[Cases] Update cases api docs#256805
Merged
Merged
Conversation
christineweng
added
release_note:skip
Contributor
|
Pinging @elastic/kibana-cases (Team:Cases) |
christineweng
commented
Mar 9, 2026
elastic-vault-github-plugin-prod
Bot
requested a review
from a team
as a code owner
MykhailoKondrat
approved these changes
Mar 10, 2026
janmonschke
reviewed
Mar 10, 2026
| - cases | ||
| parameters: | ||
| - $ref: '../components/parameters/case_id.yaml' | ||
| - $ref: '../components/parameters/includeComments.yaml' |
Contributor
There was a problem hiding this comment.
It seems like this file can be removed as well then. There are a bunch of references to includeComments in the cases codebase. It would make sense to clean those up as well. I think the workflow examples might also contain references to this option.
Contributor
Author
There was a problem hiding this comment.
I removed the schema, but includeComments are being used in resolve case, which then passes the case data to case view. Will consider a refactor to move the attachment fetch out of resolve case, and call it explicitly when attachments are needed -> added an item in https://github.com/elastic/security-team/issues/15066
kibana/x-pack/platform/plugins/shared/cases/public/containers/api.ts
Lines 123 to 128 in 7283080
Contributor
Author
There was a problem hiding this comment.
I see what you are saying about workflows now, they pulled from public api and I removed the references in 4512bf5
AB however directly calls cases client, so technically it could pass includeComments=true and it will return a case with comments. wdyt?
Contributor
There was a problem hiding this comment.
I think includeComments has been deprecated for some time and they should not send it like this. Might be best to reach out to them and clean this up in a follow-up ticket. Sounds good to you?
Contributor
There was a problem hiding this comment.
Actually,
I wonder what the reasoning is for deprecating this on
get.In any case, I should add a
resolveCase endpoint and deprecate includeComments from the getCase workflow.
Contributor
There was a problem hiding this comment.
Well, includeComments is also deprecated in the resolve endpoint:
🤔
Contributor
There was a problem hiding this comment.
I think the instances of this only exist by mistake. I would clean them up, as this field was deprecated.
At the time christos had this in the description of the epic
The Cases UI uses the includeComments query parameter. We would need to update the Cases UI to use the alternative endpoint for the query parameter and extend the internal GET /internal/cases/metrics to return the stats needed by the UI.
And I suspect we just never did the follow-up. Because of that, other usages popped up. +1 on cleaning up.
christineweng
force-pushed
the
cases-api-doc-fix
branch
2 times, most recently
from
c78a46a to
4512bf5
Compare
botelastic
Bot
added
the
Team:One Workflow
adcoelho
reviewed
Mar 11, 2026
adcoelho
approved these changes
Mar 11, 2026
christineweng
force-pushed
the
cases-api-doc-fix
branch
3 times, most recently
from
e059255 to
3161283
Compare
elastic-vault-github-plugin-prod
Bot
requested a review
from a team
as a code owner
christineweng
force-pushed
the
cases-api-doc-fix
branch
from
3560f6a to
9133478
Compare
nastasha-solomon
approved these changes
Mar 12, 2026
Member
nastasha-solomon
left a comment
nastasha-solomon
left a comment
There was a problem hiding this comment.
Just had one question. Otherwise, looks good!
| extractObservables: | ||
| description: Auto extracts observables | ||
| description: | | ||
| When true, observables (e.g. IPs, hashes, URLs) are automatically extracted from case comments. Optional; defaults to false when omitted. |
Member
There was a problem hiding this comment.
How's the "optional" qualification being used in the second sentence?
Also, if the default configuration for this param is false, just need this small tweak:
Suggested change
| When true, observables (e.g. IPs, hashes, URLs) are automatically extracted from case comments. Optional; defaults to false when omitted. | |
| When `true`, observables (for example, IPs, hashes, URLs) are automatically extracted from case comments. Defaults to `false` if omitted. |
Contributor
Author
There was a problem hiding this comment.
Optional means we still accept a request without extractObservables.
janmonschke
approved these changes
Mar 13, 2026
Contributor
janmonschke
left a comment
janmonschke
left a comment
There was a problem hiding this comment.
Changes look good to me! Maybe add a follow-up ticket for cleaning up the usage of includeComments.
Contributor
Author
@janmonschke I updated an existing ticket on this -> #207797 and moved it to |
8 tasks
jesuswr
approved these changes
Mar 16, 2026
christineweng
force-pushed
the
cases-api-doc-fix
branch
from
c77af19 to
749b801
Compare
Contributor
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Async chunks
History
|
sorenlouv
pushed a commit
that referenced
this pull request
Mar 17, 2026
## Summary Updated cases API docs to address: - Removed alert reference in find comment api. Related: #156863 - Updated response schema and examples - existing response uses full case response, which is not correct - Removed `includeComment` param in get case api. [it is always false for public api](https://github.com/elastic/kibana/blob/ab858f5d9f3f91104b083c5b6d31363e41804828/x-pack/platform/plugins/shared/cases/server/routes/api/cases/get_case.ts#L40-L42) but the response example contains comments, related: #207739 - Included `extractObservables` to case request and response - Fixed typos ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
qn895
pushed a commit
to qn895/kibana
that referenced
this pull request
Mar 18, 2026
## Summary Updated cases API docs to address: - Removed alert reference in find comment api. Related: elastic#156863 - Updated response schema and examples - existing response uses full case response, which is not correct - Removed `includeComment` param in get case api. [it is always false for public api](https://github.com/elastic/kibana/blob/ab858f5d9f3f91104b083c5b6d31363e41804828/x-pack/platform/plugins/shared/cases/server/routes/api/cases/get_case.ts#L40-L42) but the response example contains comments, related: elastic#207739 - Included `extractObservables` to case request and response - Fixed typos ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
jeramysoucy
pushed a commit
to jeramysoucy/kibana
that referenced
this pull request
Mar 26, 2026
## Summary Updated cases API docs to address: - Removed alert reference in find comment api. Related: elastic#156863 - Updated response schema and examples - existing response uses full case response, which is not correct - Removed `includeComment` param in get case api. [it is always false for public api](https://github.com/elastic/kibana/blob/ab858f5d9f3f91104b083c5b6d31363e41804828/x-pack/platform/plugins/shared/cases/server/routes/api/cases/get_case.ts#L40-L42) but the response example contains comments, related: elastic#207739 - Included `extractObservables` to case request and response - Fixed typos ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
11 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Updated cases API docs to address:
includeCommentparam in get case api. it is always false for public api but the response example contains comments, related: [Response Ops][Cases] Remove includeComments query param #207739extractObservablesto case request and responseChecklist
release_note:breakinglabel should be applied in these situations.release_note:*label is applied per the guidelinesbackport:*labels.