diff --git a/docs/api-generated/cases/case-apis-passthru.asciidoc b/docs/api-generated/cases/case-apis-passthru.asciidoc new file mode 100644 index 0000000000000..a2611d06f5928 --- /dev/null +++ b/docs/api-generated/cases/case-apis-passthru.asciidoc @@ -0,0 +1,2714 @@ +//// +This content is generated from the open API specification. +Any modifications made to this file will be overwritten. +//// + +++++ +
+

Access

+
    +
  1. APIKey KeyParamName:ApiKey KeyInQuery:false KeyInHeader:true
    2. +
  2. HTTP Basic Authentication
    3. +
+ +

Methods

+ [ Jump to Models ] + +

Table of Contents

+
+

Cases

+ + +

Cases

+
+
+ Up + 
post /s/{spaceId}/api/cases/{caseId}/comments
+
Adds a comment or alert to a case. (addCaseComment)
+
You must have all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're updating.
+ +

Path parameters

+
+
caseId (required)
+ +
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
spaceId (required)
+ +
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
+
+ +

Consumes

+ This API call consumes the following media types via the Content-Type request header: + + +

Request body

+
+
Add_case_comment_request Add_case_comment_request (optional)
+ +
Body Parameter
+ +
+ +

Request headers

+
+
kbn-xsrf (required)
+ +
Header Parameter — default: null
+ +
+ + + +

Return type

+
+ createCase_200_response + +
+ + + +

Example data

+
Content-Type: application/json
+ 
{
+  "owner" : "cases",
+  "totalComment" : 0,
+  "settings" : {
+    "syncAlerts" : true
+  },
+  "totalAlerts" : 0,
+  "closed_at" : "2000-01-23T04:56:07.000+00:00",
+  "comments" : [ null, null ],
+  "created_at" : "2022-05-13T09:16:17.416Z",
+  "description" : "A case description.",
+  "title" : "Case title 1",
+  "created_by" : {
+    "full_name" : "full_name",
+    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
+    "email" : "email",
+    "username" : "elastic"
+  },
+  "version" : "WzUzMiwxXQ==",
+  "closed_by" : {
+    "full_name" : "full_name",
+    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
+    "email" : "email",
+    "username" : "elastic"
+  },
+  "tags" : [ "tag-1" ],
+  "duration" : 120,
+  "connector" : {
+    "name" : "none",
+    "id" : "none",
+    "fields" : {
+      "destIp" : "destIp",
+      "severity" : "severity",
+      "parent" : "parent",
+      "impact" : "impact",
+      "malwareUrl" : "malwareUrl",
+      "priority" : "priority",
+      "issueTypes" : [ 0.8008281904610115, 0.8008281904610115 ],
+      "issueType" : "issueType",
+      "sourceIp" : "sourceIp",
+      "urgency" : "urgency",
+      "malwareHash" : "malwareHash",
+      "caseId" : "caseId",
+      "severityCode" : 6.027456183070403,
+      "category" : "category",
+      "subcategory" : "subcategory"
+    },
+    "type" : ".none"
+  },
+  "updated_at" : "2000-01-23T04:56:07.000+00:00",
+  "updated_by" : {
+    "full_name" : "full_name",
+    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
+    "email" : "email",
+    "username" : "elastic"
+  },
+  "id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
+  "external_service" : {
+    "external_title" : "external_title",
+    "pushed_by" : {
+      "full_name" : "full_name",
+      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
+      "email" : "email",
+      "username" : "elastic"
+    },
+    "external_url" : "external_url",
+    "pushed_at" : "2000-01-23T04:56:07.000+00:00",
+    "connector_id" : "connector_id",
+    "external_id" : "external_id",
+    "connector_name" : "connector_name"
+  }
+}
+ +

Produces

+ This API call produces the following media types according to the Accept request header; + the media type will be conveyed by the Content-Type response header. + + +

Responses

+

200

+ Indicates a successful call. + createCase_200_response +
+
+
+
+ Up + 
post /s/{spaceId}/api/cases
+
Creates a case. (createCase)
+
You must have all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're creating.
+ +

Path parameters

+
+
spaceId (required)
+ +
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
+
+ +

Consumes

+ This API call consumes the following media types via the Content-Type request header: + + +

Request body

+
+
createCase_request createCase_request (optional)
+ +
Body Parameter
+ +
+ +

Request headers

+
+
kbn-xsrf (required)
+ +
Header Parameter — default: null
+ +
+ + + +

Return type

+
+ createCase_200_response + +
+ + + +

Example data

+
Content-Type: application/json
+ 
{
+  "owner" : "cases",
+  "totalComment" : 0,
+  "settings" : {
+    "syncAlerts" : true
+  },
+  "totalAlerts" : 0,
+  "closed_at" : "2000-01-23T04:56:07.000+00:00",
+  "comments" : [ null, null ],
+  "created_at" : "2022-05-13T09:16:17.416Z",
+  "description" : "A case description.",
+  "title" : "Case title 1",
+  "created_by" : {
+    "full_name" : "full_name",
+    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
+    "email" : "email",
+    "username" : "elastic"
+  },
+  "version" : "WzUzMiwxXQ==",
+  "closed_by" : {
+    "full_name" : "full_name",
+    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
+    "email" : "email",
+    "username" : "elastic"
+  },
+  "tags" : [ "tag-1" ],
+  "duration" : 120,
+  "connector" : {
+    "name" : "none",
+    "id" : "none",
+    "fields" : {
+      "destIp" : "destIp",
+      "severity" : "severity",
+      "parent" : "parent",
+      "impact" : "impact",
+      "malwareUrl" : "malwareUrl",
+      "priority" : "priority",
+      "issueTypes" : [ 0.8008281904610115, 0.8008281904610115 ],
+      "issueType" : "issueType",
+      "sourceIp" : "sourceIp",
+      "urgency" : "urgency",
+      "malwareHash" : "malwareHash",
+      "caseId" : "caseId",
+      "severityCode" : 6.027456183070403,
+      "category" : "category",
+      "subcategory" : "subcategory"
+    },
+    "type" : ".none"
+  },
+  "updated_at" : "2000-01-23T04:56:07.000+00:00",
+  "updated_by" : {
+    "full_name" : "full_name",
+    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
+    "email" : "email",
+    "username" : "elastic"
+  },
+  "id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
+  "external_service" : {
+    "external_title" : "external_title",
+    "pushed_by" : {
+      "full_name" : "full_name",
+      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
+      "email" : "email",
+      "username" : "elastic"
+    },
+    "external_url" : "external_url",
+    "pushed_at" : "2000-01-23T04:56:07.000+00:00",
+    "connector_id" : "connector_id",
+    "external_id" : "external_id",
+    "connector_name" : "connector_name"
+  }
+}
+ +

Produces

+ This API call produces the following media types according to the Accept request header; + the media type will be conveyed by the Content-Type response header. + + +

Responses

+

200

+ Indicates a successful call. + createCase_200_response +
+
+
+
+ Up + 
delete /s/{spaceId}/api/cases
+
Deletes one or more cases. (deleteCase)
+
You must have read or all privileges and the delete sub-feature privilege for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're deleting.
+ +

Path parameters

+
+
spaceId (required)
+ +
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
+
+ + + +

Request headers

+
+
kbn-xsrf (required)
+ +
Header Parameter — default: null
+ +
+ +

Query parameters

+
+
ids (required)
+ +
Query Parameter — The cases that you want to removed. All non-ASCII characters must be URL encoded. default: null
+
+ + + + + + + +

Responses

+

204

+ Indicates a successful call. + +
+
+
+
+ Up + 
delete /s/{spaceId}/api/cases/{caseId}/comments/{commentId}
+
Deletes a comment or alert from a case. (deleteCaseComment)
+
You must have all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're deleting.
+ +

Path parameters

+
+
caseId (required)
+ +
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
commentId (required)
+ +
Path Parameter — The identifier for the comment. To retrieve comment IDs, use the get case or find cases APIs. default: null
spaceId (required)
+ +
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
+
+ + + +

Request headers

+
+
kbn-xsrf (required)
+ +
Header Parameter — default: null
+ +
+ + + + + + + + +

Responses

+

204

+ Indicates a successful call. + +
+
+
+
+ Up + 
delete /s/{spaceId}/api/cases/{caseId}/comments
+
Deletes all comments and alerts from a case. (deleteCaseComments)
+
You must have all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're deleting.
+ +

Path parameters

+
+
caseId (required)
+ +
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
spaceId (required)
+ +
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
+
+ + + +

Request headers

+
+
kbn-xsrf (required)
+ +
Header Parameter — default: null
+ +
+ + + + + + + + +

Responses

+

204

+ Indicates a successful call. + +
+
+
+
+ Up + 
get /s/{spaceId}/api/cases/{caseId}/comments
+
Retrieves all the comments from a case. (getAllCaseComments)
+
You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.
+ +

Path parameters

+
+
caseId (required)
+ +
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
spaceId (required)
+ +
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
+
+ + + + + + +

Return type

+
+ array[getAllCaseComments_200_response_inner] + +
+ + + +

Example data

+
Content-Type: application/json
+ 
null
+

Example data

+
Content-Type: examples
+ 
Custom MIME type example not yet supported: examples
+ +

Produces

+ This API call produces the following media types according to the Accept request header; + the media type will be conveyed by the Content-Type response header. + + +

Responses

+

200

+ Indicates a successful call. + +
+
+
+
+ Up + 
get /s/{spaceId}/api/cases/{caseId}
+
Retrieves information about a case. (getCase)
+
You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're seeking.
+ +

Path parameters

+
+
caseId (required)
+ +
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
spaceId (required)
+ +
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
+
+ + + + +

Query parameters

+
+
includeComments (optional)
+ +
Query Parameter — Determines whether case comments are returned. default: true
+
+ + +

Return type

+
+ createCase_200_response + +
+ + + +

Example data

+
Content-Type: application/json
+ 
{
+  "owner" : "cases",
+  "totalComment" : 0,
+  "settings" : {
+    "syncAlerts" : true
+  },
+  "totalAlerts" : 0,
+  "closed_at" : "2000-01-23T04:56:07.000+00:00",
+  "comments" : [ null, null ],
+  "created_at" : "2022-05-13T09:16:17.416Z",
+  "description" : "A case description.",
+  "title" : "Case title 1",
+  "created_by" : {
+    "full_name" : "full_name",
+    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
+    "email" : "email",
+    "username" : "elastic"
+  },
+  "version" : "WzUzMiwxXQ==",
+  "closed_by" : {
+    "full_name" : "full_name",
+    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
+    "email" : "email",
+    "username" : "elastic"
+  },
+  "tags" : [ "tag-1" ],
+  "duration" : 120,
+  "connector" : {
+    "name" : "none",
+    "id" : "none",
+    "fields" : {
+      "destIp" : "destIp",
+      "severity" : "severity",
+      "parent" : "parent",
+      "impact" : "impact",
+      "malwareUrl" : "malwareUrl",
+      "priority" : "priority",
+      "issueTypes" : [ 0.8008281904610115, 0.8008281904610115 ],
+      "issueType" : "issueType",
+      "sourceIp" : "sourceIp",
+      "urgency" : "urgency",
+      "malwareHash" : "malwareHash",
+      "caseId" : "caseId",
+      "severityCode" : 6.027456183070403,
+      "category" : "category",
+      "subcategory" : "subcategory"
+    },
+    "type" : ".none"
+  },
+  "updated_at" : "2000-01-23T04:56:07.000+00:00",
+  "updated_by" : {
+    "full_name" : "full_name",
+    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
+    "email" : "email",
+    "username" : "elastic"
+  },
+  "id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
+  "external_service" : {
+    "external_title" : "external_title",
+    "pushed_by" : {
+      "full_name" : "full_name",
+      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
+      "email" : "email",
+      "username" : "elastic"
+    },
+    "external_url" : "external_url",
+    "pushed_at" : "2000-01-23T04:56:07.000+00:00",
+    "connector_id" : "connector_id",
+    "external_id" : "external_id",
+    "connector_name" : "connector_name"
+  }
+}
+ +

Produces

+ This API call produces the following media types according to the Accept request header; + the media type will be conveyed by the Content-Type response header. + + +

Responses

+

200

+ Indicates a successful call. + createCase_200_response +
+
+
+
+ Up + 
get /s/{spaceId}/api/cases/{caseId}/user_actions
+
Returns all user activity for a case. (getCaseActivity)
+
You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're seeking.
+ +

Path parameters

+
+
caseId (required)
+ +
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
spaceId (required)
+ +
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
+
+ + + + + + +

Return type

+
+ array[user_actions_response_properties] + +
+ + + +

Example data

+
Content-Type: application/json
+ 
{
+  "owner" : "cases",
+  "action_id" : "22fd3e30-03b1-11ed-920c-974bfa104448",
+  "case_id" : "22df07d0-03b1-11ed-920c-974bfa104448",
+  "action" : "create",
+  "created_at" : "2022-05-13T09:16:17.416Z",
+  "comment_id" : "578608d0-03b1-11ed-920c-974bfa104448",
+  "type" : "create_case",
+  "created_by" : {
+    "full_name" : "full_name",
+    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
+    "email" : "email",
+    "username" : "elastic"
+  }
+}
+ +

Produces

+ This API call produces the following media types according to the Accept request header; + the media type will be conveyed by the Content-Type response header. + + +

Responses

+

200

+ Indicates a successful call. + +
+
+
+
+ Up + 
get /s/{spaceId}/api/cases/{caseId}/alerts
+
Gets all alerts attached to a case. (getCaseAlerts)
+
You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're seeking.
+ +

Path parameters

+
+
caseId (required)
+ +
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
spaceId (required)
+ +
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
+
+ + + + + + +

Return type

+
+ array[alert_response_properties] + +
+ + + +

Example data

+
Content-Type: application/json
+ 
{
+  "index" : "index",
+  "id" : "id",
+  "attached_at" : "2000-01-23T04:56:07.000+00:00"
+}
+ +

Produces

+ This API call produces the following media types according to the Accept request header; + the media type will be conveyed by the Content-Type response header. + + +

Responses

+

200

+ Indicates a successful call. + +
+
+
+
+ Up + 
get /s/{spaceId}/api/cases/{caseId}/comments/{commentId}
+
Retrieves a comment from a case. (getCaseComment)
+
You must have read privileges for the Cases feature in the Management, Observability, or Security* section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.
+ +

Path parameters

+
+
caseId (required)
+ +
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
commentId (required)
+ +
Path Parameter — The identifier for the comment. To retrieve comment IDs, use the get case or find cases APIs. default: null
spaceId (required)
+ +
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
+
+ + + + + + +

Return type

+
+ createCase_200_response_comments_inner + +
+ + + +

Example data

+
Content-Type: application/json
+ 
null
+ +

Produces

+ This API call produces the following media types according to the Accept request header; + the media type will be conveyed by the Content-Type response header. + + +

Responses

+

200

+ Indicates a successful call. + createCase_200_response_comments_inner +
+
+
+
+ Up + 
get /s/{spaceId}/api/cases/configure
+
Retrieves external connection details, such as the closure type and default connector for cases. (getCaseConfiguration)
+
You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case configuration.
+ +

Path parameters

+
+
spaceId (required)
+ +
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
+
+ + + + +

Query parameters

+
+
owner (optional)
+ +
Query Parameter — A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read. default: null
+
+ + +

Return type

+
+ array[getCaseConfiguration_200_response_inner] + +
+ + + +

Example data

+
Content-Type: application/json
+ 
{
+  "closure_type" : "close-by-user",
+  "owner" : "cases",
+  "mappings" : [ {
+    "action_type" : "overwrite",
+    "source" : "title",
+    "target" : "summary"
+  }, {
+    "action_type" : "overwrite",
+    "source" : "title",
+    "target" : "summary"
+  } ],
+  "connector" : {
+    "name" : "none",
+    "id" : "none",
+    "fields" : {
+      "destIp" : "destIp",
+      "severity" : "severity",
+      "parent" : "parent",
+      "impact" : "impact",
+      "malwareUrl" : "malwareUrl",
+      "priority" : "priority",
+      "issueTypes" : [ 0.8008281904610115, 0.8008281904610115 ],
+      "issueType" : "issueType",
+      "sourceIp" : "sourceIp",
+      "urgency" : "urgency",
+      "malwareHash" : "malwareHash",
+      "caseId" : "caseId",
+      "severityCode" : 6.027456183070403,
+      "category" : "category",
+      "subcategory" : "subcategory"
+    },
+    "type" : ".none"
+  },
+  "updated_at" : "2022-06-01T19:58:48.169Z",
+  "updated_by" : {
+    "full_name" : "full_name",
+    "email" : "email",
+    "username" : "elastic"
+  },
+  "created_at" : "2022-06-01T17:07:17.767Z",
+  "id" : "4a97a440-e1cd-11ec-be9b-9b1838238ee6",
+  "error" : "error",
+  "created_by" : {
+    "full_name" : "full_name",
+    "email" : "email",
+    "username" : "elastic"
+  },
+  "version" : "WzIwNzMsMV0="
+}
+ +

Produces

+ This API call produces the following media types according to the Accept request header; + the media type will be conveyed by the Content-Type response header. + + +

Responses

+

200

+ Indicates a successful call. + +
+
+
+
+ Up + 
get /s/{spaceId}/api/cases/configure/connectors/_find
+
Retrieves information about connectors. (getCaseConnectors)
+
In particular, only the connectors that are supported for use in cases are returned. You must have read privileges for the Actions and Connectors feature in the Management section of the Kibana feature privileges.
+ +

Path parameters

+
+
spaceId (required)
+ +
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
+
+ + + + + + +

Return type

+
+ array[getCaseConnectors_200_response_inner] + +
+ + + +

Example data

+
Content-Type: application/json
+ 
{
+  "isPreconfigured" : true,
+  "isDeprecated" : true,
+  "actionTypeId" : ".none",
+  "referencedByCount" : 0,
+  "name" : "name",
+  "id" : "id",
+  "config" : {
+    "projectKey" : "projectKey",
+    "apiUrl" : "apiUrl"
+  },
+  "isMissingSecrets" : true
+}
+ +

Produces

+ This API call produces the following media types according to the Accept request header; + the media type will be conveyed by the Content-Type response header. + + +

Responses

+

200

+ Indicates a successful call. + +
+
+
+
+ Up + 
get /s/{spaceId}/api/cases/reporters
+
Returns information about the users who opened cases. (getCaseReporters)
+
You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases. The API returns information about the users as they existed at the time of the case creation, including their name, full name, and email address. If any of those details change thereafter or if a user is deleted, the information returned by this API is unchanged.
+ +

Path parameters

+
+
spaceId (required)
+ +
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
+
+ + + + +

Query parameters

+
+
owner (optional)
+ +
Query Parameter — A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read. default: null
+
+ + +

Return type

+
+ array[createCase_200_response_created_by] + +
+ + + +

Example data

+
Content-Type: application/json
+ 
{
+  "full_name" : "full_name",
+  "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
+  "email" : "email",
+  "username" : "elastic"
+}
+ +

Produces

+ This API call produces the following media types according to the Accept request header; + the media type will be conveyed by the Content-Type response header. + + +

Responses

+

200

+ Indicates a successful call. + +
+
+
+
+ Up + 
get /s/{spaceId}/api/cases/status
+
Returns the number of cases that are open, closed, and in progress. (getCaseStatus)
+
You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're seeking.
+ +

Path parameters

+
+
spaceId (required)
+ +
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
+
+ + + + +

Query parameters

+
+
owner (optional)
+ +
Query Parameter — A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read. default: null
+
+ + +

Return type

+
+ getCaseStatus_200_response + +
+ + + +

Example data

+
Content-Type: application/json
+ 
{
+  "count_in_progress_cases" : 6,
+  "count_open_cases" : 1,
+  "count_closed_cases" : 0
+}
+ +

Produces

+ This API call produces the following media types according to the Accept request header; + the media type will be conveyed by the Content-Type response header. + + +

Responses

+

200

+ Indicates a successful call. + getCaseStatus_200_response +
+
+
+
+ Up + 
get /s/{spaceId}/api/cases/tags
+
Aggregates and returns a list of case tags. (getCaseTags)
+
You must have read privileges for the Cases* feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're seeking.
+ +

Path parameters

+
+
spaceId (required)
+ +
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
+
+ + + + +

Query parameters

+
+
owner (optional)
+ +
Query Parameter — A filter to limit the retrieved case statistics to a specific set of applications. If this parameter is omitted, the response contains tags from all cases that the user has access to read. default: null
+
+ + +

Return type

+
+ + array[String] +
+ + + +

Example data

+
Content-Type: application/json
+ 
""
+ +

Produces

+ This API call produces the following media types according to the Accept request header; + the media type will be conveyed by the Content-Type response header. + + +

Responses

+

200

+ Indicates a successful call. + +
+
+
+
+ Up + 
get /s/{spaceId}/api/cases/_find
+
Retrieves a paginated subset of cases. (getCases)
+
You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're seeking.
+ +

Path parameters

+
+
spaceId (required)
+ +
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
+
+ + + + +

Query parameters

+
+
defaultSearchOperator (optional)
+ +
Query Parameter — The default operator to use for the simple_query_string. default: OR
fields (optional)
+ +
Query Parameter — The fields in the entity to return in the response. default: null
from (optional)
+ +
Query Parameter — [preview] Returns only cases that were created after a specific date. The date must be specified as a KQL data range or date match expression. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. default: null
owner (optional)
+ +
Query Parameter — A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read. default: null
page (optional)
+ +
Query Parameter — The page number to return. default: 1
perPage (optional)
+ +
Query Parameter — The number of rules to return per page. default: 20
reporters (optional)
+ +
Query Parameter — Filters the returned cases by the user name of the reporter. default: null
search (optional)
+ +
Query Parameter — An Elasticsearch simple_query_string query that filters the objects in the response. default: null
searchFields (optional)
+ +
Query Parameter — The fields to perform the simple_query_string parsed query against. default: null
severity (optional)
+ +
Query Parameter — The severity of the case. default: null
sortField (optional)
+ +
Query Parameter — Determines which field is used to sort the results. default: createdAt
sortOrder (optional)
+ +
Query Parameter — Determines the sort order. default: desc
status (optional)
+ +
Query Parameter — Filters the returned cases by state. default: null
tags (optional)
+ +
Query Parameter — Filters the returned cases by tags. default: null
to (optional)
+ +
Query Parameter — [preview] Returns only cases that were created before a specific date. The date must be specified as a KQL data range or date match expression. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. default: null
+
+ + +

Return type

+
+ getCases_200_response + +
+ + + +

Example data

+
Content-Type: application/json
+ 
{
+  "count_in_progress_cases" : 6,
+  "per_page" : 5,
+  "total" : 2,
+  "cases" : [ {
+    "owner" : "cases",
+    "totalComment" : 0,
+    "settings" : {
+      "syncAlerts" : true
+    },
+    "totalAlerts" : 0,
+    "closed_at" : "2000-01-23T04:56:07.000+00:00",
+    "comments" : [ null, null ],
+    "created_at" : "2022-05-13T09:16:17.416Z",
+    "description" : "A case description.",
+    "title" : "Case title 1",
+    "created_by" : {
+      "full_name" : "full_name",
+      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
+      "email" : "email",
+      "username" : "elastic"
+    },
+    "version" : "WzUzMiwxXQ==",
+    "closed_by" : {
+      "full_name" : "full_name",
+      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
+      "email" : "email",
+      "username" : "elastic"
+    },
+    "tags" : [ "tag-1" ],
+    "duration" : 120,
+    "connector" : {
+      "name" : "none",
+      "id" : "none",
+      "fields" : {
+        "destIp" : "destIp",
+        "severity" : "severity",
+        "parent" : "parent",
+        "impact" : "impact",
+        "malwareUrl" : "malwareUrl",
+        "priority" : "priority",
+        "issueTypes" : [ 0.8008281904610115, 0.8008281904610115 ],
+        "issueType" : "issueType",
+        "sourceIp" : "sourceIp",
+        "urgency" : "urgency",
+        "malwareHash" : "malwareHash",
+        "caseId" : "caseId",
+        "severityCode" : 6.027456183070403,
+        "category" : "category",
+        "subcategory" : "subcategory"
+      },
+      "type" : ".none"
+    },
+    "updated_at" : "2000-01-23T04:56:07.000+00:00",
+    "updated_by" : {
+      "full_name" : "full_name",
+      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
+      "email" : "email",
+      "username" : "elastic"
+    },
+    "id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
+    "external_service" : {
+      "external_title" : "external_title",
+      "pushed_by" : {
+        "full_name" : "full_name",
+        "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
+        "email" : "email",
+        "username" : "elastic"
+      },
+      "external_url" : "external_url",
+      "pushed_at" : "2000-01-23T04:56:07.000+00:00",
+      "connector_id" : "connector_id",
+      "external_id" : "external_id",
+      "connector_name" : "connector_name"
+    }
+  }, {
+    "owner" : "cases",
+    "totalComment" : 0,
+    "settings" : {
+      "syncAlerts" : true
+    },
+    "totalAlerts" : 0,
+    "closed_at" : "2000-01-23T04:56:07.000+00:00",
+    "comments" : [ null, null ],
+    "created_at" : "2022-05-13T09:16:17.416Z",
+    "description" : "A case description.",
+    "title" : "Case title 1",
+    "created_by" : {
+      "full_name" : "full_name",
+      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
+      "email" : "email",
+      "username" : "elastic"
+    },
+    "version" : "WzUzMiwxXQ==",
+    "closed_by" : {
+      "full_name" : "full_name",
+      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
+      "email" : "email",
+      "username" : "elastic"
+    },
+    "tags" : [ "tag-1" ],
+    "duration" : 120,
+    "connector" : {
+      "name" : "none",
+      "id" : "none",
+      "fields" : {
+        "destIp" : "destIp",
+        "severity" : "severity",
+        "parent" : "parent",
+        "impact" : "impact",
+        "malwareUrl" : "malwareUrl",
+        "priority" : "priority",
+        "issueTypes" : [ 0.8008281904610115, 0.8008281904610115 ],
+        "issueType" : "issueType",
+        "sourceIp" : "sourceIp",
+        "urgency" : "urgency",
+        "malwareHash" : "malwareHash",
+        "caseId" : "caseId",
+        "severityCode" : 6.027456183070403,
+        "category" : "category",
+        "subcategory" : "subcategory"
+      },
+      "type" : ".none"
+    },
+    "updated_at" : "2000-01-23T04:56:07.000+00:00",
+    "updated_by" : {
+      "full_name" : "full_name",
+      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
+      "email" : "email",
+      "username" : "elastic"
+    },
+    "id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
+    "external_service" : {
+      "external_title" : "external_title",
+      "pushed_by" : {
+        "full_name" : "full_name",
+        "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
+        "email" : "email",
+        "username" : "elastic"
+      },
+      "external_url" : "external_url",
+      "pushed_at" : "2000-01-23T04:56:07.000+00:00",
+      "connector_id" : "connector_id",
+      "external_id" : "external_id",
+      "connector_name" : "connector_name"
+    }
+  } ],
+  "count_open_cases" : 1,
+  "count_closed_cases" : 0,
+  "page" : 5
+}
+ +

Produces

+ This API call produces the following media types according to the Accept request header; + the media type will be conveyed by the Content-Type response header. + + +

Responses

+

200

+ Indicates a successful call. + getCases_200_response +
+
+
+
+ Up + 
get /s/{spaceId}/api/cases/alerts/{alertId}
+
Returns the cases associated with a specific alert. (getCasesByAlert)
+
You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're seeking.
+ +

Path parameters

+
+
alertId (required)
+ +
Path Parameter — An identifier for the alert. default: null
spaceId (required)
+ +
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
+
+ + + + +

Query parameters

+
+
owner (optional)
+ +
Query Parameter — A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read. default: null
+
+ + +

Return type

+
+ array[getCasesByAlert_200_response_inner] + +
+ + + +

Example data

+
Content-Type: application/json
+ 
[ {
+  "id" : "06116b80-e1c3-11ec-be9b-9b1838238ee6",
+  "title" : "security_case"
+} ]
+ +

Produces

+ This API call produces the following media types according to the Accept request header; + the media type will be conveyed by the Content-Type response header. + + +

Responses

+

200

+ Indicates a successful call. + +
+
+
+
+ Up + 
post /s/{spaceId}/api/cases/{caseId}/connector/{connectorId}/_push
+
Pushes a case to an external service. (pushCase)
+
You must have all privileges for the Actions and Connectors feature in the Management section of the Kibana feature privileges. You must also have all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're pushing.
+ +

Path parameters

+
+
caseId (required)
+ +
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
connectorId (required)
+ +
Path Parameter — An identifier for the connector. To retrieve connector IDs, use the find connectors API. default: null
spaceId (required)
+ +
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
+
+ +

Consumes

+ This API call consumes the following media types via the Content-Type request header: + + +

Request body

+
+
body object (optional)
+ +
Body Parameter
+ +
+ +

Request headers

+
+
kbn-xsrf (required)
+ +
Header Parameter — default: null
+ +
+ + + +

Return type

+
+ createCase_200_response + +
+ + + +

Example data

+
Content-Type: application/json
+ 
{
+  "owner" : "cases",
+  "totalComment" : 0,
+  "settings" : {
+    "syncAlerts" : true
+  },
+  "totalAlerts" : 0,
+  "closed_at" : "2000-01-23T04:56:07.000+00:00",
+  "comments" : [ null, null ],
+  "created_at" : "2022-05-13T09:16:17.416Z",
+  "description" : "A case description.",
+  "title" : "Case title 1",
+  "created_by" : {
+    "full_name" : "full_name",
+    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
+    "email" : "email",
+    "username" : "elastic"
+  },
+  "version" : "WzUzMiwxXQ==",
+  "closed_by" : {
+    "full_name" : "full_name",
+    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
+    "email" : "email",
+    "username" : "elastic"
+  },
+  "tags" : [ "tag-1" ],
+  "duration" : 120,
+  "connector" : {
+    "name" : "none",
+    "id" : "none",
+    "fields" : {
+      "destIp" : "destIp",
+      "severity" : "severity",
+      "parent" : "parent",
+      "impact" : "impact",
+      "malwareUrl" : "malwareUrl",
+      "priority" : "priority",
+      "issueTypes" : [ 0.8008281904610115, 0.8008281904610115 ],
+      "issueType" : "issueType",
+      "sourceIp" : "sourceIp",
+      "urgency" : "urgency",
+      "malwareHash" : "malwareHash",
+      "caseId" : "caseId",
+      "severityCode" : 6.027456183070403,
+      "category" : "category",
+      "subcategory" : "subcategory"
+    },
+    "type" : ".none"
+  },
+  "updated_at" : "2000-01-23T04:56:07.000+00:00",
+  "updated_by" : {
+    "full_name" : "full_name",
+    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
+    "email" : "email",
+    "username" : "elastic"
+  },
+  "id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
+  "external_service" : {
+    "external_title" : "external_title",
+    "pushed_by" : {
+      "full_name" : "full_name",
+      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
+      "email" : "email",
+      "username" : "elastic"
+    },
+    "external_url" : "external_url",
+    "pushed_at" : "2000-01-23T04:56:07.000+00:00",
+    "connector_id" : "connector_id",
+    "external_id" : "external_id",
+    "connector_name" : "connector_name"
+  }
+}
+ +

Produces

+ This API call produces the following media types according to the Accept request header; + the media type will be conveyed by the Content-Type response header. + + +

Responses

+

200

+ Indicates a successful call. + createCase_200_response +
+
+
+
+ Up + 
post /s/{spaceId}/api/cases/configure
+
Sets external connection details, such as the closure type and default connector for cases. (setCaseConfiguration)
+
You must have all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case configuration. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. Refer to the add connectors API. If you set a default connector, it is automatically selected when you create cases in Kibana. If you use the create case API, however, you must still specify all of the connector details.
+ +

Path parameters

+
+
spaceId (required)
+ +
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
+
+ +

Consumes

+ This API call consumes the following media types via the Content-Type request header: + + +

Request body

+
+
setCaseConfiguration_request setCaseConfiguration_request (optional)
+ +
Body Parameter
+ +
+ +

Request headers

+
+
kbn-xsrf (required)
+ +
Header Parameter — default: null
+ +
+ + + +

Return type

+
+ array[getCaseConfiguration_200_response_inner] + +
+ + + +

Example data

+
Content-Type: application/json
+ 
{
+  "closure_type" : "close-by-user",
+  "owner" : "cases",
+  "mappings" : [ {
+    "action_type" : "overwrite",
+    "source" : "title",
+    "target" : "summary"
+  }, {
+    "action_type" : "overwrite",
+    "source" : "title",
+    "target" : "summary"
+  } ],
+  "connector" : {
+    "name" : "none",
+    "id" : "none",
+    "fields" : {
+      "destIp" : "destIp",
+      "severity" : "severity",
+      "parent" : "parent",
+      "impact" : "impact",
+      "malwareUrl" : "malwareUrl",
+      "priority" : "priority",
+      "issueTypes" : [ 0.8008281904610115, 0.8008281904610115 ],
+      "issueType" : "issueType",
+      "sourceIp" : "sourceIp",
+      "urgency" : "urgency",
+      "malwareHash" : "malwareHash",
+      "caseId" : "caseId",
+      "severityCode" : 6.027456183070403,
+      "category" : "category",
+      "subcategory" : "subcategory"
+    },
+    "type" : ".none"
+  },
+  "updated_at" : "2022-06-01T19:58:48.169Z",
+  "updated_by" : {
+    "full_name" : "full_name",
+    "email" : "email",
+    "username" : "elastic"
+  },
+  "created_at" : "2022-06-01T17:07:17.767Z",
+  "id" : "4a97a440-e1cd-11ec-be9b-9b1838238ee6",
+  "error" : "error",
+  "created_by" : {
+    "full_name" : "full_name",
+    "email" : "email",
+    "username" : "elastic"
+  },
+  "version" : "WzIwNzMsMV0="
+}
+ +

Produces

+ This API call produces the following media types according to the Accept request header; + the media type will be conveyed by the Content-Type response header. + + +

Responses

+

200

+ Indicates a successful call. + +
+
+
+
+ Up + 
patch /s/{spaceId}/api/cases
+
Updates one or more cases. (updateCase)
+
You must have all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're updating.
+ +

Path parameters

+
+
spaceId (required)
+ +
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
+
+ +

Consumes

+ This API call consumes the following media types via the Content-Type request header: + + +

Request body

+
+
updateCase_request updateCase_request (optional)
+ +
Body Parameter
+ +
+ +

Request headers

+
+
kbn-xsrf (required)
+ +
Header Parameter — default: null
+ +
+ + + +

Return type

+
+ createCase_200_response + +
+ + + +

Example data

+
Content-Type: application/json
+ 
{
+  "owner" : "cases",
+  "totalComment" : 0,
+  "settings" : {
+    "syncAlerts" : true
+  },
+  "totalAlerts" : 0,
+  "closed_at" : "2000-01-23T04:56:07.000+00:00",
+  "comments" : [ null, null ],
+  "created_at" : "2022-05-13T09:16:17.416Z",
+  "description" : "A case description.",
+  "title" : "Case title 1",
+  "created_by" : {
+    "full_name" : "full_name",
+    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
+    "email" : "email",
+    "username" : "elastic"
+  },
+  "version" : "WzUzMiwxXQ==",
+  "closed_by" : {
+    "full_name" : "full_name",
+    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
+    "email" : "email",
+    "username" : "elastic"
+  },
+  "tags" : [ "tag-1" ],
+  "duration" : 120,
+  "connector" : {
+    "name" : "none",
+    "id" : "none",
+    "fields" : {
+      "destIp" : "destIp",
+      "severity" : "severity",
+      "parent" : "parent",
+      "impact" : "impact",
+      "malwareUrl" : "malwareUrl",
+      "priority" : "priority",
+      "issueTypes" : [ 0.8008281904610115, 0.8008281904610115 ],
+      "issueType" : "issueType",
+      "sourceIp" : "sourceIp",
+      "urgency" : "urgency",
+      "malwareHash" : "malwareHash",
+      "caseId" : "caseId",
+      "severityCode" : 6.027456183070403,
+      "category" : "category",
+      "subcategory" : "subcategory"
+    },
+    "type" : ".none"
+  },
+  "updated_at" : "2000-01-23T04:56:07.000+00:00",
+  "updated_by" : {
+    "full_name" : "full_name",
+    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
+    "email" : "email",
+    "username" : "elastic"
+  },
+  "id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
+  "external_service" : {
+    "external_title" : "external_title",
+    "pushed_by" : {
+      "full_name" : "full_name",
+      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
+      "email" : "email",
+      "username" : "elastic"
+    },
+    "external_url" : "external_url",
+    "pushed_at" : "2000-01-23T04:56:07.000+00:00",
+    "connector_id" : "connector_id",
+    "external_id" : "external_id",
+    "connector_name" : "connector_name"
+  }
+}
+ +

Produces

+ This API call produces the following media types according to the Accept request header; + the media type will be conveyed by the Content-Type response header. + + +

Responses

+

200

+ Indicates a successful call. + createCase_200_response +
+
+
+
+ Up + 
patch /s/{spaceId}/api/cases/{caseId}/comments
+
Updates a comment or alert in a case. (updateCaseComment)
+
You must have all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're updating. NOTE: You cannot change the comment type or the owner of a comment.
+ +

Path parameters

+
+
caseId (required)
+ +
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
spaceId (required)
+ +
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
+
+ +

Consumes

+ This API call consumes the following media types via the Content-Type request header: + + +

Request body

+
+
updateCaseComment_request updateCaseComment_request (optional)
+ +
Body Parameter
+ +
+ +

Request headers

+
+
kbn-xsrf (required)
+ +
Header Parameter — default: null
+ +
+ + + +

Return type

+
+ createCase_200_response + +
+ + + +

Example data

+
Content-Type: application/json
+ 
{
+  "owner" : "cases",
+  "totalComment" : 0,
+  "settings" : {
+    "syncAlerts" : true
+  },
+  "totalAlerts" : 0,
+  "closed_at" : "2000-01-23T04:56:07.000+00:00",
+  "comments" : [ null, null ],
+  "created_at" : "2022-05-13T09:16:17.416Z",
+  "description" : "A case description.",
+  "title" : "Case title 1",
+  "created_by" : {
+    "full_name" : "full_name",
+    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
+    "email" : "email",
+    "username" : "elastic"
+  },
+  "version" : "WzUzMiwxXQ==",
+  "closed_by" : {
+    "full_name" : "full_name",
+    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
+    "email" : "email",
+    "username" : "elastic"
+  },
+  "tags" : [ "tag-1" ],
+  "duration" : 120,
+  "connector" : {
+    "name" : "none",
+    "id" : "none",
+    "fields" : {
+      "destIp" : "destIp",
+      "severity" : "severity",
+      "parent" : "parent",
+      "impact" : "impact",
+      "malwareUrl" : "malwareUrl",
+      "priority" : "priority",
+      "issueTypes" : [ 0.8008281904610115, 0.8008281904610115 ],
+      "issueType" : "issueType",
+      "sourceIp" : "sourceIp",
+      "urgency" : "urgency",
+      "malwareHash" : "malwareHash",
+      "caseId" : "caseId",
+      "severityCode" : 6.027456183070403,
+      "category" : "category",
+      "subcategory" : "subcategory"
+    },
+    "type" : ".none"
+  },
+  "updated_at" : "2000-01-23T04:56:07.000+00:00",
+  "updated_by" : {
+    "full_name" : "full_name",
+    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
+    "email" : "email",
+    "username" : "elastic"
+  },
+  "id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
+  "external_service" : {
+    "external_title" : "external_title",
+    "pushed_by" : {
+      "full_name" : "full_name",
+      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
+      "email" : "email",
+      "username" : "elastic"
+    },
+    "external_url" : "external_url",
+    "pushed_at" : "2000-01-23T04:56:07.000+00:00",
+    "connector_id" : "connector_id",
+    "external_id" : "external_id",
+    "connector_name" : "connector_name"
+  }
+}
+ +

Produces

+ This API call produces the following media types according to the Accept request header; + the media type will be conveyed by the Content-Type response header. + + +

Responses

+

200

+ Indicates a successful call. + createCase_200_response +
+
+
+
+ Up + 
patch /s/{spaceId}/api/cases/configure/{configurationId}
+
Updates external connection details, such as the closure type and default connector for cases. (updateCaseConfiguration)
+
You must have all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case configuration. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. Refer to the add connectors API.
+ +

Path parameters

+
+
configurationId (required)
+ +
Path Parameter — An identifier for the configuration. default: null
spaceId (required)
+ +
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
+
+ +

Consumes

+ This API call consumes the following media types via the Content-Type request header: + + +

Request body

+
+
updateCaseConfiguration_request updateCaseConfiguration_request (optional)
+ +
Body Parameter
+ +
+ +

Request headers

+
+
kbn-xsrf (required)
+ +
Header Parameter — default: null
+ +
+ + + +

Return type

+
+ array[getCaseConfiguration_200_response_inner] + +
+ + + +

Example data

+
Content-Type: application/json
+ 
{
+  "closure_type" : "close-by-user",
+  "owner" : "cases",
+  "mappings" : [ {
+    "action_type" : "overwrite",
+    "source" : "title",
+    "target" : "summary"
+  }, {
+    "action_type" : "overwrite",
+    "source" : "title",
+    "target" : "summary"
+  } ],
+  "connector" : {
+    "name" : "none",
+    "id" : "none",
+    "fields" : {
+      "destIp" : "destIp",
+      "severity" : "severity",
+      "parent" : "parent",
+      "impact" : "impact",
+      "malwareUrl" : "malwareUrl",
+      "priority" : "priority",
+      "issueTypes" : [ 0.8008281904610115, 0.8008281904610115 ],
+      "issueType" : "issueType",
+      "sourceIp" : "sourceIp",
+      "urgency" : "urgency",
+      "malwareHash" : "malwareHash",
+      "caseId" : "caseId",
+      "severityCode" : 6.027456183070403,
+      "category" : "category",
+      "subcategory" : "subcategory"
+    },
+    "type" : ".none"
+  },
+  "updated_at" : "2022-06-01T19:58:48.169Z",
+  "updated_by" : {
+    "full_name" : "full_name",
+    "email" : "email",
+    "username" : "elastic"
+  },
+  "created_at" : "2022-06-01T17:07:17.767Z",
+  "id" : "4a97a440-e1cd-11ec-be9b-9b1838238ee6",
+  "error" : "error",
+  "created_by" : {
+    "full_name" : "full_name",
+    "email" : "email",
+    "username" : "elastic"
+  },
+  "version" : "WzIwNzMsMV0="
+}
+ +

Produces

+ This API call produces the following media types according to the Accept request header; + the media type will be conveyed by the Content-Type response header. + + +

Responses

+

200

+ Indicates a successful call. + +
+
+ +

Models

+ [ Jump to Methods ] + +

Table of Contents

+
    +
  1. Add_case_comment_request - Add case comment request
    2. +
  2. add_alert_comment_request_properties - Add case comment request properties for alerts
    3. +
  3. add_alert_comment_request_properties_alertId -
    4. +
  4. add_alert_comment_request_properties_index -
    5. +
  5. add_user_comment_request_properties - Add case comment request properties for user comments
    6. +
  6. alert_comment_response_properties -
    7. +
  7. alert_response_properties -
    8. +
  8. closure_types -
    9. +
  9. connector_types -
    10. +
  10. createCase_200_response -
    11. +
  11. createCase_200_response_closed_by -
    12. +
  12. createCase_200_response_comments_inner -
    13. +
  13. createCase_200_response_connector -
    14. +
  14. createCase_200_response_created_by -
    15. +
  15. createCase_request -
    16. +
  16. createCase_request_connector -
    17. +
  17. createCase_request_connector_fields -
    18. +
  18. external_service -
    19. +
  19. getAllCaseComments_200_response_inner -
    20. +
  20. getCaseConfiguration_200_response_inner -
    21. +
  21. getCaseConfiguration_200_response_inner_created_by -
    22. +
  22. getCaseConfiguration_200_response_inner_mappings_inner -
    23. +
  23. getCaseConfiguration_200_response_inner_updated_by -
    24. +
  24. getCaseConnectors_200_response_inner -
    25. +
  25. getCaseConnectors_200_response_inner_config -
    26. +
  26. getCaseStatus_200_response -
    27. +
  27. getCasesByAlert_200_response_inner -
    28. +
  28. getCases_200_response -
    29. +
  29. getCases_owner_parameter -
    30. +
  30. getCases_reporters_parameter -
    31. +
  31. owners - Owner applications
    32. +
  32. payload_alert_comment -
    33. +
  33. payload_alert_comment_comment -
    34. +
  34. payload_alert_comment_comment_alertId -
    35. +
  35. payload_alert_comment_comment_index -
    36. +
  36. payload_connector -
    37. +
  37. payload_create_case -
    38. +
  38. payload_description -
    39. +
  39. payload_pushed -
    40. +
  40. payload_settings -
    41. +
  41. payload_severity -
    42. +
  42. payload_status -
    43. +
  43. payload_tags -
    44. +
  44. payload_title -
    45. +
  45. payload_user_comment -
    46. +
  46. payload_user_comment_comment -
    47. +
  47. rule - Alerting rule
    48. +
  48. setCaseConfiguration_request -
    49. +
  49. setCaseConfiguration_request_settings -
    50. +
  50. settings -
    51. +
  51. severity_property -
    52. +
  52. status -
    53. +
  53. updateCaseComment_request -
    54. +
  54. updateCaseConfiguration_request -
    55. +
  55. updateCase_request -
    56. +
  56. updateCase_request_cases_inner -
    57. +
  57. update_alert_comment_request_properties -
    58. +
  58. update_user_comment_request_properties -
    59. +
  59. user_actions_response_properties -
    60. +
  60. user_actions_response_properties_payload -
    61. +
  61. user_comment_response_properties -
    62. +
+ +
+

Add_case_comment_request - Add case comment request Up

+
The add comment to case API request body varies depending on whether you are adding an alert or a comment.
+
+
alertId
add_alert_comment_request_properties_alertId
+
index
add_alert_comment_request_properties_index
+
owner
owners
+
rule
rule
+
type
String The type of comment.
+
comment
String The new comment. It is required only when type is user.
+
+
+
+

add_alert_comment_request_properties - Add case comment request properties for alerts Up

+
Defines the properties for case comment requests when type is alert
+
+
alertId
add_alert_comment_request_properties_alertId
+
index
add_alert_comment_request_properties_index
+
owner
owners
+
rule
rule
+
type
String The type of comment.
+
+
+
+

add_alert_comment_request_properties_alertId - Up

+
The alert identifier. It is required only when type is alert. If it is an array, index must also be an array. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
+
+
+
+
+

add_alert_comment_request_properties_index - Up

+
The alert index. It is required only when type is alert. If it is an array, alertId must also be an array. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
+
+
+
+
+

add_user_comment_request_properties - Add case comment request properties for user comments Up

+
Defines the properties for case comment requests when type is user
+
+
comment
String The new comment. It is required only when type is user.
+
owner
owners
+
type
String The type of comment.
+
+
+
+

alert_comment_response_properties - Up

+
+
+
alertId (optional)
String
+
created_at (optional)
Date format: date-time
+
created_by (optional)
createCase_200_response_created_by
+
id (optional)
String
+
index (optional)
String
+
owner (optional)
owners
+
pushed_at (optional)
Date format: date-time
+
pushed_by (optional)
createCase_200_response_closed_by
+
rule (optional)
rule
+
type (optional)
String
+
updated_at (optional)
Date format: date-time
+
updated_by (optional)
createCase_200_response_created_by
+
version (optional)
String
+
+
+
+

alert_response_properties - Up

+
+
+
attached_at (optional)
Date format: date-time
+
id (optional)
String The alert identifier.
+
index (optional)
String The alert index.
+
+
+
+

closure_types - Up

+
Indicates whether a case is automatically closed when it is pushed to external systems (close-by-pushing) or not automatically closed (close-by-user).
+
+
+
+
+

connector_types - Up

+
The type of connector.
+
+
+
+
+

createCase_200_response - Up

+
+
+
closed_at (optional)
Date format: date-time
+
closed_by (optional)
createCase_200_response_closed_by
+
comments (optional)
array[createCase_200_response_comments_inner]
+
connector (optional)
createCase_200_response_connector
+
created_at (optional)
Date format: date-time
+
created_by (optional)
createCase_200_response_created_by
+
description (optional)
String
+
duration (optional)
Integer The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero.
+
external_service (optional)
external_service
+
id (optional)
String
+
owner (optional)
owners
+
settings (optional)
settings
+
severity (optional)
severity_property
+
status (optional)
status
+
tags (optional)
array[String]
+
title (optional)
String
+
totalAlerts (optional)
Integer
+
totalComment (optional)
Integer
+
updated_at (optional)
Date format: date-time
+
updated_by (optional)
createCase_200_response_closed_by
+
version (optional)
String
+
+
+
+

createCase_200_response_closed_by - Up

+
+
+
email (optional)
String
+
full_name (optional)
String
+
username (optional)
String
+
profile_uid (optional)
String
+
+
+
+

createCase_200_response_comments_inner - Up

+
+
+
alertId (optional)
String
+
created_at (optional)
Date format: date-time
+
created_by (optional)
createCase_200_response_created_by
+
id (optional)
String
+
index (optional)
String
+
owner (optional)
owners
+
pushed_at (optional)
Date format: date-time
+
pushed_by (optional)
createCase_200_response_closed_by
+
rule (optional)
rule
+
type (optional)
String
+
updated_at (optional)
Date format: date-time
+
updated_by (optional)
createCase_200_response_closed_by
+
version (optional)
String
+
comment (optional)
String
+
+
+
+

createCase_200_response_connector - Up

+
+
+
fields (optional)
createCase_request_connector_fields
+
id (optional)
String The identifier for the connector. To create a case without a connector, use none.
+
name (optional)
String The name of the connector. To create a case without a connector, use none.
+
type (optional)
connector_types
+
+
+
+

createCase_200_response_created_by - Up

+
+
+
email (optional)
String
+
full_name (optional)
String
+
username (optional)
String
+
profile_uid (optional)
String
+
+
+
+

createCase_request - Up

+
+
+
connector
createCase_request_connector
+
description
String The description for the case.
+
owner
owners
+
settings
settings
+
severity (optional)
severity_property
+
tags
array[String] The words and phrases that help categorize cases. It can be an empty array.
+
title
String A title for the case.
+
+
+
+

createCase_request_connector - Up

+
An object that contains the connector configuration.
+
+
fields
createCase_request_connector_fields
+
id
String The identifier for the connector. To create a case without a connector, use none.
+
name
String The name of the connector. To create a case without a connector, use none.
+
type
connector_types
+
+
+
+

createCase_request_connector_fields - Up

+
An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.
+
+
caseId (optional)
String The case identifier for Swimlane connectors.
+
category (optional)
String The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.
+
destIp (optional)
String A comma-separated list of destination IPs for ServiceNow SecOps connectors.
+
impact (optional)
String The effect an incident had on business for ServiceNow ITSM connectors.
+
issueType (optional)
String The type of issue for Jira connectors.
+
issueTypes (optional)
array[BigDecimal] The type of incident for IBM Resilient connectors.
+
malwareHash (optional)
String A comma-separated list of malware hashes for ServiceNow SecOps connectors.
+
malwareUrl (optional)
String A comma-separated list of malware URLs for ServiceNow SecOps connectors.
+
parent (optional)
String The key of the parent issue, when the issue type is sub-task for Jira connectors.
+
priority (optional)
String The priority of the issue for Jira and ServiceNow SecOps connectors.
+
severity (optional)
String The severity of the incident for ServiceNow ITSM connectors.
+
severityCode (optional)
BigDecimal The severity code of the incident for IBM Resilient connectors.
+
sourceIp (optional)
String A comma-separated list of source IPs for ServiceNow SecOps connectors.
+
subcategory (optional)
String The subcategory of the incident for ServiceNow ITSM connectors.
+
urgency (optional)
String The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.
+
+
+
+

external_service - Up

+
+
+
connector_id (optional)
String
+
connector_name (optional)
String
+
external_id (optional)
String
+
external_title (optional)
String
+
external_url (optional)
String
+
pushed_at (optional)
Date format: date-time
+
pushed_by (optional)
createCase_200_response_closed_by
+
+
+
+

getAllCaseComments_200_response_inner - Up

+
+
+
alertId (optional)
String
+
created_at (optional)
Date format: date-time
+
created_by (optional)
createCase_200_response_created_by
+
id (optional)
String
+
index (optional)
String
+
owner (optional)
owners
+
pushed_at (optional)
Date format: date-time
+
pushed_by (optional)
createCase_200_response_closed_by
+
rule (optional)
rule
+
type (optional)
String
+
updated_at (optional)
Date format: date-time
+
updated_by (optional)
createCase_200_response_closed_by
+
version (optional)
String
+
comment (optional)
String
+
+
+
+

getCaseConfiguration_200_response_inner - Up

+
+
+
closure_type (optional)
closure_types
+
connector (optional)
createCase_200_response_connector
+
created_at (optional)
Date format: date-time
+
created_by (optional)
getCaseConfiguration_200_response_inner_created_by
+
error (optional)
String
+
id (optional)
String
+
mappings (optional)
array[getCaseConfiguration_200_response_inner_mappings_inner]
+
owner (optional)
owners
+
updated_at (optional)
Date format: date-time
+
updated_by (optional)
getCaseConfiguration_200_response_inner_updated_by
+
version (optional)
String
+
+
+
+

getCaseConfiguration_200_response_inner_created_by - Up

+
+
+
email (optional)
String
+
full_name (optional)
String
+
username (optional)
String
+
+
+
+

getCaseConfiguration_200_response_inner_mappings_inner - Up

+
+
+
action_type (optional)
String
+
source (optional)
String
+
target (optional)
String
+
+
+
+

getCaseConfiguration_200_response_inner_updated_by - Up

+
+
+
email (optional)
String
+
full_name (optional)
String
+
username (optional)
String
+
+
+
+

getCaseConnectors_200_response_inner - Up

+
+
+
actionTypeId (optional)
connector_types
+
config (optional)
getCaseConnectors_200_response_inner_config
+
id (optional)
String
+
isDeprecated (optional)
Boolean
+
isMissingSecrets (optional)
Boolean
+
isPreconfigured (optional)
Boolean
+
name (optional)
String
+
referencedByCount (optional)
Integer
+
+
+
+

getCaseConnectors_200_response_inner_config - Up

+
+
+
apiUrl (optional)
String
+
projectKey (optional)
String
+
+
+
+

getCaseStatus_200_response - Up

+
+
+
count_closed_cases (optional)
Integer
+
count_in_progress_cases (optional)
Integer
+
count_open_cases (optional)
Integer
+
+
+
+

getCasesByAlert_200_response_inner - Up

+
+
+
id (optional)
String The case identifier.
+
title (optional)
String The case title.
+
+
+
+

getCases_200_response - Up

+
+
+
cases (optional)
array[createCase_200_response]
+
count_closed_cases (optional)
Integer
+
count_in_progress_cases (optional)
Integer
+
count_open_cases (optional)
Integer
+
page (optional)
Integer
+
per_page (optional)
Integer
+
total (optional)
Integer
+
+
+
+

getCases_owner_parameter - Up

+
+
+
+
+
+

getCases_reporters_parameter - Up

+
+
+
+
+
+

owners - Owner applications Up

+
The application that owns the cases: Stack Management, Observability, or Elastic Security.
+
+
+
+
+

payload_alert_comment - Up

+
+
+
comment (optional)
payload_alert_comment_comment
+
+
+
+

payload_alert_comment_comment - Up

+
+
+
alertId (optional)
payload_alert_comment_comment_alertId
+
index (optional)
payload_alert_comment_comment_index
+
owner (optional)
owners
+
rule (optional)
rule
+
type (optional)
String
+
Enum:
+
alert
+
+
+
+

payload_alert_comment_comment_alertId - Up

+
+
+
+
+
+

payload_alert_comment_comment_index - Up

+
+
+
+
+
+

payload_connector - Up

+
+
+
connector (optional)
createCase_200_response_connector
+
+
+
+

payload_create_case - Up

+
+
+
connector (optional)
createCase_200_response_connector
+
description (optional)
String
+
owner (optional)
owners
+
settings (optional)
settings
+
severity (optional)
severity_property
+
status (optional)
status
+
tags (optional)
array[String]
+
title (optional)
String
+
+
+
+

payload_description - Up

+
+
+
description (optional)
String
+
+
+
+

payload_pushed - Up

+
+
+
externalService (optional)
external_service
+
+
+
+

payload_settings - Up

+
+
+
settings (optional)
settings
+
+
+
+

payload_severity - Up

+
+
+
severity (optional)
severity_property
+
+
+
+

payload_status - Up

+
+
+
status (optional)
status
+
+
+
+

payload_tags - Up

+
+
+
tags (optional)
array[String]
+
+
+
+

payload_title - Up

+
+
+
title (optional)
String
+
+
+
+

payload_user_comment - Up

+
+
+
comment (optional)
payload_user_comment_comment
+
+
+
+

payload_user_comment_comment - Up

+
+
+
comment (optional)
String
+
owner (optional)
owners
+
type (optional)
String
+
Enum:
+
user
+
+
+
+

rule - Alerting rule Up

+
The rule that is associated with the alert. It is required only when type is alert. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
+
+
id (optional)
String The rule identifier.
+
name (optional)
String The rule name.
+
+
+
+

setCaseConfiguration_request - Up

+
+
+
closure_type
closure_types
+
connector
createCase_request_connector
+
owner
owners
+
settings (optional)
setCaseConfiguration_request_settings
+
+
+
+

setCaseConfiguration_request_settings - Up

+
An object that contains the case settings.
+
+
syncAlerts
Boolean Turns alert syncing on or off.
+
+
+
+

settings - Up

+
An object that contains the case settings.
+
+
syncAlerts (optional)
Boolean Turns alert syncing on or off.
+
+
+
+

severity_property - Up

+
The severity of the case.
+
+
+
+
+

status - Up

+
The status of the case.
+
+
+
+
+

updateCaseComment_request - Up

+
+
+
alertId
add_alert_comment_request_properties_alertId
+
id
String The identifier for the comment. To retrieve comment IDs, use the get comments API.
+
index
add_alert_comment_request_properties_index
+
owner
owners
+
rule
rule
+
type
String The type of comment.
+
Enum:
+
user
+
version
String The current comment version. To retrieve version values, use the get comments API.
+
comment
String The new comment. It is required only when type is user.
+
+
+
+

updateCaseConfiguration_request - Up

+
+
+
closure_type (optional)
closure_types
+
connector (optional)
createCase_request_connector
+
version
String The version of the connector. To retrieve the version value, use the get configuration API.
+
+
+
+

updateCase_request - Up

+
+
+
cases (optional)
array[updateCase_request_cases_inner]
+
+
+
+

updateCase_request_cases_inner - Up

+
+
+
connector (optional)
createCase_request_connector
+
description (optional)
String The description for the case.
+
id
String The identifier for the case.
+
settings (optional)
settings
+
severity (optional)
severity_property
+
status (optional)
status
+
tags (optional)
array[String] The words and phrases that help categorize cases.
+
title (optional)
String A title for the case.
+
version
String The current version of the case.
+
+
+
+

update_alert_comment_request_properties - Up

+
+
+
alertId
add_alert_comment_request_properties_alertId
+
id
String The identifier for the comment. To retrieve comment IDs, use the get comments API.
+
index
add_alert_comment_request_properties_index
+
owner
owners
+
rule
rule
+
type
String The type of comment.
+
Enum:
+
alert
+
version
String The current comment version. To retrieve version values, use the get comments API.
+
+
+
+

update_user_comment_request_properties - Up

+
+
+
comment
String The new comment. It is required only when type is user.
+
id
String The identifier for the comment. To retrieve comment IDs, use the get comments API.
+
owner
owners
+
type
String The type of comment.
+
Enum:
+
user
+
version
String The current comment version. To retrieve version values, use the get comments API.
+
+
+
+

user_actions_response_properties - Up

+
+
+
action (optional)
String
+
Enum:
+
add
create
delete
push_to_service
update
+
action_id (optional)
String
+
case_id (optional)
String
+
comment_id (optional)
String
+
created_at (optional)
Date format: date-time
+
created_by (optional)
createCase_200_response_created_by
+
owner (optional)
owners
+
payload (optional)
user_actions_response_properties_payload
+
type (optional)
String The type of action.
+
Enum:
+
create_case
comment
connector
delete_case
description
pushed
tags
title
status
settings
severity
+
+
+
+

user_actions_response_properties_payload - Up

+
+
+
comment (optional)
payload_user_comment_comment
+
connector (optional)
createCase_200_response_connector
+
description (optional)
String
+
owner (optional)
owners
+
settings (optional)
settings
+
severity (optional)
severity_property
+
status (optional)
status
+
tags (optional)
array[String]
+
title (optional)
String
+
externalService (optional)
external_service
+
+
+
+

user_comment_response_properties - Up

+
+
+
comment (optional)
String
+
created_at (optional)
Date format: date-time
+
created_by (optional)
createCase_200_response_created_by
+
id (optional)
String
+
owner (optional)
owners
+
pushed_at (optional)
Date format: date-time
+
pushed_by (optional)
createCase_200_response_closed_by
+
type (optional)
String
+
updated_at (optional)
Date format: date-time
+
updated_by (optional)
createCase_200_response_closed_by
+
version (optional)
String
+
+
+
+++++ diff --git a/docs/api-generated/cases/case-apis.asciidoc b/docs/api-generated/cases/case-apis.asciidoc new file mode 100644 index 0000000000000..fdd9a941a58e6 --- /dev/null +++ b/docs/api-generated/cases/case-apis.asciidoc @@ -0,0 +1,10 @@ +[[case-apis]] +== Case APIs + +preview::[] + +//// +This file includes content that has been generated from https://github.com/elastic/kibana/tree/main/x-pack/plugins/cases/docs/openapi. Any modifications required must be done in that open API specification. +//// + +include::case-apis-passthru.asciidoc[] \ No newline at end of file diff --git a/docs/apis.asciidoc b/docs/apis.asciidoc index 8fb4caa7d3fca..f985dc5b807c8 100644 --- a/docs/apis.asciidoc +++ b/docs/apis.asciidoc @@ -11,4 +11,6 @@ version of the specification is 3.0. For more information, go to https://openapi -- -include::api-generated/machine-learning/ml-apis.asciidoc[] \ No newline at end of file +include::api-generated/cases/case-apis.asciidoc[] +include::api-generated/machine-learning/ml-apis.asciidoc[] + diff --git a/x-pack/plugins/cases/docs/openapi/README.md b/x-pack/plugins/cases/docs/openapi/README.md index 1ff3e24c2e91f..593e70e7b0216 100644 --- a/x-pack/plugins/cases/docs/openapi/README.md +++ b/x-pack/plugins/cases/docs/openapi/README.md @@ -22,8 +22,14 @@ command in the `x-pack/plugins/cases/docs/openapi/` folder: Then you can generate the `bundled` files by running the following commands: - ``` - npx @redocly/openapi-cli bundle --ext yaml --output bundled.yaml entrypoint.yaml - npx @redocly/openapi-cli bundle --ext json --output bundled.json entrypoint.yaml - ``` + ``` + npx @redocly/cli bundle entrypoint.yaml --output bundled.yaml --ext yaml + npx @redocly/cli bundle entrypoint.yaml --output bundled.json --ext json + ``` + +You can run additional linting with the following command: + + ``` + npx @redocly/cli lint bundled.json + ``` diff --git a/x-pack/plugins/cases/docs/openapi/bundled.json b/x-pack/plugins/cases/docs/openapi/bundled.json index 4202c658ee4ff..5533f44bb4e2a 100644 --- a/x-pack/plugins/cases/docs/openapi/bundled.json +++ b/x-pack/plugins/cases/docs/openapi/bundled.json @@ -193,7 +193,7 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { "type": "object", "properties": { @@ -208,11 +208,13 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", @@ -237,8 +239,7 @@ "$ref": "#/components/schemas/user_comment_response_properties" } ] - }, - "example": [] + } }, "connector": { "type": "object", @@ -339,11 +340,13 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", @@ -362,7 +365,8 @@ "duration": { "type": "integer", "description": "The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero.\n", - "example": 120 + "example": 120, + "nullable": true }, "external_service": { "$ref": "#/components/schemas/external_service" @@ -415,11 +419,13 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", @@ -665,7 +671,7 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { "type": "object", "properties": { @@ -680,11 +686,13 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", @@ -709,8 +717,7 @@ "$ref": "#/components/schemas/user_comment_response_properties" } ] - }, - "example": [] + } }, "connector": { "type": "object", @@ -811,11 +818,13 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", @@ -834,7 +843,8 @@ "duration": { "type": "integer", "description": "The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero.\n", - "example": 120 + "example": 120, + "nullable": true }, "external_service": { "$ref": "#/components/schemas/external_service" @@ -887,11 +897,13 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", @@ -1043,7 +1055,18 @@ } }, { - "$ref": "#/components/parameters/severity" + "in": "query", + "name": "severity", + "description": "The severity of the case.", + "schema": { + "type": "string", + "enum": [ + "critical", + "high", + "low", + "medium" + ] + } }, { "name": "sortField", @@ -1120,7 +1143,7 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { "type": "object", "properties": { @@ -1140,11 +1163,13 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", @@ -1169,8 +1194,7 @@ "$ref": "#/components/schemas/user_comment_response_properties" } ] - }, - "example": [] + } }, "connector": { "type": "object", @@ -1271,11 +1295,13 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", @@ -1294,7 +1320,8 @@ "duration": { "type": "integer", "description": "The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero.\n", - "example": 120 + "example": 120, + "nullable": true }, "external_service": { "$ref": "#/components/schemas/external_service" @@ -1347,11 +1374,13 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", @@ -1424,7 +1453,14 @@ ], "parameters": [ { - "$ref": "#/components/parameters/alert_id" + "in": "path", + "name": "alertId", + "description": "An identifier for the alert.", + "required": true, + "schema": { + "type": "string", + "example": "09f0c261e39e36351d75995b78bb83673774d1bc2cca9df2d15f0e5c0a99a540" + } }, { "$ref": "#/components/parameters/space_id" @@ -1437,7 +1473,7 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { "type": "array", "items": { @@ -1496,7 +1532,7 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { "type": "array", "items": { @@ -1604,11 +1640,13 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", @@ -1658,11 +1696,13 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", @@ -1839,7 +1879,7 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { "type": "array", "items": { @@ -1947,11 +1987,13 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", @@ -2001,11 +2043,13 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", @@ -2050,7 +2094,14 @@ "$ref": "#/components/parameters/kbn_xsrf" }, { - "$ref": "#/components/parameters/configuration_id" + "in": "path", + "name": "configurationId", + "description": "An identifier for the configuration.", + "required": true, + "schema": { + "type": "string", + "example": "3297a0f0-b5ec-11ec-b141-0fdb20a7f9a9" + } }, { "$ref": "#/components/parameters/space_id" @@ -2178,7 +2229,7 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { "type": "array", "items": { @@ -2286,11 +2337,13 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", @@ -2340,11 +2393,13 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", @@ -2393,7 +2448,7 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { "type": "array", "items": { @@ -2476,7 +2531,7 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { "type": "array", "items": { @@ -2484,11 +2539,13 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", @@ -2543,7 +2600,7 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { "type": "object", "properties": { @@ -2614,7 +2671,7 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { "type": "array", "items": { @@ -2672,7 +2729,7 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { "type": "object", "properties": { @@ -2687,11 +2744,13 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", @@ -2716,8 +2775,7 @@ "$ref": "#/components/schemas/user_comment_response_properties" } ] - }, - "example": [] + } }, "connector": { "type": "object", @@ -2818,11 +2876,13 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", @@ -2841,7 +2901,8 @@ "duration": { "type": "integer", "description": "The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero.\n", - "example": 120 + "example": 120, + "nullable": true }, "external_service": { "$ref": "#/components/schemas/external_service" @@ -2894,11 +2955,13 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", @@ -2960,7 +3023,7 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { "type": "array", "items": { @@ -2992,7 +3055,7 @@ "post": { "summary": "Adds a comment or alert to a case.", "operationId": "addCaseComment", - "description": "You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're creating.\n", + "description": "You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating.\n", "tags": [ "cases" ], @@ -3011,6 +3074,11 @@ "content": { "application/json": { "schema": { + "title": "Add case comment request", + "description": "The add comment to case API request body varies depending on whether you are adding an alert or a comment.\n", + "discriminator": { + "propertyName": "type" + }, "oneOf": [ { "$ref": "#/components/schemas/add_alert_comment_request_properties" @@ -3019,11 +3087,6 @@ "$ref": "#/components/schemas/add_user_comment_request_properties" } ] - }, - "examples": { - "createCaseCommentRequest": { - "$ref": "#/components/examples/add_comment_request" - } } } } @@ -3032,7 +3095,7 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { "type": "object", "properties": { @@ -3047,11 +3110,13 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", @@ -3076,8 +3141,7 @@ "$ref": "#/components/schemas/user_comment_response_properties" } ] - }, - "example": [] + } }, "connector": { "type": "object", @@ -3178,11 +3242,13 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", @@ -3201,7 +3267,8 @@ "duration": { "type": "integer", "description": "The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero.\n", - "example": 120 + "example": 120, + "nullable": true }, "external_service": { "$ref": "#/components/schemas/external_service" @@ -3254,11 +3321,13 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", @@ -3365,7 +3434,7 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { "type": "object", "properties": { @@ -3380,11 +3449,13 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", @@ -3409,8 +3480,7 @@ "$ref": "#/components/schemas/user_comment_response_properties" } ] - }, - "example": [] + } }, "connector": { "type": "object", @@ -3511,11 +3581,13 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", @@ -3534,7 +3606,8 @@ "duration": { "type": "integer", "description": "The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero.\n", - "example": 120 + "example": 120, + "nullable": true }, "external_service": { "$ref": "#/components/schemas/external_service" @@ -3587,11 +3660,13 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", @@ -3646,7 +3721,7 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { "type": "array", "items": { @@ -3732,7 +3807,7 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { "oneOf": [ { @@ -3788,14 +3863,19 @@ ], "requestBody": { "content": { - "application/json": {} + "application/json": { + "schema": { + "type": "object", + "nullable": true + } + } } }, "responses": { "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { "type": "object", "properties": { @@ -3810,11 +3890,13 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", @@ -3839,8 +3921,7 @@ "$ref": "#/components/schemas/user_comment_response_properties" } ] - }, - "example": [] + } }, "connector": { "type": "object", @@ -3941,11 +4022,13 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", @@ -3964,7 +4047,8 @@ "duration": { "type": "integer", "description": "The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero.\n", - "example": 120 + "example": 120, + "nullable": true }, "external_service": { "$ref": "#/components/schemas/external_service" @@ -4017,11 +4101,13 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", @@ -4083,7 +4169,7 @@ "200": { "description": "Indicates a successful call.", "content": { - "application/json; charset=utf-8": { + "application/json": { "schema": { "type": "array", "items": { @@ -4124,110 +4210,25 @@ "name": "ApiKey" } }, - "parameters": { - "kbn_xsrf": { - "schema": { - "type": "string" - }, - "in": "header", - "name": "kbn-xsrf", - "required": true - }, - "space_id": { - "in": "path", - "name": "spaceId", - "description": "An identifier for the space. If `/s/` and the identifier are omitted from the path, the default space is used.", - "required": true, - "schema": { - "type": "string", - "example": "default" - } - }, - "owner": { - "in": "query", - "name": "owner", - "description": "A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read.\n", - "schema": { - "oneOf": [ - { - "$ref": "#/components/schemas/owners" - }, - { - "type": "array", - "items": { - "$ref": "#/components/schemas/owners" - } - } - ] - }, - "example": "cases" + "schemas": { + "alertCaseCommentRequest": { + "$ref": "#/components/schemas/add_alert_comment_request_properties" }, - "severity": { - "in": "query", - "name": "severity", - "description": "The severity of the case.", - "schema": { - "type": "string", - "enum": [ - "critical", - "high", - "low", - "medium" - ] - } + "alertCaseCommentResponse": { + "$ref": "#/components/schemas/alert_comment_response_properties" }, - "alert_id": { - "in": "path", - "name": "alertId", - "description": "An identifier for the alert.", - "required": true, - "schema": { - "type": "string", - "example": "09f0c261e39e36351d75995b78bb83673774d1bc2cca9df2d15f0e5c0a99a540" - } + "userCaseCommentRequest": { + "$ref": "#/components/schemas/add_user_comment_request_properties" }, - "configuration_id": { - "in": "path", - "name": "configurationId", - "description": "An identifier for the configuration.", - "required": true, - "schema": { - "type": "string", - "example": "3297a0f0-b5ec-11ec-b141-0fdb20a7f9a9" - } + "userCaseCommentResponse": { + "$ref": "#/components/schemas/user_comment_response_properties" }, - "case_id": { - "in": "path", - "name": "caseId", - "description": "The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded.", - "required": true, - "schema": { - "type": "string", - "example": "9c235210-6834-11ea-a78c-6ffb38a34414" - } + "ownerProperty": { + "$ref": "#/components/schemas/owners" }, - "comment_id": { - "in": "path", - "name": "commentId", - "description": "The identifier for the comment. To retrieve comment IDs, use the get case or find cases APIs.\n", - "required": true, - "schema": { - "type": "string", - "example": "71ec1870-725b-11ea-a0b2-c51ea50a58e2" - } + "ruleObject": { + "$ref": "#/components/schemas/rule" }, - "connector_id": { - "in": "path", - "name": "connectorId", - "description": "An identifier for the connector. To retrieve connector IDs, use the find connectors API.", - "required": true, - "schema": { - "type": "string", - "example": "abed3a70-71bd-11ea-a0b2-c51ea50a58e2" - } - } - }, - "schemas": { "connector_types": { "type": "string", "description": "The type of connector.", @@ -4243,6 +4244,7 @@ "example": ".none" }, "owners": { + "title": "Owner applications", "type": "string", "description": "The application that owns the cases: Stack Management, Observability, or Elastic Security.\n", "enum": [ @@ -4274,6 +4276,24 @@ ], "default": "low" }, + "rule": { + "title": "Alerting rule", + "description": "The rule that is associated with the alert. It is required only when `type` is `alert`. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.\n", + "type": "object", + "x-technical-preview": true, + "properties": { + "id": { + "description": "The rule identifier.", + "type": "string", + "example": "94d80550-aaf4-11ec-985f-97e55adae8b9" + }, + "name": { + "description": "The rule name.", + "type": "string", + "example": "security_rule" + } + } + }, "alert_comment_response_properties": { "type": "object", "properties": { @@ -4291,11 +4311,13 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", @@ -4329,11 +4351,13 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", @@ -4347,19 +4371,7 @@ "nullable": true }, "rule": { - "type": "object", - "properties": { - "id": { - "description": "The rule identifier.", - "type": "string", - "example": "94d80550-aaf4-11ec-985f-97e55adae8b9" - }, - "name": { - "description": "The rule name.", - "type": "string", - "example": "security_rule" - } - } + "$ref": "#/components/schemas/rule" }, "type": { "type": "string", @@ -4368,18 +4380,21 @@ "updated_at": { "type": "string", "format": "date-time", - "example": null + "example": null, + "nullable": true }, "updated_by": { "type": "object", "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", @@ -4414,11 +4429,13 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", @@ -4448,11 +4465,13 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", @@ -4481,11 +4500,13 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", @@ -4532,11 +4553,13 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", @@ -4549,7 +4572,8 @@ }, "nullable": true } - } + }, + "nullable": true }, "status": { "type": "string", @@ -4587,6 +4611,8 @@ } }, "add_alert_comment_request_properties": { + "title": "Add case comment request properties for alerts", + "description": "Defines the properties for case comment requests when type is alert", "type": "object", "properties": { "alertId": { @@ -4624,28 +4650,11 @@ "$ref": "#/components/schemas/owners" }, "rule": { - "description": "The rule that is associated with the alert. It is required only when `type` is `alert`. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.\n", - "type": "object", - "x-technical-preview": true, - "properties": { - "id": { - "description": "The rule identifier.", - "type": "string", - "example": "94d80550-aaf4-11ec-985f-97e55adae8b9" - }, - "name": { - "description": "The rule name.", - "type": "string", - "example": "security_rule" - } - } + "$ref": "#/components/schemas/rule" }, "type": { "description": "The type of comment.", "type": "string", - "enum": [ - "alert" - ], "example": "alert" } }, @@ -4658,6 +4667,8 @@ ] }, "add_user_comment_request_properties": { + "title": "Add case comment request properties for user comments", + "description": "Defines the properties for case comment requests when type is user", "type": "object", "properties": { "comment": { @@ -4669,11 +4680,8 @@ "$ref": "#/components/schemas/owners" }, "type": { - "type": "string", "description": "The type of comment.", - "enum": [ - "user" - ], + "type": "string", "example": "user" } }, @@ -4726,21 +4734,7 @@ "$ref": "#/components/schemas/owners" }, "rule": { - "description": "The rule that is associated with the alert. It is required only when `type` is `alert`. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.\n", - "type": "object", - "x-technical-preview": true, - "properties": { - "id": { - "description": "The rule identifier.", - "type": "string", - "example": "94d80550-aaf4-11ec-985f-97e55adae8b9" - }, - "name": { - "description": "The rule name.", - "type": "string", - "example": "security_rule" - } - } + "$ref": "#/components/schemas/rule" }, "type": { "description": "The type of comment.", @@ -4804,17 +4798,6 @@ "version" ] }, - "actions": { - "type": "string", - "enum": [ - "add", - "create", - "delete", - "push_to_service", - "update" - ], - "example": "create" - }, "payload_alert_comment": { "type": "object", "properties": { @@ -4853,19 +4836,7 @@ "$ref": "#/components/schemas/owners" }, "rule": { - "type": "object", - "properties": { - "id": { - "description": "The rule identifier.", - "type": "string", - "example": "94d80550-aaf4-11ec-985f-97e55adae8b9" - }, - "name": { - "description": "The rule name.", - "type": "string", - "example": "security_rule" - } - } + "$ref": "#/components/schemas/rule" }, "type": { "type": "string", @@ -5176,29 +5147,19 @@ } } }, - "action_types": { - "type": "string", - "description": "The type of action.", - "enum": [ - "create_case", - "comment", - "connector", - "delete_case", - "description", - "pushed", - "tags", - "title", - "status", - "settings", - "severity" - ], - "example": "create_case" - }, "user_actions_response_properties": { "type": "object", "properties": { "action": { - "$ref": "#/components/schemas/actions" + "type": "string", + "enum": [ + "add", + "create", + "delete", + "push_to_service", + "update" + ], + "example": "create" }, "action_id": { "type": "string", @@ -5222,11 +5183,13 @@ "properties": { "email": { "type": "string", - "example": null + "example": null, + "nullable": true }, "full_name": { "type": "string", - "example": null + "example": null, + "nullable": true }, "username": { "type": "string", @@ -5280,11 +5243,95 @@ "nullable": true }, "type": { - "$ref": "#/components/schemas/action_types" + "type": "string", + "description": "The type of action.", + "enum": [ + "create_case", + "comment", + "connector", + "delete_case", + "description", + "pushed", + "tags", + "title", + "status", + "settings", + "severity" + ], + "example": "create_case" } } } }, + "parameters": { + "kbn_xsrf": { + "schema": { + "type": "string" + }, + "in": "header", + "name": "kbn-xsrf", + "required": true + }, + "space_id": { + "in": "path", + "name": "spaceId", + "description": "An identifier for the space. If `/s/` and the identifier are omitted from the path, the default space is used.", + "required": true, + "schema": { + "type": "string", + "example": "default" + } + }, + "owner": { + "in": "query", + "name": "owner", + "description": "A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read.\n", + "schema": { + "oneOf": [ + { + "$ref": "#/components/schemas/owners" + }, + { + "type": "array", + "items": { + "$ref": "#/components/schemas/owners" + } + } + ] + }, + "example": "cases" + }, + "case_id": { + "in": "path", + "name": "caseId", + "description": "The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded.", + "required": true, + "schema": { + "type": "string", + "example": "9c235210-6834-11ea-a78c-6ffb38a34414" + } + }, + "comment_id": { + "in": "path", + "name": "commentId", + "description": "The identifier for the comment. To retrieve comment IDs, use the get case or find cases APIs.\n", + "required": true, + "schema": { + "type": "string", + "example": "71ec1870-725b-11ea-a0b2-c51ea50a58e2" + } + }, + "connector_id": { + "in": "path", + "name": "connectorId", + "description": "An identifier for the connector. To retrieve connector IDs, use the find connectors API.", + "required": true, + "schema": { + "type": "string", + "example": "abed3a70-71bd-11ea-a0b2-c51ea50a58e2" + } + } + }, "examples": { "create_case_request": { "summary": "Create a security case that uses a Jira connector.", @@ -5621,14 +5668,6 @@ } ] }, - "add_comment_request": { - "summary": "Adds a comment to a case.", - "value": { - "type": "user", - "comment": "A new comment.", - "owner": "cases" - } - }, "add_comment_response": { "summary": "The add comment to case API returns a JSON object that contains details about the case and its comments.", "value": { diff --git a/x-pack/plugins/cases/docs/openapi/bundled.yaml b/x-pack/plugins/cases/docs/openapi/bundled.yaml index 7f02703b161a6..b24510f2f90fa 100644 --- a/x-pack/plugins/cases/docs/openapi/bundled.yaml +++ b/x-pack/plugins/cases/docs/openapi/bundled.yaml @@ -21,11 +21,8 @@ paths: post: summary: Creates a case. operationId: createCase - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the - Kibana feature privileges, depending on the owner of the case you're - creating. + description: | + You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're creating. tags: - cases parameters: @@ -42,10 +39,7 @@ paths: type: object properties: fields: - description: >- - An object containing the connector fields. To create a - case without a connector, specify null. If you want to - omit any individual field, specify null as its value. + description: An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value. nullable: true type: object properties: @@ -53,19 +47,13 @@ paths: description: The case identifier for Swimlane connectors. type: string category: - description: >- - The category of the incident for ServiceNow ITSM and - ServiceNow SecOps connectors. + description: The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. type: string destIp: - description: >- - A comma-separated list of destination IPs for - ServiceNow SecOps connectors. + description: A comma-separated list of destination IPs for ServiceNow SecOps connectors. type: string impact: - description: >- - The effect an incident had on business for - ServiceNow ITSM connectors. + description: The effect an incident had on business for ServiceNow ITSM connectors. type: string issueType: description: The type of issue for Jira connectors. @@ -76,61 +64,39 @@ paths: items: type: number malwareHash: - description: >- - A comma-separated list of malware hashes for - ServiceNow SecOps connectors. + description: A comma-separated list of malware hashes for ServiceNow SecOps connectors. type: string malwareUrl: - description: >- - A comma-separated list of malware URLs for - ServiceNow SecOps connectors. + description: A comma-separated list of malware URLs for ServiceNow SecOps connectors. type: string parent: - description: >- - The key of the parent issue, when the issue type is - sub-task for Jira connectors. + description: The key of the parent issue, when the issue type is sub-task for Jira connectors. type: string priority: - description: >- - The priority of the issue for Jira and ServiceNow - SecOps connectors. + description: The priority of the issue for Jira and ServiceNow SecOps connectors. type: string severity: - description: >- - The severity of the incident for ServiceNow ITSM - connectors. + description: The severity of the incident for ServiceNow ITSM connectors. type: string severityCode: - description: >- - The severity code of the incident for IBM Resilient - connectors. + description: The severity code of the incident for IBM Resilient connectors. type: number sourceIp: - description: >- - A comma-separated list of source IPs for ServiceNow - SecOps connectors. + description: A comma-separated list of source IPs for ServiceNow SecOps connectors. type: string subcategory: - description: >- - The subcategory of the incident for ServiceNow ITSM - connectors. + description: The subcategory of the incident for ServiceNow ITSM connectors. type: string urgency: - description: >- - The extent to which the incident resolution can be - delayed for ServiceNow ITSM connectors. + description: The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors. type: string example: null id: - description: >- - The identifier for the connector. To create a case - without a connector, use `none`. + description: The identifier for the connector. To create a case without a connector, use `none`. type: string example: none name: - description: >- - The name of the connector. To create a case without a - connector, use `none`. + description: The name of the connector. To create a case without a connector, use `none`. type: string example: none type: @@ -150,9 +116,7 @@ paths: severity: $ref: '#/components/schemas/severity_property' tags: - description: >- - The words and phrases that help categorize cases. It can be - an empty array. + description: The words and phrases that help categorize cases. It can be an empty array. type: array items: type: string @@ -173,7 +137,7 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: object properties: @@ -188,9 +152,11 @@ paths: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic @@ -203,19 +169,13 @@ paths: type: array items: oneOf: - - $ref: >- - #/components/schemas/alert_comment_response_properties - - $ref: >- - #/components/schemas/user_comment_response_properties - example: [] + - $ref: '#/components/schemas/alert_comment_response_properties' + - $ref: '#/components/schemas/user_comment_response_properties' connector: type: object properties: fields: - description: >- - An object containing the connector fields. To create a - case without a connector, specify null. If you want to - omit any individual field, specify null as its value. + description: An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value. nullable: true type: object properties: @@ -223,19 +183,13 @@ paths: description: The case identifier for Swimlane connectors. type: string category: - description: >- - The category of the incident for ServiceNow ITSM - and ServiceNow SecOps connectors. + description: The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. type: string destIp: - description: >- - A comma-separated list of destination IPs for - ServiceNow SecOps connectors. + description: A comma-separated list of destination IPs for ServiceNow SecOps connectors. type: string impact: - description: >- - The effect an incident had on business for - ServiceNow ITSM connectors. + description: The effect an incident had on business for ServiceNow ITSM connectors. type: string issueType: description: The type of issue for Jira connectors. @@ -246,61 +200,39 @@ paths: items: type: number malwareHash: - description: >- - A comma-separated list of malware hashes for - ServiceNow SecOps connectors. + description: A comma-separated list of malware hashes for ServiceNow SecOps connectors. type: string malwareUrl: - description: >- - A comma-separated list of malware URLs for - ServiceNow SecOps connectors. + description: A comma-separated list of malware URLs for ServiceNow SecOps connectors. type: string parent: - description: >- - The key of the parent issue, when the issue type - is sub-task for Jira connectors. + description: The key of the parent issue, when the issue type is sub-task for Jira connectors. type: string priority: - description: >- - The priority of the issue for Jira and ServiceNow - SecOps connectors. + description: The priority of the issue for Jira and ServiceNow SecOps connectors. type: string severity: - description: >- - The severity of the incident for ServiceNow ITSM - connectors. + description: The severity of the incident for ServiceNow ITSM connectors. type: string severityCode: - description: >- - The severity code of the incident for IBM - Resilient connectors. + description: The severity code of the incident for IBM Resilient connectors. type: number sourceIp: - description: >- - A comma-separated list of source IPs for - ServiceNow SecOps connectors. + description: A comma-separated list of source IPs for ServiceNow SecOps connectors. type: string subcategory: - description: >- - The subcategory of the incident for ServiceNow - ITSM connectors. + description: The subcategory of the incident for ServiceNow ITSM connectors. type: string urgency: - description: >- - The extent to which the incident resolution can be - delayed for ServiceNow ITSM connectors. + description: The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors. type: string example: null id: - description: >- - The identifier for the connector. To create a case - without a connector, use `none`. + description: The identifier for the connector. To create a case without a connector, use `none`. type: string example: none name: - description: >- - The name of the connector. To create a case without a - connector, use `none`. + description: The name of the connector. To create a case without a connector, use `none`. type: string example: none type: @@ -315,9 +247,11 @@ paths: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic @@ -329,12 +263,10 @@ paths: example: A case description. duration: type: integer - description: > - The elapsed time from the creation of the case to its - closure (in seconds). If the case has not been closed, the - duration is set to null. If the case was closed after less - than half a second, the duration is rounded down to zero. + description: | + The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero. example: 120 + nullable: true external_service: $ref: '#/components/schemas/external_service' id: @@ -374,9 +306,11 @@ paths: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic @@ -396,20 +330,15 @@ paths: delete: summary: Deletes one or more cases. operationId: deleteCase - description: > - You must have `read` or `all` privileges and the `delete` sub-feature - privilege for the **Cases** feature in the **Management**, - **Observability**, or **Security** section of the Kibana feature - privileges, depending on the owner of the cases you're deleting. + description: | + You must have `read` or `all` privileges and the `delete` sub-feature privilege for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting. tags: - cases parameters: - $ref: '#/components/parameters/kbn_xsrf' - $ref: '#/components/parameters/space_id' - name: ids - description: >- - The cases that you want to removed. All non-ASCII characters must be - URL encoded. + description: The cases that you want to removed. All non-ASCII characters must be URL encoded. in: query required: true schema: @@ -423,11 +352,8 @@ paths: patch: summary: Updates one or more cases. operationId: updateCase - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the - Kibana feature privileges, depending on the owner of the case you're - updating. + description: | + You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating. tags: - cases parameters: @@ -449,11 +375,7 @@ paths: type: object properties: fields: - description: >- - An object containing the connector fields. To - create a case without a connector, specify null. - If you want to omit any individual field, specify - null as its value. + description: An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value. nullable: true type: object properties: @@ -461,86 +383,56 @@ paths: description: The case identifier for Swimlane connectors. type: string category: - description: >- - The category of the incident for ServiceNow - ITSM and ServiceNow SecOps connectors. + description: The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. type: string destIp: - description: >- - A comma-separated list of destination IPs for - ServiceNow SecOps connectors. + description: A comma-separated list of destination IPs for ServiceNow SecOps connectors. type: string impact: - description: >- - The effect an incident had on business for - ServiceNow ITSM connectors. + description: The effect an incident had on business for ServiceNow ITSM connectors. type: string issueType: description: The type of issue for Jira connectors. type: string issueTypes: - description: >- - The type of incident for IBM Resilient - connectors. + description: The type of incident for IBM Resilient connectors. type: array items: type: number malwareHash: - description: >- - A comma-separated list of malware hashes for - ServiceNow SecOps connectors. + description: A comma-separated list of malware hashes for ServiceNow SecOps connectors. type: string malwareUrl: - description: >- - A comma-separated list of malware URLs for - ServiceNow SecOps connectors. + description: A comma-separated list of malware URLs for ServiceNow SecOps connectors. type: string parent: - description: >- - The key of the parent issue, when the issue - type is sub-task for Jira connectors. + description: The key of the parent issue, when the issue type is sub-task for Jira connectors. type: string priority: - description: >- - The priority of the issue for Jira and - ServiceNow SecOps connectors. + description: The priority of the issue for Jira and ServiceNow SecOps connectors. type: string severity: - description: >- - The severity of the incident for ServiceNow - ITSM connectors. + description: The severity of the incident for ServiceNow ITSM connectors. type: string severityCode: - description: >- - The severity code of the incident for IBM - Resilient connectors. + description: The severity code of the incident for IBM Resilient connectors. type: number sourceIp: - description: >- - A comma-separated list of source IPs for - ServiceNow SecOps connectors. + description: A comma-separated list of source IPs for ServiceNow SecOps connectors. type: string subcategory: - description: >- - The subcategory of the incident for ServiceNow - ITSM connectors. + description: The subcategory of the incident for ServiceNow ITSM connectors. type: string urgency: - description: >- - The extent to which the incident resolution - can be delayed for ServiceNow ITSM connectors. + description: The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors. type: string example: null id: - description: >- - The identifier for the connector. To create a case - without a connector, use `none`. + description: The identifier for the connector. To create a case without a connector, use `none`. type: string example: none name: - description: >- - The name of the connector. To create a case - without a connector, use `none`. + description: The name of the connector. To create a case without a connector, use `none`. type: string example: none type: @@ -583,7 +475,7 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: object properties: @@ -598,9 +490,11 @@ paths: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic @@ -613,19 +507,13 @@ paths: type: array items: oneOf: - - $ref: >- - #/components/schemas/alert_comment_response_properties - - $ref: >- - #/components/schemas/user_comment_response_properties - example: [] + - $ref: '#/components/schemas/alert_comment_response_properties' + - $ref: '#/components/schemas/user_comment_response_properties' connector: type: object properties: fields: - description: >- - An object containing the connector fields. To create a - case without a connector, specify null. If you want to - omit any individual field, specify null as its value. + description: An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value. nullable: true type: object properties: @@ -633,19 +521,13 @@ paths: description: The case identifier for Swimlane connectors. type: string category: - description: >- - The category of the incident for ServiceNow ITSM - and ServiceNow SecOps connectors. + description: The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. type: string destIp: - description: >- - A comma-separated list of destination IPs for - ServiceNow SecOps connectors. + description: A comma-separated list of destination IPs for ServiceNow SecOps connectors. type: string impact: - description: >- - The effect an incident had on business for - ServiceNow ITSM connectors. + description: The effect an incident had on business for ServiceNow ITSM connectors. type: string issueType: description: The type of issue for Jira connectors. @@ -656,61 +538,39 @@ paths: items: type: number malwareHash: - description: >- - A comma-separated list of malware hashes for - ServiceNow SecOps connectors. + description: A comma-separated list of malware hashes for ServiceNow SecOps connectors. type: string malwareUrl: - description: >- - A comma-separated list of malware URLs for - ServiceNow SecOps connectors. + description: A comma-separated list of malware URLs for ServiceNow SecOps connectors. type: string parent: - description: >- - The key of the parent issue, when the issue type - is sub-task for Jira connectors. + description: The key of the parent issue, when the issue type is sub-task for Jira connectors. type: string priority: - description: >- - The priority of the issue for Jira and ServiceNow - SecOps connectors. + description: The priority of the issue for Jira and ServiceNow SecOps connectors. type: string severity: - description: >- - The severity of the incident for ServiceNow ITSM - connectors. + description: The severity of the incident for ServiceNow ITSM connectors. type: string severityCode: - description: >- - The severity code of the incident for IBM - Resilient connectors. + description: The severity code of the incident for IBM Resilient connectors. type: number sourceIp: - description: >- - A comma-separated list of source IPs for - ServiceNow SecOps connectors. + description: A comma-separated list of source IPs for ServiceNow SecOps connectors. type: string subcategory: - description: >- - The subcategory of the incident for ServiceNow - ITSM connectors. + description: The subcategory of the incident for ServiceNow ITSM connectors. type: string urgency: - description: >- - The extent to which the incident resolution can be - delayed for ServiceNow ITSM connectors. + description: The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors. type: string example: null id: - description: >- - The identifier for the connector. To create a case - without a connector, use `none`. + description: The identifier for the connector. To create a case without a connector, use `none`. type: string example: none name: - description: >- - The name of the connector. To create a case without a - connector, use `none`. + description: The name of the connector. To create a case without a connector, use `none`. type: string example: none type: @@ -725,9 +585,11 @@ paths: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic @@ -739,12 +601,10 @@ paths: example: A case description. duration: type: integer - description: > - The elapsed time from the creation of the case to its - closure (in seconds). If the case has not been closed, the - duration is set to null. If the case was closed after less - than half a second, the duration is rounded down to zero. + description: | + The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero. example: 120 + nullable: true external_service: $ref: '#/components/schemas/external_service' id: @@ -784,9 +644,11 @@ paths: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic @@ -809,10 +671,8 @@ paths: get: summary: Retrieves a paginated subset of cases. operationId: getCases - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're seeking. + description: | + You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. tags: - cases parameters: @@ -833,13 +693,8 @@ paths: type: string - name: from in: query - description: > - [preview] Returns only cases that were created after a specific - date. The date must be specified as a KQL data range or date match - expression. This functionality is in technical preview and may be - changed or removed in a future release. Elastic will apply best - effort to fix any issues, but features in technical preview are not - subject to the support SLA of official GA features. + description: | + [preview] Returns only cases that were created after a specific date. The date must be specified as a KQL data range or date match expression. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. schema: type: string example: now-1d @@ -870,9 +725,7 @@ paths: example: elastic - name: search in: query - description: >- - An Elasticsearch simple_query_string query that filters the objects - in the response. + description: An Elasticsearch simple_query_string query that filters the objects in the response. schema: type: string - name: searchFields @@ -884,7 +737,16 @@ paths: - type: array items: type: string - - $ref: '#/components/parameters/severity' + - in: query + name: severity + description: The severity of the case. + schema: + type: string + enum: + - critical + - high + - low + - medium - name: sortField in: query description: Determines which field is used to sort the results. @@ -927,13 +789,8 @@ paths: example: tag-1 - name: to in: query - description: > - [preview] Returns only cases that were created before a specific - date. The date must be specified as a KQL data range or date match - expression. This functionality is in technical preview and may be - changed or removed in a future release. Elastic will apply best - effort to fix any issues, but features in technical preview are not - subject to the support SLA of official GA features. + description: | + [preview] Returns only cases that were created before a specific date. The date must be specified as a KQL data range or date match expression. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. schema: type: string example: now+1d @@ -941,7 +798,7 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: object properties: @@ -961,9 +818,11 @@ paths: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic @@ -976,20 +835,13 @@ paths: type: array items: oneOf: - - $ref: >- - #/components/schemas/alert_comment_response_properties - - $ref: >- - #/components/schemas/user_comment_response_properties - example: [] + - $ref: '#/components/schemas/alert_comment_response_properties' + - $ref: '#/components/schemas/user_comment_response_properties' connector: type: object properties: fields: - description: >- - An object containing the connector fields. To - create a case without a connector, specify null. - If you want to omit any individual field, - specify null as its value. + description: An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value. nullable: true type: object properties: @@ -997,87 +849,56 @@ paths: description: The case identifier for Swimlane connectors. type: string category: - description: >- - The category of the incident for ServiceNow - ITSM and ServiceNow SecOps connectors. + description: The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. type: string destIp: - description: >- - A comma-separated list of destination IPs - for ServiceNow SecOps connectors. + description: A comma-separated list of destination IPs for ServiceNow SecOps connectors. type: string impact: - description: >- - The effect an incident had on business for - ServiceNow ITSM connectors. + description: The effect an incident had on business for ServiceNow ITSM connectors. type: string issueType: description: The type of issue for Jira connectors. type: string issueTypes: - description: >- - The type of incident for IBM Resilient - connectors. + description: The type of incident for IBM Resilient connectors. type: array items: type: number malwareHash: - description: >- - A comma-separated list of malware hashes for - ServiceNow SecOps connectors. + description: A comma-separated list of malware hashes for ServiceNow SecOps connectors. type: string malwareUrl: - description: >- - A comma-separated list of malware URLs for - ServiceNow SecOps connectors. + description: A comma-separated list of malware URLs for ServiceNow SecOps connectors. type: string parent: - description: >- - The key of the parent issue, when the issue - type is sub-task for Jira connectors. + description: The key of the parent issue, when the issue type is sub-task for Jira connectors. type: string priority: - description: >- - The priority of the issue for Jira and - ServiceNow SecOps connectors. + description: The priority of the issue for Jira and ServiceNow SecOps connectors. type: string severity: - description: >- - The severity of the incident for ServiceNow - ITSM connectors. + description: The severity of the incident for ServiceNow ITSM connectors. type: string severityCode: - description: >- - The severity code of the incident for IBM - Resilient connectors. + description: The severity code of the incident for IBM Resilient connectors. type: number sourceIp: - description: >- - A comma-separated list of source IPs for - ServiceNow SecOps connectors. + description: A comma-separated list of source IPs for ServiceNow SecOps connectors. type: string subcategory: - description: >- - The subcategory of the incident for - ServiceNow ITSM connectors. + description: The subcategory of the incident for ServiceNow ITSM connectors. type: string urgency: - description: >- - The extent to which the incident resolution - can be delayed for ServiceNow ITSM - connectors. + description: The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors. type: string example: null id: - description: >- - The identifier for the connector. To create a - case without a connector, use `none`. + description: The identifier for the connector. To create a case without a connector, use `none`. type: string example: none name: - description: >- - The name of the connector. To create a case - without a connector, use `none`. + description: The name of the connector. To create a case without a connector, use `none`. type: string example: none type: @@ -1092,9 +913,11 @@ paths: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic @@ -1106,13 +929,10 @@ paths: example: A case description. duration: type: integer - description: > - The elapsed time from the creation of the case to - its closure (in seconds). If the case has not been - closed, the duration is set to null. If the case was - closed after less than half a second, the duration - is rounded down to zero. + description: | + The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero. example: 120 + nullable: true external_service: $ref: '#/components/schemas/external_service' id: @@ -1152,9 +972,11 @@ paths: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic @@ -1189,22 +1011,26 @@ paths: get: summary: Returns the cases associated with a specific alert. operationId: getCasesByAlert - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're seeking. + description: | + You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. x-technical-preview: true tags: - cases parameters: - - $ref: '#/components/parameters/alert_id' + - in: path + name: alertId + description: An identifier for the alert. + required: true + schema: + type: string + example: 09f0c261e39e36351d75995b78bb83673774d1bc2cca9df2d15f0e5c0a99a540 - $ref: '#/components/parameters/space_id' - $ref: '#/components/parameters/owner' responses: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: array items: @@ -1225,14 +1051,10 @@ paths: - url: https://localhost:5601 /s/{spaceId}/api/cases/configure: get: - summary: >- - Retrieves external connection details, such as the closure type and - default connector for cases. + summary: Retrieves external connection details, such as the closure type and default connector for cases. operationId: getCaseConfiguration - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case configuration. + description: | + You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case configuration. tags: - cases parameters: @@ -1242,7 +1064,7 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: array items: @@ -1254,11 +1076,7 @@ paths: type: object properties: fields: - description: >- - An object containing the connector fields. To create - a case without a connector, specify null. If you - want to omit any individual field, specify null as - its value. + description: An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value. nullable: true type: object properties: @@ -1266,86 +1084,56 @@ paths: description: The case identifier for Swimlane connectors. type: string category: - description: >- - The category of the incident for ServiceNow ITSM - and ServiceNow SecOps connectors. + description: The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. type: string destIp: - description: >- - A comma-separated list of destination IPs for - ServiceNow SecOps connectors. + description: A comma-separated list of destination IPs for ServiceNow SecOps connectors. type: string impact: - description: >- - The effect an incident had on business for - ServiceNow ITSM connectors. + description: The effect an incident had on business for ServiceNow ITSM connectors. type: string issueType: description: The type of issue for Jira connectors. type: string issueTypes: - description: >- - The type of incident for IBM Resilient - connectors. + description: The type of incident for IBM Resilient connectors. type: array items: type: number malwareHash: - description: >- - A comma-separated list of malware hashes for - ServiceNow SecOps connectors. + description: A comma-separated list of malware hashes for ServiceNow SecOps connectors. type: string malwareUrl: - description: >- - A comma-separated list of malware URLs for - ServiceNow SecOps connectors. + description: A comma-separated list of malware URLs for ServiceNow SecOps connectors. type: string parent: - description: >- - The key of the parent issue, when the issue type - is sub-task for Jira connectors. + description: The key of the parent issue, when the issue type is sub-task for Jira connectors. type: string priority: - description: >- - The priority of the issue for Jira and - ServiceNow SecOps connectors. + description: The priority of the issue for Jira and ServiceNow SecOps connectors. type: string severity: - description: >- - The severity of the incident for ServiceNow ITSM - connectors. + description: The severity of the incident for ServiceNow ITSM connectors. type: string severityCode: - description: >- - The severity code of the incident for IBM - Resilient connectors. + description: The severity code of the incident for IBM Resilient connectors. type: number sourceIp: - description: >- - A comma-separated list of source IPs for - ServiceNow SecOps connectors. + description: A comma-separated list of source IPs for ServiceNow SecOps connectors. type: string subcategory: - description: >- - The subcategory of the incident for ServiceNow - ITSM connectors. + description: The subcategory of the incident for ServiceNow ITSM connectors. type: string urgency: - description: >- - The extent to which the incident resolution can - be delayed for ServiceNow ITSM connectors. + description: The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors. type: string example: null id: - description: >- - The identifier for the connector. To create a case - without a connector, use `none`. + description: The identifier for the connector. To create a case without a connector, use `none`. type: string example: none name: - description: >- - The name of the connector. To create a case without - a connector, use `none`. + description: The name of the connector. To create a case without a connector, use `none`. type: string example: none type: @@ -1360,9 +1148,11 @@ paths: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic @@ -1399,9 +1189,11 @@ paths: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic @@ -1412,19 +1204,10 @@ paths: servers: - url: https://localhost:5601 post: - summary: >- - Sets external connection details, such as the closure type and default - connector for cases. + summary: Sets external connection details, such as the closure type and default connector for cases. operationId: setCaseConfiguration - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case configuration. - Connectors are used to interface with external systems. You must create - a connector before you can use it in your cases. Refer to the add - connectors API. If you set a default connector, it is automatically - selected when you create cases in Kibana. If you use the create case - API, however, you must still specify all of the connector details. + description: | + You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case configuration. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. Refer to the add connectors API. If you set a default connector, it is automatically selected when you create cases in Kibana. If you use the create case API, however, you must still specify all of the connector details. tags: - cases parameters: @@ -1443,10 +1226,7 @@ paths: type: object properties: fields: - description: >- - An object containing the connector fields. To create a - case without a connector, specify null. If you want to - omit any individual field, specify null as its value. + description: An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value. nullable: true type: object properties: @@ -1454,19 +1234,13 @@ paths: description: The case identifier for Swimlane connectors. type: string category: - description: >- - The category of the incident for ServiceNow ITSM and - ServiceNow SecOps connectors. + description: The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. type: string destIp: - description: >- - A comma-separated list of destination IPs for - ServiceNow SecOps connectors. + description: A comma-separated list of destination IPs for ServiceNow SecOps connectors. type: string impact: - description: >- - The effect an incident had on business for - ServiceNow ITSM connectors. + description: The effect an incident had on business for ServiceNow ITSM connectors. type: string issueType: description: The type of issue for Jira connectors. @@ -1477,61 +1251,39 @@ paths: items: type: number malwareHash: - description: >- - A comma-separated list of malware hashes for - ServiceNow SecOps connectors. + description: A comma-separated list of malware hashes for ServiceNow SecOps connectors. type: string malwareUrl: - description: >- - A comma-separated list of malware URLs for - ServiceNow SecOps connectors. + description: A comma-separated list of malware URLs for ServiceNow SecOps connectors. type: string parent: - description: >- - The key of the parent issue, when the issue type is - sub-task for Jira connectors. + description: The key of the parent issue, when the issue type is sub-task for Jira connectors. type: string priority: - description: >- - The priority of the issue for Jira and ServiceNow - SecOps connectors. + description: The priority of the issue for Jira and ServiceNow SecOps connectors. type: string severity: - description: >- - The severity of the incident for ServiceNow ITSM - connectors. + description: The severity of the incident for ServiceNow ITSM connectors. type: string severityCode: - description: >- - The severity code of the incident for IBM Resilient - connectors. + description: The severity code of the incident for IBM Resilient connectors. type: number sourceIp: - description: >- - A comma-separated list of source IPs for ServiceNow - SecOps connectors. + description: A comma-separated list of source IPs for ServiceNow SecOps connectors. type: string subcategory: - description: >- - The subcategory of the incident for ServiceNow ITSM - connectors. + description: The subcategory of the incident for ServiceNow ITSM connectors. type: string urgency: - description: >- - The extent to which the incident resolution can be - delayed for ServiceNow ITSM connectors. + description: The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors. type: string example: null id: - description: >- - The identifier for the connector. To create a case - without a connector, use `none`. + description: The identifier for the connector. To create a case without a connector, use `none`. type: string example: none name: - description: >- - The name of the connector. To create a case without a - connector, use `none`. + description: The name of the connector. To create a case without a connector, use `none`. type: string example: none type: @@ -1561,7 +1313,7 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: array items: @@ -1573,11 +1325,7 @@ paths: type: object properties: fields: - description: >- - An object containing the connector fields. To create - a case without a connector, specify null. If you - want to omit any individual field, specify null as - its value. + description: An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value. nullable: true type: object properties: @@ -1585,86 +1333,56 @@ paths: description: The case identifier for Swimlane connectors. type: string category: - description: >- - The category of the incident for ServiceNow ITSM - and ServiceNow SecOps connectors. + description: The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. type: string destIp: - description: >- - A comma-separated list of destination IPs for - ServiceNow SecOps connectors. + description: A comma-separated list of destination IPs for ServiceNow SecOps connectors. type: string impact: - description: >- - The effect an incident had on business for - ServiceNow ITSM connectors. + description: The effect an incident had on business for ServiceNow ITSM connectors. type: string issueType: description: The type of issue for Jira connectors. type: string issueTypes: - description: >- - The type of incident for IBM Resilient - connectors. + description: The type of incident for IBM Resilient connectors. type: array items: type: number malwareHash: - description: >- - A comma-separated list of malware hashes for - ServiceNow SecOps connectors. + description: A comma-separated list of malware hashes for ServiceNow SecOps connectors. type: string malwareUrl: - description: >- - A comma-separated list of malware URLs for - ServiceNow SecOps connectors. + description: A comma-separated list of malware URLs for ServiceNow SecOps connectors. type: string parent: - description: >- - The key of the parent issue, when the issue type - is sub-task for Jira connectors. + description: The key of the parent issue, when the issue type is sub-task for Jira connectors. type: string priority: - description: >- - The priority of the issue for Jira and - ServiceNow SecOps connectors. + description: The priority of the issue for Jira and ServiceNow SecOps connectors. type: string severity: - description: >- - The severity of the incident for ServiceNow ITSM - connectors. + description: The severity of the incident for ServiceNow ITSM connectors. type: string severityCode: - description: >- - The severity code of the incident for IBM - Resilient connectors. + description: The severity code of the incident for IBM Resilient connectors. type: number sourceIp: - description: >- - A comma-separated list of source IPs for - ServiceNow SecOps connectors. + description: A comma-separated list of source IPs for ServiceNow SecOps connectors. type: string subcategory: - description: >- - The subcategory of the incident for ServiceNow - ITSM connectors. + description: The subcategory of the incident for ServiceNow ITSM connectors. type: string urgency: - description: >- - The extent to which the incident resolution can - be delayed for ServiceNow ITSM connectors. + description: The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors. type: string example: null id: - description: >- - The identifier for the connector. To create a case - without a connector, use `none`. + description: The identifier for the connector. To create a case without a connector, use `none`. type: string example: none name: - description: >- - The name of the connector. To create a case without - a connector, use `none`. + description: The name of the connector. To create a case without a connector, use `none`. type: string example: none type: @@ -1679,9 +1397,11 @@ paths: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic @@ -1718,9 +1438,11 @@ paths: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic @@ -1734,22 +1456,21 @@ paths: - url: https://localhost:5601 /s/{spaceId}/api/cases/configure/{configurationId}: patch: - summary: >- - Updates external connection details, such as the closure type and - default connector for cases. + summary: Updates external connection details, such as the closure type and default connector for cases. operationId: updateCaseConfiguration - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case configuration. - Connectors are used to interface with external systems. You must create - a connector before you can use it in your cases. Refer to the add - connectors API. + description: | + You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case configuration. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. Refer to the add connectors API. tags: - cases parameters: - $ref: '#/components/parameters/kbn_xsrf' - - $ref: '#/components/parameters/configuration_id' + - in: path + name: configurationId + description: An identifier for the configuration. + required: true + schema: + type: string + example: 3297a0f0-b5ec-11ec-b141-0fdb20a7f9a9 - $ref: '#/components/parameters/space_id' requestBody: content: @@ -1764,10 +1485,7 @@ paths: type: object properties: fields: - description: >- - An object containing the connector fields. To create a - case without a connector, specify null. If you want to - omit any individual field, specify null as its value. + description: An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value. nullable: true type: object properties: @@ -1775,19 +1493,13 @@ paths: description: The case identifier for Swimlane connectors. type: string category: - description: >- - The category of the incident for ServiceNow ITSM and - ServiceNow SecOps connectors. + description: The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. type: string destIp: - description: >- - A comma-separated list of destination IPs for - ServiceNow SecOps connectors. + description: A comma-separated list of destination IPs for ServiceNow SecOps connectors. type: string impact: - description: >- - The effect an incident had on business for - ServiceNow ITSM connectors. + description: The effect an incident had on business for ServiceNow ITSM connectors. type: string issueType: description: The type of issue for Jira connectors. @@ -1798,61 +1510,39 @@ paths: items: type: number malwareHash: - description: >- - A comma-separated list of malware hashes for - ServiceNow SecOps connectors. + description: A comma-separated list of malware hashes for ServiceNow SecOps connectors. type: string malwareUrl: - description: >- - A comma-separated list of malware URLs for - ServiceNow SecOps connectors. + description: A comma-separated list of malware URLs for ServiceNow SecOps connectors. type: string parent: - description: >- - The key of the parent issue, when the issue type is - sub-task for Jira connectors. + description: The key of the parent issue, when the issue type is sub-task for Jira connectors. type: string priority: - description: >- - The priority of the issue for Jira and ServiceNow - SecOps connectors. + description: The priority of the issue for Jira and ServiceNow SecOps connectors. type: string severity: - description: >- - The severity of the incident for ServiceNow ITSM - connectors. + description: The severity of the incident for ServiceNow ITSM connectors. type: string severityCode: - description: >- - The severity code of the incident for IBM Resilient - connectors. + description: The severity code of the incident for IBM Resilient connectors. type: number sourceIp: - description: >- - A comma-separated list of source IPs for ServiceNow - SecOps connectors. + description: A comma-separated list of source IPs for ServiceNow SecOps connectors. type: string subcategory: - description: >- - The subcategory of the incident for ServiceNow ITSM - connectors. + description: The subcategory of the incident for ServiceNow ITSM connectors. type: string urgency: - description: >- - The extent to which the incident resolution can be - delayed for ServiceNow ITSM connectors. + description: The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors. type: string example: null id: - description: >- - The identifier for the connector. To create a case - without a connector, use `none`. + description: The identifier for the connector. To create a case without a connector, use `none`. type: string example: none name: - description: >- - The name of the connector. To create a case without a - connector, use `none`. + description: The name of the connector. To create a case without a connector, use `none`. type: string example: none type: @@ -1863,9 +1553,8 @@ paths: - name - type version: - description: > - The version of the connector. To retrieve the version value, - use the get configuration API. + description: | + The version of the connector. To retrieve the version value, use the get configuration API. type: string example: WzIwMiwxXQ== required: @@ -1874,7 +1563,7 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: array items: @@ -1886,11 +1575,7 @@ paths: type: object properties: fields: - description: >- - An object containing the connector fields. To create - a case without a connector, specify null. If you - want to omit any individual field, specify null as - its value. + description: An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value. nullable: true type: object properties: @@ -1898,86 +1583,56 @@ paths: description: The case identifier for Swimlane connectors. type: string category: - description: >- - The category of the incident for ServiceNow ITSM - and ServiceNow SecOps connectors. + description: The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. type: string destIp: - description: >- - A comma-separated list of destination IPs for - ServiceNow SecOps connectors. + description: A comma-separated list of destination IPs for ServiceNow SecOps connectors. type: string impact: - description: >- - The effect an incident had on business for - ServiceNow ITSM connectors. + description: The effect an incident had on business for ServiceNow ITSM connectors. type: string issueType: description: The type of issue for Jira connectors. type: string issueTypes: - description: >- - The type of incident for IBM Resilient - connectors. + description: The type of incident for IBM Resilient connectors. type: array items: type: number malwareHash: - description: >- - A comma-separated list of malware hashes for - ServiceNow SecOps connectors. + description: A comma-separated list of malware hashes for ServiceNow SecOps connectors. type: string malwareUrl: - description: >- - A comma-separated list of malware URLs for - ServiceNow SecOps connectors. + description: A comma-separated list of malware URLs for ServiceNow SecOps connectors. type: string parent: - description: >- - The key of the parent issue, when the issue type - is sub-task for Jira connectors. + description: The key of the parent issue, when the issue type is sub-task for Jira connectors. type: string priority: - description: >- - The priority of the issue for Jira and - ServiceNow SecOps connectors. + description: The priority of the issue for Jira and ServiceNow SecOps connectors. type: string severity: - description: >- - The severity of the incident for ServiceNow ITSM - connectors. + description: The severity of the incident for ServiceNow ITSM connectors. type: string severityCode: - description: >- - The severity code of the incident for IBM - Resilient connectors. + description: The severity code of the incident for IBM Resilient connectors. type: number sourceIp: - description: >- - A comma-separated list of source IPs for - ServiceNow SecOps connectors. + description: A comma-separated list of source IPs for ServiceNow SecOps connectors. type: string subcategory: - description: >- - The subcategory of the incident for ServiceNow - ITSM connectors. + description: The subcategory of the incident for ServiceNow ITSM connectors. type: string urgency: - description: >- - The extent to which the incident resolution can - be delayed for ServiceNow ITSM connectors. + description: The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors. type: string example: null id: - description: >- - The identifier for the connector. To create a case - without a connector, use `none`. + description: The identifier for the connector. To create a case without a connector, use `none`. type: string example: none name: - description: >- - The name of the connector. To create a case without - a connector, use `none`. + description: The name of the connector. To create a case without a connector, use `none`. type: string example: none type: @@ -1992,9 +1647,11 @@ paths: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic @@ -2031,9 +1688,11 @@ paths: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic @@ -2049,11 +1708,8 @@ paths: get: summary: Retrieves information about connectors. operationId: getCaseConnectors - description: > - In particular, only the connectors that are supported for use in cases - are returned. You must have `read` privileges for the **Actions and - Connectors** feature in the **Management** section of the Kibana feature - privileges. + description: | + In particular, only the connectors that are supported for use in cases are returned. You must have `read` privileges for the **Actions and Connectors** feature in the **Management** section of the Kibana feature privileges. tags: - cases parameters: @@ -2062,7 +1718,7 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: array items: @@ -2101,14 +1757,8 @@ paths: get: summary: Returns information about the users who opened cases. operationId: getCaseReporters - description: > - You must have read privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases. The API returns - information about the users as they existed at the time of the case - creation, including their name, full name, and email address. If any of - those details change thereafter or if a user is deleted, the information - returned by this API is unchanged. + description: | + You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases. The API returns information about the users as they existed at the time of the case creation, including their name, full name, and email address. If any of those details change thereafter or if a user is deleted, the information returned by this API is unchanged. tags: - cases parameters: @@ -2118,7 +1768,7 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: array items: @@ -2127,9 +1777,11 @@ paths: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic @@ -2147,10 +1799,8 @@ paths: get: summary: Returns the number of cases that are open, closed, and in progress. operationId: getCaseStatus - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're seeking. + description: | + You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. deprecated: true tags: - cases @@ -2161,7 +1811,7 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: object properties: @@ -2182,20 +1832,15 @@ paths: get: summary: Aggregates and returns a list of case tags. operationId: getCaseTags - description: > - You must have read privileges for the **Cases*** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're seeking. + description: | + You must have read privileges for the **Cases*** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. tags: - cases parameters: - $ref: '#/components/parameters/space_id' - in: query name: owner - description: >- - A filter to limit the retrieved case statistics to a specific set of - applications. If this parameter is omitted, the response contains - tags from all cases that the user has access to read. + description: A filter to limit the retrieved case statistics to a specific set of applications. If this parameter is omitted, the response contains tags from all cases that the user has access to read. schema: oneOf: - $ref: '#/components/schemas/owners' @@ -2206,7 +1851,7 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: array items: @@ -2222,10 +1867,8 @@ paths: get: summary: Retrieves information about a case. operationId: getCase - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case you're seeking. + description: | + You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're seeking. tags: - cases parameters: @@ -2242,7 +1885,7 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: object properties: @@ -2257,9 +1900,11 @@ paths: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic @@ -2272,19 +1917,13 @@ paths: type: array items: oneOf: - - $ref: >- - #/components/schemas/alert_comment_response_properties - - $ref: >- - #/components/schemas/user_comment_response_properties - example: [] + - $ref: '#/components/schemas/alert_comment_response_properties' + - $ref: '#/components/schemas/user_comment_response_properties' connector: type: object properties: fields: - description: >- - An object containing the connector fields. To create a - case without a connector, specify null. If you want to - omit any individual field, specify null as its value. + description: An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value. nullable: true type: object properties: @@ -2292,19 +1931,13 @@ paths: description: The case identifier for Swimlane connectors. type: string category: - description: >- - The category of the incident for ServiceNow ITSM - and ServiceNow SecOps connectors. + description: The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. type: string destIp: - description: >- - A comma-separated list of destination IPs for - ServiceNow SecOps connectors. + description: A comma-separated list of destination IPs for ServiceNow SecOps connectors. type: string impact: - description: >- - The effect an incident had on business for - ServiceNow ITSM connectors. + description: The effect an incident had on business for ServiceNow ITSM connectors. type: string issueType: description: The type of issue for Jira connectors. @@ -2315,61 +1948,39 @@ paths: items: type: number malwareHash: - description: >- - A comma-separated list of malware hashes for - ServiceNow SecOps connectors. + description: A comma-separated list of malware hashes for ServiceNow SecOps connectors. type: string malwareUrl: - description: >- - A comma-separated list of malware URLs for - ServiceNow SecOps connectors. + description: A comma-separated list of malware URLs for ServiceNow SecOps connectors. type: string parent: - description: >- - The key of the parent issue, when the issue type - is sub-task for Jira connectors. + description: The key of the parent issue, when the issue type is sub-task for Jira connectors. type: string priority: - description: >- - The priority of the issue for Jira and ServiceNow - SecOps connectors. + description: The priority of the issue for Jira and ServiceNow SecOps connectors. type: string severity: - description: >- - The severity of the incident for ServiceNow ITSM - connectors. + description: The severity of the incident for ServiceNow ITSM connectors. type: string severityCode: - description: >- - The severity code of the incident for IBM - Resilient connectors. + description: The severity code of the incident for IBM Resilient connectors. type: number sourceIp: - description: >- - A comma-separated list of source IPs for - ServiceNow SecOps connectors. + description: A comma-separated list of source IPs for ServiceNow SecOps connectors. type: string subcategory: - description: >- - The subcategory of the incident for ServiceNow - ITSM connectors. + description: The subcategory of the incident for ServiceNow ITSM connectors. type: string urgency: - description: >- - The extent to which the incident resolution can be - delayed for ServiceNow ITSM connectors. + description: The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors. type: string example: null id: - description: >- - The identifier for the connector. To create a case - without a connector, use `none`. + description: The identifier for the connector. To create a case without a connector, use `none`. type: string example: none name: - description: >- - The name of the connector. To create a case without a - connector, use `none`. + description: The name of the connector. To create a case without a connector, use `none`. type: string example: none type: @@ -2384,9 +1995,11 @@ paths: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic @@ -2398,12 +2011,10 @@ paths: example: A case description. duration: type: integer - description: > - The elapsed time from the creation of the case to its - closure (in seconds). If the case has not been closed, the - duration is set to null. If the case was closed after less - than half a second, the duration is rounded down to zero. + description: | + The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero. example: 120 + nullable: true external_service: $ref: '#/components/schemas/external_service' id: @@ -2443,9 +2054,11 @@ paths: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic @@ -2467,10 +2080,8 @@ paths: /s/{spaceId}/api/cases/{caseId}/alerts: get: summary: Gets all alerts attached to a case. - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're seeking. + description: | + You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. x-technical-preview: true operationId: getCaseAlerts tags: @@ -2482,7 +2093,7 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: array items: @@ -2498,10 +2109,8 @@ paths: post: summary: Adds a comment or alert to a case. operationId: addCaseComment - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case you're creating. + description: | + You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating. tags: - cases parameters: @@ -2512,17 +2121,19 @@ paths: content: application/json: schema: + title: Add case comment request + description: | + The add comment to case API request body varies depending on whether you are adding an alert or a comment. + discriminator: + propertyName: type oneOf: - $ref: '#/components/schemas/add_alert_comment_request_properties' - $ref: '#/components/schemas/add_user_comment_request_properties' - examples: - createCaseCommentRequest: - $ref: '#/components/examples/add_comment_request' responses: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: object properties: @@ -2537,9 +2148,11 @@ paths: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic @@ -2552,19 +2165,13 @@ paths: type: array items: oneOf: - - $ref: >- - #/components/schemas/alert_comment_response_properties - - $ref: >- - #/components/schemas/user_comment_response_properties - example: [] + - $ref: '#/components/schemas/alert_comment_response_properties' + - $ref: '#/components/schemas/user_comment_response_properties' connector: type: object properties: fields: - description: >- - An object containing the connector fields. To create a - case without a connector, specify null. If you want to - omit any individual field, specify null as its value. + description: An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value. nullable: true type: object properties: @@ -2572,19 +2179,13 @@ paths: description: The case identifier for Swimlane connectors. type: string category: - description: >- - The category of the incident for ServiceNow ITSM - and ServiceNow SecOps connectors. + description: The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. type: string destIp: - description: >- - A comma-separated list of destination IPs for - ServiceNow SecOps connectors. + description: A comma-separated list of destination IPs for ServiceNow SecOps connectors. type: string impact: - description: >- - The effect an incident had on business for - ServiceNow ITSM connectors. + description: The effect an incident had on business for ServiceNow ITSM connectors. type: string issueType: description: The type of issue for Jira connectors. @@ -2595,61 +2196,39 @@ paths: items: type: number malwareHash: - description: >- - A comma-separated list of malware hashes for - ServiceNow SecOps connectors. + description: A comma-separated list of malware hashes for ServiceNow SecOps connectors. type: string malwareUrl: - description: >- - A comma-separated list of malware URLs for - ServiceNow SecOps connectors. + description: A comma-separated list of malware URLs for ServiceNow SecOps connectors. type: string parent: - description: >- - The key of the parent issue, when the issue type - is sub-task for Jira connectors. + description: The key of the parent issue, when the issue type is sub-task for Jira connectors. type: string priority: - description: >- - The priority of the issue for Jira and ServiceNow - SecOps connectors. + description: The priority of the issue for Jira and ServiceNow SecOps connectors. type: string severity: - description: >- - The severity of the incident for ServiceNow ITSM - connectors. + description: The severity of the incident for ServiceNow ITSM connectors. type: string severityCode: - description: >- - The severity code of the incident for IBM - Resilient connectors. + description: The severity code of the incident for IBM Resilient connectors. type: number sourceIp: - description: >- - A comma-separated list of source IPs for - ServiceNow SecOps connectors. + description: A comma-separated list of source IPs for ServiceNow SecOps connectors. type: string subcategory: - description: >- - The subcategory of the incident for ServiceNow - ITSM connectors. + description: The subcategory of the incident for ServiceNow ITSM connectors. type: string urgency: - description: >- - The extent to which the incident resolution can be - delayed for ServiceNow ITSM connectors. + description: The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors. type: string example: null id: - description: >- - The identifier for the connector. To create a case - without a connector, use `none`. + description: The identifier for the connector. To create a case without a connector, use `none`. type: string example: none name: - description: >- - The name of the connector. To create a case without a - connector, use `none`. + description: The name of the connector. To create a case without a connector, use `none`. type: string example: none type: @@ -2664,9 +2243,11 @@ paths: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic @@ -2678,12 +2259,10 @@ paths: example: A case description. duration: type: integer - description: > - The elapsed time from the creation of the case to its - closure (in seconds). If the case has not been closed, the - duration is set to null. If the case was closed after less - than half a second, the duration is rounded down to zero. + description: | + The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero. example: 120 + nullable: true external_service: $ref: '#/components/schemas/external_service' id: @@ -2723,9 +2302,11 @@ paths: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic @@ -2745,10 +2326,8 @@ paths: delete: summary: Deletes all comments and alerts from a case. operationId: deleteCaseComments - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're deleting. + description: | + You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting. tags: - cases parameters: @@ -2763,11 +2342,8 @@ paths: patch: summary: Updates a comment or alert in a case. operationId: updateCaseComment - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case you're updating. - NOTE: You cannot change the comment type or the owner of a comment. + description: | + You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating. NOTE: You cannot change the comment type or the owner of a comment. tags: - cases parameters: @@ -2788,7 +2364,7 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: object properties: @@ -2803,9 +2379,11 @@ paths: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic @@ -2818,19 +2396,13 @@ paths: type: array items: oneOf: - - $ref: >- - #/components/schemas/alert_comment_response_properties - - $ref: >- - #/components/schemas/user_comment_response_properties - example: [] + - $ref: '#/components/schemas/alert_comment_response_properties' + - $ref: '#/components/schemas/user_comment_response_properties' connector: type: object properties: fields: - description: >- - An object containing the connector fields. To create a - case without a connector, specify null. If you want to - omit any individual field, specify null as its value. + description: An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value. nullable: true type: object properties: @@ -2838,19 +2410,13 @@ paths: description: The case identifier for Swimlane connectors. type: string category: - description: >- - The category of the incident for ServiceNow ITSM - and ServiceNow SecOps connectors. + description: The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. type: string destIp: - description: >- - A comma-separated list of destination IPs for - ServiceNow SecOps connectors. + description: A comma-separated list of destination IPs for ServiceNow SecOps connectors. type: string impact: - description: >- - The effect an incident had on business for - ServiceNow ITSM connectors. + description: The effect an incident had on business for ServiceNow ITSM connectors. type: string issueType: description: The type of issue for Jira connectors. @@ -2861,61 +2427,39 @@ paths: items: type: number malwareHash: - description: >- - A comma-separated list of malware hashes for - ServiceNow SecOps connectors. + description: A comma-separated list of malware hashes for ServiceNow SecOps connectors. type: string malwareUrl: - description: >- - A comma-separated list of malware URLs for - ServiceNow SecOps connectors. + description: A comma-separated list of malware URLs for ServiceNow SecOps connectors. type: string parent: - description: >- - The key of the parent issue, when the issue type - is sub-task for Jira connectors. + description: The key of the parent issue, when the issue type is sub-task for Jira connectors. type: string priority: - description: >- - The priority of the issue for Jira and ServiceNow - SecOps connectors. + description: The priority of the issue for Jira and ServiceNow SecOps connectors. type: string severity: - description: >- - The severity of the incident for ServiceNow ITSM - connectors. + description: The severity of the incident for ServiceNow ITSM connectors. type: string severityCode: - description: >- - The severity code of the incident for IBM - Resilient connectors. + description: The severity code of the incident for IBM Resilient connectors. type: number sourceIp: - description: >- - A comma-separated list of source IPs for - ServiceNow SecOps connectors. + description: A comma-separated list of source IPs for ServiceNow SecOps connectors. type: string subcategory: - description: >- - The subcategory of the incident for ServiceNow - ITSM connectors. + description: The subcategory of the incident for ServiceNow ITSM connectors. type: string urgency: - description: >- - The extent to which the incident resolution can be - delayed for ServiceNow ITSM connectors. + description: The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors. type: string example: null id: - description: >- - The identifier for the connector. To create a case - without a connector, use `none`. + description: The identifier for the connector. To create a case without a connector, use `none`. type: string example: none name: - description: >- - The name of the connector. To create a case without a - connector, use `none`. + description: The name of the connector. To create a case without a connector, use `none`. type: string example: none type: @@ -2930,9 +2474,11 @@ paths: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic @@ -2944,12 +2490,10 @@ paths: example: A case description. duration: type: integer - description: > - The elapsed time from the creation of the case to its - closure (in seconds). If the case has not been closed, the - duration is set to null. If the case was closed after less - than half a second, the duration is rounded down to zero. + description: | + The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero. example: 120 + nullable: true external_service: $ref: '#/components/schemas/external_service' id: @@ -2989,9 +2533,11 @@ paths: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic @@ -3011,11 +2557,8 @@ paths: get: summary: Retrieves all the comments from a case. operationId: getAllCaseComments - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases with the - comments you're seeking. + description: | + You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking. deprecated: true tags: - cases @@ -3026,7 +2569,7 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: array items: @@ -3042,10 +2585,8 @@ paths: delete: summary: Deletes a comment or alert from a case. operationId: deleteCaseComment - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're deleting. + description: | + You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting. tags: - cases parameters: @@ -3061,11 +2602,8 @@ paths: get: summary: Retrieves a comment from a case. operationId: getCaseComment - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security*** section of the - Kibana feature privileges, depending on the owner of the cases with the - comments you're seeking. + description: | + You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security*** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking. tags: - cases parameters: @@ -3076,7 +2614,7 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: oneOf: - $ref: '#/components/schemas/alert_comment_response_properties' @@ -3091,12 +2629,8 @@ paths: /s/{spaceId}/api/cases/{caseId}/connector/{connectorId}/_push: post: summary: Pushes a case to an external service. - description: > - You must have `all` privileges for the **Actions and Connectors** - feature in the **Management** section of the Kibana feature privileges. - You must also have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case you're pushing. + description: | + You must have `all` privileges for the **Actions and Connectors** feature in the **Management** section of the Kibana feature privileges. You must also have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're pushing. operationId: pushCase tags: - cases @@ -3107,12 +2641,15 @@ paths: - $ref: '#/components/parameters/space_id' requestBody: content: - application/json: {} + application/json: + schema: + type: object + nullable: true responses: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: object properties: @@ -3127,9 +2664,11 @@ paths: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic @@ -3142,19 +2681,13 @@ paths: type: array items: oneOf: - - $ref: >- - #/components/schemas/alert_comment_response_properties - - $ref: >- - #/components/schemas/user_comment_response_properties - example: [] + - $ref: '#/components/schemas/alert_comment_response_properties' + - $ref: '#/components/schemas/user_comment_response_properties' connector: type: object properties: fields: - description: >- - An object containing the connector fields. To create a - case without a connector, specify null. If you want to - omit any individual field, specify null as its value. + description: An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value. nullable: true type: object properties: @@ -3162,19 +2695,13 @@ paths: description: The case identifier for Swimlane connectors. type: string category: - description: >- - The category of the incident for ServiceNow ITSM - and ServiceNow SecOps connectors. + description: The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. type: string destIp: - description: >- - A comma-separated list of destination IPs for - ServiceNow SecOps connectors. + description: A comma-separated list of destination IPs for ServiceNow SecOps connectors. type: string impact: - description: >- - The effect an incident had on business for - ServiceNow ITSM connectors. + description: The effect an incident had on business for ServiceNow ITSM connectors. type: string issueType: description: The type of issue for Jira connectors. @@ -3185,61 +2712,39 @@ paths: items: type: number malwareHash: - description: >- - A comma-separated list of malware hashes for - ServiceNow SecOps connectors. + description: A comma-separated list of malware hashes for ServiceNow SecOps connectors. type: string malwareUrl: - description: >- - A comma-separated list of malware URLs for - ServiceNow SecOps connectors. + description: A comma-separated list of malware URLs for ServiceNow SecOps connectors. type: string parent: - description: >- - The key of the parent issue, when the issue type - is sub-task for Jira connectors. + description: The key of the parent issue, when the issue type is sub-task for Jira connectors. type: string priority: - description: >- - The priority of the issue for Jira and ServiceNow - SecOps connectors. + description: The priority of the issue for Jira and ServiceNow SecOps connectors. type: string severity: - description: >- - The severity of the incident for ServiceNow ITSM - connectors. + description: The severity of the incident for ServiceNow ITSM connectors. type: string severityCode: - description: >- - The severity code of the incident for IBM - Resilient connectors. + description: The severity code of the incident for IBM Resilient connectors. type: number sourceIp: - description: >- - A comma-separated list of source IPs for - ServiceNow SecOps connectors. + description: A comma-separated list of source IPs for ServiceNow SecOps connectors. type: string subcategory: - description: >- - The subcategory of the incident for ServiceNow - ITSM connectors. + description: The subcategory of the incident for ServiceNow ITSM connectors. type: string urgency: - description: >- - The extent to which the incident resolution can be - delayed for ServiceNow ITSM connectors. + description: The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors. type: string example: null id: - description: >- - The identifier for the connector. To create a case - without a connector, use `none`. + description: The identifier for the connector. To create a case without a connector, use `none`. type: string example: none name: - description: >- - The name of the connector. To create a case without a - connector, use `none`. + description: The name of the connector. To create a case without a connector, use `none`. type: string example: none type: @@ -3254,9 +2759,11 @@ paths: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic @@ -3268,12 +2775,10 @@ paths: example: A case description. duration: type: integer - description: > - The elapsed time from the creation of the case to its - closure (in seconds). If the case has not been closed, the - duration is set to null. If the case was closed after less - than half a second, the duration is rounded down to zero. + description: | + The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero. example: 120 + nullable: true external_service: $ref: '#/components/schemas/external_service' id: @@ -3313,9 +2818,11 @@ paths: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic @@ -3337,10 +2844,8 @@ paths: /s/{spaceId}/api/cases/{caseId}/user_actions: get: summary: Returns all user activity for a case. - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case you're seeking. + description: | + You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're seeking. deprecated: true operationId: getCaseActivity tags: @@ -3352,7 +2857,7 @@ paths: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: array items: @@ -3373,95 +2878,19 @@ components: type: apiKey in: header name: ApiKey - parameters: - kbn_xsrf: - schema: - type: string - in: header - name: kbn-xsrf - required: true - space_id: - in: path - name: spaceId - description: >- - An identifier for the space. If `/s/` and the identifier are omitted - from the path, the default space is used. - required: true - schema: - type: string - example: default - owner: - in: query - name: owner - description: > - A filter to limit the response to a specific set of applications. If - this parameter is omitted, the response contains information about all - the cases that the user has access to read. - schema: - oneOf: - - $ref: '#/components/schemas/owners' - - type: array - items: - $ref: '#/components/schemas/owners' - example: cases - severity: - in: query - name: severity - description: The severity of the case. - schema: - type: string - enum: - - critical - - high - - low - - medium - alert_id: - in: path - name: alertId - description: An identifier for the alert. - required: true - schema: - type: string - example: 09f0c261e39e36351d75995b78bb83673774d1bc2cca9df2d15f0e5c0a99a540 - configuration_id: - in: path - name: configurationId - description: An identifier for the configuration. - required: true - schema: - type: string - example: 3297a0f0-b5ec-11ec-b141-0fdb20a7f9a9 - case_id: - in: path - name: caseId - description: >- - The identifier for the case. To retrieve case IDs, use the find cases - API. All non-ASCII characters must be URL encoded. - required: true - schema: - type: string - example: 9c235210-6834-11ea-a78c-6ffb38a34414 - comment_id: - in: path - name: commentId - description: > - The identifier for the comment. To retrieve comment IDs, use the get - case or find cases APIs. - required: true - schema: - type: string - example: 71ec1870-725b-11ea-a0b2-c51ea50a58e2 - connector_id: - in: path - name: connectorId - description: >- - An identifier for the connector. To retrieve connector IDs, use the find - connectors API. - required: true - schema: - type: string - example: abed3a70-71bd-11ea-a0b2-c51ea50a58e2 schemas: + alertCaseCommentRequest: + $ref: '#/components/schemas/add_alert_comment_request_properties' + alertCaseCommentResponse: + $ref: '#/components/schemas/alert_comment_response_properties' + userCaseCommentRequest: + $ref: '#/components/schemas/add_user_comment_request_properties' + userCaseCommentResponse: + $ref: '#/components/schemas/user_comment_response_properties' + ownerProperty: + $ref: '#/components/schemas/owners' + ruleObject: + $ref: '#/components/schemas/rule' connector_types: type: string description: The type of connector. @@ -3475,10 +2904,10 @@ components: - .swimlane example: .none owners: + title: Owner applications type: string - description: > - The application that owns the cases: Stack Management, Observability, or - Elastic Security. + description: | + The application that owns the cases: Stack Management, Observability, or Elastic Security. enum: - cases - observability @@ -3501,6 +2930,21 @@ components: - low - medium default: low + rule: + title: Alerting rule + description: | + The rule that is associated with the alert. It is required only when `type` is `alert`. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. + type: object + x-technical-preview: true + properties: + id: + description: The rule identifier. + type: string + example: 94d80550-aaf4-11ec-985f-97e55adae8b9 + name: + description: The rule name. + type: string + example: security_rule alert_comment_response_properties: type: object properties: @@ -3517,9 +2961,11 @@ components: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic @@ -3545,9 +2991,11 @@ components: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic @@ -3556,16 +3004,7 @@ components: example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 nullable: true rule: - type: object - properties: - id: - description: The rule identifier. - type: string - example: 94d80550-aaf4-11ec-985f-97e55adae8b9 - name: - description: The rule name. - type: string - example: security_rule + $ref: '#/components/schemas/rule' type: type: string example: alert @@ -3573,15 +3012,18 @@ components: type: string format: date-time example: null + nullable: true updated_by: type: object properties: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic @@ -3607,9 +3049,11 @@ components: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic @@ -3632,9 +3076,11 @@ components: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic @@ -3657,9 +3103,11 @@ components: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic @@ -3693,9 +3141,11 @@ components: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic @@ -3703,6 +3153,7 @@ components: type: string example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 nullable: true + nullable: true status: type: string description: The status of the case. @@ -3712,10 +3163,7 @@ components: - open closure_types: type: string - description: >- - Indicates whether a case is automatically closed when it is pushed to - external systems (`close-by-pushing`) or not automatically closed - (`close-by-user`). + description: Indicates whether a case is automatically closed when it is pushed to external systems (`close-by-pushing`) or not automatically closed (`close-by-user`). enum: - close-by-pushing - close-by-user @@ -3733,16 +3181,13 @@ components: description: The alert index. type: string add_alert_comment_request_properties: + title: Add case comment request properties for alerts + description: Defines the properties for case comment requests when type is alert type: object properties: alertId: - description: > - The alert identifier. It is required only when `type` is `alert`. If - it is an array, `index` must also be an array. This functionality is - in technical preview and may be changed or removed in a future - release. Elastic will apply best effort to fix any issues, but - features in technical preview are not subject to the support SLA of - official GA features. + description: | + The alert identifier. It is required only when `type` is `alert`. If it is an array, `index` must also be an array. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. oneOf: - type: string - type: array @@ -3751,13 +3196,8 @@ components: x-technical-preview: true example: 6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42 index: - description: > - The alert index. It is required only when `type` is `alert`. If it - is an array, `alertId` must also be an array. This functionality is - in technical preview and may be changed or removed in a future - release. Elastic will apply best effort to fix any issues, but - features in technical preview are not subject to the support SLA of - official GA features. + description: | + The alert index. It is required only when `type` is `alert`. If it is an array, `alertId` must also be an array. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. oneOf: - type: string - type: array @@ -3767,28 +3207,10 @@ components: owner: $ref: '#/components/schemas/owners' rule: - description: > - The rule that is associated with the alert. It is required only when - `type` is `alert`. This functionality is in technical preview and - may be changed or removed in a future release. Elastic will apply - best effort to fix any issues, but features in technical preview are - not subject to the support SLA of official GA features. - type: object - x-technical-preview: true - properties: - id: - description: The rule identifier. - type: string - example: 94d80550-aaf4-11ec-985f-97e55adae8b9 - name: - description: The rule name. - type: string - example: security_rule + $ref: '#/components/schemas/rule' type: description: The type of comment. type: string - enum: - - alert example: alert required: - alertId @@ -3797,6 +3219,8 @@ components: - rule - type add_user_comment_request_properties: + title: Add case comment request properties for user comments + description: Defines the properties for case comment requests when type is user type: object properties: comment: @@ -3806,10 +3230,8 @@ components: owner: $ref: '#/components/schemas/owners' type: - type: string description: The type of comment. - enum: - - user + type: string example: user required: - comment @@ -3819,13 +3241,8 @@ components: type: object properties: alertId: - description: > - The alert identifier. It is required only when `type` is `alert`. If - it is an array, `index` must also be an array. This functionality is - in technical preview and may be changed or removed in a future - release. Elastic will apply best effort to fix any issues, but - features in technical preview are not subject to the support SLA of - official GA features. + description: | + The alert identifier. It is required only when `type` is `alert`. If it is an array, `index` must also be an array. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. oneOf: - type: string - type: array @@ -3835,18 +3252,12 @@ components: example: 6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42 id: type: string - description: > - The identifier for the comment. To retrieve comment IDs, use the get - comments API. + description: | + The identifier for the comment. To retrieve comment IDs, use the get comments API. example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 index: - description: > - The alert index. It is required only when `type` is `alert`. If it - is an array, `alertId` must also be an array. This functionality is - in technical preview and may be changed or removed in a future - release. Elastic will apply best effort to fix any issues, but - features in technical preview are not subject to the support SLA of - official GA features. + description: | + The alert index. It is required only when `type` is `alert`. If it is an array, `alertId` must also be an array. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. oneOf: - type: string - type: array @@ -3856,23 +3267,7 @@ components: owner: $ref: '#/components/schemas/owners' rule: - description: > - The rule that is associated with the alert. It is required only when - `type` is `alert`. This functionality is in technical preview and - may be changed or removed in a future release. Elastic will apply - best effort to fix any issues, but features in technical preview are - not subject to the support SLA of official GA features. - type: object - x-technical-preview: true - properties: - id: - description: The rule identifier. - type: string - example: 94d80550-aaf4-11ec-985f-97e55adae8b9 - name: - description: The rule name. - type: string - example: security_rule + $ref: '#/components/schemas/rule' type: description: The type of comment. type: string @@ -3880,9 +3275,8 @@ components: - alert example: alert version: - description: > - The current comment version. To retrieve version values, use the get - comments API. + description: | + The current comment version. To retrieve version values, use the get comments API. type: string example: Wzk1LDFd required: @@ -3902,9 +3296,8 @@ components: example: A new comment. id: type: string - description: > - The identifier for the comment. To retrieve comment IDs, use the get - comments API. + description: | + The identifier for the comment. To retrieve comment IDs, use the get comments API. example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 owner: $ref: '#/components/schemas/owners' @@ -3915,9 +3308,8 @@ components: - user example: user version: - description: > - The current comment version. To retrieve version values, use the get - comments API. + description: | + The current comment version. To retrieve version values, use the get comments API. type: string example: Wzk1LDFd required: @@ -3926,15 +3318,6 @@ components: - owner - type - version - actions: - type: string - enum: - - add - - create - - delete - - push_to_service - - update - example: create payload_alert_comment: type: object properties: @@ -3958,16 +3341,7 @@ components: owner: $ref: '#/components/schemas/owners' rule: - type: object - properties: - id: - description: The rule identifier. - type: string - example: 94d80550-aaf4-11ec-985f-97e55adae8b9 - name: - description: The rule name. - type: string - example: security_rule + $ref: '#/components/schemas/rule' type: type: string enum: @@ -3979,10 +3353,7 @@ components: type: object properties: fields: - description: >- - An object containing the connector fields. To create a case - without a connector, specify null. If you want to omit any - individual field, specify null as its value. + description: An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value. nullable: true type: object properties: @@ -3990,19 +3361,13 @@ components: description: The case identifier for Swimlane connectors. type: string category: - description: >- - The category of the incident for ServiceNow ITSM and - ServiceNow SecOps connectors. + description: The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. type: string destIp: - description: >- - A comma-separated list of destination IPs for ServiceNow - SecOps connectors. + description: A comma-separated list of destination IPs for ServiceNow SecOps connectors. type: string impact: - description: >- - The effect an incident had on business for ServiceNow ITSM - connectors. + description: The effect an incident had on business for ServiceNow ITSM connectors. type: string issueType: description: The type of issue for Jira connectors. @@ -4013,59 +3378,39 @@ components: items: type: number malwareHash: - description: >- - A comma-separated list of malware hashes for ServiceNow - SecOps connectors. + description: A comma-separated list of malware hashes for ServiceNow SecOps connectors. type: string malwareUrl: - description: >- - A comma-separated list of malware URLs for ServiceNow SecOps - connectors. + description: A comma-separated list of malware URLs for ServiceNow SecOps connectors. type: string parent: - description: >- - The key of the parent issue, when the issue type is sub-task - for Jira connectors. + description: The key of the parent issue, when the issue type is sub-task for Jira connectors. type: string priority: - description: >- - The priority of the issue for Jira and ServiceNow SecOps - connectors. + description: The priority of the issue for Jira and ServiceNow SecOps connectors. type: string severity: description: The severity of the incident for ServiceNow ITSM connectors. type: string severityCode: - description: >- - The severity code of the incident for IBM Resilient - connectors. + description: The severity code of the incident for IBM Resilient connectors. type: number sourceIp: - description: >- - A comma-separated list of source IPs for ServiceNow SecOps - connectors. + description: A comma-separated list of source IPs for ServiceNow SecOps connectors. type: string subcategory: - description: >- - The subcategory of the incident for ServiceNow ITSM - connectors. + description: The subcategory of the incident for ServiceNow ITSM connectors. type: string urgency: - description: >- - The extent to which the incident resolution can be delayed - for ServiceNow ITSM connectors. + description: The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors. type: string example: null id: - description: >- - The identifier for the connector. To create a case without a - connector, use `none`. + description: The identifier for the connector. To create a case without a connector, use `none`. type: string example: none name: - description: >- - The name of the connector. To create a case without a connector, - use `none`. + description: The name of the connector. To create a case without a connector, use `none`. type: string example: none type: @@ -4077,10 +3422,7 @@ components: type: object properties: fields: - description: >- - An object containing the connector fields. To create a case - without a connector, specify null. If you want to omit any - individual field, specify null as its value. + description: An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value. nullable: true type: object properties: @@ -4088,19 +3430,13 @@ components: description: The case identifier for Swimlane connectors. type: string category: - description: >- - The category of the incident for ServiceNow ITSM and - ServiceNow SecOps connectors. + description: The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. type: string destIp: - description: >- - A comma-separated list of destination IPs for ServiceNow - SecOps connectors. + description: A comma-separated list of destination IPs for ServiceNow SecOps connectors. type: string impact: - description: >- - The effect an incident had on business for ServiceNow ITSM - connectors. + description: The effect an incident had on business for ServiceNow ITSM connectors. type: string issueType: description: The type of issue for Jira connectors. @@ -4111,59 +3447,39 @@ components: items: type: number malwareHash: - description: >- - A comma-separated list of malware hashes for ServiceNow - SecOps connectors. + description: A comma-separated list of malware hashes for ServiceNow SecOps connectors. type: string malwareUrl: - description: >- - A comma-separated list of malware URLs for ServiceNow SecOps - connectors. + description: A comma-separated list of malware URLs for ServiceNow SecOps connectors. type: string parent: - description: >- - The key of the parent issue, when the issue type is sub-task - for Jira connectors. + description: The key of the parent issue, when the issue type is sub-task for Jira connectors. type: string priority: - description: >- - The priority of the issue for Jira and ServiceNow SecOps - connectors. + description: The priority of the issue for Jira and ServiceNow SecOps connectors. type: string severity: description: The severity of the incident for ServiceNow ITSM connectors. type: string severityCode: - description: >- - The severity code of the incident for IBM Resilient - connectors. + description: The severity code of the incident for IBM Resilient connectors. type: number sourceIp: - description: >- - A comma-separated list of source IPs for ServiceNow SecOps - connectors. + description: A comma-separated list of source IPs for ServiceNow SecOps connectors. type: string subcategory: - description: >- - The subcategory of the incident for ServiceNow ITSM - connectors. + description: The subcategory of the incident for ServiceNow ITSM connectors. type: string urgency: - description: >- - The extent to which the incident resolution can be delayed - for ServiceNow ITSM connectors. + description: The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors. type: string example: null id: - description: >- - The identifier for the connector. To create a case without a - connector, use `none`. + description: The identifier for the connector. To create a case without a connector, use `none`. type: string example: none name: - description: >- - The name of the connector. To create a case without a connector, - use `none`. + description: The name of the connector. To create a case without a connector, use `none`. type: string example: none type: @@ -4239,27 +3555,18 @@ components: type: string enum: - user - action_types: - type: string - description: The type of action. - enum: - - create_case - - comment - - connector - - delete_case - - description - - pushed - - tags - - title - - status - - settings - - severity - example: create_case user_actions_response_properties: type: object properties: action: - $ref: '#/components/schemas/actions' + type: string + enum: + - add + - create + - delete + - push_to_service + - update + example: create action_id: type: string example: 22fd3e30-03b1-11ed-920c-974bfa104448 @@ -4279,9 +3586,11 @@ components: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic @@ -4305,7 +3614,73 @@ components: - $ref: '#/components/schemas/payload_user_comment' nullable: true type: - $ref: '#/components/schemas/action_types' + type: string + description: The type of action. + enum: + - create_case + - comment + - connector + - delete_case + - description + - pushed + - tags + - title + - status + - settings + - severity + example: create_case + parameters: + kbn_xsrf: + schema: + type: string + in: header + name: kbn-xsrf + required: true + space_id: + in: path + name: spaceId + description: An identifier for the space. If `/s/` and the identifier are omitted from the path, the default space is used. + required: true + schema: + type: string + example: default + owner: + in: query + name: owner + description: | + A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read. + schema: + oneOf: + - $ref: '#/components/schemas/owners' + - type: array + items: + $ref: '#/components/schemas/owners' + example: cases + case_id: + in: path + name: caseId + description: The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. + required: true + schema: + type: string + example: 9c235210-6834-11ea-a78c-6ffb38a34414 + comment_id: + in: path + name: commentId + description: | + The identifier for the comment. To retrieve comment IDs, use the get case or find cases APIs. + required: true + schema: + type: string + example: 71ec1870-725b-11ea-a0b2-c51ea50a58e2 + connector_id: + in: path + name: connectorId + description: An identifier for the connector. To retrieve connector IDs, use the find connectors API. + required: true + schema: + type: string + example: abed3a70-71bd-11ea-a0b2-c51ea50a58e2 examples: create_case_request: summary: Create a security case that uses a Jira connector. @@ -4326,9 +3701,7 @@ components: syncAlerts: true owner: cases create_case_response: - summary: >- - The create case API returns a JSON object that includes the user who - created the case and the case identifier, version, and creation time. + summary: The create case API returns a JSON object that includes the user who created the case and the case identifier, version, and creation time. value: id: 66b9aa00-94fa-11ea-9f74-e7e108796192 version: WzUzMiwxXQ== @@ -4383,9 +3756,7 @@ components: settings: syncAlerts: true update_case_response: - summary: >- - This is an example response when the case description, tags, and - connector were updated. + summary: This is an example response when the case description, tags, and connector were updated. value: - id: 66b9aa00-94fa-11ea-9f74-e7e108796192 version: WzU0OCwxXQ== @@ -4434,9 +3805,7 @@ components: external_id: '10003' connector_name: Jira find_case_response: - summary: >- - Retrieve the first five cases with the `tag-1` tag, in ascending order - by last update time. + summary: Retrieve the first five cases with the `tag-1` tag, in ascending order by last update time. value: page: 1 per_page: 5 @@ -4572,16 +3941,8 @@ components: - id: f6a7d0c3-d52d-432c-b2e6-447cd7fce04d index: .alerts-observability.logs.alerts-default attached_at: '2022-07-25T20:09:40.963Z' - add_comment_request: - summary: Adds a comment to a case. - value: - type: user - comment: A new comment. - owner: cases add_comment_response: - summary: >- - The add comment to case API returns a JSON object that contains details - about the case and its comments. + summary: The add comment to case API returns a JSON object that contains details about the case and its comments. value: comments: - id: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 @@ -4638,9 +3999,7 @@ components: type: user comment: An updated comment. update_comment_response: - summary: >- - The add comment to case API returns a JSON object that contains details - about the case and its comments. + summary: The add comment to case API returns a JSON object that contains details about the case and its comments. value: comments: - id: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 @@ -4710,9 +4069,7 @@ components: updated_at: null updated_by: null push_case_response: - summary: >- - The push case API returns a JSON object with details about the case and - the external service. + summary: The push case API returns a JSON object with details about the case and the external service. value: id: b917f300-0ed9-11ed-bd18-65557fe66949 version: WzE3NjgsM10= diff --git a/x-pack/plugins/cases/docs/openapi/components/parameters/alert_id.yaml b/x-pack/plugins/cases/docs/openapi/components/parameters/alert_id.yaml deleted file mode 100644 index 8677b327b91be..0000000000000 --- a/x-pack/plugins/cases/docs/openapi/components/parameters/alert_id.yaml +++ /dev/null @@ -1,7 +0,0 @@ -in: path -name: alertId -description: An identifier for the alert. -required: true -schema: - type: string - example: 09f0c261e39e36351d75995b78bb83673774d1bc2cca9df2d15f0e5c0a99a540 \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/parameters/configuration_id.yaml b/x-pack/plugins/cases/docs/openapi/components/parameters/configuration_id.yaml deleted file mode 100644 index 65cce12afaa92..0000000000000 --- a/x-pack/plugins/cases/docs/openapi/components/parameters/configuration_id.yaml +++ /dev/null @@ -1,7 +0,0 @@ -in: path -name: configurationId -description: An identifier for the configuration. -required: true -schema: - type: string - example: 3297a0f0-b5ec-11ec-b141-0fdb20a7f9a9 \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/parameters/owner.yaml b/x-pack/plugins/cases/docs/openapi/components/parameters/owner.yaml index 3c5e511742bf2..243341ed0e901 100644 --- a/x-pack/plugins/cases/docs/openapi/components/parameters/owner.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/parameters/owner.yaml @@ -6,8 +6,8 @@ description: > that the user has access to read. schema: oneOf: - - $ref: '../schemas/owners.yaml' + - $ref: '../../entrypoint.yaml#/components/schemas/ownerProperty' - type: array items: - $ref: '../schemas/owners.yaml' + $ref: '../../entrypoint.yaml#/components/schemas/ownerProperty' example: cases \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/parameters/severity.yaml b/x-pack/plugins/cases/docs/openapi/components/parameters/severity.yaml deleted file mode 100644 index 747cb1edd2e2f..0000000000000 --- a/x-pack/plugins/cases/docs/openapi/components/parameters/severity.yaml +++ /dev/null @@ -1,10 +0,0 @@ -in: query -name: severity -description: The severity of the case. -schema: - type: string - enum: - - critical - - high - - low - - medium \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/action_types.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/action_types.yaml deleted file mode 100644 index 05e3fc6ab04b7..0000000000000 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/action_types.yaml +++ /dev/null @@ -1,15 +0,0 @@ -type: string -description: The type of action. -enum: - - create_case - - comment - - connector - - delete_case - - description - - pushed - - tags - - title - - status - - settings - - severity -example: create_case \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/actions.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/actions.yaml deleted file mode 100644 index 1638ed67c78e2..0000000000000 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/actions.yaml +++ /dev/null @@ -1,8 +0,0 @@ -type: string -enum: - - add - - create - - delete - - push_to_service - - update -example: create \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/add_alert_comment_request_properties.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/add_alert_comment_request_properties.yaml index ec2e69f66c1e4..58bbe95b0964c 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/add_alert_comment_request_properties.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/add_alert_comment_request_properties.yaml @@ -1,3 +1,8 @@ +title: Add case comment request properties for alerts +description: Defines the properties for case comment requests when type is alert +#allOf: # Combines the general comment request schema with the alert-specific properties +# - $ref: '../../entrypoint.yaml#/components/schemas/caseCommentRequest' +# - type: object type: object properties: alertId: @@ -29,23 +34,12 @@ properties: type: string x-technical-preview: true owner: - $ref: 'owners.yaml' + $ref: '../../entrypoint.yaml#/components/schemas/ownerProperty' rule: - description: > - The rule that is associated with the alert. It is required only when - `type` is `alert`. This functionality is in technical preview and may be - changed or removed in a future release. Elastic will apply best effort to - fix any issues, but features in technical preview are not subject to the - support SLA of official GA features. - type: object - x-technical-preview: true - properties: - $ref: 'rule_properties.yaml' - type: + $ref: '../../entrypoint.yaml#/components/schemas/ruleObject' + type: description: The type of comment. type: string - enum: - - alert example: alert required: - alertId diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/add_comment_request_properties.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/add_comment_request_properties.yaml new file mode 100644 index 0000000000000..d6d3c746cd9a6 --- /dev/null +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/add_comment_request_properties.yaml @@ -0,0 +1,17 @@ +title: Add case comment request properties +type: object +description: Defines the shared properties for case comment requests +discriminator: + propertyName: type + mapping: + alert: '../../entrypoint.yaml#/components/schemas/alertCaseCommentRequest' + user: '../../entrypoint.yaml#/components/schemas/userCaseCommentRequest' +required: + - owner + - type +properties: + owner: + $ref: '../../entrypoint.yaml#/components/schemas/ownerProperty' + type: + description: The type of comment. + type: string \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/add_user_comment_request_properties.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/add_user_comment_request_properties.yaml index d09958e13fec8..40fa5168f5651 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/add_user_comment_request_properties.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/add_user_comment_request_properties.yaml @@ -1,3 +1,8 @@ +title: Add case comment request properties for user comments +description: Defines the properties for case comment requests when type is user +# allOf: # Combines the general comment request schema with the user comment-specific properties +# - $ref: '../../entrypoint.yaml#/components/schemas/caseCommentRequest' +# - type: object type: object properties: comment: @@ -5,12 +10,10 @@ properties: type: string example: A new comment. owner: - $ref: 'owners.yaml' - type: - type: string + $ref: '../../entrypoint.yaml#/components/schemas/ownerProperty' + type: description: The type of comment. - enum: - - user + type: string example: user required: - comment diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/alert_comment_response_properties.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/alert_comment_response_properties.yaml index 4fcbfe5527e96..73e8d037317e1 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/alert_comment_response_properties.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/alert_comment_response_properties.yaml @@ -1,4 +1,3 @@ - type: object properties: alertId: @@ -31,9 +30,7 @@ properties: $ref: 'user_properties.yaml' nullable: true rule: - type: object - properties: - $ref: 'rule_properties.yaml' + $ref: 'rule.yaml' type: type: string example: alert @@ -41,6 +38,7 @@ properties: type: string format: date-time example: null + nullable: true updated_by: type: object properties: diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/case_configure_response_properties.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/case_configure_response_properties.yaml index 8041c4e340125..dd39f990379b5 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/case_configure_response_properties.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/case_configure_response_properties.yaml @@ -14,9 +14,11 @@ created_by: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic @@ -53,9 +55,11 @@ updated_by: email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/case_response_properties.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/case_response_properties.yaml index 25f6296585192..559f113a82cb1 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/case_response_properties.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/case_response_properties.yaml @@ -13,9 +13,8 @@ comments: type: array items: oneOf: - - $ref: 'alert_comment_response_properties.yaml' - - $ref: 'user_comment_response_properties.yaml' - example: [] + - $ref: '../../entrypoint.yaml#/components/schemas/alertCaseCommentResponse' + - $ref: '../../entrypoint.yaml#/components/schemas/userCaseCommentResponse' connector: type: object properties: @@ -39,6 +38,7 @@ duration: was closed after less than half a second, the duration is rounded down to zero. example: 120 + nullable: true external_service: $ref: 'external_service.yaml' id: diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/external_service.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/external_service.yaml index 950a2bab05603..5eee276f2922a 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/external_service.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/external_service.yaml @@ -17,4 +17,5 @@ properties: type: object properties: $ref: 'user_properties.yaml' - nullable: true \ No newline at end of file + nullable: true +nullable: true \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/owners.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/owners.yaml index 9036fd5a3833a..51e9547b816aa 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/owners.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/owners.yaml @@ -1,3 +1,4 @@ +title: Owner applications type: string description: > The application that owns the cases: Stack Management, Observability, or diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/payload_alert_comment.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/payload_alert_comment.yaml index 0b0d3fc3c07ce..c704afe0259df 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/payload_alert_comment.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/payload_alert_comment.yaml @@ -20,9 +20,7 @@ properties: owner: $ref: 'owners.yaml' rule: - type: object - properties: - $ref: 'rule_properties.yaml' + $ref: 'rule.yaml' type: type: string enum: diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/rule.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/rule.yaml new file mode 100644 index 0000000000000..8f18d420ae910 --- /dev/null +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/rule.yaml @@ -0,0 +1,18 @@ +title: Alerting rule +description: > + The rule that is associated with the alert. It is required only when + `type` is `alert`. This functionality is in technical preview and may be + changed or removed in a future release. Elastic will apply best effort to + fix any issues, but features in technical preview are not subject to the + support SLA of official GA features. +type: object +x-technical-preview: true +properties: + id: + description: The rule identifier. + type: string + example: 94d80550-aaf4-11ec-985f-97e55adae8b9 + name: + description: The rule name. + type: string + example: security_rule \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/rule_properties.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/rule_properties.yaml deleted file mode 100644 index 64b93b77429a4..0000000000000 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/rule_properties.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: - description: The rule identifier. - type: string - example: 94d80550-aaf4-11ec-985f-97e55adae8b9 -name: - description: The rule name. - type: string - example: security_rule \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/update_alert_comment_request_properties.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/update_alert_comment_request_properties.yaml index 2d91b007d4310..192b8e7e3f957 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/update_alert_comment_request_properties.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/update_alert_comment_request_properties.yaml @@ -35,18 +35,9 @@ properties: type: string x-technical-preview: true owner: - $ref: 'owners.yaml' + $ref: '../../entrypoint.yaml#/components/schemas/ownerProperty' rule: - description: > - The rule that is associated with the alert. It is required only when - `type` is `alert`. This functionality is in technical preview and may be - changed or removed in a future release. Elastic will apply best effort to - fix any issues, but features in technical preview are not subject to the - support SLA of official GA features. - type: object - x-technical-preview: true - properties: - $ref: 'rule_properties.yaml' + $ref: '../../entrypoint.yaml#/components/schemas/ruleObject' type: description: The type of comment. type: string diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/user_actions_response_properties.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/user_actions_response_properties.yaml index e828f3441cb5d..cb123cb584126 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/user_actions_response_properties.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/user_actions_response_properties.yaml @@ -1,7 +1,14 @@ type: object properties: action: - $ref: 'actions.yaml' + type: string + enum: + - add + - create + - delete + - push_to_service + - update + example: create action_id: type: string example: 22fd3e30-03b1-11ed-920c-974bfa104448 @@ -36,4 +43,18 @@ properties: - $ref: 'payload_user_comment.yaml' nullable: true type: - $ref: 'action_types.yaml' \ No newline at end of file + type: string + description: The type of action. + enum: + - create_case + - comment + - connector + - delete_case + - description + - pushed + - tags + - title + - status + - settings + - severity + example: create_case \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/user_comment_response_properties.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/user_comment_response_properties.yaml index 0df26aee07587..343e4073dd90f 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/user_comment_response_properties.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/user_comment_response_properties.yaml @@ -15,7 +15,7 @@ properties: type: string example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 owner: - $ref: 'owners.yaml' + $ref: '../../entrypoint.yaml#/components/schemas/ownerProperty' pushed_at: type: string format: date-time diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/user_properties.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/user_properties.yaml index 1c3596dc6f9b9..8bfbe4a9a50eb 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/user_properties.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/user_properties.yaml @@ -1,9 +1,11 @@ email: type: string example: null + nullable: true full_name: type: string example: null + nullable: true username: type: string example: elastic diff --git a/x-pack/plugins/cases/docs/openapi/entrypoint.yaml b/x-pack/plugins/cases/docs/openapi/entrypoint.yaml index 6995d1482e0a9..865410bcc148c 100644 --- a/x-pack/plugins/cases/docs/openapi/entrypoint.yaml +++ b/x-pack/plugins/cases/docs/openapi/entrypoint.yaml @@ -56,6 +56,21 @@ components: type: apiKey in: header name: ApiKey + schemas: +# caseCommentRequest: +# $ref: 'components/schemas/add_comment_request_properties.yaml' + alertCaseCommentRequest: + $ref: 'components/schemas/add_alert_comment_request_properties.yaml' + alertCaseCommentResponse: + $ref: 'components/schemas/alert_comment_response_properties.yaml' + userCaseCommentRequest: + $ref: 'components/schemas/add_user_comment_request_properties.yaml' + userCaseCommentResponse: + $ref: 'components/schemas/user_comment_response_properties.yaml' + ownerProperty: + $ref: 'components/schemas/owners.yaml' + ruleObject: + $ref: 'components/schemas/rule.yaml' security: - basicAuth: [] - apiKeyAuth: [] diff --git a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases.yaml b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases.yaml index 59abb58531821..d3c315b9e45b4 100644 --- a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases.yaml +++ b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases.yaml @@ -57,7 +57,7 @@ post: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: object properties: @@ -160,7 +160,7 @@ patch: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: object properties: diff --git a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@_find.yaml b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@_find.yaml index a260321248357..ab9f17a591b73 100644 --- a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@_find.yaml +++ b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@_find.yaml @@ -74,7 +74,16 @@ get: - type: array items: type: string - - $ref: '../components/parameters/severity.yaml' + - in: query + name: severity + description: The severity of the case. + schema: + type: string + enum: + - critical + - high + - low + - medium - name: sortField in: query description: Determines which field is used to sort the results. @@ -131,7 +140,7 @@ get: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: object properties: diff --git a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@alerts@{alertid}.yaml b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@alerts@{alertid}.yaml index 24615d772b3ef..119d817241136 100644 --- a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@alerts@{alertid}.yaml +++ b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@alerts@{alertid}.yaml @@ -9,14 +9,20 @@ get: tags: - cases parameters: - - $ref: ../components/parameters/alert_id.yaml + - in: path + name: alertId + description: An identifier for the alert. + required: true + schema: + type: string + example: 09f0c261e39e36351d75995b78bb83673774d1bc2cca9df2d15f0e5c0a99a540 - $ref: '../components/parameters/space_id.yaml' - $ref: '../components/parameters/owner.yaml' responses: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: array items: diff --git a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@configure.yaml b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@configure.yaml index 97306b5490956..3682a707e2279 100644 --- a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@configure.yaml +++ b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@configure.yaml @@ -14,7 +14,7 @@ get: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: array items: @@ -79,7 +79,7 @@ post: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: array items: diff --git a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@configure@connectors@_find.yaml b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@configure@connectors@_find.yaml index 0755225bad71a..d6328b4426f7b 100644 --- a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@configure@connectors@_find.yaml +++ b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@configure@connectors@_find.yaml @@ -13,7 +13,7 @@ get: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: array items: diff --git a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@configure@{configurationid}.yaml b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@configure@{configurationid}.yaml index f727cbb0b4274..51b079bc815a0 100644 --- a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@configure@{configurationid}.yaml +++ b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@configure@{configurationid}.yaml @@ -11,7 +11,13 @@ patch: - cases parameters: - $ref: ../components/headers/kbn_xsrf.yaml - - $ref: ../components/parameters/configuration_id.yaml + - in: path + name: configurationId + description: An identifier for the configuration. + required: true + schema: + type: string + example: 3297a0f0-b5ec-11ec-b141-0fdb20a7f9a9 - $ref: '../components/parameters/space_id.yaml' requestBody: content: @@ -43,7 +49,7 @@ patch: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: array items: diff --git a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@reporters.yaml b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@reporters.yaml index 93b7ac3863c99..171af68a417ba 100644 --- a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@reporters.yaml +++ b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@reporters.yaml @@ -18,7 +18,7 @@ get: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: array items: diff --git a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@status.yaml b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@status.yaml index dad05ad967728..c3f4875e07ffd 100644 --- a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@status.yaml +++ b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@status.yaml @@ -15,7 +15,7 @@ get: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: object properties: diff --git a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@tags.yaml b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@tags.yaml index 6787c075cb19f..76b58f91495ac 100644 --- a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@tags.yaml +++ b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@tags.yaml @@ -22,7 +22,7 @@ get: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: array items: diff --git a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}.yaml b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}.yaml index 9e8ca4660c44d..86eb86be11f4b 100644 --- a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}.yaml +++ b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}.yaml @@ -21,7 +21,7 @@ get: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: object properties: diff --git a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@alerts.yaml b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@alerts.yaml index 66430fd219d25..66b8d6cc276bf 100644 --- a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@alerts.yaml +++ b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@alerts.yaml @@ -15,7 +15,7 @@ get: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: array items: diff --git a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@comments.yaml b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@comments.yaml index c8a045267a492..ba22f7d274a3a 100644 --- a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@comments.yaml +++ b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@comments.yaml @@ -4,7 +4,7 @@ post: description: > You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case you're creating. + feature privileges, depending on the owner of the case you're updating. tags: - cases parameters: @@ -15,17 +15,26 @@ post: content: application/json: schema: - oneOf: - - $ref: '../components/schemas/add_alert_comment_request_properties.yaml' - - $ref: '../components/schemas/add_user_comment_request_properties.yaml' - examples: - createCaseCommentRequest: - $ref: '../components/examples/add_comment_request.yaml' + title: Add case comment request + description: > + The add comment to case API request body varies depending on whether + you are adding an alert or a comment. + discriminator: + propertyName: type +# mapping: +# alert: '../entrypoint.yaml#/components/schemas/alertCaseCommentRequest' +# user: '../entrypoint.yaml#/components/schemas/userCaseCommentRequest' + oneOf: + - $ref: '../entrypoint.yaml#/components/schemas/alertCaseCommentRequest' + - $ref: '../entrypoint.yaml#/components/schemas/userCaseCommentRequest' +# examples: +# createCaseCommentRequest: +# $ref: '../components/examples/add_comment_request.yaml' responses: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: object properties: @@ -83,7 +92,7 @@ patch: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: object properties: @@ -111,7 +120,7 @@ get: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: array items: diff --git a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@comments@{commentid}.yaml b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@comments@{commentid}.yaml index 3aac8f33bc68b..38c09d6daadd3 100644 --- a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@comments@{commentid}.yaml +++ b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@comments@{commentid}.yaml @@ -35,7 +35,7 @@ get: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: oneOf: - $ref: '../components/schemas/alert_comment_response_properties.yaml' diff --git a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@connector@{connectorid}@_push.yaml b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@connector@{connectorid}@_push.yaml index 32caad2bc4086..688c60f97358e 100644 --- a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@connector@{connectorid}@_push.yaml +++ b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@connector@{connectorid}@_push.yaml @@ -16,12 +16,15 @@ post: - $ref: '../components/parameters/space_id.yaml' requestBody: content: - application/json: {} + application/json: + schema: + type: object + nullable: true responses: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: object properties: diff --git a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@user_actions.yaml b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@user_actions.yaml index 71301cf67a731..43a6ec096dfaa 100644 --- a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@user_actions.yaml +++ b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@user_actions.yaml @@ -15,7 +15,7 @@ get: '200': description: Indicates a successful call. content: - application/json; charset=utf-8: + application/json: schema: type: array items: