You must also have all privileges for the **Cases*** feature in the **Management**, ***Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're pushing.\n", + "parameters": [ + { + "$ref": "#/components/parameters/kbn_xsrf" + }, + { + "$ref": "#/components/parameters/case_id" + }, + { + "$ref": "#/components/parameters/connector_id" + } + ], + "responses": { + "200": { + "description": "Indicates a successful call." + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "/api/cases/{caseId}/user_actions": { + "get": { + "description": "Returns all user activity for the specified case. You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.\n", + "deprecated": true, + "parameters": [ + { + "$ref": "#/components/parameters/case_id" + } + ], + "responses": { + "200": { + "description": "Indicates a successful call.", + "content": { + "application/json; charset=utf-8": { + "schema": { + "type": "string" + } + }, + "examples": {} + } + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "/s/{spaceId}/api/cases": { + "post": { + "description": "Creates a case. You must have all privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're creating.\n", + "parameters": [ + { + "$ref": "#/components/parameters/kbn_xsrf" + }, + { + "$ref": "#/components/parameters/space_id" + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "connector": { + "description": "An object that contains the connector configuration.", + "type": "object", + "properties": { + "fields": { + "description": "An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.", + "nullable": true, + "type": "object", + "properties": { + "caseId": { + "description": "The case identifier for Swimlane connectors.", + "type": "string" + }, + "category": { + "description": "The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.", + "type": "string" + }, + "destIp": { + "description": "A comma-separated list of destination IPs for ServiceNow SecOps connectors.", + "type": "string" + }, + "impact": { + "description": "The effect an incident had on business for ServiceNow ITSM connectors.", + "type": "string" + }, + "issueType": { + "description": "The type of issue for Jira connectors.", + "type": "string" + }, + "issueTypes": { + "description": "The type of incident for IBM Resilient connectors.", + "type": "array", + "items": { + "type": "number" + } + }, + "malwareHash": { + "description": "A comma-separated list of malware hashes for ServiceNow SecOps connectors.", + "type": "string" + }, + "malwareUrl": { + "description": "A comma-separated list of malware URLs for ServiceNow SecOps connectors.", + "type": "string" + }, + "parent": { + "description": "The key of the parent issue, when the issue type is sub-task for Jira connectors.", + "type": "string" + }, + "priority": { + "description": "The priority of the issue for Jira and ServiceNow SecOps connectors.", + "type": "string" + }, + "severity": { + "description": "The severity of the incident for ServiceNow ITSM connectors.", + "type": "string" + }, + "severityCode": { + "description": "The severity code of the incident for IBM Resilient connectors.", + "type": "number" + }, + "sourceIp": { + "description": "A comma-separated list of source IPs for ServiceNow SecOps connectors.", + "type": "string" + }, + "subcategory": { + "description": "The subcategory of the incident for ServiceNow ITSM connectors.", + "type": "string" + }, + "urgency": { + "description": "The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.", + "type": "string" + } + }, + "required": [ + "fields", + "id", + "name", + "type" + ] + }, + "id": { + "description": "The identifier for the connector. To create a case without a connector, use `none`.", + "type": "string" + }, + "name": { + "description": "The name of the connector. To create a case without a connector, use `none`.", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/connector_types" + } + } + }, + "description": { + "description": "The description for the case.", + "type": "string" + }, + "owner": { + "$ref": "#/components/schemas/owners" + }, + "settings": { + "description": "An object that contains the case settings.", + "type": "object", + "properties": { + "syncAlerts": { + "description": "Turns alert syncing on or off.", + "type": "boolean" + } + } + }, + "tags": { + "description": "The words and phrases that help categorize cases. It can be an empty array.", + "type": "array", + "items": { + "type": "string" + } + }, + "title": { + "description": "A title for the case.", + "type": "string" + } + }, + "required": [ + "connector", + "description", + "owner", + "settings", + "tags", + "title" + ] + } + } + } + }, + "responses": { + "200": { + "description": "Indicates a successful call.", + "content": { + "application/json; charset=utf-8": { + "schema": { + "type": "string" + }, + "examples": {} + } + } + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "delete": { + "description": "Deletes one or more cases. You must have all privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting.\n", + "parameters": [ + { + "$ref": "#/components/parameters/kbn_xsrf" + }, + { + "$ref": "#/components/parameters/space_id" + }, + { + "name": "ids", + "description": "The cases that you want to removed. All non-ASCII characters must be URL encoded.", + "in": "query", + "required": true, + "schema": { + "type": "string" + }, + "example": "%5B%22d4e7abb0-b462-11ec-9a8d-698504725a43%22%5D" + } + ], + "responses": { + "204": { + "description": "Indicates a successful call." + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "patch": { + "description": "Updates one or more cases. You must have all privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating.\n", + "parameters": [ + { + "$ref": "#/components/parameters/kbn_xsrf" + }, + { + "$ref": "#/components/parameters/space_id" + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "connector": { + "description": "An object that contains the connector configuration.", + "type": "object", + "properties": { + "fields": { + "description": "An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.", + "nullable": true, + "type": "object", + "properties": { + "caseId": { + "description": "The case identifier for Swimlane connectors.", + "type": "string" + }, + "category": { + "description": "The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.", + "type": "string" + }, + "destIp": { + "description": "A comma-separated list of destination IPs for ServiceNow SecOps connectors.", + "type": "string" + }, + "impact": { + "description": "The effect an incident had on business for ServiceNow ITSM connectors.", + "type": "string" + }, + "issueType": { + "description": "The type of issue for Jira connectors.", + "type": "string" + }, + "issueTypes": { + "description": "The type of incident for IBM Resilient connectors.", + "type": "array", + "items": { + "type": "number" + } + }, + "malwareHash": { + "description": "A comma-separated list of malware hashes for ServiceNow SecOps connectors.", + "type": "string" + }, + "malwareUrl": { + "description": "A comma-separated list of malware URLs for ServiceNow SecOps connectors.", + "type": "string" + }, + "parent": { + "description": "The key of the parent issue, when the issue type is sub-task for Jira connectors.", + "type": "string" + }, + "priority": { + "description": "The priority of the issue for Jira and ServiceNow SecOps connectors.", + "type": "string" + }, + "severity": { + "description": "The severity of the incident for ServiceNow ITSM connectors.", + "type": "string" + }, + "severityCode": { + "description": "The severity code of the incident for IBM Resilient connectors.", + "type": "number" + }, + "sourceIp": { + "description": "A comma-separated list of source IPs for ServiceNow SecOps connectors.", + "type": "string" + }, + "subcategory": { + "description": "The subcategory of the incident for ServiceNow ITSM connectors.", + "type": "string" + }, + "urgency": { + "description": "The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.", + "type": "string" + } + }, + "required": [ + "fields", + "id", + "name", + "type" + ] + }, + "id": { + "description": "The identifier for the connector. To create a case without a connector, use `none`.", + "type": "string" + }, + "name": { + "description": "The name of the connector. To create a case without a connector, use `none`.", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/connector_types" + } + } + }, + "description": { + "description": "The description for the case.", + "type": "string" + }, + "id": { + "description": "The identifier for the case.", + "type": "string" + }, + "settings": { + "description": "An object that contains the case settings.", + "type": "object", + "properties": { + "syncAlerts": { + "description": "Turns alert syncing on or off.", + "type": "boolean" + } + } + }, + "status": { + "$ref": "#/components/schemas/status" + }, + "tags": { + "description": "The words and phrases that help categorize cases.", + "type": "array", + "items": { + "type": "string" + } + }, + "title": { + "description": "A title for the case.", + "type": "string" + }, + "version": { + "description": "The current version of the case.", + "type": "string" + } + }, + "required": [ + "id", + "version" + ] + } + } + } + }, + "responses": { + "200": { + "description": "Indicates a successful call.", + "content": { + "application/json; charset=utf-8": { + "schema": { + "type": "string" + }, + "examples": {} + } + } + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "/s/{spaceId}/api/cases/_find": { + "get": { + "description": "Retrieves a paginated subset of cases. You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.\n", + "parameters": [ + { + "$ref": "#/components/parameters/space_id" + }, + { + "$ref": "#/components/parameters/default_search_operator" + }, + { + "$ref": "#/components/parameters/fields" + }, + { + "$ref": "#/components/parameters/from" + }, + { + "$ref": "#/components/parameters/owner" + }, + { + "$ref": "#/components/parameters/page" + }, + { + "$ref": "#/components/parameters/per_page" + }, + { + "$ref": "#/components/parameters/reporters" + }, + { + "$ref": "#/components/parameters/search" + }, + { + "$ref": "#/components/parameters/search_fields" + }, + { + "$ref": "#/components/parameters/sort_field" + }, + { + "$ref": "#/components/parameters/sort_order" + }, + { + "$ref": "#/components/parameters/status" + }, + { + "$ref": "#/components/parameters/tags" + }, + { + "$ref": "#/components/parameters/to" + } + ], + "responses": { + "200": { + "description": "Indicates a successful call.", + "content": { + "application/json; charset=utf-8": { + "schema": { + "type": "string" + }, + "examples": {} + } + } + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "/s/{spaceId}/api/cases/alerts/{alertId}": { + "get": { + "description": "Returns the cases associated with a specific alert. You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.\n", + "x-technical-preview": true, + "parameters": [ + { + "$ref": "#/components/parameters/alert_id" + }, + { + "$ref": "#/components/parameters/space_id" + }, + { + "in": "query", + "name": "owner", + "description": "A filter to limit the retrieved case statistics to a specific set of applications. If this parameter is omitted, the response contains all cases that the user has access to read.", + "schema": { + "oneOf": [ + { + "$ref": "#/components/schemas/owners" + }, + { + "type": "array", + "items": { + "$ref": "#/components/schemas/owners" + } + } + ] + } + } + ], + "responses": { + "200": { + "description": "Indicates a successful call.", + "content": { + "application/json; charset=utf-8": { + "schema": { + "type": "string" + }, + "examples": {} + } + } + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "/s/{spaceId}/api/cases/configure": { + "get": { + "description": "Retrieves external connection details, such as the closure type and default connector for cases. You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case configuration.\n", + "parameters": [ + { + "$ref": "#/components/parameters/space_id" + }, + { + "in": "query", + "name": "owner", + "description": "A filter to limit the retrieved case statistics to a specific set of applications. If this parameter is omitted, the response contains all cases that the user has access to read.", + "schema": { + "oneOf": [ + { + "$ref": "#/components/schemas/owners" + }, + { + "type": "array", + "items": { + "$ref": "#/components/schemas/owners" + } + } + ] + } + } + ], + "responses": { + "200": { + "description": "Indicates a successful call.", + "content": { + "application/json; charset=utf-8": { + "schema": { + "type": "string" + }, + "examples": {} + } + } + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "post": { + "description": "Sets external connection details, such as the closure type and default connector for cases. You must have all privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case configuration. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. Refer to the add connectors API. If you set a default connector, it is automatically selected when you create cases in Kibana. If you use the create case API, however, you must still specify all of the connector details.\n", + "parameters": [ + { + "$ref": "#/components/parameters/kbn_xsrf" + }, + { + "$ref": "#/components/parameters/space_id" + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "closure_type": { + "$ref": "#/components/schemas/closure_types" + }, + "connector": { + "description": "An object that contains the connector configuration.", + "type": "object", + "properties": { + "fields": { + "description": "An object that contains the connector fields. TIP: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to null.\n", + "type": "object", + "additionalProperties": true, + "example": null + }, + "id": { + "description": "The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API.", + "type": "string", + "example": "none" + }, + "name": { + "description": "The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API.", + "type": "string", + "example": "none" + }, + "type": { + "$ref": "#/components/schemas/connector_types" + } + }, + "required": [ + "fields", + "id", + "name", + "type" + ] + }, + "owner": { + "$ref": "#/components/schemas/owners" + }, + "settings": { + "description": "An object that contains the case settings.", + "type": "object", + "properties": { + "syncAlerts": { + "description": "Turns alert syncing on or off.", + "type": "boolean" + } + }, + "required": [ + "syncAlerts" + ] + } + }, + "required": [ + "closure_type", + "connector", + "owner" + ] + } + } + } + }, + "responses": { + "200": { + "description": "Indicates a successful call.", + "content": { + "application/json; charset=utf-8": { + "schema": { + "type": "string" + }, + "examples": {} + } + } + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "/s/{spaceId}/api/cases/configure/{configurationId}": { + "patch": { + "description": "Updates external connection details, such as the closure type and default connector for cases. You must have all privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case configuration. Connectors are used to interface with external systems. You must create a connector before you can it in your cases. Refer to the add connectors API.\n", + "parameters": [ + { + "$ref": "#/components/parameters/kbn_xsrf" + }, + { + "$ref": "#/components/parameters/configuration_id" + }, + { + "$ref": "#/components/parameters/space_id" + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "closure_type": { + "$ref": "#/components/schemas/closure_types" + }, + "connector": { + "description": "An object that contains the connector configuration.", + "type": "object", + "properties": { + "fields": { + "description": "An object that contains the connector fields. TIP: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to null.\n", + "type": "object", + "additionalProperties": true, + "example": null + }, + "id": { + "description": "The identifier for the connector. To To retrieve connector IDs, use the find connectors API.", + "type": "string", + "example": "none" + }, + "name": { + "description": "The name of the connector.", + "type": "string", + "example": "none" + }, + "type": { + "$ref": "#/components/schemas/connector_types" + } + }, + "required": [ + "fields", + "id", + "name", + "type" + ] + }, + "version": { + "description": "The version of the connector. To retrieve the version value, use the get configuration API.", + "type": "string", + "example": "WzIwMiwxXQ==" + } + }, + "required": [ + "version" + ] + } + } + } + }, + "responses": { + "200": { + "description": "Indicates a successful call.", + "content": { + "application/json; charset=utf-8": { + "schema": { + "type": "string" + }, + "examples": {} + } + } + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "/s/{spaceId}/api/cases/configure/connectors/_find": { + "get": { + "description": "Retrieves information about connectors. In particular, only the connectors that are supported for use in cases are returned. You must have read privileges for the **Actions and Connectors** feature in the **Management** section of the Kibana feature privileges.\n", + "parameters": [ + { + "$ref": "#/components/parameters/space_id" + } + ], + "responses": { + "200": { + "description": "Indicates a successful call.", + "content": { + "application/json; charset=utf-8": { + "schema": { + "type": "string" + } + }, + "examples": {} + } + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "/s/{spaceId}/api/cases/reporters": { + "get": { + "description": "Returns information about the users who opened cases. You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.\n", + "parameters": [ + { + "$ref": "#/components/parameters/space_id" + }, + { + "$ref": "#/components/parameters/owner" + } + ], + "responses": { + "200": { + "description": "Indicates a successful call.", + "content": { + "application/json; charset=utf-8": { + "schema": { + "type": "string" + } + }, + "examples": {} + } + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "/s/{spaceId}/api/cases/status": { + "get": { + "description": "Returns the number of cases that are open, closed, and in progress. You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.\n", + "deprecated": true, + "parameters": [ + { + "$ref": "#/components/parameters/space_id" + }, + { + "$ref": "#/components/parameters/owner" + } + ], + "responses": { + "200": { + "description": "Indicates a successful call.", + "content": { + "application/json; charset=utf-8": { + "schema": { + "type": "string" + } + }, + "examples": {} + } + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "/s/{spaceId}/api/cases/tags": { + "get": { + "description": "Aggregates and returns a list of case tags. You must have read privileges for the **Cases*** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.\n", + "parameters": [ + { + "$ref": "#/components/parameters/space_id" + }, + { + "in": "query", + "name": "owner", + "description": "A filter to limit the retrieved case statistics to a specific set of applications. If this parameter is omitted, the response contains tags from all cases that the user has access to read.", + "schema": { + "oneOf": [ + { + "$ref": "#/components/schemas/owners" + }, + { + "type": "array", + "items": { + "$ref": "#/components/schemas/owners" + } + } + ] + } + } + ], + "responses": { + "200": { + "description": "Indicates a successful call.", + "content": { + "application/json; charset=utf-8": { + "schema": { + "type": "string" + } + }, + "examples": {} + } + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "/s/{spaceId}/api/cases/{caseId}": { + "get": { + "description": "Retrieves a specified case. You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.\n", + "parameters": [ + { + "$ref": "#/components/parameters/case_id" + }, + { + "$ref": "#/components/parameters/space_id" + }, + { + "in": "query", + "name": "includeComments", + "description": "Determines whether case comments are returned.", + "deprecated": true, + "schema": { + "type": "boolean", + "default": true + } + } + ], + "responses": { + "200": { + "description": "Indicates a successful call.", + "content": { + "application/json; charset=utf-8": { + "schema": { + "type": "string" + } + }, + "examples": {} + } + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "/s/{spaceId}/api/cases/{caseId}/alerts": { + "get": { + "description": "Gets all alerts attached to a case. You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.\n", + "x-technical-preview": true, + "parameters": [ + { + "$ref": "#/components/parameters/case_id" + }, + { + "$ref": "#/components/parameters/space_id" + } + ], + "responses": { + "200": { + "description": "Indicates a successful call.", + "content": { + "application/json; charset=utf-8": { + "schema": { + "type": "string" + }, + "examples": {} + } + } + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "/s/{spaceId}/api/cases/{caseId}/comments": { + "post": { + "description": "Adds a comment to a case. You must have all privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating.\n", + "parameters": [ + { + "$ref": "#/components/parameters/kbn_xsrf" + }, + { + "$ref": "#/components/parameters/case_id" + }, + { + "$ref": "#/components/parameters/space_id" + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "alertId": { + "description": "The alert identifier. It is required only when `type` is `alert`. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.", + "type": "string" + }, + "comment": { + "description": "The new comment. It is required only when `type` is `user`.", + "type": "string" + }, + "index": { + "description": "The alert index. It is required only when `type` is `alert`. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.", + "type": "string" + }, + "owner": { + "$ref": "#/components/schemas/owners" + }, + "rule": { + "description": "The rule that is associated with the alert. It is required only when type is alert. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.", + "type": "object", + "properties": { + "id": { + "description": "The rule identifier.", + "type": "string" + }, + "name": { + "description": "The rule name.", + "type": "string" + } + } + }, + "type": { + "$ref": "#/components/schemas/comment_types" + } + }, + "required": [ + "owner", + "type" + ] + }, + "examples": { + "0": { + "value": "{\n\n \"type\": \"user\",\n\n \"owner\": \"cases\",\n\n \"comment\": \"That is nothing - Ethan Hunt answered a targeted\n social media campaign promoting phishy pension schemes to IMF\n operatives.\"\n\n}\n" + } + } + } + } + }, + "responses": { + "200": { + "description": "Indicates a successful call.", + "content": { + "application/json; charset=utf-8": { + "schema": { + "type": "string" + }, + "examples": {} + } + } + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "patch": { + "description": "Updates a comment in a case. You must have all privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating.\n", + "parameters": [ + { + "$ref": "#/components/parameters/kbn_xsrf" + }, + { + "$ref": "#/components/parameters/case_id" + }, + { + "$ref": "#/components/parameters/space_id" + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "alertId": { + "description": "The alert identifier. It is required only when `type` is `alert`. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.", + "type": "string" + }, + "comment": { + "description": "The new comment. It is required only when `type` is `user`.", + "type": "string" + }, + "id": { + "description": "The identifier for the comment.", + "type": "string" + }, + "index": { + "description": "The alert index. It is required only when `type` is `alert`. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.", + "type": "string" + }, + "owner": { + "$ref": "#/components/schemas/owners" + }, + "rule": { + "description": "The rule that is associated with the alert. It is required only when type is alert. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.", + "type": "object", + "properties": { + "id": { + "description": "The rule identifier.", + "type": "string" + }, + "name": { + "description": "The rule name.", + "type": "string" + } + } + }, + "type": { + "$ref": "#/components/schemas/comment_types" + }, + "version": { + "description": "The current version of the comment.", + "type": "string" + } + }, + "required": [ + "id", + "owner", + "type", + "version" + ] + }, + "examples": { + "0": { + "value": "{\n \"id\": \"c7740680-b5e9-11ec-b141-0fdb20a7f9a9\",\n \"version\": \"WzI2NiwzXQ==\",\n \"type\": \"user\",\n \"comment\": \"Updated comment\",\n \"owner\": \"cases\"\n }\n'1':\n value: |\n {\n \"type\": \"user\",\n \"owner\": \"cases\",\n \"comment\": \"no2.\"\n}" + } + } + } + } + }, + "responses": { + "200": { + "description": "Indicates a successful call.", + "content": { + "application/json; charset=utf-8": { + "schema": { + "type": "string" + }, + "examples": {} + } + } + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "delete": { + "description": "Deletes all comments from a case. You must have all privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're updating.\n", + "parameters": [ + { + "$ref": "#/components/parameters/kbn_xsrf" + }, + { + "$ref": "#/components/parameters/case_id" + }, + { + "$ref": "#/components/parameters/space_id" + } + ], + "responses": { + "204": { + "description": "Indicates a successful call." + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "get": { + "description": "Retrieves all the comments from a case. You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.\n", + "deprecated": true, + "parameters": [ + { + "$ref": "#/components/parameters/case_id" + }, + { + "$ref": "#/components/parameters/space_id" + } + ], + "responses": { + "200": { + "description": "Indicates a successful call.", + "content": { + "application/json; charset=utf-8": { + "schema": { + "type": "string" + } + }, + "examples": {} + } + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "/s/{spaceId}/api/cases/{caseId}/comments/{commentId}": { + "delete": { + "description": "Deletes a comment from a case. You must have all privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're updating.\n", + "parameters": [ + { + "$ref": "#/components/parameters/kbn_xsrf" + }, + { + "$ref": "#/components/parameters/space_id" + }, + { + "$ref": "#/components/parameters/case_id" + }, + { + "$ref": "#/components/parameters/comment_id" + } + ], + "responses": { + "204": { + "description": "Indicates a successful call." + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "get": { + "description": "Retrieves a comment from a case. You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security*** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.\n", + "parameters": [ + { + "$ref": "#/components/parameters/case_id" + }, + { + "$ref": "#/components/parameters/comment_id" + }, + { + "$ref": "#/components/parameters/space_id" + } + ], + "responses": { + "200": { + "description": "Indicates a successful call.", + "content": { + "application/json; charset=utf-8": { + "schema": { + "type": "string" + } + }, + "examples": {} + } + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "/s/{spaceId}/api/cases/{caseId}/connector/{connectorId}/_push": { + "post": { + "description": "Pushes a case to an external service. You must have all privileges for the **Actions and Connectors** feature in the ***Management*** section of the Kibana feature privileges. You must also have all privileges for the **Cases*** feature in the **Management**, ***Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're pushing.\n", + "parameters": [ + { + "$ref": "#/components/parameters/kbn_xsrf" + }, + { + "$ref": "#/components/parameters/case_id" + }, + { + "$ref": "#/components/parameters/connector_id" + }, + { + "$ref": "#/components/parameters/space_id" + } + ], + "responses": { + "200": { + "description": "Indicates a successful call." + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "/s/{spaceId}/api/cases/{caseId}/user_actions": { + "get": { + "description": "Returns all user activity for the specified case. You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.\n", + "deprecated": true, + "parameters": [ + { + "$ref": "#/components/parameters/case_id" + }, + { + "$ref": "#/components/parameters/space_id" + } + ], + "responses": { + "200": { + "description": "Indicates a successful call.", + "content": { + "application/json; charset=utf-8": { + "schema": { + "type": "string" + } + }, + "examples": {} + } + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + } + }, + "components": { + "securitySchemes": { + "basicAuth": { + "type": "http", + "scheme": "basic" + } + }, + "parameters": { + "kbn_xsrf": { + "schema": { + "type": "string" + }, + "in": "header", + "name": "kbn-xsrf", + "required": true + }, + "default_search_operator": { + "in": "query", + "name": "defaultSearchOperator", + "description": "The default operator to use for the simple_query_string.", + "schema": { + "type": "string", + "default": "OR" + }, + "example": "OR" + }, + "fields": { + "in": "query", + "name": "fields", + "description": "The fields in the entity to return in the response.", + "schema": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "from": { + "in": "query", + "name": "from", + "description": "Returns only cases that were created after a specific date. The date must be specified as a KQL data range or date match expression.", + "schema": { + "type": "string" + }, + "example": "now-1d" + }, + "owner": { + "in": "query", + "name": "owner", + "description": "A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read.", + "schema": { + "oneOf": [ + { + "$ref": "#/components/schemas/owners" + }, + { + "type": "array", + "items": { + "$ref": "#/components/schemas/owners" + } + } + ] + }, + "example": "cases" + }, + "page": { + "in": "query", + "name": "page", + "description": "The page number to return.", + "schema": { + "type": "integer", + "default": 1 + }, + "example": 1 + }, + "per_page": { + "in": "query", + "name": "perPage", + "description": "The number of rules to return per page.", + "schema": { + "type": "integer", + "default": 20 + }, + "example": 20 + }, + "reporters": { + "in": "query", + "name": "reporters", + "description": "Filters the returned cases by the user name of the reporter.", + "schema": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "array", + "items": { + "type": "string" + } + } + ] + }, + "example": "elastic" + }, + "search": { + "in": "query", + "name": "search", + "description": "An Elasticsearch simple_query_string query that filters the objects in the response.", + "schema": { + "type": "string" + }, + "example": "%2A" + }, + "search_fields": { + "in": "query", + "name": "searchFields", + "description": "The fields to perform the simple_query_string parsed query against.", + "schema": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "array", + "items": { + "type": "string" + } + } + ] + } + }, + "sort_field": { + "in": "query", + "name": "sortField", + "description": "Determines which field is used to sort the results.", + "schema": { + "type": "string", + "enum": [ + "createdAt", + "updatedAt" + ], + "default": "createdAt" + }, + "example": "updatedAt" + }, + "sort_order": { + "in": "query", + "name": "sortOrder", + "description": "Determines the sort order.", + "schema": { + "type": "string", + "enum": [ + "asc", + "desc" + ], + "default": "desc" + }, + "example": "asc" + }, + "status": { + "in": "query", + "name": "status", + "description": "Filters the returned cases by state.", + "schema": { + "type": "string", + "enum": [ + "closed", + "in-progress", + "open" + ] + }, + "example": "open" + }, + "tags": { + "in": "query", + "name": "tags", + "description": "Filters the returned cases by tags.", + "schema": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "array", + "items": { + "type": "string" + } + } + ] + }, + "example": "phishing" + }, + "to": { + "in": "query", + "name": "to", + "description": "Returns only cases that were created before a specific date. The date must be specified as a KQL data range or date match expression.", + "schema": { + "type": "string" + }, + "example": "now%2B1d" + }, + "alert_id": { + "in": "path", + "name": "alertId", + "description": "An identifier for the alert.", + "required": true, + "schema": { + "type": "string", + "example": "09f0c261e39e36351d75995b78bb83673774d1bc2cca9df2d15f0e5c0a99a540" + } + }, + "configuration_id": { + "in": "path", + "name": "configurationId", + "description": "An identifier for the configuration.", + "required": true, + "schema": { + "type": "string", + "example": "3297a0f0-b5ec-11ec-b141-0fdb20a7f9a9" + } + }, + "case_id": { + "in": "path", + "name": "caseId", + "description": "An identifier for the case.", + "required": true, + "schema": { + "type": "string", + "example": "a18b38a0-71b0-11ea-a0b2-c51ea50a58e2" + } + }, + "comment_id": { + "in": "path", + "name": "commentId", + "description": "An identifier for the comment.", + "required": true, + "schema": { + "type": "string", + "example": "71ec1870-725b-11ea-a0b2-c51ea50a58e2" + } + }, + "connector_id": { + "in": "path", + "name": "connectorId", + "description": "An identifier for the connector. To retrieve connector IDs, use the find connectors API.", + "required": true, + "schema": { + "type": "string", + "example": "abed3a70-71bd-11ea-a0b2-c51ea50a58e2" + } + }, + "space_id": { + "in": "path", + "name": "spaceId", + "description": "An identifier for the space.", + "required": true, + "schema": { + "type": "string", + "example": "default" + } + } + }, + "schemas": { + "connector_types": { + "type": "string", + "description": "The type of connector.", + "enum": [ + ".jira", + ".none", + ".resilient", + ".servicenow", + ".servicenow-sir", + ".swimlane" + ] + }, + "owners": { + "type": "string", + "description": "Owner apps", + "enum": [ + "cases", + "observability", + "securitySolution" + ] + }, + "status": { + "type": "string", + "description": "The status of the case.", + "enum": [ + "closed", + "in-progress", + "open" + ] + }, + "closure_types": { + "type": "string", + "description": "Indicates whether a case is automatically closed when it is pushed to external systems (`close-by-pushing`) or not automatically closed (`close-by-user`).", + "enum": [ + "close-by-pushing", + "close-by-user" + ] + }, + "comment_types": { + "type": "string", + "description": "The type of comment.", + "enum": [ + "alert", + "user" + ] + } + } + }, + "security": [ + { + "basicAuth": [] + } + ] +} \ No newline at end of file diff --git a/x-pack/plugins/cases/common/openapi/bundled.yaml b/x-pack/plugins/cases/common/openapi/bundled.yaml new file mode 100644 index 0000000000000..1e1859bb837dd --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/bundled.yaml @@ -0,0 +1,2322 @@ +openapi: 3.0.1 +info: + title: Cases + description: OpenAPI schema for Cases endpoints + version: '0.1' + contact: + name: Cases Team + license: + name: Elastic License 2.0 + url: https://www.elastic.co/licensing/elastic-license +tags: + - name: cases + - name: kibana +servers: + - url: http://localhost:5601 + description: local +paths: + /api/cases: + post: + description: > + Creates a case. You must have all privileges for the **Cases** feature + in the **Management**, **Observability**, or **Security** section of the + Kibana feature privileges, depending on the owner of the case you're + creating. + parameters: + - $ref: '#/components/parameters/kbn_xsrf' + requestBody: + content: + application/json: + schema: + type: object + properties: + connector: + description: An object that contains the connector configuration. + type: object + properties: + fields: + description: >- + An object containing the connector fields. To create a + case without a connector, specify null. If you want to + omit any individual field, specify null as its value. + nullable: true + type: object + properties: + caseId: + description: The case identifier for Swimlane connectors. + type: string + category: + description: >- + The category of the incident for ServiceNow ITSM and + ServiceNow SecOps connectors. + type: string + destIp: + description: >- + A comma-separated list of destination IPs for + ServiceNow SecOps connectors. + type: string + impact: + description: >- + The effect an incident had on business for + ServiceNow ITSM connectors. + type: string + issueType: + description: The type of issue for Jira connectors. + type: string + issueTypes: + description: The type of incident for IBM Resilient connectors. + type: array + items: + type: number + malwareHash: + description: >- + A comma-separated list of malware hashes for + ServiceNow SecOps connectors. + type: string + malwareUrl: + description: >- + A comma-separated list of malware URLs for + ServiceNow SecOps connectors. + type: string + parent: + description: >- + The key of the parent issue, when the issue type is + sub-task for Jira connectors. + type: string + priority: + description: >- + The priority of the issue for Jira and ServiceNow + SecOps connectors. + type: string + severity: + description: >- + The severity of the incident for ServiceNow ITSM + connectors. + type: string + severityCode: + description: >- + The severity code of the incident for IBM Resilient + connectors. + type: number + sourceIp: + description: >- + A comma-separated list of source IPs for ServiceNow + SecOps connectors. + type: string + subcategory: + description: >- + The subcategory of the incident for ServiceNow ITSM + connectors. + type: string + urgency: + description: >- + The extent to which the incident resolution can be + delayed for ServiceNow ITSM connectors. + type: string + required: + - fields + - id + - name + - type + id: + description: >- + The identifier for the connector. To create a case + without a connector, use `none`. + type: string + name: + description: >- + The name of the connector. To create a case without a + connector, use `none`. + type: string + type: + $ref: '#/components/schemas/connector_types' + description: + description: The description for the case. + type: string + owner: + $ref: '#/components/schemas/owners' + settings: + description: An object that contains the case settings. + type: object + properties: + syncAlerts: + description: Turns alert syncing on or off. + type: boolean + tags: + description: >- + The words and phrases that help categorize cases. It can be + an empty array. + type: array + items: + type: string + title: + description: A title for the case. + type: string + required: + - connector + - description + - owner + - settings + - tags + - title + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + delete: + description: > + Deletes one or more cases. You must have all privileges for the + **Cases** feature in the **Management**, **Observability**, or + **Security** section of the Kibana feature privileges, depending on the + owner of the cases you're deleting. + parameters: + - $ref: '#/components/parameters/kbn_xsrf' + - name: ids + description: >- + The cases that you want to removed. To retrieve case IDs, use the + find cases API. All non-ASCII characters must be URL encoded. + in: query + required: true + schema: + type: string + example: '%5B%22d4e7abb0-b462-11ec-9a8d-698504725a43%22%5D' + responses: + '204': + description: Indicates a successful call. + servers: + - url: https://localhost:5601 + patch: + description: > + Updates one or more cases. You must have all privileges for the + **Cases** feature in the **Management**, **Observability**, or + **Security** section of the Kibana feature privileges, depending on the + owner of the case you're updating. + parameters: + - $ref: '#/components/parameters/kbn_xsrf' + requestBody: + content: + application/json: + schema: + type: object + properties: + connector: + description: An object that contains the connector configuration. + type: object + properties: + fields: + description: >- + An object containing the connector fields. To create a + case without a connector, specify null. If you want to + omit any individual field, specify null as its value. + nullable: true + type: object + properties: + caseId: + description: The case identifier for Swimlane connectors. + type: string + category: + description: >- + The category of the incident for ServiceNow ITSM and + ServiceNow SecOps connectors. + type: string + destIp: + description: >- + A comma-separated list of destination IPs for + ServiceNow SecOps connectors. + type: string + impact: + description: >- + The effect an incident had on business for + ServiceNow ITSM connectors. + type: string + issueType: + description: The type of issue for Jira connectors. + type: string + issueTypes: + description: The type of incident for IBM Resilient connectors. + type: array + items: + type: number + malwareHash: + description: >- + A comma-separated list of malware hashes for + ServiceNow SecOps connectors. + type: string + malwareUrl: + description: >- + A comma-separated list of malware URLs for + ServiceNow SecOps connectors. + type: string + parent: + description: >- + The key of the parent issue, when the issue type is + sub-task for Jira connectors. + type: string + priority: + description: >- + The priority of the issue for Jira and ServiceNow + SecOps connectors. + type: string + severity: + description: >- + The severity of the incident for ServiceNow ITSM + connectors. + type: string + severityCode: + description: >- + The severity code of the incident for IBM Resilient + connectors. + type: number + sourceIp: + description: >- + A comma-separated list of source IPs for ServiceNow + SecOps connectors. + type: string + subcategory: + description: >- + The subcategory of the incident for ServiceNow ITSM + connectors. + type: string + urgency: + description: >- + The extent to which the incident resolution can be + delayed for ServiceNow ITSM connectors. + type: string + required: + - fields + - id + - name + - type + id: + description: >- + The identifier for the connector. To create a case + without a connector, use `none`. + type: string + name: + description: >- + The name of the connector. To create a case without a + connector, use `none`. + type: string + type: + $ref: '#/components/schemas/connector_types' + description: + description: The description for the case. + type: string + id: + description: The identifier for the case. + type: string + settings: + description: An object that contains the case settings. + type: object + properties: + syncAlerts: + description: Turns alert syncing on or off. + type: boolean + status: + $ref: '#/components/schemas/status' + tags: + description: The words and phrases that help categorize cases. + type: array + items: + type: string + title: + description: A title for the case. + type: string + version: + description: The current version of the case. + type: string + required: + - id + - version + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + servers: + - url: https://localhost:5601 + /api/cases/_find: + get: + description: > + Retrieves a paginated subset of cases. You must have read privileges for + the **Cases** feature in the **Management**, **Observability**, or + **Security** section of the Kibana feature privileges, depending on the + owner of the cases you're seeking. + parameters: + - $ref: '#/components/parameters/default_search_operator' + - $ref: '#/components/parameters/fields' + - $ref: '#/components/parameters/from' + - $ref: '#/components/parameters/owner' + - $ref: '#/components/parameters/page' + - $ref: '#/components/parameters/per_page' + - $ref: '#/components/parameters/reporters' + - $ref: '#/components/parameters/search' + - $ref: '#/components/parameters/search_fields' + - $ref: '#/components/parameters/sort_field' + - $ref: '#/components/parameters/sort_order' + - $ref: '#/components/parameters/status' + - $ref: '#/components/parameters/tags' + - $ref: '#/components/parameters/to' + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + servers: + - url: https://localhost:5601 + /api/cases/alerts/{alertId}: + get: + description: > + Returns the cases associated with a specific alert. You must have read + privileges for the **Cases** feature in the **Management**, + **Observability**, or **Security** section of the Kibana feature + privileges, depending on the owner of the cases you're seeking. + x-technical-preview: true + parameters: + - $ref: '#/components/parameters/alert_id' + - in: query + name: owner + description: >- + A filter to limit the retrieved case statistics to a specific set of + applications. If this parameter is omitted, the response contains + all cases that the user has access to read. + schema: + oneOf: + - $ref: '#/components/schemas/owners' + - type: array + items: + $ref: '#/components/schemas/owners' + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + servers: + - url: https://localhost:5601 + /api/cases/configure: + get: + description: > + Retrieves external connection details, such as the closure type and + default connector for cases. You must have read privileges for the + **Cases** feature in the **Management**, **Observability**, or + **Security** section of the Kibana feature privileges, depending on the + owner of the case configuration. + parameters: + - in: query + name: owner + description: >- + A filter to limit the retrieved case statistics to a specific set of + applications. If this parameter is omitted, the response contains + all cases that the user has access to read. + schema: + oneOf: + - $ref: '#/components/schemas/owners' + - type: array + items: + $ref: '#/components/schemas/owners' + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + post: + description: > + Sets external connection details, such as the closure type and default + connector for cases. You must have all privileges for the **Cases** + feature in the **Management**, **Observability**, or **Security** + section of the Kibana feature privileges, depending on the owner of the + case configuration. Connectors are used to interface with external + systems. You must create a connector before you can use it in your + cases. Refer to the add connectors API. If you set a default connector, + it is automatically selected when you create cases in Kibana. If you use + the create case API, however, you must still specify all of the + connector details. + parameters: + - $ref: '#/components/parameters/kbn_xsrf' + requestBody: + content: + application/json: + schema: + type: object + properties: + closure_type: + $ref: '#/components/schemas/closure_types' + connector: + description: An object that contains the connector configuration. + type: object + properties: + fields: + description: > + An object that contains the connector fields. TIP: The + fields specified in the case configuration are not used + and are not propagated to individual cases, therefore it + is recommended to set it to null. + type: object + additionalProperties: true + example: null + id: + description: >- + The identifier for the connector. If you do not want a + default connector, use `none`. To retrieve connector + IDs, use the find connectors API. + type: string + example: none + name: + description: >- + The name of the connector. If you do not want a default + connector, use `none`. To retrieve connector names, use + the find connectors API. + type: string + example: none + type: + $ref: '#/components/schemas/connector_types' + required: + - fields + - id + - name + - type + owner: + $ref: '#/components/schemas/owners' + settings: + description: An object that contains the case settings. + type: object + properties: + syncAlerts: + description: Turns alert syncing on or off. + type: boolean + required: + - syncAlerts + required: + - closure_type + - connector + - owner + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + servers: + - url: https://localhost:5601 + /api/cases/configure/{configurationId}: + patch: + description: > + Updates external connection details, such as the closure type and + default connector for cases. You must have all privileges for the + **Cases** feature in the **Management**, **Observability**, or + **Security** section of the Kibana feature privileges, depending on the + owner of the case configuration. Connectors are used to interface with + external systems. You must create a connector before you can it in your + cases. Refer to the add connectors API. + parameters: + - $ref: '#/components/parameters/kbn_xsrf' + - $ref: '#/components/parameters/configuration_id' + requestBody: + content: + application/json: + schema: + type: object + properties: + closure_type: + $ref: '#/components/schemas/closure_types' + connector: + description: An object that contains the connector configuration. + type: object + properties: + fields: + description: > + An object that contains the connector fields. TIP: The + fields specified in the case configuration are not used + and are not propagated to individual cases, therefore it + is recommended to set it to null. + type: object + additionalProperties: true + example: null + id: + description: >- + The identifier for the connector. To To retrieve + connector IDs, use the find connectors API. + type: string + example: none + name: + description: The name of the connector. + type: string + example: none + type: + $ref: '#/components/schemas/connector_types' + required: + - fields + - id + - name + - type + version: + description: >- + The version of the connector. To retrieve the version value, + use the get configuration API. + type: string + example: WzIwMiwxXQ== + required: + - version + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + servers: + - url: https://localhost:5601 + /api/cases/configure/connectors/_find: + get: + description: > + Retrieves information about connectors. In particular, only the + connectors that are supported for use in cases are returned. You must + have read privileges for the **Actions and Connectors** feature in the + **Management** section of the Kibana feature privileges. + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + servers: + - url: https://localhost:5601 + /api/cases/reporters: + get: + description: > + Returns information about the users who opened cases. You must have read + privileges for the **Cases** feature in the **Management**, + **Observability**, or **Security** section of the Kibana feature + privileges, depending on the owner of the cases you're seeking. + parameters: + - $ref: '#/components/parameters/owner' + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + servers: + - url: https://localhost:5601 + /api/cases/status: + get: + description: > + Returns the number of cases that are open, closed, and in progress. You + must have read privileges for the **Cases** feature in the + **Management**, **Observability**, or **Security** section of the Kibana + feature privileges, depending on the owner of the cases you're seeking. + deprecated: true + parameters: + - $ref: '#/components/parameters/owner' + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + servers: + - url: https://localhost:5601 + /api/cases/tags: + get: + description: > + Aggregates and returns a list of case tags. You must have read + privileges for the **Cases** feature in the **Management**, + **Observability**, or **Security** section of the Kibana feature + privileges, depending on the owner of the cases you're seeking. + parameters: + - in: query + name: owner + description: >- + A filter to limit the retrieved case statistics to a specific set of + applications. If this parameter is omitted, the response contains + tags from all cases that the user has access to read. + schema: + oneOf: + - $ref: '#/components/schemas/owners' + - type: array + items: + $ref: '#/components/schemas/owners' + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + servers: + - url: https://localhost:5601 + /api/cases/{caseId}: + get: + description: > + Retrieves a specified case. You must have read privileges for the + **Cases** feature in the **Management**, **Observability**, or + **Security** section of the Kibana feature privileges, depending on the + owner of the cases you're seeking. + parameters: + - $ref: '#/components/parameters/case_id' + - in: query + name: includeComments + description: Determines whether case comments are returned. + deprecated: true + schema: + type: boolean + default: true + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + servers: + - url: https://localhost:5601 + /api/cases/{caseId}/alerts: + get: + description: > + Gets all alerts attached to a case. You must have read privileges for + the **Cases** feature in the **Management**, **Observability**, or + **Security** section of the Kibana feature privileges, depending on the + owner of the cases you're seeking. + x-technical-preview: true + parameters: + - $ref: '#/components/parameters/case_id' + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + servers: + - url: https://localhost:5601 + /api/cases/{caseId}/comments: + post: + description: > + Adds a comment to a case. You must have all privileges for the **Cases** + feature in the **Management**, **Observability**, or **Security** + section of the Kibana feature privileges, depending on the owner of the + case you're updating. + parameters: + - $ref: '#/components/parameters/kbn_xsrf' + - $ref: '#/components/parameters/case_id' + requestBody: + content: + application/json: + schema: + type: object + properties: + alertId: + description: >- + The alert identifier. It is required only when `type` is + `alert`. This functionality is in technical preview and may + be changed or removed in a future release. Elastic will + apply best effort to fix any issues, but features in + technical preview are not subject to the support SLA of + official GA features. + type: string + comment: + description: The new comment. It is required only when `type` is `user`. + type: string + index: + description: >- + The alert index. It is required only when `type` is `alert`. + This functionality is in technical preview and may be + changed or removed in a future release. Elastic will apply + best effort to fix any issues, but features in technical + preview are not subject to the support SLA of official GA + features. + type: string + owner: + $ref: '#/components/schemas/owners' + rule: + description: >- + The rule that is associated with the alert. It is required + only when type is alert. This functionality is in technical + preview and may be changed or removed in a future release. + Elastic will apply best effort to fix any issues, but + features in technical preview are not subject to the support + SLA of official GA features. + type: object + properties: + id: + description: The rule identifier. + type: string + name: + description: The rule name. + type: string + type: + $ref: '#/components/schemas/comment_types' + required: + - owner + - type + examples: + '0': + value: | + { + + "type": "user", + + "owner": "cases", + + "comment": "That is nothing - Ethan Hunt answered a targeted + social media campaign promoting phishy pension schemes to IMF + operatives." + + } + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + patch: + description: > + Updates a comment in a case. You must have all privileges for the + **Cases** feature in the **Management**, **Observability**, or + **Security** section of the Kibana feature privileges, depending on the + owner of the case you're updating. + parameters: + - $ref: '#/components/parameters/kbn_xsrf' + - $ref: '#/components/parameters/case_id' + requestBody: + content: + application/json: + schema: + type: object + properties: + alertId: + description: >- + The alert identifier. It is required only when `type` is + `alert`. This functionality is in technical preview and may + be changed or removed in a future release. Elastic will + apply best effort to fix any issues, but features in + technical preview are not subject to the support SLA of + official GA features. + type: string + comment: + description: The new comment. It is required only when `type` is `user`. + type: string + id: + description: The identifier for the comment. + type: string + index: + description: >- + The alert index. It is required only when `type` is `alert`. + This functionality is in technical preview and may be + changed or removed in a future release. Elastic will apply + best effort to fix any issues, but features in technical + preview are not subject to the support SLA of official GA + features. + type: string + owner: + $ref: '#/components/schemas/owners' + rule: + description: >- + The rule that is associated with the alert. It is required + only when type is alert. This functionality is in technical + preview and may be changed or removed in a future release. + Elastic will apply best effort to fix any issues, but + features in technical preview are not subject to the support + SLA of official GA features. + type: object + properties: + id: + description: The rule identifier. + type: string + name: + description: The rule name. + type: string + type: + $ref: '#/components/schemas/comment_types' + version: + description: The current version of the comment. + type: string + required: + - id + - owner + - type + - version + examples: + '0': + value: |- + { + "id": "c7740680-b5e9-11ec-b141-0fdb20a7f9a9", + "version": "WzI2NiwzXQ==", + "type": "user", + "comment": "Updated comment", + "owner": "cases" + } + '1': + value: | + { + "type": "user", + "owner": "cases", + "comment": "no2." + } + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + delete: + description: > + Deletes all comments from a case. You must have all privileges for the + **Cases** feature in the **Management**, **Observability**, or + **Security** section of the Kibana feature privileges, depending on the + owner of the cases you're updating. + parameters: + - $ref: '#/components/parameters/kbn_xsrf' + - $ref: '#/components/parameters/case_id' + responses: + '204': + description: Indicates a successful call. + servers: + - url: https://localhost:5601 + get: + description: > + Retrieves all the comments from a case. You must have read privileges + for the **Cases** feature in the **Management**, **Observability**, or + **Security** section of the Kibana feature privileges, depending on the + owner of the cases with the comments you're seeking. + deprecated: true + parameters: + - $ref: '#/components/parameters/case_id' + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + servers: + - url: https://localhost:5601 + /api/cases/{caseId}/comments/{commentId}: + delete: + description: > + Deletes a comment from a case. You must have all privileges for the + **Cases** feature in the **Management**, **Observability**, or + **Security** section of the Kibana feature privileges, depending on the + owner of the cases you're updating. + parameters: + - $ref: '#/components/parameters/kbn_xsrf' + - $ref: '#/components/parameters/case_id' + - $ref: '#/components/parameters/comment_id' + responses: + '204': + description: Indicates a successful call. + servers: + - url: https://localhost:5601 + get: + description: > + Retrieves a comment from a case. You must have read privileges for the + **Cases** feature in the **Management**, **Observability**, or + **Security** section of the Kibana feature privileges, depending on the + owner of the cases with the comments you're seeking. + parameters: + - $ref: '#/components/parameters/case_id' + - $ref: '#/components/parameters/comment_id' + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + servers: + - url: https://localhost:5601 + /api/cases/{caseId}/connector/{connectorId}/_push: + post: + description: > + Pushes a case to an external service. You must have all privileges for + the **Actions and Connectors** feature in the ***Management*** section + of the Kibana feature privileges. You must also have all privileges for + the **Cases*** feature in the **Management**, ***Observability**, or + **Security** section of the Kibana feature privileges, depending on the + owner of the case you're pushing. + parameters: + - $ref: '#/components/parameters/kbn_xsrf' + - $ref: '#/components/parameters/case_id' + - $ref: '#/components/parameters/connector_id' + responses: + '200': + description: Indicates a successful call. + servers: + - url: https://localhost:5601 + servers: + - url: https://localhost:5601 + /api/cases/{caseId}/user_actions: + get: + description: > + Returns all user activity for the specified case. You must have read + privileges for the **Cases** feature in the **Management**, + **Observability**, or **Security** section of the Kibana feature + privileges, depending on the owner of the cases you're seeking. + deprecated: true + parameters: + - $ref: '#/components/parameters/case_id' + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + servers: + - url: https://localhost:5601 + /s/{spaceId}/api/cases: + post: + description: > + Creates a case. You must have all privileges for the **Cases** feature + in the **Management**, **Observability**, or **Security** section of the + Kibana feature privileges, depending on the owner of the case you're + creating. + parameters: + - $ref: '#/components/parameters/kbn_xsrf' + - $ref: '#/components/parameters/space_id' + requestBody: + content: + application/json: + schema: + type: object + properties: + connector: + description: An object that contains the connector configuration. + type: object + properties: + fields: + description: >- + An object containing the connector fields. To create a + case without a connector, specify null. If you want to + omit any individual field, specify null as its value. + nullable: true + type: object + properties: + caseId: + description: The case identifier for Swimlane connectors. + type: string + category: + description: >- + The category of the incident for ServiceNow ITSM and + ServiceNow SecOps connectors. + type: string + destIp: + description: >- + A comma-separated list of destination IPs for + ServiceNow SecOps connectors. + type: string + impact: + description: >- + The effect an incident had on business for + ServiceNow ITSM connectors. + type: string + issueType: + description: The type of issue for Jira connectors. + type: string + issueTypes: + description: The type of incident for IBM Resilient connectors. + type: array + items: + type: number + malwareHash: + description: >- + A comma-separated list of malware hashes for + ServiceNow SecOps connectors. + type: string + malwareUrl: + description: >- + A comma-separated list of malware URLs for + ServiceNow SecOps connectors. + type: string + parent: + description: >- + The key of the parent issue, when the issue type is + sub-task for Jira connectors. + type: string + priority: + description: >- + The priority of the issue for Jira and ServiceNow + SecOps connectors. + type: string + severity: + description: >- + The severity of the incident for ServiceNow ITSM + connectors. + type: string + severityCode: + description: >- + The severity code of the incident for IBM Resilient + connectors. + type: number + sourceIp: + description: >- + A comma-separated list of source IPs for ServiceNow + SecOps connectors. + type: string + subcategory: + description: >- + The subcategory of the incident for ServiceNow ITSM + connectors. + type: string + urgency: + description: >- + The extent to which the incident resolution can be + delayed for ServiceNow ITSM connectors. + type: string + required: + - fields + - id + - name + - type + id: + description: >- + The identifier for the connector. To create a case + without a connector, use `none`. + type: string + name: + description: >- + The name of the connector. To create a case without a + connector, use `none`. + type: string + type: + $ref: '#/components/schemas/connector_types' + description: + description: The description for the case. + type: string + owner: + $ref: '#/components/schemas/owners' + settings: + description: An object that contains the case settings. + type: object + properties: + syncAlerts: + description: Turns alert syncing on or off. + type: boolean + tags: + description: >- + The words and phrases that help categorize cases. It can be + an empty array. + type: array + items: + type: string + title: + description: A title for the case. + type: string + required: + - connector + - description + - owner + - settings + - tags + - title + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + delete: + description: > + Deletes one or more cases. You must have all privileges for the + **Cases** feature in the **Management**, **Observability**, or + **Security** section of the Kibana feature privileges, depending on the + owner of the cases you're deleting. + parameters: + - $ref: '#/components/parameters/kbn_xsrf' + - $ref: '#/components/parameters/space_id' + - name: ids + description: >- + The cases that you want to removed. All non-ASCII characters must be + URL encoded. + in: query + required: true + schema: + type: string + example: '%5B%22d4e7abb0-b462-11ec-9a8d-698504725a43%22%5D' + responses: + '204': + description: Indicates a successful call. + servers: + - url: https://localhost:5601 + patch: + description: > + Updates one or more cases. You must have all privileges for the + **Cases** feature in the **Management**, **Observability**, or + **Security** section of the Kibana feature privileges, depending on the + owner of the case you're updating. + parameters: + - $ref: '#/components/parameters/kbn_xsrf' + - $ref: '#/components/parameters/space_id' + requestBody: + content: + application/json: + schema: + type: object + properties: + connector: + description: An object that contains the connector configuration. + type: object + properties: + fields: + description: >- + An object containing the connector fields. To create a + case without a connector, specify null. If you want to + omit any individual field, specify null as its value. + nullable: true + type: object + properties: + caseId: + description: The case identifier for Swimlane connectors. + type: string + category: + description: >- + The category of the incident for ServiceNow ITSM and + ServiceNow SecOps connectors. + type: string + destIp: + description: >- + A comma-separated list of destination IPs for + ServiceNow SecOps connectors. + type: string + impact: + description: >- + The effect an incident had on business for + ServiceNow ITSM connectors. + type: string + issueType: + description: The type of issue for Jira connectors. + type: string + issueTypes: + description: The type of incident for IBM Resilient connectors. + type: array + items: + type: number + malwareHash: + description: >- + A comma-separated list of malware hashes for + ServiceNow SecOps connectors. + type: string + malwareUrl: + description: >- + A comma-separated list of malware URLs for + ServiceNow SecOps connectors. + type: string + parent: + description: >- + The key of the parent issue, when the issue type is + sub-task for Jira connectors. + type: string + priority: + description: >- + The priority of the issue for Jira and ServiceNow + SecOps connectors. + type: string + severity: + description: >- + The severity of the incident for ServiceNow ITSM + connectors. + type: string + severityCode: + description: >- + The severity code of the incident for IBM Resilient + connectors. + type: number + sourceIp: + description: >- + A comma-separated list of source IPs for ServiceNow + SecOps connectors. + type: string + subcategory: + description: >- + The subcategory of the incident for ServiceNow ITSM + connectors. + type: string + urgency: + description: >- + The extent to which the incident resolution can be + delayed for ServiceNow ITSM connectors. + type: string + required: + - fields + - id + - name + - type + id: + description: >- + The identifier for the connector. To create a case + without a connector, use `none`. + type: string + name: + description: >- + The name of the connector. To create a case without a + connector, use `none`. + type: string + type: + $ref: '#/components/schemas/connector_types' + description: + description: The description for the case. + type: string + id: + description: The identifier for the case. + type: string + settings: + description: An object that contains the case settings. + type: object + properties: + syncAlerts: + description: Turns alert syncing on or off. + type: boolean + status: + $ref: '#/components/schemas/status' + tags: + description: The words and phrases that help categorize cases. + type: array + items: + type: string + title: + description: A title for the case. + type: string + version: + description: The current version of the case. + type: string + required: + - id + - version + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + servers: + - url: https://localhost:5601 + /s/{spaceId}/api/cases/_find: + get: + description: > + Retrieves a paginated subset of cases. You must have read privileges for + the **Cases** feature in the **Management**, **Observability**, or + **Security** section of the Kibana feature privileges, depending on the + owner of the cases you're seeking. + parameters: + - $ref: '#/components/parameters/space_id' + - $ref: '#/components/parameters/default_search_operator' + - $ref: '#/components/parameters/fields' + - $ref: '#/components/parameters/from' + - $ref: '#/components/parameters/owner' + - $ref: '#/components/parameters/page' + - $ref: '#/components/parameters/per_page' + - $ref: '#/components/parameters/reporters' + - $ref: '#/components/parameters/search' + - $ref: '#/components/parameters/search_fields' + - $ref: '#/components/parameters/sort_field' + - $ref: '#/components/parameters/sort_order' + - $ref: '#/components/parameters/status' + - $ref: '#/components/parameters/tags' + - $ref: '#/components/parameters/to' + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + servers: + - url: https://localhost:5601 + /s/{spaceId}/api/cases/alerts/{alertId}: + get: + description: > + Returns the cases associated with a specific alert. You must have read + privileges for the **Cases** feature in the **Management**, + **Observability**, or **Security** section of the Kibana feature + privileges, depending on the owner of the cases you're seeking. + x-technical-preview: true + parameters: + - $ref: '#/components/parameters/alert_id' + - $ref: '#/components/parameters/space_id' + - in: query + name: owner + description: >- + A filter to limit the retrieved case statistics to a specific set of + applications. If this parameter is omitted, the response contains + all cases that the user has access to read. + schema: + oneOf: + - $ref: '#/components/schemas/owners' + - type: array + items: + $ref: '#/components/schemas/owners' + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + servers: + - url: https://localhost:5601 + /s/{spaceId}/api/cases/configure: + get: + description: > + Retrieves external connection details, such as the closure type and + default connector for cases. You must have read privileges for the + **Cases** feature in the **Management**, **Observability**, or + **Security** section of the Kibana feature privileges, depending on the + owner of the case configuration. + parameters: + - $ref: '#/components/parameters/space_id' + - in: query + name: owner + description: >- + A filter to limit the retrieved case statistics to a specific set of + applications. If this parameter is omitted, the response contains + all cases that the user has access to read. + schema: + oneOf: + - $ref: '#/components/schemas/owners' + - type: array + items: + $ref: '#/components/schemas/owners' + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + post: + description: > + Sets external connection details, such as the closure type and default + connector for cases. You must have all privileges for the **Cases** + feature in the **Management**, **Observability**, or **Security** + section of the Kibana feature privileges, depending on the owner of the + case configuration. Connectors are used to interface with external + systems. You must create a connector before you can use it in your + cases. Refer to the add connectors API. If you set a default connector, + it is automatically selected when you create cases in Kibana. If you use + the create case API, however, you must still specify all of the + connector details. + parameters: + - $ref: '#/components/parameters/kbn_xsrf' + - $ref: '#/components/parameters/space_id' + requestBody: + content: + application/json: + schema: + type: object + properties: + closure_type: + $ref: '#/components/schemas/closure_types' + connector: + description: An object that contains the connector configuration. + type: object + properties: + fields: + description: > + An object that contains the connector fields. TIP: The + fields specified in the case configuration are not used + and are not propagated to individual cases, therefore it + is recommended to set it to null. + type: object + additionalProperties: true + example: null + id: + description: >- + The identifier for the connector. If you do not want a + default connector, use `none`. To retrieve connector + IDs, use the find connectors API. + type: string + example: none + name: + description: >- + The name of the connector. If you do not want a default + connector, use `none`. To retrieve connector names, use + the find connectors API. + type: string + example: none + type: + $ref: '#/components/schemas/connector_types' + required: + - fields + - id + - name + - type + owner: + $ref: '#/components/schemas/owners' + settings: + description: An object that contains the case settings. + type: object + properties: + syncAlerts: + description: Turns alert syncing on or off. + type: boolean + required: + - syncAlerts + required: + - closure_type + - connector + - owner + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + servers: + - url: https://localhost:5601 + /s/{spaceId}/api/cases/configure/{configurationId}: + patch: + description: > + Updates external connection details, such as the closure type and + default connector for cases. You must have all privileges for the + **Cases** feature in the **Management**, **Observability**, or + **Security** section of the Kibana feature privileges, depending on the + owner of the case configuration. Connectors are used to interface with + external systems. You must create a connector before you can it in your + cases. Refer to the add connectors API. + parameters: + - $ref: '#/components/parameters/kbn_xsrf' + - $ref: '#/components/parameters/configuration_id' + - $ref: '#/components/parameters/space_id' + requestBody: + content: + application/json: + schema: + type: object + properties: + closure_type: + $ref: '#/components/schemas/closure_types' + connector: + description: An object that contains the connector configuration. + type: object + properties: + fields: + description: > + An object that contains the connector fields. TIP: The + fields specified in the case configuration are not used + and are not propagated to individual cases, therefore it + is recommended to set it to null. + type: object + additionalProperties: true + example: null + id: + description: >- + The identifier for the connector. To To retrieve + connector IDs, use the find connectors API. + type: string + example: none + name: + description: The name of the connector. + type: string + example: none + type: + $ref: '#/components/schemas/connector_types' + required: + - fields + - id + - name + - type + version: + description: >- + The version of the connector. To retrieve the version value, + use the get configuration API. + type: string + example: WzIwMiwxXQ== + required: + - version + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + servers: + - url: https://localhost:5601 + /s/{spaceId}/api/cases/configure/connectors/_find: + get: + description: > + Retrieves information about connectors. In particular, only the + connectors that are supported for use in cases are returned. You must + have read privileges for the **Actions and Connectors** feature in the + **Management** section of the Kibana feature privileges. + parameters: + - $ref: '#/components/parameters/space_id' + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + servers: + - url: https://localhost:5601 + /s/{spaceId}/api/cases/reporters: + get: + description: > + Returns information about the users who opened cases. You must have read + privileges for the **Cases** feature in the **Management**, + **Observability**, or **Security** section of the Kibana feature + privileges, depending on the owner of the cases you're seeking. + parameters: + - $ref: '#/components/parameters/space_id' + - $ref: '#/components/parameters/owner' + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + servers: + - url: https://localhost:5601 + /s/{spaceId}/api/cases/status: + get: + description: > + Returns the number of cases that are open, closed, and in progress. You + must have read privileges for the **Cases** feature in the + **Management**, **Observability**, or **Security** section of the Kibana + feature privileges, depending on the owner of the cases you're seeking. + deprecated: true + parameters: + - $ref: '#/components/parameters/space_id' + - $ref: '#/components/parameters/owner' + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + servers: + - url: https://localhost:5601 + /s/{spaceId}/api/cases/tags: + get: + description: > + Aggregates and returns a list of case tags. You must have read + privileges for the **Cases*** feature in the **Management**, + **Observability**, or **Security** section of the Kibana feature + privileges, depending on the owner of the cases you're seeking. + parameters: + - $ref: '#/components/parameters/space_id' + - in: query + name: owner + description: >- + A filter to limit the retrieved case statistics to a specific set of + applications. If this parameter is omitted, the response contains + tags from all cases that the user has access to read. + schema: + oneOf: + - $ref: '#/components/schemas/owners' + - type: array + items: + $ref: '#/components/schemas/owners' + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + servers: + - url: https://localhost:5601 + /s/{spaceId}/api/cases/{caseId}: + get: + description: > + Retrieves a specified case. You must have read privileges for the + **Cases** feature in the **Management**, **Observability**, or + **Security** section of the Kibana feature privileges, depending on the + owner of the cases you're seeking. + parameters: + - $ref: '#/components/parameters/case_id' + - $ref: '#/components/parameters/space_id' + - in: query + name: includeComments + description: Determines whether case comments are returned. + deprecated: true + schema: + type: boolean + default: true + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + servers: + - url: https://localhost:5601 + /s/{spaceId}/api/cases/{caseId}/alerts: + get: + description: > + Gets all alerts attached to a case. You must have read privileges for + the **Cases** feature in the **Management**, **Observability**, or + **Security** section of the Kibana feature privileges, depending on the + owner of the cases you're seeking. + x-technical-preview: true + parameters: + - $ref: '#/components/parameters/case_id' + - $ref: '#/components/parameters/space_id' + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + servers: + - url: https://localhost:5601 + /s/{spaceId}/api/cases/{caseId}/comments: + post: + description: > + Adds a comment to a case. You must have all privileges for the **Cases** + feature in the **Management**, **Observability**, or **Security** + section of the Kibana feature privileges, depending on the owner of the + case you're updating. + parameters: + - $ref: '#/components/parameters/kbn_xsrf' + - $ref: '#/components/parameters/case_id' + - $ref: '#/components/parameters/space_id' + requestBody: + content: + application/json: + schema: + type: object + properties: + alertId: + description: >- + The alert identifier. It is required only when `type` is + `alert`. This functionality is in technical preview and may + be changed or removed in a future release. Elastic will + apply best effort to fix any issues, but features in + technical preview are not subject to the support SLA of + official GA features. + type: string + comment: + description: The new comment. It is required only when `type` is `user`. + type: string + index: + description: >- + The alert index. It is required only when `type` is `alert`. + This functionality is in technical preview and may be + changed or removed in a future release. Elastic will apply + best effort to fix any issues, but features in technical + preview are not subject to the support SLA of official GA + features. + type: string + owner: + $ref: '#/components/schemas/owners' + rule: + description: >- + The rule that is associated with the alert. It is required + only when type is alert. This functionality is in technical + preview and may be changed or removed in a future release. + Elastic will apply best effort to fix any issues, but + features in technical preview are not subject to the support + SLA of official GA features. + type: object + properties: + id: + description: The rule identifier. + type: string + name: + description: The rule name. + type: string + type: + $ref: '#/components/schemas/comment_types' + required: + - owner + - type + examples: + '0': + value: | + { + + "type": "user", + + "owner": "cases", + + "comment": "That is nothing - Ethan Hunt answered a targeted + social media campaign promoting phishy pension schemes to IMF + operatives." + + } + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + patch: + description: > + Updates a comment in a case. You must have all privileges for the + **Cases** feature in the **Management**, **Observability**, or + **Security** section of the Kibana feature privileges, depending on the + owner of the case you're updating. + parameters: + - $ref: '#/components/parameters/kbn_xsrf' + - $ref: '#/components/parameters/case_id' + - $ref: '#/components/parameters/space_id' + requestBody: + content: + application/json: + schema: + type: object + properties: + alertId: + description: >- + The alert identifier. It is required only when `type` is + `alert`. This functionality is in technical preview and may + be changed or removed in a future release. Elastic will + apply best effort to fix any issues, but features in + technical preview are not subject to the support SLA of + official GA features. + type: string + comment: + description: The new comment. It is required only when `type` is `user`. + type: string + id: + description: The identifier for the comment. + type: string + index: + description: >- + The alert index. It is required only when `type` is `alert`. + This functionality is in technical preview and may be + changed or removed in a future release. Elastic will apply + best effort to fix any issues, but features in technical + preview are not subject to the support SLA of official GA + features. + type: string + owner: + $ref: '#/components/schemas/owners' + rule: + description: >- + The rule that is associated with the alert. It is required + only when type is alert. This functionality is in technical + preview and may be changed or removed in a future release. + Elastic will apply best effort to fix any issues, but + features in technical preview are not subject to the support + SLA of official GA features. + type: object + properties: + id: + description: The rule identifier. + type: string + name: + description: The rule name. + type: string + type: + $ref: '#/components/schemas/comment_types' + version: + description: The current version of the comment. + type: string + required: + - id + - owner + - type + - version + examples: + '0': + value: |- + { + "id": "c7740680-b5e9-11ec-b141-0fdb20a7f9a9", + "version": "WzI2NiwzXQ==", + "type": "user", + "comment": "Updated comment", + "owner": "cases" + } + '1': + value: | + { + "type": "user", + "owner": "cases", + "comment": "no2." + } + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + delete: + description: > + Deletes all comments from a case. You must have all privileges for the + **Cases** feature in the **Management**, **Observability**, or + **Security** section of the Kibana feature privileges, depending on the + owner of the cases you're updating. + parameters: + - $ref: '#/components/parameters/kbn_xsrf' + - $ref: '#/components/parameters/case_id' + - $ref: '#/components/parameters/space_id' + responses: + '204': + description: Indicates a successful call. + servers: + - url: https://localhost:5601 + get: + description: > + Retrieves all the comments from a case. You must have read privileges + for the **Cases** feature in the **Management**, **Observability**, or + **Security** section of the Kibana feature privileges, depending on the + owner of the cases with the comments you're seeking. + deprecated: true + parameters: + - $ref: '#/components/parameters/case_id' + - $ref: '#/components/parameters/space_id' + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + servers: + - url: https://localhost:5601 + /s/{spaceId}/api/cases/{caseId}/comments/{commentId}: + delete: + description: > + Deletes a comment from a case. You must have all privileges for the + **Cases** feature in the **Management**, **Observability**, or + **Security** section of the Kibana feature privileges, depending on the + owner of the cases you're updating. + parameters: + - $ref: '#/components/parameters/kbn_xsrf' + - $ref: '#/components/parameters/space_id' + - $ref: '#/components/parameters/case_id' + - $ref: '#/components/parameters/comment_id' + responses: + '204': + description: Indicates a successful call. + servers: + - url: https://localhost:5601 + get: + description: > + Retrieves a comment from a case. You must have read privileges for the + **Cases** feature in the **Management**, **Observability**, or + **Security*** section of the Kibana feature privileges, depending on the + owner of the cases with the comments you're seeking. + parameters: + - $ref: '#/components/parameters/case_id' + - $ref: '#/components/parameters/comment_id' + - $ref: '#/components/parameters/space_id' + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + servers: + - url: https://localhost:5601 + /s/{spaceId}/api/cases/{caseId}/connector/{connectorId}/_push: + post: + description: > + Pushes a case to an external service. You must have all privileges for + the **Actions and Connectors** feature in the ***Management*** section + of the Kibana feature privileges. You must also have all privileges for + the **Cases*** feature in the **Management**, ***Observability**, or + **Security** section of the Kibana feature privileges, depending on the + owner of the case you're pushing. + parameters: + - $ref: '#/components/parameters/kbn_xsrf' + - $ref: '#/components/parameters/case_id' + - $ref: '#/components/parameters/connector_id' + - $ref: '#/components/parameters/space_id' + responses: + '200': + description: Indicates a successful call. + servers: + - url: https://localhost:5601 + servers: + - url: https://localhost:5601 + /s/{spaceId}/api/cases/{caseId}/user_actions: + get: + description: > + Returns all user activity for the specified case. You must have read + privileges for the **Cases** feature in the **Management**, + **Observability**, or **Security** section of the Kibana feature + privileges, depending on the owner of the cases you're seeking. + deprecated: true + parameters: + - $ref: '#/components/parameters/case_id' + - $ref: '#/components/parameters/space_id' + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + servers: + - url: https://localhost:5601 +components: + securitySchemes: + basicAuth: + type: http + scheme: basic + parameters: + kbn_xsrf: + schema: + type: string + in: header + name: kbn-xsrf + required: true + default_search_operator: + in: query + name: defaultSearchOperator + description: The default operator to use for the simple_query_string. + schema: + type: string + default: OR + example: OR + fields: + in: query + name: fields + description: The fields in the entity to return in the response. + schema: + type: array + items: + type: string + from: + in: query + name: from + description: >- + Returns only cases that were created after a specific date. The date + must be specified as a KQL data range or date match expression. + schema: + type: string + example: now-1d + owner: + in: query + name: owner + description: >- + A filter to limit the response to a specific set of applications. If + this parameter is omitted, the response contains information about all + the cases that the user has access to read. + schema: + oneOf: + - $ref: '#/components/schemas/owners' + - type: array + items: + $ref: '#/components/schemas/owners' + example: cases + page: + in: query + name: page + description: The page number to return. + schema: + type: integer + default: 1 + example: 1 + per_page: + in: query + name: perPage + description: The number of rules to return per page. + schema: + type: integer + default: 20 + example: 20 + reporters: + in: query + name: reporters + description: Filters the returned cases by the user name of the reporter. + schema: + oneOf: + - type: string + - type: array + items: + type: string + example: elastic + search: + in: query + name: search + description: >- + An Elasticsearch simple_query_string query that filters the objects in + the response. + schema: + type: string + example: '%2A' + search_fields: + in: query + name: searchFields + description: The fields to perform the simple_query_string parsed query against. + schema: + oneOf: + - type: string + - type: array + items: + type: string + sort_field: + in: query + name: sortField + description: Determines which field is used to sort the results. + schema: + type: string + enum: + - createdAt + - updatedAt + default: createdAt + example: updatedAt + sort_order: + in: query + name: sortOrder + description: Determines the sort order. + schema: + type: string + enum: + - asc + - desc + default: desc + example: asc + status: + in: query + name: status + description: Filters the returned cases by state. + schema: + type: string + enum: + - closed + - in-progress + - open + example: open + tags: + in: query + name: tags + description: Filters the returned cases by tags. + schema: + oneOf: + - type: string + - type: array + items: + type: string + example: phishing + to: + in: query + name: to + description: >- + Returns only cases that were created before a specific date. The date + must be specified as a KQL data range or date match expression. + schema: + type: string + example: now%2B1d + alert_id: + in: path + name: alertId + description: An identifier for the alert. + required: true + schema: + type: string + example: 09f0c261e39e36351d75995b78bb83673774d1bc2cca9df2d15f0e5c0a99a540 + configuration_id: + in: path + name: configurationId + description: An identifier for the configuration. + required: true + schema: + type: string + example: 3297a0f0-b5ec-11ec-b141-0fdb20a7f9a9 + case_id: + in: path + name: caseId + description: An identifier for the case. + required: true + schema: + type: string + example: a18b38a0-71b0-11ea-a0b2-c51ea50a58e2 + comment_id: + in: path + name: commentId + description: An identifier for the comment. + required: true + schema: + type: string + example: 71ec1870-725b-11ea-a0b2-c51ea50a58e2 + connector_id: + in: path + name: connectorId + description: >- + An identifier for the connector. To retrieve connector IDs, use the find + connectors API. + required: true + schema: + type: string + example: abed3a70-71bd-11ea-a0b2-c51ea50a58e2 + space_id: + in: path + name: spaceId + description: An identifier for the space. + required: true + schema: + type: string + example: default + schemas: + connector_types: + type: string + description: The type of connector. + enum: + - .jira + - .none + - .resilient + - .servicenow + - .servicenow-sir + - .swimlane + owners: + type: string + description: Owner apps + enum: + - cases + - observability + - securitySolution + status: + type: string + description: The status of the case. + enum: + - closed + - in-progress + - open + closure_types: + type: string + description: >- + Indicates whether a case is automatically closed when it is pushed to + external systems (`close-by-pushing`) or not automatically closed + (`close-by-user`). + enum: + - close-by-pushing + - close-by-user + comment_types: + type: string + description: The type of comment. + enum: + - alert + - user +security: + - basicAuth: [] diff --git a/x-pack/plugins/cases/common/openapi/components/README.md b/x-pack/plugins/cases/common/openapi/components/README.md new file mode 100644 index 0000000000000..a0f4490e52ea1 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/components/README.md @@ -0,0 +1,5 @@ +Reusable components +=========== + + - `headers` - reusable [Header Objects](https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.2.md#headerObject) + - `parameters` - reusable [Parameter Objects](https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.2.md#parameterObject) diff --git a/x-pack/plugins/cases/common/openapi/components/headers/kbn_xsrf.yaml b/x-pack/plugins/cases/common/openapi/components/headers/kbn_xsrf.yaml new file mode 100644 index 0000000000000..3d8dfae634e68 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/components/headers/kbn_xsrf.yaml @@ -0,0 +1,5 @@ +schema: + type: string +in: header +name: kbn-xsrf +required: true diff --git a/x-pack/plugins/cases/common/openapi/components/parameters/alert_id.yaml b/x-pack/plugins/cases/common/openapi/components/parameters/alert_id.yaml new file mode 100644 index 0000000000000..8677b327b91be --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/components/parameters/alert_id.yaml @@ -0,0 +1,7 @@ +in: path +name: alertId +description: An identifier for the alert. +required: true +schema: + type: string + example: 09f0c261e39e36351d75995b78bb83673774d1bc2cca9df2d15f0e5c0a99a540 \ No newline at end of file diff --git a/x-pack/plugins/cases/common/openapi/components/parameters/case_id.yaml b/x-pack/plugins/cases/common/openapi/components/parameters/case_id.yaml new file mode 100644 index 0000000000000..8942deb2a42b4 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/components/parameters/case_id.yaml @@ -0,0 +1,7 @@ +in: path +name: caseId +description: An identifier for the case. +required: true +schema: + type: string + example: a18b38a0-71b0-11ea-a0b2-c51ea50a58e2 \ No newline at end of file diff --git a/x-pack/plugins/cases/common/openapi/components/parameters/comment_id.yaml b/x-pack/plugins/cases/common/openapi/components/parameters/comment_id.yaml new file mode 100644 index 0000000000000..51636b3dc5ed6 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/components/parameters/comment_id.yaml @@ -0,0 +1,7 @@ +in: path +name: commentId +description: An identifier for the comment. +required: true +schema: + type: string + example: 71ec1870-725b-11ea-a0b2-c51ea50a58e2 \ No newline at end of file diff --git a/x-pack/plugins/cases/common/openapi/components/parameters/configuration_id.yaml b/x-pack/plugins/cases/common/openapi/components/parameters/configuration_id.yaml new file mode 100644 index 0000000000000..65cce12afaa92 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/components/parameters/configuration_id.yaml @@ -0,0 +1,7 @@ +in: path +name: configurationId +description: An identifier for the configuration. +required: true +schema: + type: string + example: 3297a0f0-b5ec-11ec-b141-0fdb20a7f9a9 \ No newline at end of file diff --git a/x-pack/plugins/cases/common/openapi/components/parameters/connector_id.yaml b/x-pack/plugins/cases/common/openapi/components/parameters/connector_id.yaml new file mode 100644 index 0000000000000..71cdc7191cfa1 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/components/parameters/connector_id.yaml @@ -0,0 +1,7 @@ +in: path +name: connectorId +description: An identifier for the connector. To retrieve connector IDs, use the find connectors API. +required: true +schema: + type: string + example: abed3a70-71bd-11ea-a0b2-c51ea50a58e2 \ No newline at end of file diff --git a/x-pack/plugins/cases/common/openapi/components/parameters/default_search_operator.yaml b/x-pack/plugins/cases/common/openapi/components/parameters/default_search_operator.yaml new file mode 100644 index 0000000000000..22c957e93bb54 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/components/parameters/default_search_operator.yaml @@ -0,0 +1,7 @@ +in: query +name: defaultSearchOperator +description: The default operator to use for the simple_query_string. +schema: + type: string + default: OR +example: OR \ No newline at end of file diff --git a/x-pack/plugins/cases/common/openapi/components/parameters/fields.yaml b/x-pack/plugins/cases/common/openapi/components/parameters/fields.yaml new file mode 100644 index 0000000000000..65269955f8c76 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/components/parameters/fields.yaml @@ -0,0 +1,7 @@ +in: query +name: fields +description: The fields in the entity to return in the response. +schema: + type: array + items: + type: string \ No newline at end of file diff --git a/x-pack/plugins/cases/common/openapi/components/parameters/from.yaml b/x-pack/plugins/cases/common/openapi/components/parameters/from.yaml new file mode 100644 index 0000000000000..1c662dfb20c9d --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/components/parameters/from.yaml @@ -0,0 +1,6 @@ +in: query +name: from +description: Returns only cases that were created after a specific date. The date must be specified as a KQL data range or date match expression. +schema: + type: string +example: now-1d diff --git a/x-pack/plugins/cases/common/openapi/components/parameters/owner.yaml b/x-pack/plugins/cases/common/openapi/components/parameters/owner.yaml new file mode 100644 index 0000000000000..3f5e5ae73ad19 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/components/parameters/owner.yaml @@ -0,0 +1,10 @@ +in: query +name: owner +description: A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read. +schema: + oneOf: + - $ref: '../schemas/owners.yaml' + - type: array + items: + $ref: '../schemas/owners.yaml' +example: cases \ No newline at end of file diff --git a/x-pack/plugins/cases/common/openapi/components/parameters/page.yaml b/x-pack/plugins/cases/common/openapi/components/parameters/page.yaml new file mode 100644 index 0000000000000..c222bff951c47 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/components/parameters/page.yaml @@ -0,0 +1,7 @@ +in: query +name: page +description: The page number to return. +schema: + type: integer + default: 1 +example: 1 \ No newline at end of file diff --git a/x-pack/plugins/cases/common/openapi/components/parameters/per_page.yaml b/x-pack/plugins/cases/common/openapi/components/parameters/per_page.yaml new file mode 100644 index 0000000000000..07b9f596399c1 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/components/parameters/per_page.yaml @@ -0,0 +1,7 @@ +in: query +name: perPage +description: The number of rules to return per page. +schema: + type: integer + default: 20 +example: 20 diff --git a/x-pack/plugins/cases/common/openapi/components/parameters/reporters.yaml b/x-pack/plugins/cases/common/openapi/components/parameters/reporters.yaml new file mode 100644 index 0000000000000..6fefa32f011dd --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/components/parameters/reporters.yaml @@ -0,0 +1,10 @@ +in: query +name: reporters +description: Filters the returned cases by the user name of the reporter. +schema: + oneOf: + - type: string + - type: array + items: + type: string +example: elastic \ No newline at end of file diff --git a/x-pack/plugins/cases/common/openapi/components/parameters/search.yaml b/x-pack/plugins/cases/common/openapi/components/parameters/search.yaml new file mode 100644 index 0000000000000..b85a3604b3a66 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/components/parameters/search.yaml @@ -0,0 +1,6 @@ +in: query +name: search +description: An Elasticsearch simple_query_string query that filters the objects in the response. +schema: + type: string +example: '%2A' \ No newline at end of file diff --git a/x-pack/plugins/cases/common/openapi/components/parameters/search_fields.yaml b/x-pack/plugins/cases/common/openapi/components/parameters/search_fields.yaml new file mode 100644 index 0000000000000..adf134536382c --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/components/parameters/search_fields.yaml @@ -0,0 +1,9 @@ +in: query +name: searchFields +description: The fields to perform the simple_query_string parsed query against. +schema: + oneOf: + - type: string + - type: array + items: + type: string \ No newline at end of file diff --git a/x-pack/plugins/cases/common/openapi/components/parameters/sort_field.yaml b/x-pack/plugins/cases/common/openapi/components/parameters/sort_field.yaml new file mode 100644 index 0000000000000..c0b732f905c56 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/components/parameters/sort_field.yaml @@ -0,0 +1,10 @@ +in: query +name: sortField +description: Determines which field is used to sort the results. +schema: + type: string + enum: + - createdAt + - updatedAt + default: createdAt +example: updatedAt \ No newline at end of file diff --git a/x-pack/plugins/cases/common/openapi/components/parameters/sort_order.yaml b/x-pack/plugins/cases/common/openapi/components/parameters/sort_order.yaml new file mode 100644 index 0000000000000..9aa4bb92c0ff3 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/components/parameters/sort_order.yaml @@ -0,0 +1,10 @@ +in: query +name: sortOrder +description: Determines the sort order. +schema: + type: string + enum: + - asc + - desc + default: desc +example: asc \ No newline at end of file diff --git a/x-pack/plugins/cases/common/openapi/components/parameters/space_id.yaml b/x-pack/plugins/cases/common/openapi/components/parameters/space_id.yaml new file mode 100644 index 0000000000000..0ff325b08a082 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/components/parameters/space_id.yaml @@ -0,0 +1,7 @@ +in: path +name: spaceId +description: An identifier for the space. +required: true +schema: + type: string + example: default diff --git a/x-pack/plugins/cases/common/openapi/components/parameters/status.yaml b/x-pack/plugins/cases/common/openapi/components/parameters/status.yaml new file mode 100644 index 0000000000000..0517e7516a87f --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/components/parameters/status.yaml @@ -0,0 +1,10 @@ +in: query +name: status +description: Filters the returned cases by state. +schema: + type: string + enum: + - closed + - in-progress + - open +example: open \ No newline at end of file diff --git a/x-pack/plugins/cases/common/openapi/components/parameters/tags.yaml b/x-pack/plugins/cases/common/openapi/components/parameters/tags.yaml new file mode 100644 index 0000000000000..04e9b9f306ab8 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/components/parameters/tags.yaml @@ -0,0 +1,10 @@ +in: query +name: tags +description: Filters the returned cases by tags. +schema: + oneOf: + - type: string + - type: array + items: + type: string +example: phishing \ No newline at end of file diff --git a/x-pack/plugins/cases/common/openapi/components/parameters/to.yaml b/x-pack/plugins/cases/common/openapi/components/parameters/to.yaml new file mode 100644 index 0000000000000..abc030506f2b5 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/components/parameters/to.yaml @@ -0,0 +1,6 @@ +in: query +name: to +description: Returns only cases that were created before a specific date. The date must be specified as a KQL data range or date match expression. +schema: + type: string +example: now%2B1d \ No newline at end of file diff --git a/x-pack/plugins/cases/common/openapi/components/schemas/closure_types.yaml b/x-pack/plugins/cases/common/openapi/components/schemas/closure_types.yaml new file mode 100644 index 0000000000000..f09063d0db18f --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/components/schemas/closure_types.yaml @@ -0,0 +1,5 @@ +type: string +description: Indicates whether a case is automatically closed when it is pushed to external systems (`close-by-pushing`) or not automatically closed (`close-by-user`). +enum: + - close-by-pushing + - close-by-user \ No newline at end of file diff --git a/x-pack/plugins/cases/common/openapi/components/schemas/comment_types.yaml b/x-pack/plugins/cases/common/openapi/components/schemas/comment_types.yaml new file mode 100644 index 0000000000000..a6a86ae163b20 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/components/schemas/comment_types.yaml @@ -0,0 +1,5 @@ +type: string +description: The type of comment. +enum: + - alert + - user \ No newline at end of file diff --git a/x-pack/plugins/cases/common/openapi/components/schemas/connector_properties.yaml b/x-pack/plugins/cases/common/openapi/components/schemas/connector_properties.yaml new file mode 100644 index 0000000000000..c2bc2ab7c887a --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/components/schemas/connector_properties.yaml @@ -0,0 +1,65 @@ +fields: + description: An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value. + nullable: true + type: object + properties: + caseId: + description: The case identifier for Swimlane connectors. + type: string + category: + description: The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. + type: string + destIp: + description: A comma-separated list of destination IPs for ServiceNow SecOps connectors. + type: string + impact: + description: The effect an incident had on business for ServiceNow ITSM connectors. + type: string + issueType: + description: The type of issue for Jira connectors. + type: string + issueTypes: + description: The type of incident for IBM Resilient connectors. + type: array + items: + type: number + malwareHash: + description: A comma-separated list of malware hashes for ServiceNow SecOps connectors. + type: string + malwareUrl: + description: A comma-separated list of malware URLs for ServiceNow SecOps connectors. + type: string + parent: + description: The key of the parent issue, when the issue type is sub-task for Jira connectors. + type: string + priority: + description: The priority of the issue for Jira and ServiceNow SecOps connectors. + type: string + severity: + description: The severity of the incident for ServiceNow ITSM connectors. + type: string + severityCode: + description: The severity code of the incident for IBM Resilient connectors. + type: number + sourceIp: + description: A comma-separated list of source IPs for ServiceNow SecOps connectors. + type: string + subcategory: + description: The subcategory of the incident for ServiceNow ITSM connectors. + type: string + urgency: + description: The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors. + type: string + required: + - fields + - id + - name + - type +id: + description: The identifier for the connector. To create a case without a connector, use `none`. + type: string +name: + description: The name of the connector. To create a case without a connector, use `none`. + type: string +type: + $ref: 'connector_types.yaml' \ No newline at end of file diff --git a/x-pack/plugins/cases/common/openapi/components/schemas/connector_types.yaml b/x-pack/plugins/cases/common/openapi/components/schemas/connector_types.yaml new file mode 100644 index 0000000000000..24c1ec5880828 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/components/schemas/connector_types.yaml @@ -0,0 +1,9 @@ +type: string +description: The type of connector. +enum: + - .jira + - .none + - .resilient + - .servicenow + - .servicenow-sir + - .swimlane \ No newline at end of file diff --git a/x-pack/plugins/cases/common/openapi/components/schemas/owners.yaml b/x-pack/plugins/cases/common/openapi/components/schemas/owners.yaml new file mode 100644 index 0000000000000..f39324a36e702 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/components/schemas/owners.yaml @@ -0,0 +1,6 @@ +type: string +description: Owner apps +enum: + - cases + - observability + - securitySolution \ No newline at end of file diff --git a/x-pack/plugins/cases/common/openapi/components/schemas/status.yaml b/x-pack/plugins/cases/common/openapi/components/schemas/status.yaml new file mode 100644 index 0000000000000..1fe2e342dd776 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/components/schemas/status.yaml @@ -0,0 +1,6 @@ +type: string +description: The status of the case. +enum: + - closed + - in-progress + - open \ No newline at end of file diff --git a/x-pack/plugins/cases/common/openapi/entrypoint.yaml b/x-pack/plugins/cases/common/openapi/entrypoint.yaml new file mode 100644 index 0000000000000..8ac423acf19e5 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/entrypoint.yaml @@ -0,0 +1,85 @@ +openapi: 3.0.1 +info: + title: Cases + description: OpenAPI schema for Cases endpoints + version: '0.1' + contact: + name: Cases Team + license: + name: Elastic License 2.0 + url: https://www.elastic.co/licensing/elastic-license +tags: + - name: cases + - name: kibana +servers: + - url: 'http://localhost:5601' + description: local +paths: + /api/cases: + $ref: paths/api@cases.yaml + /api/cases/_find: + $ref: paths/api@cases@_find.yaml + '/api/cases/alerts/{alertId}': + $ref: 'paths/api@cases@alerts@{alertid}.yaml' + '/api/cases/configure': + $ref: paths/api@cases@configure.yaml + '/api/cases/configure/{configurationId}': + $ref: paths/api@cases@configure@{configurationid}.yaml + '/api/cases/configure/connectors/_find': + $ref: paths/api@cases@configure@connectors@_find.yaml + '/api/cases/reporters': + $ref: 'paths/api@cases@reporters.yaml' + '/api/cases/status': + $ref: 'paths/api@cases@status.yaml' + '/api/cases/tags': + $ref: 'paths/api@cases@tags.yaml' + '/api/cases/{caseId}': + $ref: 'paths/api@cases@{caseid}.yaml' + '/api/cases/{caseId}/alerts': + $ref: 'paths/api@cases@{caseid}@alerts.yaml' + '/api/cases/{caseId}/comments': + $ref: 'paths/api@cases@{caseid}@comments.yaml' + '/api/cases/{caseId}/comments/{commentId}': + $ref: 'paths/api@cases@{caseid}@comments@{commentid}.yaml' + '/api/cases/{caseId}/connector/{connectorId}/_push': + $ref: 'paths/api@cases@{caseid}@connector@{connectorid}@_push.yaml' + '/api/cases/{caseId}/user_actions': + $ref: 'paths/api@cases@{caseid}@user_actions.yaml' + + '/s/{spaceId}/api/cases': + $ref: 'paths/s@{spaceid}@api@cases.yaml' + '/s/{spaceId}/api/cases/_find': + $ref: 'paths/s@{spaceid}@api@cases@_find.yaml' + '/s/{spaceId}/api/cases/alerts/{alertId}': + $ref: 'paths/s@{spaceid}@api@cases@alerts@{alertid}.yaml' + '/s/{spaceId}/api/cases/configure': + $ref: paths/s@{spaceid}@api@cases@configure.yaml + '/s/{spaceId}/api/cases/configure/{configurationId}': + $ref: paths/s@{spaceid}@api@cases@configure@{configurationid}.yaml + '/s/{spaceId}/api/cases/configure/connectors/_find': + $ref: paths/s@{spaceid}@api@cases@configure@connectors@_find.yaml + '/s/{spaceId}/api/cases/reporters': + $ref: 'paths/s@{spaceid}@api@cases@reporters.yaml' + '/s/{spaceId}/api/cases/status': + $ref: 'paths/s@{spaceid}@api@cases@status.yaml' + '/s/{spaceId}/api/cases/tags': + $ref: 'paths/s@{spaceid}@api@cases@tags.yaml' + '/s/{spaceId}/api/cases/{caseId}': + $ref: 'paths/s@{spaceid}@api@cases@{caseid}.yaml' + '/s/{spaceId}/api/cases/{caseId}/alerts': + $ref: 'paths/s@{spaceid}@api@cases@{caseid}@alerts.yaml' + '/s/{spaceId}/api/cases/{caseId}/comments': + $ref: 'paths/s@{spaceid}@api@cases@{caseid}@comments.yaml' + '/s/{spaceId}/api/cases/{caseId}/comments/{commentId}': + $ref: 'paths/s@{spaceid}@api@cases@{caseid}@comments@{commentid}.yaml' + '/s/{spaceId}/api/cases/{caseId}/connector/{connectorId}/_push': + $ref: 'paths/s@{spaceid}@api@cases@{caseid}@connector@{connectorid}@_push.yaml' + '/s/{spaceId}/api/cases/{caseId}/user_actions': + $ref: 'paths/s@{spaceid}@api@cases@{caseid}@user_actions.yaml' +components: + securitySchemes: + basicAuth: + type: http + scheme: basic +security: + - basicAuth: [] diff --git a/x-pack/plugins/cases/common/openapi/paths/README.md b/x-pack/plugins/cases/common/openapi/paths/README.md new file mode 100644 index 0000000000000..b7818c8474fc8 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/paths/README.md @@ -0,0 +1,10 @@ +Paths +===== + +Each path definition for which there is a specification exists within this folder. + +These files currently use the following conventions: + +* path separator token (e.g. `@`) is included in the file name +* path parameter (e.g. `{example}`) is included in the file name +* there is one file per path; each file can contain multiple operations diff --git a/x-pack/plugins/cases/common/openapi/paths/api@cases.yaml b/x-pack/plugins/cases/common/openapi/paths/api@cases.yaml new file mode 100644 index 0000000000000..652bd1932561a --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/paths/api@cases.yaml @@ -0,0 +1,133 @@ +post: + description: > + Creates a case. + You must have all privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're creating. + parameters: + - $ref: ../components/headers/kbn_xsrf.yaml + requestBody: + content: + application/json: + schema: + type: object + properties: + connector: + description: An object that contains the connector configuration. + type: object + properties: + $ref: '../components/schemas/connector_properties.yaml' + description: + description: The description for the case. + type: string + owner: + $ref: '../components/schemas/owners.yaml' + settings: + description: An object that contains the case settings. + type: object + properties: + syncAlerts: + description: Turns alert syncing on or off. + type: boolean + tags: + description: The words and phrases that help categorize cases. It can be an empty array. + type: array + items: + type: string + title: + description: A title for the case. + type: string + required: + - connector + - description + - owner + - settings + - tags + - title + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + +delete: + description: > + Deletes one or more cases. + You must have all privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting. + parameters: + - $ref: ../components/headers/kbn_xsrf.yaml + - name: ids + description: The cases that you want to removed. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. + in: query + required: true + schema: + type: string + example: '%5B%22d4e7abb0-b462-11ec-9a8d-698504725a43%22%5D' + responses: + '204': + description: Indicates a successful call. + servers: + - url: https://localhost:5601 + +patch: + description: > + Updates one or more cases. + You must have all privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating. + parameters: + - $ref: ../components/headers/kbn_xsrf.yaml + requestBody: + content: + application/json: + schema: + type: object + properties: + connector: + description: An object that contains the connector configuration. + type: object + properties: + $ref: '../components/schemas/connector_properties.yaml' + description: + description: The description for the case. + type: string + id: + description: The identifier for the case. + type: string + settings: + description: An object that contains the case settings. + type: object + properties: + syncAlerts: + description: Turns alert syncing on or off. + type: boolean + status: + $ref: '../components/schemas/status.yaml' + tags: + description: The words and phrases that help categorize cases. + type: array + items: + type: string + title: + description: A title for the case. + type: string + version: + description: The current version of the case. + type: string + required: + - id + - version + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + +servers: + - url: https://localhost:5601 \ No newline at end of file diff --git a/x-pack/plugins/cases/common/openapi/paths/api@cases@_find.yaml b/x-pack/plugins/cases/common/openapi/paths/api@cases@_find.yaml new file mode 100644 index 0000000000000..0ce9b6460e9fb --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/paths/api@cases@_find.yaml @@ -0,0 +1,31 @@ +get: + description: > + Retrieves a paginated subset of cases. + You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. + parameters: + - $ref: '../components/parameters/default_search_operator.yaml' + - $ref: '../components/parameters/fields.yaml' + - $ref: '../components/parameters/from.yaml' + - $ref: '../components/parameters/owner.yaml' + - $ref: '../components/parameters/page.yaml' + - $ref: '../components/parameters/per_page.yaml' + - $ref: '../components/parameters/reporters.yaml' + - $ref: '../components/parameters/search.yaml' + - $ref: '../components/parameters/search_fields.yaml' + - $ref: '../components/parameters/sort_field.yaml' + - $ref: '../components/parameters/sort_order.yaml' + - $ref: '../components/parameters/status.yaml' + - $ref: '../components/parameters/tags.yaml' + - $ref: '../components/parameters/to.yaml' + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 +servers: + - url: https://localhost:5601 diff --git a/x-pack/plugins/cases/common/openapi/paths/api@cases@alerts@{alertid}.yaml b/x-pack/plugins/cases/common/openapi/paths/api@cases@alerts@{alertid}.yaml new file mode 100644 index 0000000000000..a00ac1e3aa044 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/paths/api@cases@alerts@{alertid}.yaml @@ -0,0 +1,28 @@ +get: + description: > + Returns the cases associated with a specific alert. + You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. + x-technical-preview: true + parameters: + - $ref: ../components/parameters/alert_id.yaml + - in: query + name: owner + description: A filter to limit the retrieved case statistics to a specific set of applications. If this parameter is omitted, the response contains all cases that the user has access to read. + schema: + oneOf: + - $ref: '../components/schemas/owners.yaml' + - type: array + items: + $ref: '../components/schemas/owners.yaml' + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 +servers: + - url: https://localhost:5601 \ No newline at end of file diff --git a/x-pack/plugins/cases/common/openapi/paths/api@cases@configure.yaml b/x-pack/plugins/cases/common/openapi/paths/api@cases@configure.yaml new file mode 100644 index 0000000000000..9f5a0fea22c2f --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/paths/api@cases@configure.yaml @@ -0,0 +1,95 @@ +get: + description: > + Retrieves external connection details, such as the closure type and default connector for cases. + You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case configuration. + parameters: + - in: query + name: owner + description: A filter to limit the retrieved case statistics to a specific set of applications. If this parameter is omitted, the response contains all cases that the user has access to read. + schema: + oneOf: + - $ref: '../components/schemas/owners.yaml' + - type: array + items: + $ref: '../components/schemas/owners.yaml' + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + +post: + description: > + Sets external connection details, such as the closure type and default connector for cases. + You must have all privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case configuration. + Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. Refer to the add connectors API. + If you set a default connector, it is automatically selected when you create cases in Kibana. If you use the create case API, however, you must still specify all of the connector details. + parameters: + - $ref: ../components/headers/kbn_xsrf.yaml + requestBody: + content: + application/json: + schema: + type: object + properties: + closure_type: + $ref: '../components/schemas/closure_types.yaml' + connector: + description: An object that contains the connector configuration. + type: object + properties: + fields: + description: > + An object that contains the connector fields. + TIP: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to null. + type: object + additionalProperties: true + example: null + id: + description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. + type: string + example: "none" + name: + description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. + type: string + example: "none" + type: + $ref: '../components/schemas/connector_types.yaml' + required: + - fields + - id + - name + - type + owner: + $ref: '../components/schemas/owners.yaml' + settings: + description: An object that contains the case settings. + type: object + properties: + syncAlerts: + description: Turns alert syncing on or off. + type: boolean + required: + - syncAlerts + required: + - closure_type + - connector + - owner + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + +servers: + - url: https://localhost:5601 \ No newline at end of file diff --git a/x-pack/plugins/cases/common/openapi/paths/api@cases@configure@connectors@_find.yaml b/x-pack/plugins/cases/common/openapi/paths/api@cases@configure@connectors@_find.yaml new file mode 100644 index 0000000000000..52419fe9e684a --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/paths/api@cases@configure@connectors@_find.yaml @@ -0,0 +1,16 @@ +get: + description: > + Retrieves information about connectors. In particular, only the connectors that are supported for use in cases are returned. + You must have read privileges for the **Actions and Connectors** feature in the **Management** section of the Kibana feature privileges. + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 +servers: + - url: https://localhost:5601 diff --git a/x-pack/plugins/cases/common/openapi/paths/api@cases@configure@{configurationid}.yaml b/x-pack/plugins/cases/common/openapi/paths/api@cases@configure@{configurationid}.yaml new file mode 100644 index 0000000000000..3d8c31e643228 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/paths/api@cases@configure@{configurationid}.yaml @@ -0,0 +1,60 @@ +patch: + description: > + Updates external connection details, such as the closure type and default connector for cases. + You must have all privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case configuration. + Connectors are used to interface with external systems. You must create a connector before you can it in your cases. Refer to the add connectors API. + parameters: + - $ref: ../components/headers/kbn_xsrf.yaml + - $ref: ../components/parameters/configuration_id.yaml + requestBody: + content: + application/json: + schema: + type: object + properties: + closure_type: + $ref: '../components/schemas/closure_types.yaml' + connector: + description: An object that contains the connector configuration. + type: object + properties: + fields: + description: > + An object that contains the connector fields. + TIP: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to null. + type: object + additionalProperties: true + example: null + id: + description: The identifier for the connector. To To retrieve connector IDs, use the find connectors API. + type: string + example: "none" + name: + description: The name of the connector. + type: string + example: "none" + type: + $ref: '../components/schemas/connector_types.yaml' + required: + - fields + - id + - name + - type + version: + description: The version of the connector. To retrieve the version value, use the get configuration API. + type: string + example: "WzIwMiwxXQ==" + required: + - version + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 +servers: + - url: https://localhost:5601 \ No newline at end of file diff --git a/x-pack/plugins/cases/common/openapi/paths/api@cases@reporters.yaml b/x-pack/plugins/cases/common/openapi/paths/api@cases@reporters.yaml new file mode 100644 index 0000000000000..01be74b0f373b --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/paths/api@cases@reporters.yaml @@ -0,0 +1,18 @@ +get: + description: > + Returns information about the users who opened cases. + You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. + parameters: + - $ref: '../components/parameters/owner.yaml' + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 +servers: + - url: https://localhost:5601 diff --git a/x-pack/plugins/cases/common/openapi/paths/api@cases@status.yaml b/x-pack/plugins/cases/common/openapi/paths/api@cases@status.yaml new file mode 100644 index 0000000000000..79de144a82e47 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/paths/api@cases@status.yaml @@ -0,0 +1,19 @@ +get: + description: > + Returns the number of cases that are open, closed, and in progress. + You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. + deprecated: true + parameters: + - $ref: '../components/parameters/owner.yaml' + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 +servers: + - url: https://localhost:5601 diff --git a/x-pack/plugins/cases/common/openapi/paths/api@cases@tags.yaml b/x-pack/plugins/cases/common/openapi/paths/api@cases@tags.yaml new file mode 100644 index 0000000000000..80a60c41804cb --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/paths/api@cases@tags.yaml @@ -0,0 +1,26 @@ +get: + description: > + Aggregates and returns a list of case tags. + You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. + parameters: + - in: query + name: owner + description: A filter to limit the retrieved case statistics to a specific set of applications. If this parameter is omitted, the response contains tags from all cases that the user has access to read. + schema: + oneOf: + - $ref: '../components/schemas/owners.yaml' + - type: array + items: + $ref: '../components/schemas/owners.yaml' + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 +servers: + - url: https://localhost:5601 diff --git a/x-pack/plugins/cases/common/openapi/paths/api@cases@{caseid}.yaml b/x-pack/plugins/cases/common/openapi/paths/api@cases@{caseid}.yaml new file mode 100644 index 0000000000000..3b6cd8d82aabc --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/paths/api@cases@{caseid}.yaml @@ -0,0 +1,25 @@ +get: + description: > + Retrieves a specified case. + You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. + parameters: + - $ref: ../components/parameters/case_id.yaml + - in: query + name: includeComments + description: Determines whether case comments are returned. + deprecated: true + schema: + type: boolean + default: true + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 +servers: + - url: https://localhost:5601 diff --git a/x-pack/plugins/cases/common/openapi/paths/api@cases@{caseid}@alerts.yaml b/x-pack/plugins/cases/common/openapi/paths/api@cases@{caseid}@alerts.yaml new file mode 100644 index 0000000000000..2a2972362f733 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/paths/api@cases@{caseid}@alerts.yaml @@ -0,0 +1,19 @@ +get: + description: > + Gets all alerts attached to a case. + You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. + x-technical-preview: true + parameters: + - $ref: ../components/parameters/case_id.yaml + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 +servers: + - url: https://localhost:5601 \ No newline at end of file diff --git a/x-pack/plugins/cases/common/openapi/paths/api@cases@{caseid}@comments.yaml b/x-pack/plugins/cases/common/openapi/paths/api@cases@{caseid}@comments.yaml new file mode 100644 index 0000000000000..d3490c5461b46 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/paths/api@cases@{caseid}@comments.yaml @@ -0,0 +1,172 @@ +post: + description: > + Adds a comment to a case. + You must have all privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating. + parameters: + - $ref: ../components/headers/kbn_xsrf.yaml + - $ref: ../components/parameters/case_id.yaml + requestBody: + content: + application/json: + schema: + type: object + properties: + alertId: + description: The alert identifier. It is required only when `type` is `alert`. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. + type: string + comment: + description: The new comment. It is required only when `type` is `user`. + type: string + index: + description: The alert index. It is required only when `type` is `alert`. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. + type: string + owner: + $ref: '../components/schemas/owners.yaml' + rule: + description: The rule that is associated with the alert. It is required only when type is alert. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. + type: object + properties: + id: + description: The rule identifier. + type: string + name: + description: The rule name. + type: string + type: + $ref: '../components/schemas/comment_types.yaml' + required: + - owner + - type + examples: + '0': + value: > + { + + "type": "user", + + "owner": "cases", + + "comment": "That is nothing - Ethan Hunt answered a targeted + social media campaign promoting phishy pension schemes to IMF + operatives." + + } + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + +patch: + description: > + Updates a comment in a case. + You must have all privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating. + parameters: + - $ref: ../components/headers/kbn_xsrf.yaml + - $ref: ../components/parameters/case_id.yaml + requestBody: + content: + application/json: + schema: + type: object + properties: + alertId: + description: The alert identifier. It is required only when `type` is `alert`. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. + type: string + comment: + description: The new comment. It is required only when `type` is `user`. + type: string + id: + description: The identifier for the comment. + type: string + index: + description: The alert index. It is required only when `type` is `alert`. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. + type: string + owner: + $ref: '../components/schemas/owners.yaml' + rule: + description: The rule that is associated with the alert. It is required only when type is alert. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. + type: object + properties: + id: + description: The rule identifier. + type: string + name: + description: The rule name. + type: string + type: + $ref: '../components/schemas/comment_types.yaml' + version: + description: The current version of the comment. + type: string + required: + - id + - owner + - type + - version + examples: + '0': + value: |- + { + "id": "c7740680-b5e9-11ec-b141-0fdb20a7f9a9", + "version": "WzI2NiwzXQ==", + "type": "user", + "comment": "Updated comment", + "owner": "cases" + } + '1': + value: | + { + "type": "user", + "owner": "cases", + "comment": "no2." + } + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + +delete: + description: > + Deletes all comments from a case. + You must have all privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're updating. + parameters: + - $ref: ../components/headers/kbn_xsrf.yaml + - $ref: ../components/parameters/case_id.yaml + responses: + '204': + description: Indicates a successful call. + servers: + - url: https://localhost:5601 + +get: + description: > + Retrieves all the comments from a case. + You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking. + deprecated: true + parameters: + - $ref: ../components/parameters/case_id.yaml + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + +servers: + - url: https://localhost:5601 \ No newline at end of file diff --git a/x-pack/plugins/cases/common/openapi/paths/api@cases@{caseid}@comments@{commentid}.yaml b/x-pack/plugins/cases/common/openapi/paths/api@cases@{caseid}@comments@{commentid}.yaml new file mode 100644 index 0000000000000..bf69042a4d5c3 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/paths/api@cases@{caseid}@comments@{commentid}.yaml @@ -0,0 +1,34 @@ +delete: + description: > + Deletes a comment from a case. + You must have all privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're updating. + parameters: + - $ref: ../components/headers/kbn_xsrf.yaml + - $ref: ../components/parameters/case_id.yaml + - $ref: '../components/parameters/comment_id.yaml' + responses: + '204': + description: Indicates a successful call. + servers: + - url: https://localhost:5601 + +get: + description: > + Retrieves a comment from a case. + You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking. + parameters: + - $ref: '../components/parameters/case_id.yaml' + - $ref: '../components/parameters/comment_id.yaml' + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + +servers: + - url: https://localhost:5601 \ No newline at end of file diff --git a/x-pack/plugins/cases/common/openapi/paths/api@cases@{caseid}@connector@{connectorid}@_push.yaml b/x-pack/plugins/cases/common/openapi/paths/api@cases@{caseid}@connector@{connectorid}@_push.yaml new file mode 100644 index 0000000000000..896707bac93ba --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/paths/api@cases@{caseid}@connector@{connectorid}@_push.yaml @@ -0,0 +1,15 @@ +post: + description: > + Pushes a case to an external service. + You must have all privileges for the **Actions and Connectors** feature in the ***Management*** section of the Kibana feature privileges. You must also have all privileges for the **Cases*** feature in the **Management**, ***Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're pushing. + parameters: + - $ref: ../components/headers/kbn_xsrf.yaml + - $ref: ../components/parameters/case_id.yaml + - $ref: '../components/parameters/connector_id.yaml' + responses: + '200': + description: Indicates a successful call. + servers: + - url: https://localhost:5601 +servers: + - url: https://localhost:5601 \ No newline at end of file diff --git a/x-pack/plugins/cases/common/openapi/paths/api@cases@{caseid}@user_actions.yaml b/x-pack/plugins/cases/common/openapi/paths/api@cases@{caseid}@user_actions.yaml new file mode 100644 index 0000000000000..b1f8e8f9e2421 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/paths/api@cases@{caseid}@user_actions.yaml @@ -0,0 +1,19 @@ +get: + description: > + Returns all user activity for the specified case. + You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. + deprecated: true + parameters: + - $ref: '../components/parameters/case_id.yaml' + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 +servers: + - url: https://localhost:5601 diff --git a/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases.yaml b/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases.yaml new file mode 100644 index 0000000000000..fd9c236f56c33 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases.yaml @@ -0,0 +1,136 @@ +post: + description: > + Creates a case. + You must have all privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're creating. + parameters: + - $ref: ../components/headers/kbn_xsrf.yaml + - $ref: '../components/parameters/space_id.yaml' + requestBody: + content: + application/json: + schema: + type: object + properties: + connector: + description: An object that contains the connector configuration. + type: object + properties: + $ref: '../components/schemas/connector_properties.yaml' + description: + description: The description for the case. + type: string + owner: + $ref: '../components/schemas/owners.yaml' + settings: + description: An object that contains the case settings. + type: object + properties: + syncAlerts: + description: Turns alert syncing on or off. + type: boolean + tags: + description: The words and phrases that help categorize cases. It can be an empty array. + type: array + items: + type: string + title: + description: A title for the case. + type: string + required: + - connector + - description + - owner + - settings + - tags + - title + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + +delete: + description: > + Deletes one or more cases. + You must have all privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting. + parameters: + - $ref: ../components/headers/kbn_xsrf.yaml + - $ref: '../components/parameters/space_id.yaml' + - name: ids + description: The cases that you want to removed. All non-ASCII characters must be URL encoded. + in: query + required: true + schema: + type: string + example: '%5B%22d4e7abb0-b462-11ec-9a8d-698504725a43%22%5D' + responses: + '204': + description: Indicates a successful call. + servers: + - url: https://localhost:5601 + +patch: + description: > + Updates one or more cases. + You must have all privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating. + parameters: + - $ref: ../components/headers/kbn_xsrf.yaml + - $ref: '../components/parameters/space_id.yaml' + requestBody: + content: + application/json: + schema: + type: object + properties: + connector: + description: An object that contains the connector configuration. + type: object + properties: + $ref: '../components/schemas/connector_properties.yaml' + description: + description: The description for the case. + type: string + id: + description: The identifier for the case. + type: string + settings: + description: An object that contains the case settings. + type: object + properties: + syncAlerts: + description: Turns alert syncing on or off. + type: boolean + status: + $ref: '../components/schemas/status.yaml' + tags: + description: The words and phrases that help categorize cases. + type: array + items: + type: string + title: + description: A title for the case. + type: string + version: + description: The current version of the case. + type: string + required: + - id + - version + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + +servers: + - url: https://localhost:5601 \ No newline at end of file diff --git a/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases@_find.yaml b/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases@_find.yaml new file mode 100644 index 0000000000000..ef70bc8125034 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases@_find.yaml @@ -0,0 +1,32 @@ +get: + description: > + Retrieves a paginated subset of cases. + You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. + parameters: + - $ref: '../components/parameters/space_id.yaml' + - $ref: '../components/parameters/default_search_operator.yaml' + - $ref: '../components/parameters/fields.yaml' + - $ref: '../components/parameters/from.yaml' + - $ref: '../components/parameters/owner.yaml' + - $ref: '../components/parameters/page.yaml' + - $ref: '../components/parameters/per_page.yaml' + - $ref: '../components/parameters/reporters.yaml' + - $ref: '../components/parameters/search.yaml' + - $ref: '../components/parameters/search_fields.yaml' + - $ref: '../components/parameters/sort_field.yaml' + - $ref: '../components/parameters/sort_order.yaml' + - $ref: '../components/parameters/status.yaml' + - $ref: '../components/parameters/tags.yaml' + - $ref: '../components/parameters/to.yaml' + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 +servers: + - url: https://localhost:5601 \ No newline at end of file diff --git a/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases@alerts@{alertid}.yaml b/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases@alerts@{alertid}.yaml new file mode 100644 index 0000000000000..7c3190cfb781d --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases@alerts@{alertid}.yaml @@ -0,0 +1,29 @@ +get: + description: > + Returns the cases associated with a specific alert. + You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. + x-technical-preview: true + parameters: + - $ref: ../components/parameters/alert_id.yaml + - $ref: '../components/parameters/space_id.yaml' + - in: query + name: owner + description: A filter to limit the retrieved case statistics to a specific set of applications. If this parameter is omitted, the response contains all cases that the user has access to read. + schema: + oneOf: + - $ref: '../components/schemas/owners.yaml' + - type: array + items: + $ref: '../components/schemas/owners.yaml' + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 +servers: + - url: https://localhost:5601 \ No newline at end of file diff --git a/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases@configure.yaml b/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases@configure.yaml new file mode 100644 index 0000000000000..e399b2e49f0e3 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases@configure.yaml @@ -0,0 +1,97 @@ +get: + description: > + Retrieves external connection details, such as the closure type and default connector for cases. + You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case configuration. + parameters: + - $ref: '../components/parameters/space_id.yaml' + - in: query + name: owner + description: A filter to limit the retrieved case statistics to a specific set of applications. If this parameter is omitted, the response contains all cases that the user has access to read. + schema: + oneOf: + - $ref: '../components/schemas/owners.yaml' + - type: array + items: + $ref: '../components/schemas/owners.yaml' + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + +post: + description: > + Sets external connection details, such as the closure type and default connector for cases. + You must have all privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case configuration. + Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. Refer to the add connectors API. + If you set a default connector, it is automatically selected when you create cases in Kibana. If you use the create case API, however, you must still specify all of the connector details. + parameters: + - $ref: ../components/headers/kbn_xsrf.yaml + - $ref: '../components/parameters/space_id.yaml' + requestBody: + content: + application/json: + schema: + type: object + properties: + closure_type: + $ref: '../components/schemas/closure_types.yaml' + connector: + description: An object that contains the connector configuration. + type: object + properties: + fields: + description: > + An object that contains the connector fields. + TIP: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to null. + type: object + additionalProperties: true + example: null + id: + description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. + type: string + example: "none" + name: + description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. + type: string + example: "none" + type: + $ref: '../components/schemas/connector_types.yaml' + required: + - fields + - id + - name + - type + owner: + $ref: '../components/schemas/owners.yaml' + settings: + description: An object that contains the case settings. + type: object + properties: + syncAlerts: + description: Turns alert syncing on or off. + type: boolean + required: + - syncAlerts + required: + - closure_type + - connector + - owner + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + +servers: + - url: https://localhost:5601 \ No newline at end of file diff --git a/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases@configure@connectors@_find.yaml b/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases@configure@connectors@_find.yaml new file mode 100644 index 0000000000000..bb084d0c94567 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases@configure@connectors@_find.yaml @@ -0,0 +1,18 @@ +get: + description: > + Retrieves information about connectors. In particular, only the connectors that are supported for use in cases are returned. + You must have read privileges for the **Actions and Connectors** feature in the **Management** section of the Kibana feature privileges. + parameters: + - $ref: '../components/parameters/space_id.yaml' + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 +servers: + - url: https://localhost:5601 diff --git a/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases@configure@{configurationid}.yaml b/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases@configure@{configurationid}.yaml new file mode 100644 index 0000000000000..494811a229690 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases@configure@{configurationid}.yaml @@ -0,0 +1,61 @@ +patch: + description: > + Updates external connection details, such as the closure type and default connector for cases. + You must have all privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case configuration. + Connectors are used to interface with external systems. You must create a connector before you can it in your cases. Refer to the add connectors API. + parameters: + - $ref: ../components/headers/kbn_xsrf.yaml + - $ref: ../components/parameters/configuration_id.yaml + - $ref: '../components/parameters/space_id.yaml' + requestBody: + content: + application/json: + schema: + type: object + properties: + closure_type: + $ref: '../components/schemas/closure_types.yaml' + connector: + description: An object that contains the connector configuration. + type: object + properties: + fields: + description: > + An object that contains the connector fields. + TIP: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to null. + type: object + additionalProperties: true + example: null + id: + description: The identifier for the connector. To To retrieve connector IDs, use the find connectors API. + type: string + example: "none" + name: + description: The name of the connector. + type: string + example: "none" + type: + $ref: '../components/schemas/connector_types.yaml' + required: + - fields + - id + - name + - type + version: + description: The version of the connector. To retrieve the version value, use the get configuration API. + type: string + example: "WzIwMiwxXQ==" + required: + - version + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 +servers: + - url: https://localhost:5601 \ No newline at end of file diff --git a/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases@reporters.yaml b/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases@reporters.yaml new file mode 100644 index 0000000000000..29448eb8ddbde --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases@reporters.yaml @@ -0,0 +1,19 @@ +get: + description: > + Returns information about the users who opened cases. + You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. + parameters: + - $ref: '../components/parameters/space_id.yaml' + - $ref: '../components/parameters/owner.yaml' + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 +servers: + - url: https://localhost:5601 diff --git a/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases@status.yaml b/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases@status.yaml new file mode 100644 index 0000000000000..3f3bc63878e82 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases@status.yaml @@ -0,0 +1,20 @@ +get: + description: > + Returns the number of cases that are open, closed, and in progress. + You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. + deprecated: true + parameters: + - $ref: '../components/parameters/space_id.yaml' + - $ref: '../components/parameters/owner.yaml' + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 +servers: + - url: https://localhost:5601 diff --git a/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases@tags.yaml b/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases@tags.yaml new file mode 100644 index 0000000000000..e762dceac6600 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases@tags.yaml @@ -0,0 +1,27 @@ +get: + description: > + Aggregates and returns a list of case tags. + You must have read privileges for the **Cases*** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. + parameters: + - $ref: '../components/parameters/space_id.yaml' + - in: query + name: owner + description: A filter to limit the retrieved case statistics to a specific set of applications. If this parameter is omitted, the response contains tags from all cases that the user has access to read. + schema: + oneOf: + - $ref: '../components/schemas/owners.yaml' + - type: array + items: + $ref: '../components/schemas/owners.yaml' + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 +servers: + - url: https://localhost:5601 diff --git a/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases@{caseid}.yaml b/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases@{caseid}.yaml new file mode 100644 index 0000000000000..3b2c3d598f3b1 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases@{caseid}.yaml @@ -0,0 +1,26 @@ +get: + description: > + Retrieves a specified case. + You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. + parameters: + - $ref: ../components/parameters/case_id.yaml + - $ref: '../components/parameters/space_id.yaml' + - in: query + name: includeComments + description: Determines whether case comments are returned. + deprecated: true + schema: + type: boolean + default: true + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 +servers: + - url: https://localhost:5601 diff --git a/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases@{caseid}@alerts.yaml b/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases@{caseid}@alerts.yaml new file mode 100644 index 0000000000000..807c8df1df03d --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases@{caseid}@alerts.yaml @@ -0,0 +1,20 @@ +get: + description: > + Gets all alerts attached to a case. + You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. + x-technical-preview: true + parameters: + - $ref: ../components/parameters/case_id.yaml + - $ref: '../components/parameters/space_id.yaml' + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 +servers: + - url: https://localhost:5601 \ No newline at end of file diff --git a/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases@{caseid}@comments.yaml b/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases@{caseid}@comments.yaml new file mode 100644 index 0000000000000..ab3e016b220c3 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases@{caseid}@comments.yaml @@ -0,0 +1,176 @@ +post: + description: > + Adds a comment to a case. + You must have all privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating. + parameters: + - $ref: ../components/headers/kbn_xsrf.yaml + - $ref: ../components/parameters/case_id.yaml + - $ref: '../components/parameters/space_id.yaml' + requestBody: + content: + application/json: + schema: + type: object + properties: + alertId: + description: The alert identifier. It is required only when `type` is `alert`. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. + type: string + comment: + description: The new comment. It is required only when `type` is `user`. + type: string + index: + description: The alert index. It is required only when `type` is `alert`. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. + type: string + owner: + $ref: '../components/schemas/owners.yaml' + rule: + description: The rule that is associated with the alert. It is required only when type is alert. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. + type: object + properties: + id: + description: The rule identifier. + type: string + name: + description: The rule name. + type: string + type: + $ref: '../components/schemas/comment_types.yaml' + required: + - owner + - type + examples: + '0': + value: > + { + + "type": "user", + + "owner": "cases", + + "comment": "That is nothing - Ethan Hunt answered a targeted + social media campaign promoting phishy pension schemes to IMF + operatives." + + } + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + +patch: + description: > + Updates a comment in a case. + You must have all privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating. + parameters: + - $ref: ../components/headers/kbn_xsrf.yaml + - $ref: ../components/parameters/case_id.yaml + - $ref: '../components/parameters/space_id.yaml' + requestBody: + content: + application/json: + schema: + type: object + properties: + alertId: + description: The alert identifier. It is required only when `type` is `alert`. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. + type: string + comment: + description: The new comment. It is required only when `type` is `user`. + type: string + id: + description: The identifier for the comment. + type: string + index: + description: The alert index. It is required only when `type` is `alert`. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. + type: string + owner: + $ref: '../components/schemas/owners.yaml' + rule: + description: The rule that is associated with the alert. It is required only when type is alert. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. + type: object + properties: + id: + description: The rule identifier. + type: string + name: + description: The rule name. + type: string + type: + $ref: '../components/schemas/comment_types.yaml' + version: + description: The current version of the comment. + type: string + required: + - id + - owner + - type + - version + examples: + '0': + value: |- + { + "id": "c7740680-b5e9-11ec-b141-0fdb20a7f9a9", + "version": "WzI2NiwzXQ==", + "type": "user", + "comment": "Updated comment", + "owner": "cases" + } + '1': + value: | + { + "type": "user", + "owner": "cases", + "comment": "no2." + } + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + +delete: + description: > + Deletes all comments from a case. + You must have all privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're updating. + parameters: + - $ref: ../components/headers/kbn_xsrf.yaml + - $ref: ../components/parameters/case_id.yaml + - $ref: '../components/parameters/space_id.yaml' + responses: + '204': + description: Indicates a successful call. + servers: + - url: https://localhost:5601 + +get: + description: > + Retrieves all the comments from a case. + You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking. + deprecated: true + parameters: + - $ref: '../components/parameters/case_id.yaml' + - $ref: '../components/parameters/space_id.yaml' + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + +servers: + - url: https://localhost:5601 \ No newline at end of file diff --git a/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases@{caseid}@comments@{commentid}.yaml b/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases@{caseid}@comments@{commentid}.yaml new file mode 100644 index 0000000000000..8175f1d72ba56 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases@{caseid}@comments@{commentid}.yaml @@ -0,0 +1,36 @@ +delete: + description: > + Deletes a comment from a case. + You must have all privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're updating. + parameters: + - $ref: ../components/headers/kbn_xsrf.yaml + - $ref: '../components/parameters/space_id.yaml' + - $ref: ../components/parameters/case_id.yaml + - $ref: '../components/parameters/comment_id.yaml' + responses: + '204': + description: Indicates a successful call. + servers: + - url: https://localhost:5601 + +get: + description: > + Retrieves a comment from a case. + You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security*** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking. + parameters: + - $ref: '../components/parameters/case_id.yaml' + - $ref: '../components/parameters/comment_id.yaml' + - $ref: '../components/parameters/space_id.yaml' + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 + +servers: + - url: https://localhost:5601 \ No newline at end of file diff --git a/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases@{caseid}@connector@{connectorid}@_push.yaml b/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases@{caseid}@connector@{connectorid}@_push.yaml new file mode 100644 index 0000000000000..1ea8f9a6993bd --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases@{caseid}@connector@{connectorid}@_push.yaml @@ -0,0 +1,16 @@ +post: + description: > + Pushes a case to an external service. + You must have all privileges for the **Actions and Connectors** feature in the ***Management*** section of the Kibana feature privileges. You must also have all privileges for the **Cases*** feature in the **Management**, ***Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're pushing. + parameters: + - $ref: ../components/headers/kbn_xsrf.yaml + - $ref: ../components/parameters/case_id.yaml + - $ref: '../components/parameters/connector_id.yaml' + - $ref: '../components/parameters/space_id.yaml' + responses: + '200': + description: Indicates a successful call. + servers: + - url: https://localhost:5601 +servers: + - url: https://localhost:5601 \ No newline at end of file diff --git a/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases@{caseid}@user_actions.yaml b/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases@{caseid}@user_actions.yaml new file mode 100644 index 0000000000000..02a05cdebe8d5 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/paths/s@{spaceid}@api@cases@{caseid}@user_actions.yaml @@ -0,0 +1,20 @@ +get: + description: > + Returns all user activity for the specified case. + You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. + deprecated: true + parameters: + - $ref: '../components/parameters/case_id.yaml' + - $ref: '../components/parameters/space_id.yaml' + responses: + '200': + description: Indicates a successful call. + content: + application/json; charset=utf-8: + schema: + type: string + examples: {} + servers: + - url: https://localhost:5601 +servers: + - url: https://localhost:5601 diff --git a/x-pack/plugins/cases/common/openapi/validate_docs.test.ts b/x-pack/plugins/cases/common/openapi/validate_docs.test.ts new file mode 100644 index 0000000000000..2a003c9507537 --- /dev/null +++ b/x-pack/plugins/cases/common/openapi/validate_docs.test.ts @@ -0,0 +1,27 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import SwaggerParser from '@apidevtools/swagger-parser'; + +// Validate the entrypoint.yaml file, sothe generated bundle will be correct. +// https://github.com/APIDevTools/swagger-parser + +const validateDocs = async (entrypointFile: string) => { + try { + await SwaggerParser.validate(entrypointFile); + return 'Entrypoint is valid'; + } catch (err) { + return err; + } +}; + +describe('openApi', () => { + it('Checks that entrypoint.yaml is valid', async () => { + expect(await validateDocs('x-pack/plugins/cases/common/openapi/entrypoint.yaml')).toEqual( + 'Entrypoint is valid' + ); + }); +});