Skip to content

Latest commit

 

History

History
117 lines (103 loc) · 4.44 KB

case.md

File metadata and controls

117 lines (103 loc) · 4.44 KB

Case

Model definition

Required attributes:

  • title (text) : title of the case
  • description (text) : description of the case
  • severity (number) : severity of the case (1: low; 2: medium; 3: high) default=2
  • startDate (date) : date and time of the begin of the case default=now
  • owner (string) : user to whom the case has been assigned default=use who create the case
  • flag (boolean) : flag of the case default=false
  • tlp (number) : TLP (0: white; 1: green; 2: amber; 3: red) default=2
  • tags (multi-string) : case tags default=empty

Optional attributes:

  • resolutionStatus (caseResolutionStatus) : resolution status of the case (Indeterminate, FalsePositive, TruePositive, Other or Duplicated)
  • impactStatus (caseImpactStatus) : impact status of the case (NoImpact, WithImpact or NotApplicable)
  • summary (text) : summary of the case, to be provided when closing a case
  • endDate (date) : resolution date
  • metrics (metrics) : list of metrics

Attributes generated by the backend:

  • status (caseStatus) : status of the case (Open, Resolved or Deleted) default=Open
  • caseId (number) : Id of the case (auto-generated)
  • mergeInto (string) : ID of the case created by the merge
  • mergeFrom (multi-string) : IDs of the cases that were merged

Case Manipulation

Case methods

HTTP Method URI Action
GET /api/case List cases
POST /api/case/_search Find cases
PATCH /api/case/_bulk Update cases in bulk
POST /api/case/_stats Compute stats on cases
POST /api/case Create a case
GET /api/case/:caseId Get a case
PATCH /api/case/:caseId Update a case
DELETE /api/case/:caseId Remove a case
GET /api/case/:caseId/links Get list of cases linked to this case
POST /api/case/:caseId1/_merge/:caseId2 Merge two cases

Create a Case

A case can be created using the following url :

POST     /api/case

Required case attributes (cf. models) must be provided.

This call returns attributes of the created case.

Examples

Creation of a simple case:

curl -XPOST -H 'Authorization: Bearer ***API*KEY***' -H 'Content-Type: application/json' http://127.0.0.1:9000/api/case -d '{
  "title": "My first case",
  "description": "This case has been created by my custom script"
}'

It returns:

{
  "severity": 3,
  "createdBy": "myuser",
  "createdAt": 1488918582777,
  "caseId": 1,
  "title": "My first case",
  "startDate": 1488918582836,
  "owner": "myuser",
  "status": "Open",
  "description": "This case has been created by my custom script",
  "user": "myuser",
  "tlp": 2,
  "flag": false,
  "id": "AVqqdpY2yQ6w1DNC8aDh",
  "_id": "AVqqdpY2yQ6w1DNC8aDh",
  "_type":"case"
}

Creation of another case:

curl -XPOST -H 'Authorization: Bearer ***API*KEY***' -H 'Content-Type: application/json' http://127.0.0.1:9000/api/case -d '{
  "title": "My second case",
  "description": "This case has been created by my custom script, its severity is high, tlp is red and it contains tags",
  "severity": 3,
  "tlp": 3,
  "tags": ["automatic", "creation"]
}'

Creating a case with Tasks & Customfields:

curl -XPOST -H 'Authorization: Bearer ***API*KEY***' -H 'Content-Type: application/json' http://127.0.0.1:9000/api/case -d '{
    "title": "My first case",
    "description": "This case has been created by my custom script"
    "tasks": [{
        "title": "mytask",
        "description": "description of my task"
    }],
    "customFields": {
        "cvss": {
            "number": 9,
        },
        "businessImpact": {
            "string": "HIGH"
        }
    }
}'

For the customFields object, the attribute names should correspond to the ExternalReference (cvss and businessImpact in the example above) not to the name of custom fields.