Case Manager (1.0.0)

Download OpenAPI specification:Download

Case Manager V2

create a new v2 case

Authorizations:

SessionCookie

header Parameters

User-ID required	string The User ID of the requestor.
Organization-ID required	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request
Execution-ID	string ID of the execution if action is perfomed through a darryl action
Organization-Hosturl	string The host url of the organization

Request Body schema: application/json
required

name required	string Title to be set for the case
case_uuid	string Unique identifier of case
organization_identifier	string Identifier (uuid or org code) of the organization associated with the case
type	integer (CaseType) Enum: 0 5
status	integer
status_label	string
severity	integer
severity_label	string
disposition	integer
disposition_label	string
category	string category the case belongs to
sub_category	string sub category the case belongs to based on category
assignee	string Unique identifier of the assignee
assignee_email	string Email of the assigned user
assignee_usergroup_name	string Name of the assignee user group
assignee_usergroup_organization	string Organization code of the assignee user group
is_customer_request	boolean If this flag is true then reporter field will be honored, otherwise repporter will be the user who sent the request
reporter	string Uuid of the reporting user
reporter_email	string Email of the reporting user
performed_by_darryl	boolean
adr_triage	integer (AdrTriage) Enum: 0 1 5 10
	object (AddCaseDetailFieldsRequest)
linked_sessions	Array of strings Linked sessions with the case
watchers	Array of strings Uuids of users to be added to watchers list
watcher_emails	Array of strings Emails of the users to be added to watchers list

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"case_uuid": "string",
"organization_identifier": "string",
"type": 0,
"status": 0,
"status_label": "string",
"severity": 0,
"severity_label": "string",
"disposition": 0,
"disposition_label": "string",
"category": "string",
"sub_category": "string",
"assignee": "string",
"assignee_email": "string",
"assignee_usergroup_name": "string",
"assignee_usergroup_organization": "string",
"is_customer_request": true,
"reporter": "string",
"reporter_email": "string",
"performed_by_darryl": true,
"adr_triage": 0,
"case_detail_fields": {"executive_summary": "string",
"alert_details": "string",
"provider_id": "string",
"linked_alerts": [{"name": "string",
"path": "string",
"uuid": "string",
"deleted": true,
"type": 0
}
],
"primary_alert_id": "string",
"timeline": {"alert_raised_at": 0,
"alert_acknowledged_at": 0,
"case_disposition_created_at": 0,
"escalated_to_customer_at": 0,
"investigation_completed_at": 0,
"case_contained_at": 0,
"case_closed_at": 0,
"reinvestigated_at": 0
},
"custom_field_values": [{"field_identifier": "string",
"value": null,
"deleted": true
}
],
"investigation_summary": "string"
},
"linked_sessions": ["string"
],
"watchers": ["string"
],
"watcher_emails": ["string"
]
}

Response samples

200
default

Content type

application/json

{"message": "string",
"data": {"case_id": "string",
"case_uuid": "string",
"organization_id": "string",
"organization_name": "string",
"organization_code": "string",
"name": "string",
"type": 0,
"status": 0,
"status_label": "string",
"disposition": 0,
"disposition_label": "string",
"severity": 0,
"severity_label": "string",
"priority": 0,
"category": "string",
"sub_category": "string",
"assignee": {"firstname": "string",
"lastname": "string",
"email": "string",
"assignee_id": "string",
"user_uuid": "string",
"assignee_type": "string",
"performed_by_darryl": true
},
"reporter": {"firstname": "string",
"lastname": "string",
"user_uuid": "string",
"performed_by_darryl": true
},
"archived": true,
"escalations": [{"escalation_type": 0,
"escalated_to": 0,
"escalated_by": {"firstname": "string",
"lastname": "string",
"user_uuid": "string",
"performed_by_darryl": true
},
"escalated_at": 0,
"comment": "string",
"email_sent_to": ["string"
],
"uuid": "string"
}
],
"adr_triage": 0,
"sla_response_met": true,
"is_customer_request": true,
"case_detail_fields": {"executive_summary": "string",
"actions_required": [{"uuid": "string",
"title": "string",
"status": 0,
"status_label": "string",
"assignee": {"firstname": "string",
"lastname": "string",
"user_uuid": "string",
"performed_by_darryl": true
},
"created_at": 0,
"modified_at": 0,
"completed_at": 0
}
],
"alert_details": "string",
"alert_details_style": "string",
"provider": {"name": "string",
"logo_url": "string",
"provider_id": "string"
},
"linked_alerts": [{"type": 0,
"name": "string",
"path": "string",
"uuid": "string",
"alert_link": "string"
}
],
"primary_alert_id": "string",
"timeline": {"alert_raised_at": 0,
"alert_acknowledged_at": 0,
"case_disposition_created_at": 0,
"escalated_to_customer_at": 0,
"investigation_completed_at": 0,
"case_contained_at": 0,
"case_closed_at": 0,
"reinvestigated_at": 0
},
"metrics": {"alert_acknowledged_metric": 0,
"investigation_completed_metric": 0,
"case_contained_metric": 0,
"case_closed_metric": 0
},
"findings": [{"uuid": "string",
"title": "string",
"summary": "string",
"risk": 0,
"risk_label": "string",
"hidden": true,
"evidences": [{"name": "string",
"attached_content_link": "string",
"attached_content_version": 0,
"attached_content_type": 0,
"data": "string"
}
]
}
],
"custom_field_values": [{"uuid": "string",
"value": null
}
],
"investigation_summary": "string"
},
"created_at": 0,
"modified_at": 0,
"status_modified_at": 0,
"linked_sessions": [{"chat_session_id": "string",
"title": "string",
"owner_details": {"firstname": "string",
"lastname": "string",
"email": "string",
"user_uuid": "string"
},
"created_at": 0,
"deleted": true
}
],
"linked_cases": [{"case_id": "string",
"case_uuid": "string",
"name": "string",
"type": 0,
"status": 0,
"status_label": "string",
"severity": 0,
"severity_label": "string",
"disposition": 0,
"disposition_label": "string",
"priority": 0,
"category": "string",
"sub_category": "string",
"assignee": {"firstname": "string",
"lastname": "string",
"email": "string",
"assignee_id": "string",
"user_uuid": "string",
"assignee_type": "string",
"performed_by_darryl": true
},
"archived": true,
"escalations_count": 0,
"created_at": 0,
"modified_at": 0,
"status_modified_at": 0,
"case_closed_at": 0,
"case_link": "string",
"organization_uuid": "string",
"organization_name": "string",
"reviewed": true,
"marked_for_review": true,
"ignore_metrics": true
}
],
"case_link": "string",
"execution_link": "string",
"watchers_count": 0,
"reviewed": true,
"marked_for_review": true,
"ignore_metrics": true,
"case_reinvestigated": true
}
}

get details of a v2 case

Authorizations:

SessionCookie

path Parameters

case_uuid

required

string

The id of the case to be fetched

query Parameters

requested_view required	integer (CaseView) Enum: 0 1 Requested view of the case
include_hidden_findings	boolean Whether to include hidden findings in the response

header Parameters

User-ID required	string The User ID of the requestor.
Organization-ID	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request
Execution-ID	string ID of the execution if action is perfomed through a darryl action
Organization-Hosturl	string The host url of the organization

Responses

Response samples

200
default

Content type

application/json

{"message": "string",
"data": {"case_id": "string",
"case_uuid": "string",
"organization_id": "string",
"organization_name": "string",
"organization_code": "string",
"name": "string",
"type": 0,
"status": 0,
"status_label": "string",
"disposition": 0,
"disposition_label": "string",
"severity": 0,
"severity_label": "string",
"priority": 0,
"category": "string",
"sub_category": "string",
"assignee": {"firstname": "string",
"lastname": "string",
"email": "string",
"assignee_id": "string",
"user_uuid": "string",
"assignee_type": "string",
"performed_by_darryl": true
},
"reporter": {"firstname": "string",
"lastname": "string",
"user_uuid": "string",
"performed_by_darryl": true
},
"archived": true,
"escalations": [{"escalation_type": 0,
"escalated_to": 0,
"escalated_by": {"firstname": "string",
"lastname": "string",
"user_uuid": "string",
"performed_by_darryl": true
},
"escalated_at": 0,
"comment": "string",
"email_sent_to": ["string"
],
"uuid": "string"
}
],
"adr_triage": 0,
"sla_response_met": true,
"is_customer_request": true,
"case_detail_fields": {"executive_summary": "string",
"actions_required": [{"uuid": "string",
"title": "string",
"status": 0,
"status_label": "string",
"assignee": {"firstname": "string",
"lastname": "string",
"user_uuid": "string",
"performed_by_darryl": true
},
"created_at": 0,
"modified_at": 0,
"completed_at": 0
}
],
"alert_details": "string",
"alert_details_style": "string",
"provider": {"name": "string",
"logo_url": "string",
"provider_id": "string"
},
"linked_alerts": [{"type": 0,
"name": "string",
"path": "string",
"uuid": "string",
"alert_link": "string"
}
],
"primary_alert_id": "string",
"timeline": {"alert_raised_at": 0,
"alert_acknowledged_at": 0,
"case_disposition_created_at": 0,
"escalated_to_customer_at": 0,
"investigation_completed_at": 0,
"case_contained_at": 0,
"case_closed_at": 0,
"reinvestigated_at": 0
},
"metrics": {"alert_acknowledged_metric": 0,
"investigation_completed_metric": 0,
"case_contained_metric": 0,
"case_closed_metric": 0
},
"findings": [{"uuid": "string",
"title": "string",
"summary": "string",
"risk": 0,
"risk_label": "string",
"hidden": true,
"evidences": [{"name": "string",
"attached_content_link": "string",
"attached_content_version": 0,
"attached_content_type": 0,
"data": "string"
}
]
}
],
"custom_field_values": [{"uuid": "string",
"value": null
}
],
"investigation_summary": "string"
},
"created_at": 0,
"modified_at": 0,
"status_modified_at": 0,
"linked_sessions": [{"chat_session_id": "string",
"title": "string",
"owner_details": {"firstname": "string",
"lastname": "string",
"email": "string",
"user_uuid": "string"
},
"created_at": 0,
"deleted": true
}
],
"linked_cases": [{"case_id": "string",
"case_uuid": "string",
"name": "string",
"type": 0,
"status": 0,
"status_label": "string",
"severity": 0,
"severity_label": "string",
"disposition": 0,
"disposition_label": "string",
"priority": 0,
"category": "string",
"sub_category": "string",
"assignee": {"firstname": "string",
"lastname": "string",
"email": "string",
"assignee_id": "string",
"user_uuid": "string",
"assignee_type": "string",
"performed_by_darryl": true
},
"archived": true,
"escalations_count": 0,
"created_at": 0,
"modified_at": 0,
"status_modified_at": 0,
"case_closed_at": 0,
"case_link": "string",
"organization_uuid": "string",
"organization_name": "string",
"reviewed": true,
"marked_for_review": true,
"ignore_metrics": true
}
],
"case_link": "string",
"execution_link": "string",
"watchers_count": 0,
"reviewed": true,
"marked_for_review": true,
"ignore_metrics": true,
"case_reinvestigated": true
}
}

update details of a v2 case

Authorizations:

SessionCookie

path Parameters

case_uuid

required

string

The uuid of the case to be updated

header Parameters

User-ID	string The User ID of the requestor.
Organization-ID	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request
Execution-ID	string ID of the execution if action is perfomed through a darryl action
Organization-Hosturl	string The host url of the organization

Request Body schema: application/json
required

name	string Title to be set for the case
status	integer
status_label	string
severity	integer
severity_label	string
disposition	integer
disposition_label	string
category	string category the case belongs to
sub_category	string sub category the case belongs to based on category
assignee	string Uuid of the assigned user
assignee_email	string Email of the assigned user
assignee_usergroup_name	string Name of the assignee user group
assignee_usergroup_organization	string Organization code of the assignee user group
archived	boolean Unarchive case if it's archived. (no change if its true)
	object (UpsertEscalation)
performed_by_darryl	boolean
adr_triage	integer (AdrTriage) Enum: 0 1 5 10
sla_response_met	boolean Flag to indicate feedback for a case on whether it met the SLA response or not.
	object (UpdateCaseDetailFieldsRequest)
replace_case_details	boolean If this field is true, case details provided in case_detail_fields will be replace. Otherwise, it will append to previously existing value.
append_mode	integer (AppendMode) Enum: 0 1
marked_for_review	boolean if true, case will be marked for review

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"status": 0,
"status_label": "string",
"severity": 0,
"severity_label": "string",
"disposition": 0,
"disposition_label": "string",
"category": "string",
"sub_category": "string",
"assignee": "string",
"assignee_email": "string",
"assignee_usergroup_name": "string",
"assignee_usergroup_organization": "string",
"archived": true,
"escalations": {"escalation_type": 0,
"escalated_to": 0,
"comment": "string",
"email_sent_to": ["string"
],
"do_not_send_email": true,
"uuid": "string"
},
"performed_by_darryl": true,
"adr_triage": 0,
"sla_response_met": true,
"case_detail_fields": {"executive_summary": "string",
"actions_required": [{"uuid": "string",
"title": "string",
"status": 0,
"status_label": "string",
"assignee": "string",
"assignee_email": "string",
"created_at": 0,
"modified_at": 0,
"completed_at": 0,
"deleted": true
}
],
"alert_details": "string",
"provider_id": "string",
"linked_alerts": [{"name": "string",
"path": "string",
"uuid": "string",
"deleted": true,
"type": 0
}
],
"primary_alert_id": "string",
"timeline": {"alert_raised_at": 0,
"alert_acknowledged_at": 0,
"case_disposition_created_at": 0,
"escalated_to_customer_at": 0,
"investigation_completed_at": 0,
"case_contained_at": 0,
"case_closed_at": 0,
"reinvestigated_at": 0
},
"custom_field_values": [{"field_identifier": "string",
"value": null,
"deleted": true
}
],
"investigation_summary": "string"
},
"replace_case_details": true,
"append_mode": 0,
"marked_for_review": true
}

Response samples

200
default

Content type

application/json

{"message": "string",
"data": {"case_id": "string",
"case_uuid": "string",
"organization_id": "string",
"organization_name": "string",
"organization_code": "string",
"name": "string",
"type": 0,
"status": 0,
"status_label": "string",
"disposition": 0,
"disposition_label": "string",
"severity": 0,
"severity_label": "string",
"priority": 0,
"category": "string",
"sub_category": "string",
"assignee": {"firstname": "string",
"lastname": "string",
"email": "string",
"assignee_id": "string",
"user_uuid": "string",
"assignee_type": "string",
"performed_by_darryl": true
},
"reporter": {"firstname": "string",
"lastname": "string",
"user_uuid": "string",
"performed_by_darryl": true
},
"archived": true,
"escalations": [{"escalation_type": 0,
"escalated_to": 0,
"escalated_by": {"firstname": "string",
"lastname": "string",
"user_uuid": "string",
"performed_by_darryl": true
},
"escalated_at": 0,
"comment": "string",
"email_sent_to": ["string"
],
"uuid": "string"
}
],
"adr_triage": 0,
"sla_response_met": true,
"is_customer_request": true,
"case_detail_fields": {"executive_summary": "string",
"actions_required": [{"uuid": "string",
"title": "string",
"status": 0,
"status_label": "string",
"assignee": {"firstname": "string",
"lastname": "string",
"user_uuid": "string",
"performed_by_darryl": true
},
"created_at": 0,
"modified_at": 0,
"completed_at": 0
}
],
"alert_details": "string",
"alert_details_style": "string",
"provider": {"name": "string",
"logo_url": "string",
"provider_id": "string"
},
"linked_alerts": [{"type": 0,
"name": "string",
"path": "string",
"uuid": "string",
"alert_link": "string"
}
],
"primary_alert_id": "string",
"timeline": {"alert_raised_at": 0,
"alert_acknowledged_at": 0,
"case_disposition_created_at": 0,
"escalated_to_customer_at": 0,
"investigation_completed_at": 0,
"case_contained_at": 0,
"case_closed_at": 0,
"reinvestigated_at": 0
},
"metrics": {"alert_acknowledged_metric": 0,
"investigation_completed_metric": 0,
"case_contained_metric": 0,
"case_closed_metric": 0
},
"findings": [{"uuid": "string",
"title": "string",
"summary": "string",
"risk": 0,
"risk_label": "string",
"hidden": true,
"evidences": [{"name": "string",
"attached_content_link": "string",
"attached_content_version": 0,
"attached_content_type": 0,
"data": "string"
}
]
}
],
"custom_field_values": [{"uuid": "string",
"value": null
}
],
"investigation_summary": "string"
},
"created_at": 0,
"modified_at": 0,
"status_modified_at": 0,
"linked_sessions": [{"chat_session_id": "string",
"title": "string",
"owner_details": {"firstname": "string",
"lastname": "string",
"email": "string",
"user_uuid": "string"
},
"created_at": 0,
"deleted": true
}
],
"linked_cases": [{"case_id": "string",
"case_uuid": "string",
"name": "string",
"type": 0,
"status": 0,
"status_label": "string",
"severity": 0,
"severity_label": "string",
"disposition": 0,
"disposition_label": "string",
"priority": 0,
"category": "string",
"sub_category": "string",
"assignee": {"firstname": "string",
"lastname": "string",
"email": "string",
"assignee_id": "string",
"user_uuid": "string",
"assignee_type": "string",
"performed_by_darryl": true
},
"archived": true,
"escalations_count": 0,
"created_at": 0,
"modified_at": 0,
"status_modified_at": 0,
"case_closed_at": 0,
"case_link": "string",
"organization_uuid": "string",
"organization_name": "string",
"reviewed": true,
"marked_for_review": true,
"ignore_metrics": true
}
],
"case_link": "string",
"execution_link": "string",
"watchers_count": 0,
"reviewed": true,
"marked_for_review": true,
"ignore_metrics": true,
"case_reinvestigated": true
}
}

archive a case

Authorizations:

SessionCookie

path Parameters

case_uuid

required

string

The id or uuid of the case

header Parameters

User-ID	string The User ID of the requestor.
Organization-ID	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request
Execution-ID	string ID of the execution if action is perfomed through a darryl action
Organization-Hosturl	string The host url of the organization

Responses

Response samples

200
default

Content type

application/json

{"message": "string"
}

delete a case

Authorizations:

SessionCookie

path Parameters

case_uuid

required

string

The id or uuid of the case

header Parameters

User-ID	string The User ID of the requestor.
Organization-ID	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request
Execution-ID	string ID of the execution if action is perfomed through a darryl action
Organization-Hosturl	string The host url of the organization

Responses

Response samples

200
default

Content type

application/json

{"message": "string"
}

ignore/unignore the case from metrics.

Authorizations:

SessionCookie

path Parameters

case_uuid

required

string

The id or uuid of the case

header Parameters

User-ID	string The User ID of the requestor.
Organization-ID	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request
Execution-ID	string ID of the execution if action is perfomed through a darryl action
Organization-Hosturl	string The host url of the organization

Responses

Response samples

200
default

Content type

application/json

{"message": "string",
"data": {"case_id": "string",
"case_uuid": "string",
"organization_id": "string",
"organization_name": "string",
"organization_code": "string",
"name": "string",
"type": 0,
"status": 0,
"status_label": "string",
"disposition": 0,
"disposition_label": "string",
"severity": 0,
"severity_label": "string",
"priority": 0,
"category": "string",
"sub_category": "string",
"assignee": {"firstname": "string",
"lastname": "string",
"email": "string",
"assignee_id": "string",
"user_uuid": "string",
"assignee_type": "string",
"performed_by_darryl": true
},
"reporter": {"firstname": "string",
"lastname": "string",
"user_uuid": "string",
"performed_by_darryl": true
},
"archived": true,
"escalations": [{"escalation_type": 0,
"escalated_to": 0,
"escalated_by": {"firstname": "string",
"lastname": "string",
"user_uuid": "string",
"performed_by_darryl": true
},
"escalated_at": 0,
"comment": "string",
"email_sent_to": ["string"
],
"uuid": "string"
}
],
"adr_triage": 0,
"sla_response_met": true,
"is_customer_request": true,
"case_detail_fields": {"executive_summary": "string",
"actions_required": [{"uuid": "string",
"title": "string",
"status": 0,
"status_label": "string",
"assignee": {"firstname": "string",
"lastname": "string",
"user_uuid": "string",
"performed_by_darryl": true
},
"created_at": 0,
"modified_at": 0,
"completed_at": 0
}
],
"alert_details": "string",
"alert_details_style": "string",
"provider": {"name": "string",
"logo_url": "string",
"provider_id": "string"
},
"linked_alerts": [{"type": 0,
"name": "string",
"path": "string",
"uuid": "string",
"alert_link": "string"
}
],
"primary_alert_id": "string",
"timeline": {"alert_raised_at": 0,
"alert_acknowledged_at": 0,
"case_disposition_created_at": 0,
"escalated_to_customer_at": 0,
"investigation_completed_at": 0,
"case_contained_at": 0,
"case_closed_at": 0,
"reinvestigated_at": 0
},
"metrics": {"alert_acknowledged_metric": 0,
"investigation_completed_metric": 0,
"case_contained_metric": 0,
"case_closed_metric": 0
},
"findings": [{"uuid": "string",
"title": "string",
"summary": "string",
"risk": 0,
"risk_label": "string",
"hidden": true,
"evidences": [{"name": "string",
"attached_content_link": "string",
"attached_content_version": 0,
"attached_content_type": 0,
"data": "string"
}
]
}
],
"custom_field_values": [{"uuid": "string",
"value": null
}
],
"investigation_summary": "string"
},
"created_at": 0,
"modified_at": 0,
"status_modified_at": 0,
"linked_sessions": [{"chat_session_id": "string",
"title": "string",
"owner_details": {"firstname": "string",
"lastname": "string",
"email": "string",
"user_uuid": "string"
},
"created_at": 0,
"deleted": true
}
],
"linked_cases": [{"case_id": "string",
"case_uuid": "string",
"name": "string",
"type": 0,
"status": 0,
"status_label": "string",
"severity": 0,
"severity_label": "string",
"disposition": 0,
"disposition_label": "string",
"priority": 0,
"category": "string",
"sub_category": "string",
"assignee": {"firstname": "string",
"lastname": "string",
"email": "string",
"assignee_id": "string",
"user_uuid": "string",
"assignee_type": "string",
"performed_by_darryl": true
},
"archived": true,
"escalations_count": 0,
"created_at": 0,
"modified_at": 0,
"status_modified_at": 0,
"case_closed_at": 0,
"case_link": "string",
"organization_uuid": "string",
"organization_name": "string",
"reviewed": true,
"marked_for_review": true,
"ignore_metrics": true
}
],
"case_link": "string",
"execution_link": "string",
"watchers_count": 0,
"reviewed": true,
"marked_for_review": true,
"ignore_metrics": true,
"case_reinvestigated": true
}
}

add a new finding in case

Authorizations:

SessionCookie

path Parameters

case_uuid

required

string

The id or uuid of the case to upsert finding

header Parameters

User-ID required	string The User ID of the requestor.
Organization-ID required	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request
Execution-ID	string ID of the execution if action is perfomed through a darryl action
Organization-Hosturl	string The host url of the organization

Request Body schema: application/json
required

uuid	string Unique indenfitifer of the finding
title required	string Finding title
summary	string Detailed description of finding
risk	integer
risk_label	string
hidden	boolean If true, the finding will not be shown in the UI
	Array of objects (UpsertEvidenceRequest) Evidence provided in support of the finding
	Array of objects (DecisionIoc)

Responses

Request samples

Payload

Content type

application/json

{"uuid": "string",
"title": "string",
"summary": "string",
"risk": 0,
"risk_label": "string",
"hidden": true,
"evidences": [{"name": "string",
"attached_content_link": "string",
"attached_content_version": 0,
"attached_content_type": 0,
"data": "string",
"deleted": true,
"link_existing_evidence": true
}
],
"decision_iocs": [{"type": "string",
"key": "string",
"severity": 0,
"extra": { }
}
]
}

Response samples

200
default

Content type

application/json

{"message": "string",
"data": {"finding": {"uuid": "string",
"title": "string",
"summary": "string",
"risk": 0,
"risk_label": "string",
"hidden": true,
"evidences": [{"name": "string",
"attached_content_link": "string",
"attached_content_version": 0,
"attached_content_type": 0,
"data": "string"
}
]
},
"modified_at": 0
}
}

update a finding in the case

Authorizations:

SessionCookie

path Parameters

case_uuid required	string The id or uuid of the case to upsert finding
finding_uuid required	string The id or uuid of the finding to be deleted

header Parameters

User-ID required	string The User ID of the requestor.
Organization-ID required	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request
Execution-ID	string ID of the execution if action is perfomed through a darryl action
Organization-Hosturl	string The host url of the organization

Request Body schema: application/json
required

title	string Finding title
summary	string Detailed description of finding
risk	integer
risk_label	string
hidden	boolean If true, the finding will not be shown in the UI
	Array of objects (UpsertEvidenceRequest) Evidence provided in support of the finding
	Array of objects (DecisionIoc)

Responses

Request samples

Payload

Content type

application/json

{"title": "string",
"summary": "string",
"risk": 0,
"risk_label": "string",
"hidden": true,
"evidences": [{"name": "string",
"attached_content_link": "string",
"attached_content_version": 0,
"attached_content_type": 0,
"data": "string",
"deleted": true,
"link_existing_evidence": true
}
],
"decision_iocs": [{"type": "string",
"key": "string",
"severity": 0,
"extra": { }
}
]
}

Response samples

200
default

Content type

application/json

{"message": "string",
"data": {"finding": {"uuid": "string",
"title": "string",
"summary": "string",
"risk": 0,
"risk_label": "string",
"hidden": true,
"evidences": [{"name": "string",
"attached_content_link": "string",
"attached_content_version": 0,
"attached_content_type": 0,
"data": "string"
}
]
},
"modified_at": 0
}
}

delete a finding in a case

Authorizations:

SessionCookie

path Parameters

case_uuid required	string The id or uuid of the case to delete finding from
finding_uuid required	string The id or uuid of the finding to be deleted

header Parameters

User-ID	string The User ID of the requestor.
Organization-ID	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request
Execution-ID	string ID of the execution if action is perfomed through a darryl action
Organization-Hosturl	string The host url of the organization

Responses

Response samples

200
default

Content type

application/json

{"message": "string",
"data": {"finding": {"uuid": "string",
"title": "string",
"summary": "string",
"risk": 0,
"risk_label": "string",
"hidden": true,
"evidences": [{"name": "string",
"attached_content_link": "string",
"attached_content_version": 0,
"attached_content_type": 0,
"data": "string"
}
]
},
"modified_at": 0
}
}

email details of a v2 case finding

Authorizations:

SessionCookie

path Parameters

case_uuid required	string The uuid of the case
finding_uuid required	string The uuid of the finding

header Parameters

User-ID	string The User ID of the requestor.
Organization-ID	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request
Execution-ID	string ID of the execution if action is perfomed through a darryl action
Organization-Hosturl	string The host url of the organization

Request Body schema: application/json
required

to_addresses required	Array of strings list of emails to send the case finding details to
html_content	string html content for the email body
message	string message to be sent in email body along with html content

Responses

Request samples

Payload

Content type

application/json

{"to_addresses": ["string"
],
"html_content": "string",
"message": "string"
}

Response samples

200
default

Content type

application/json

{"message": "string",
"failed_deliveries": ["string"
]
}

get evidence data for a finding based on uuid

Authorizations:

SessionCookie

path Parameters

case_uuid required	string The id or uuid of the case
finding_uuid required	string The id or uuid of the finding
evidence_uuid required	string The id or uuid of the evidence to be deleted

query Parameters

version

integer

Version for evidence. If not provided, latest evidence will be returned

header Parameters

User-ID required	string The User ID of the requestor.
Organization-ID required	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request
Execution-ID	string ID of the execution if action is perfomed through a darryl action
Organization-Hosturl	string The host url of the organization

Responses

Response samples

200
default

Content type

application/json

{"message": "string",
"data": {"name": "string",
"attached_content_link": "string",
"attached_content_version": 0,
"attached_content_type": 0,
"data": "string"
}
}

email details of a v2 case

Authorizations:

SessionCookie

path Parameters

case_uuid

required

string

The uuid of the case

header Parameters

User-ID	string The User ID of the requestor.
Organization-ID	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request
Execution-ID	string ID of the execution if action is perfomed through a darryl action
Organization-Hosturl	string The host url of the organization

Request Body schema: application/json
required

to_addresses required	Array of strings list of emails to send the case details to
subject	string subject of the email
html_content	string html content for the email body
message	string message to be sent in email body along with html content

Responses

Request samples

Payload

Content type

application/json

{"to_addresses": ["string"
],
"subject": "string",
"html_content": "string",
"message": "string"
}

Response samples

200
default

Content type

application/json

{"message": "string",
"failed_deliveries": ["string"
]
}

get case list for an organization based on filter and sort

Authorizations:

SessionCookie

query Parameters

page required	integer Page number for paginated results.
size required	integer Number of results per page.

header Parameters

User-ID required	string The User ID of the requestor.
Organization-ID	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request
Execution-ID	string ID of the execution if action is perfomed through a darryl action
Organization-Hosturl	string The host url of the organization

Request Body schema: application/json
required

requested_view required	integer (CaseView) Enum: 0 1
sort_on_closest_match	boolean if true, first sort will be on closest match (opensearch default). Otherwise priority sort will be applied.
	object (CaseFilterV2)
	Array of objects (CaseSort) list of sort fields in order

Responses

Request samples

Payload

Content type

application/json

{"requested_view": 0,
"sort_on_closest_match": true,
"filter": {"severity": [0
],
"severity_label": ["string"
],
"status": [0
],
"status_label": ["string"
],
"disposition": [0
],
"disposition_label": ["string"
],
"provider": ["string"
],
"custom_field_values": [{"uuid": "string",
"value": null
}
],
"assignee": "string",
"assignee_id": ["string"
],
"watcher": "string",
"organization_id": ["string"
],
"categories": [{"category": "string",
"subcategory": "string"
}
],
"modified_at_time_range": {"from_date": 0,
"to_date": 0
},
"created_at_time_range": {"from_date": 0,
"to_date": 0
},
"queries": ["string"
],
"archived": true,
"only_escalated": true,
"only_descalated": true,
"only_marked_for_review": true,
"priority": [0
]
},
"sort": [{"field": "string",
"sort_order": 0
}
]
}

Response samples

200
default

Content type

application/json

{"message": "string",
"data": [{"case_id": "string",
"case_uuid": "string",
"name": "string",
"type": 0,
"status": 0,
"status_label": "string",
"severity": 0,
"severity_label": "string",
"disposition": 0,
"disposition_label": "string",
"priority": 0,
"category": "string",
"sub_category": "string",
"assignee": {"firstname": "string",
"lastname": "string",
"email": "string",
"assignee_id": "string",
"user_uuid": "string",
"assignee_type": "string",
"performed_by_darryl": true
},
"archived": true,
"escalations_count": 0,
"created_at": 0,
"modified_at": 0,
"status_modified_at": 0,
"case_closed_at": 0,
"case_link": "string",
"organization_uuid": "string",
"organization_name": "string",
"reviewed": true,
"marked_for_review": true,
"ignore_metrics": true
}
],
"total": 0,
"metadata": {"need_attention_count": 0,
"active_count": 0,
"closed_count": 0
}
}

Link given chat session to case

Authorizations:

SessionCookie

path Parameters

case_identifier	string Unique identifier (id or uuid) of the case to which chat session will be linked
chat_session_id	string Unique identifier uuid of the chat session to link to the case

header Parameters

User-ID required	string The User ID of the requestor.
Organization-ID required	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request
Execution-ID	string ID of the execution if action is perfomed through a darryl action
Organization-Hosturl	string The host url of the organization

Responses

Response samples

200
default

Content type

application/json

{"message": "string"
}

Unlink given session from case

Authorizations:

SessionCookie

path Parameters

case_identifier	string Unique identifier (id or uuid) of the case from which session will be unlinked
chat_session_id	string Unique identifier uuid of the session to unlink from case

header Parameters

User-ID required	string The User ID of the requestor.
Organization-ID required	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request
Execution-ID	string ID of the execution if action is perfomed through a darryl action
Organization-Hosturl	string The host url of the organization

Responses

Response samples

200
default

Content type

application/json

{"message": "string"
}

Get linked cases for given session uuid

Authorizations:

SessionCookie

path Parameters

chat_session_id

required

string

Unique identifier uuid of the session to which cases are linked

header Parameters

User-ID required	string The User ID of the requestor.
Organization-ID required	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request
Execution-ID	string ID of the execution if action is perfomed through a darryl action
Organization-Hosturl	string The host url of the organization

Responses

Response samples

200
default

Content type

application/json

{"message": "string",
"data": [{"case_id": "string",
"case_uuid": "string",
"name": "string",
"type": 0,
"status": 0,
"status_label": "string",
"severity": 0,
"severity_label": "string",
"disposition": 0,
"disposition_label": "string",
"priority": 0,
"category": "string",
"sub_category": "string",
"assignee": {"firstname": "string",
"lastname": "string",
"email": "string",
"assignee_id": "string",
"user_uuid": "string",
"assignee_type": "string",
"performed_by_darryl": true
},
"archived": true,
"escalations_count": 0,
"created_at": 0,
"modified_at": 0,
"status_modified_at": 0,
"case_closed_at": 0,
"case_link": "string",
"organization_uuid": "string",
"organization_name": "string",
"reviewed": true,
"marked_for_review": true,
"ignore_metrics": true
}
],
"total": 0,
"metadata": {"need_attention_count": 0,
"active_count": 0,
"closed_count": 0
}
}

Link given cases in request to the case

Authorizations:

SessionCookie

path Parameters

case_identifier

string

Unique identifier (id or uuid) of the case to which others cases will be linked

header Parameters

User-ID required	string The User ID of the requestor.
Organization-ID required	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request
Execution-ID	string ID of the execution if action is perfomed through a darryl action
Organization-Hosturl	string The host url of the organization

Request Body schema: application/json
required

case_uuids

required

Array of strings

Responses

Request samples

Payload

Content type

application/json

{"case_uuids": ["string"
]
}

Response samples

200
default

Content type

application/json

{"message": "string"
}

Unlink cases from one another

Authorizations:

SessionCookie

path Parameters

primary_case_identifier	string Unique identifier (id or uuid) of the case from which second case will be unlinked
secondary_case_identifier	string Unique identifier uuid of the second case to unlink from primary case

header Parameters

User-ID required	string The User ID of the requestor.
Organization-ID required	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request
Execution-ID	string ID of the execution if action is perfomed through a darryl action
Organization-Hosturl	string The host url of the organization

Responses

Response samples

200
default

Content type

application/json

{"message": "string"
}

Unlink given alert from case

Authorizations:

SessionCookie

path Parameters

case_identifier	string Unique identifier (id or uuid) of the case from which alert will be unlinked
alert_uuid	string Unique identifier of the alert to unlink from case

header Parameters

User-ID required	string The User ID of the requestor.
Organization-ID required	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request
Execution-ID	string ID of the execution if action is perfomed through a darryl action
Organization-Hosturl	string The host url of the organization

Responses

Response samples

200
default

Content type

application/json

{"message": "string"
}

add a new comment to the case

Authorizations:

SessionCookie

path Parameters

case_uuid

required

string

The id or uuid of the case to upsert comment

header Parameters

User-ID required	string The User ID of the requestor.
Organization-ID required	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request
Execution-ID	string ID of the execution if action is perfomed through a darryl action
Organization-Hosturl	string The host url of the organization

Request Body schema: application/json
required

content required	string
content_style	string
rating	integer
comment_privacy	integer (CommentPrivacy) Enum: 0 5
comment_type	integer (CommentType) Enum: 0 5

Responses

Request samples

Payload

Content type

application/json

{"content": "string",
"content_style": "string",
"rating": 0,
"comment_privacy": 0,
"comment_type": 0
}

Response samples

200
default

Content type

application/json

{"message": "string",
"data": {"comment_id": "string",
"case_uuid": "string",
"content": "string",
"content_style": "string",
"created_by": {"firstname": "string",
"lastname": "string",
"user_id": "string"
},
"created_at": 0,
"modified_at": 0,
"comment_source": {"source": 0,
"path": "string"
},
"rating": 0,
"comment_privacy": 0,
"comment_type": 0
}
}

update a comment in the case

Authorizations:

SessionCookie

path Parameters

case_uuid required	string The uuid of the case to update comment
comment_id required	string The uuid of the comment to be updated

header Parameters

User-ID required	string The User ID of the requestor.
Organization-ID required	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request
Execution-ID	string ID of the execution if action is perfomed through a darryl action
Organization-Hosturl	string The host url of the organization

Request Body schema: application/json
required

content required	string
content_style	string
rating	integer
comment_privacy	integer (CommentPrivacy) Enum: 0 5
comment_type	integer (CommentType) Enum: 0 5

Responses

Request samples

Payload

Content type

application/json

{"content": "string",
"content_style": "string",
"rating": 0,
"comment_privacy": 0,
"comment_type": 0
}

Response samples

200
default

Content type

application/json

{"message": "string",
"data": {"comment_id": "string",
"case_uuid": "string",
"content": "string",
"content_style": "string",
"created_by": {"firstname": "string",
"lastname": "string",
"user_id": "string"
},
"created_at": 0,
"modified_at": 0,
"comment_source": {"source": 0,
"path": "string"
},
"rating": 0,
"comment_privacy": 0,
"comment_type": 0
}
}

delete a comment in the case

Authorizations:

SessionCookie

path Parameters

case_uuid required	string The uuid of the case to delete the comment from
comment_id required	string The uuid of the comment to be deleted

header Parameters

User-ID required	string The User ID of the requestor.
Organization-ID required	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request
Execution-ID	string ID of the execution if action is perfomed through a darryl action
Organization-Hosturl	string The host url of the organization

Responses

Response samples

200
default

Content type

application/json

{"message": "string"
}

get paginated list of case comments

Authorizations:

SessionCookie

path Parameters

case_uuid

required

string

The id or uuid of the case to get comments

query Parameters

page required	integer Page number for paginated results.
size required	integer Number of results per page.

header Parameters

User-ID required	string The User ID of the requestor.
Organization-ID required	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request
Execution-ID	string ID of the execution if action is perfomed through a darryl action
Organization-Hosturl	string The host url of the organization

Responses

Response samples

200
default

Content type

application/json

{"message": "string",
"data": [{"comment_id": "string",
"case_uuid": "string",
"content": "string",
"content_style": "string",
"created_by": {"firstname": "string",
"lastname": "string",
"user_id": "string"
},
"created_at": 0,
"modified_at": 0,
"comment_source": {"source": 0,
"path": "string"
},
"rating": 0,
"comment_privacy": 0,
"comment_type": 0
}
],
"total": 0
}

get paginated list of case history

Authorizations:

SessionCookie

path Parameters

case_uuid

required

string

The id or uuid of the case to get history

query Parameters

page required	integer Page number for paginated results.
size required	integer Number of results per page.
sort	integer (CaseHistorySort) Enum: 1 5 Sort type for history. Possible values are 1 (Latest First), 5(Oldest First)

header Parameters

User-ID required	string The User ID of the requestor.
Organization-ID required	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request
Execution-ID	string ID of the execution if action is perfomed through a darryl action
Organization-Hosturl	string The host url of the organization

Responses

Response samples

200
default

Content type

application/json

{"message": "string",
"data": [{"change_log_id": "string",
"resource_type": 1,
"resource_id": "string",
"action_summary": "string",
"field_changes": [{"previous_state": { },
"current_state": { },
"action_type": 0,
"field_type": "case"
}
],
"request_id": "string",
"performed_by": {"firstname": "string",
"lastname": "string",
"user_id": "string"
},
"execution_summary": {"skill_id": "string",
"skill_name": "string",
"execution_link": "string"
},
"automation_action": true,
"performed_at": 0
}
],
"total": 0
}

get list of case watchers

Authorizations:

SessionCookie

path Parameters

case_uuid

required

string

The id or uuid of the case to get watchers

header Parameters

User-ID required	string The User ID of the requestor.
Organization-ID required	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request
Execution-ID	string ID of the execution if action is perfomed through a darryl action
Organization-Hosturl	string The host url of the organization

Responses

Response samples

200
default

Content type

application/json

{"message": "string",
"data": [{"firstname": "string",
"lastname": "string",
"user_uuid": "string",
"organization_uuid": "string",
"organization_name": "string",
"email": "string"
}
]
}

add list of users to case watchers

Authorizations:

SessionCookie

path Parameters

case_uuid

required

string

The id or uuid of the case to get watchers

header Parameters

User-ID required	string The User ID of the requestor.
Organization-ID required	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request
Execution-ID	string ID of the execution if action is perfomed through a darryl action
Organization-Hosturl	string The host url of the organization

Request Body schema: application/json
required

user_uuids

required

Array of strings

User uuids

Responses

Request samples

Payload

Content type

application/json

{"user_uuids": ["string"
]
}

Response samples

200
default

Content type

application/json

{"message": "string",
"data": [{"firstname": "string",
"lastname": "string",
"user_uuid": "string",
"organization_uuid": "string",
"organization_name": "string",
"email": "string"
}
]
}

remove list of user from case watchers

Authorizations:

SessionCookie

path Parameters

case_uuid

required

string

The id or uuid of the case to get watchers

header Parameters

User-ID required	string The User ID of the requestor.
Organization-ID required	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request
Execution-ID	string ID of the execution if action is perfomed through a darryl action
Organization-Hosturl	string The host url of the organization

Request Body schema: application/json
required

user_uuids

required

Array of strings

User uuids

Responses

Request samples

Payload

Content type

application/json

{"user_uuids": ["string"
]
}

Response samples

200
default

Content type

application/json

{"message": "string",
"data": [{"firstname": "string",
"lastname": "string",
"user_uuid": "string",
"organization_uuid": "string",
"organization_name": "string",
"email": "string"
}
]
}

Clone a case

header Parameters

User-ID required	string The User ID of the requestor.
Organization-ID required	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request

Request Body schema: application/json
required

case_id required	string ID of the case to clone
target_organization_code	string Code of the organization to clone the case to
dry_run	boolean Whether to clone the case or just return the generated values
regenerate_obfuscated_values	boolean Flag to regenerate the obfuscated values
prompt	string Prompt to use for the clone
max_evidence_size	integer Maximum size of the evidence to be cloned

Responses

Request samples

Payload

Content type

application/json

{"case_id": "string",
"target_organization_code": "string",
"dry_run": true,
"regenerate_obfuscated_values": true,
"prompt": "string",
"max_evidence_size": 0
}

Response samples

200
default

Content type

application/json

{"message": "string",
"data": {"case": {"case_id": "string",
"case_uuid": "string",
"organization_id": "string",
"organization_name": "string",
"organization_code": "string",
"name": "string",
"type": 0,
"status": 0,
"status_label": "string",
"disposition": 0,
"disposition_label": "string",
"severity": 0,
"severity_label": "string",
"priority": 0,
"category": "string",
"sub_category": "string",
"assignee": {"firstname": "string",
"lastname": "string",
"email": "string",
"assignee_id": "string",
"user_uuid": "string",
"assignee_type": "string",
"performed_by_darryl": true
},
"reporter": {"firstname": "string",
"lastname": "string",
"user_uuid": "string",
"performed_by_darryl": true
},
"archived": true,
"escalations": [{"escalation_type": 0,
"escalated_to": 0,
"escalated_by": {"firstname": "string",
"lastname": "string",
"user_uuid": "string",
"performed_by_darryl": true
},
"escalated_at": 0,
"comment": "string",
"email_sent_to": ["string"
],
"uuid": "string"
}
],
"adr_triage": 0,
"sla_response_met": true,
"is_customer_request": true,
"case_detail_fields": {"executive_summary": "string",
"actions_required": [{"uuid": "string",
"title": "string",
"status": 0,
"status_label": "string",
"assignee": {"firstname": "string",
"lastname": "string",
"user_uuid": "string",
"performed_by_darryl": true
},
"created_at": 0,
"modified_at": 0,
"completed_at": 0
}
],
"alert_details": "string",
"alert_details_style": "string",
"provider": {"name": "string",
"logo_url": "string",
"provider_id": "string"
},
"linked_alerts": [{"type": 0,
"name": "string",
"path": "string",
"uuid": "string",
"alert_link": "string"
}
],
"primary_alert_id": "string",
"timeline": {"alert_raised_at": 0,
"alert_acknowledged_at": 0,
"case_disposition_created_at": 0,
"escalated_to_customer_at": 0,
"investigation_completed_at": 0,
"case_contained_at": 0,
"case_closed_at": 0,
"reinvestigated_at": 0
},
"metrics": {"alert_acknowledged_metric": 0,
"investigation_completed_metric": 0,
"case_contained_metric": 0,
"case_closed_metric": 0
},
"findings": [{"uuid": "string",
"title": "string",
"summary": "string",
"risk": 0,
"risk_label": "string",
"hidden": true,
"evidences": [{"name": "string",
"attached_content_link": "string",
"attached_content_version": 0,
"attached_content_type": 0,
"data": "string"
}
]
}
],
"custom_field_values": [{"uuid": "string",
"value": null
}
],
"investigation_summary": "string"
},
"created_at": 0,
"modified_at": 0,
"status_modified_at": 0,
"linked_sessions": [{"chat_session_id": "string",
"title": "string",
"owner_details": {"firstname": "string",
"lastname": "string",
"email": "string",
"user_uuid": "string"
},
"created_at": 0,
"deleted": true
}
],
"linked_cases": [{"case_id": "string",
"case_uuid": "string",
"name": "string",
"type": 0,
"status": 0,
"status_label": "string",
"severity": 0,
"severity_label": "string",
"disposition": 0,
"disposition_label": "string",
"priority": 0,
"category": "string",
"sub_category": "string",
"assignee": {"firstname": "string",
"lastname": "string",
"email": "string",
"assignee_id": "string",
"user_uuid": "string",
"assignee_type": "string",
"performed_by_darryl": true
},
"archived": true,
"escalations_count": 0,
"created_at": 0,
"modified_at": 0,
"status_modified_at": 0,
"case_closed_at": 0,
"case_link": "string",
"organization_uuid": "string",
"organization_name": "string",
"reviewed": true,
"marked_for_review": true,
"ignore_metrics": true
}
],
"case_link": "string",
"execution_link": "string",
"watchers_count": 0,
"reviewed": true,
"marked_for_review": true,
"ignore_metrics": true,
"case_reinvestigated": true
},
"alerts": [{"alert_id": "string",
"alert_uuid": "string",
"alert_content": "string",
"alert_provider": "string",
"alert_type": "string",
"alert_ioc": {"ip_address": ["string"
],
"domain": ["string"
],
"username": ["string"
],
"location": ["string"
],
"hostname": ["string"
],
"url": ["string"
],
"ioc_fields": { }
},
"organization_uuid": "string",
"organization_code": "string",
"created_by": "string",
"created_at": 0,
"modified_at": 0,
"created_at_source": 0,
"fetched_playbook_id": "string",
"fetched_playbook_name": "string",
"fetched_execution_id": "string",
"investigation_playbook_id": "string",
"investigation_playbook_name": "string",
"investigation_status": 0,
"investigation_retry_count": 0,
"investigation_completed_time": 0,
"execution_id": "string",
"linked_case_id": "string",
"alert_provider_details": {"name": "string",
"icon": "string",
"provider_id": "string"
},
"resolved": true,
"linked_case_details": [{"case_id": "string",
"investigation_status": 0,
"investigation_playbook_id": "string",
"investigation_playbook_name": "string",
"execution_id": "string",
"linked_manually": true
}
],
"connection_details": {"connection_id": "string",
"connection_name": "string"
},
"alert_type_details": {"alert_type": "string",
"alert_provider": "string",
"default_severity": 10,
"categories": ["string"
],
"mitre_tactics": ["string"
]
},
"alert_link": "string"
}
]
}
}

Reinvestigate a case

Authorizations:

SessionCookie

path Parameters

case_uuid

required

string

The uuid of the case to reinvestigate

header Parameters

User-ID required	string The User ID of the requestor.
Organization-ID required	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request

Responses

Response samples

200
default

Content type

application/json

{"message": "string"
}

Create a new saved view for case filters

Authorizations:

SessionCookie

header Parameters

User-ID required	string The User ID of the requestor.
Organization-ID required	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request

Request Body schema: application/json
required

name required	string Name for the new saved view
required	object (CaseFilterV2)
	Array of objects (CaseSort) Sort configuration for this view
is_default	boolean Whether to set this as the default view

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"filter": {"severity": [0
],
"severity_label": ["string"
],
"status": [0
],
"status_label": ["string"
],
"disposition": [0
],
"disposition_label": ["string"
],
"provider": ["string"
],
"custom_field_values": [{"uuid": "string",
"value": null
}
],
"assignee": "string",
"assignee_id": ["string"
],
"watcher": "string",
"organization_id": ["string"
],
"categories": [{"category": "string",
"subcategory": "string"
}
],
"modified_at_time_range": {"from_date": 0,
"to_date": 0
},
"created_at_time_range": {"from_date": 0,
"to_date": 0
},
"queries": ["string"
],
"archived": true,
"only_escalated": true,
"only_descalated": true,
"only_marked_for_review": true,
"priority": [0
]
},
"sort": [{"field": "string",
"sort_order": 0
}
],
"is_default": true
}

Response samples

200
default

Content type

application/json

{"message": "string",
"data": {"view_id": "string",
"organization_id": "string",
"name": "string",
"filter": {"severity": [0
],
"severity_label": ["string"
],
"status": [0
],
"status_label": ["string"
],
"disposition": [0
],
"disposition_label": ["string"
],
"provider": ["string"
],
"custom_field_values": [{"uuid": "string",
"value": null
}
],
"assignee": "string",
"assignee_id": ["string"
],
"watcher": "string",
"organization_id": ["string"
],
"categories": [{"category": "string",
"subcategory": "string"
}
],
"modified_at_time_range": {"from_date": 0,
"to_date": 0
},
"created_at_time_range": {"from_date": 0,
"to_date": 0
},
"queries": ["string"
],
"archived": true,
"only_escalated": true,
"only_descalated": true,
"only_marked_for_review": true,
"priority": [0
]
},
"sort": [{"field": "string",
"sort_order": 0
}
],
"created_by": {"firstname": "string",
"lastname": "string",
"user_uuid": "string",
"performed_by_darryl": true
},
"created_at": 0,
"modified_by": {"firstname": "string",
"lastname": "string",
"user_uuid": "string",
"performed_by_darryl": true
},
"modified_at": 0,
"is_default": true
}
}

Get list of saved views for the organization

Authorizations:

SessionCookie

header Parameters

User-ID required	string The User ID of the requestor.
Organization-ID required	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request

Responses

Response samples

200
default

Content type

application/json

{"message": "string",
"data": [{"view_id": "string",
"organization_id": "string",
"name": "string",
"filter": {"severity": [0
],
"severity_label": ["string"
],
"status": [0
],
"status_label": ["string"
],
"disposition": [0
],
"disposition_label": ["string"
],
"provider": ["string"
],
"custom_field_values": [{"uuid": "string",
"value": null
}
],
"assignee": "string",
"assignee_id": ["string"
],
"watcher": "string",
"organization_id": ["string"
],
"categories": [{"category": "string",
"subcategory": "string"
}
],
"modified_at_time_range": {"from_date": 0,
"to_date": 0
},
"created_at_time_range": {"from_date": 0,
"to_date": 0
},
"queries": ["string"
],
"archived": true,
"only_escalated": true,
"only_descalated": true,
"only_marked_for_review": true,
"priority": [0
]
},
"sort": [{"field": "string",
"sort_order": 0
}
],
"created_by": {"firstname": "string",
"lastname": "string",
"user_uuid": "string",
"performed_by_darryl": true
},
"created_at": 0,
"modified_by": {"firstname": "string",
"lastname": "string",
"user_uuid": "string",
"performed_by_darryl": true
},
"modified_at": 0,
"is_default": true
}
]
}

Update an existing saved view

Authorizations:

SessionCookie

path Parameters

view_id

required

string

ID of the saved view to update

header Parameters

User-ID required	string The User ID of the requestor.
Organization-ID required	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request

Request Body schema: application/json
required

name	string Updated name for the view
	object (CaseFilterV2)
	Array of objects (CaseSort) Sort configuration for this view
is_default	boolean Whether to set this as the default view

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"filter": {"severity": [0
],
"severity_label": ["string"
],
"status": [0
],
"status_label": ["string"
],
"disposition": [0
],
"disposition_label": ["string"
],
"provider": ["string"
],
"custom_field_values": [{"uuid": "string",
"value": null
}
],
"assignee": "string",
"assignee_id": ["string"
],
"watcher": "string",
"organization_id": ["string"
],
"categories": [{"category": "string",
"subcategory": "string"
}
],
"modified_at_time_range": {"from_date": 0,
"to_date": 0
},
"created_at_time_range": {"from_date": 0,
"to_date": 0
},
"queries": ["string"
],
"archived": true,
"only_escalated": true,
"only_descalated": true,
"only_marked_for_review": true,
"priority": [0
]
},
"sort": [{"field": "string",
"sort_order": 0
}
],
"is_default": true
}

Response samples

200
default

Content type

application/json

{"message": "string",
"data": {"view_id": "string",
"organization_id": "string",
"name": "string",
"filter": {"severity": [0
],
"severity_label": ["string"
],
"status": [0
],
"status_label": ["string"
],
"disposition": [0
],
"disposition_label": ["string"
],
"provider": ["string"
],
"custom_field_values": [{"uuid": "string",
"value": null
}
],
"assignee": "string",
"assignee_id": ["string"
],
"watcher": "string",
"organization_id": ["string"
],
"categories": [{"category": "string",
"subcategory": "string"
}
],
"modified_at_time_range": {"from_date": 0,
"to_date": 0
},
"created_at_time_range": {"from_date": 0,
"to_date": 0
},
"queries": ["string"
],
"archived": true,
"only_escalated": true,
"only_descalated": true,
"only_marked_for_review": true,
"priority": [0
]
},
"sort": [{"field": "string",
"sort_order": 0
}
],
"created_by": {"firstname": "string",
"lastname": "string",
"user_uuid": "string",
"performed_by_darryl": true
},
"created_at": 0,
"modified_by": {"firstname": "string",
"lastname": "string",
"user_uuid": "string",
"performed_by_darryl": true
},
"modified_at": 0,
"is_default": true
}
}

Delete a saved view

Authorizations:

SessionCookie

path Parameters

view_id

required

string

ID of the saved view to delete

header Parameters

User-ID required	string The User ID of the requestor.
Organization-ID required	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request

Responses

Response samples

200
default

Content type

application/json

{"message": "string"
}

Get user's current view preference and temporary filters

Authorizations:

SessionCookie

header Parameters

User-ID required	string The User ID of the requestor.
Organization-ID required	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request

Responses

Response samples

200
default

Content type

application/json

{"message": "string",
"data": {"user_id": "string",
"organization_id": "string",
"selected_view_id": "string",
"selected_case_id": "string",
"selected_view_filter": {"severity": [0
],
"severity_label": ["string"
],
"status": [0
],
"status_label": ["string"
],
"disposition": [0
],
"disposition_label": ["string"
],
"provider": ["string"
],
"custom_field_values": [{"uuid": "string",
"value": null
}
],
"assignee": "string",
"assignee_id": ["string"
],
"watcher": "string",
"organization_id": ["string"
],
"categories": [{"category": "string",
"subcategory": "string"
}
],
"modified_at_time_range": {"from_date": 0,
"to_date": 0
},
"created_at_time_range": {"from_date": 0,
"to_date": 0
},
"queries": ["string"
],
"archived": true,
"only_escalated": true,
"only_descalated": true,
"only_marked_for_review": true,
"priority": [0
]
},
"selected_view_sort": [{"field": "string",
"sort_order": 0
}
],
"temp_filter": {"severity": [0
],
"severity_label": ["string"
],
"status": [0
],
"status_label": ["string"
],
"disposition": [0
],
"disposition_label": ["string"
],
"provider": ["string"
],
"custom_field_values": [{"uuid": "string",
"value": null
}
],
"assignee": "string",
"assignee_id": ["string"
],
"watcher": "string",
"organization_id": ["string"
],
"categories": [{"category": "string",
"subcategory": "string"
}
],
"modified_at_time_range": {"from_date": 0,
"to_date": 0
},
"created_at_time_range": {"from_date": 0,
"to_date": 0
},
"queries": ["string"
],
"archived": true,
"only_escalated": true,
"only_descalated": true,
"only_marked_for_review": true,
"priority": [0
]
},
"temp_sort": [{"field": "string",
"sort_order": 0
}
],
"last_updated": 0
}
}

Update user's selected view preference

Authorizations:

SessionCookie

header Parameters

User-ID required	string The User ID of the requestor.
Organization-ID required	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request

Request Body schema: application/json
required

selected_view_id

required

string

ID of the saved view to select

Responses

Request samples

Payload

Content type

application/json

{"selected_view_id": "string"
}

Response samples

200
default

Content type

application/json

{"message": "string",
"data": {"user_id": "string",
"organization_id": "string",
"selected_view_id": "string",
"selected_case_id": "string",
"selected_view_filter": {"severity": [0
],
"severity_label": ["string"
],
"status": [0
],
"status_label": ["string"
],
"disposition": [0
],
"disposition_label": ["string"
],
"provider": ["string"
],
"custom_field_values": [{"uuid": "string",
"value": null
}
],
"assignee": "string",
"assignee_id": ["string"
],
"watcher": "string",
"organization_id": ["string"
],
"categories": [{"category": "string",
"subcategory": "string"
}
],
"modified_at_time_range": {"from_date": 0,
"to_date": 0
},
"created_at_time_range": {"from_date": 0,
"to_date": 0
},
"queries": ["string"
],
"archived": true,
"only_escalated": true,
"only_descalated": true,
"only_marked_for_review": true,
"priority": [0
]
},
"selected_view_sort": [{"field": "string",
"sort_order": 0
}
],
"temp_filter": {"severity": [0
],
"severity_label": ["string"
],
"status": [0
],
"status_label": ["string"
],
"disposition": [0
],
"disposition_label": ["string"
],
"provider": ["string"
],
"custom_field_values": [{"uuid": "string",
"value": null
}
],
"assignee": "string",
"assignee_id": ["string"
],
"watcher": "string",
"organization_id": ["string"
],
"categories": [{"category": "string",
"subcategory": "string"
}
],
"modified_at_time_range": {"from_date": 0,
"to_date": 0
},
"created_at_time_range": {"from_date": 0,
"to_date": 0
},
"queries": ["string"
],
"archived": true,
"only_escalated": true,
"only_descalated": true,
"only_marked_for_review": true,
"priority": [0
]
},
"temp_sort": [{"field": "string",
"sort_order": 0
}
],
"last_updated": 0
}
}

Update user's temporary filters for current session

Authorizations:

SessionCookie

header Parameters

User-ID required	string The User ID of the requestor.
Organization-ID required	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request

Request Body schema: application/json
required

	object (CaseFilterV2)
	Array of objects (CaseSort) Temporary sort configuration for current session. Will replace existing sort configuration if provided.
selected_case_id	string ID of the currently selected case

Responses

Request samples

Payload

Content type

application/json

{"temp_filter": {"severity": [0
],
"severity_label": ["string"
],
"status": [0
],
"status_label": ["string"
],
"disposition": [0
],
"disposition_label": ["string"
],
"provider": ["string"
],
"custom_field_values": [{"uuid": "string",
"value": null
}
],
"assignee": "string",
"assignee_id": ["string"
],
"watcher": "string",
"organization_id": ["string"
],
"categories": [{"category": "string",
"subcategory": "string"
}
],
"modified_at_time_range": {"from_date": 0,
"to_date": 0
},
"created_at_time_range": {"from_date": 0,
"to_date": 0
},
"queries": ["string"
],
"archived": true,
"only_escalated": true,
"only_descalated": true,
"only_marked_for_review": true,
"priority": [0
]
},
"temp_sort": [{"field": "string",
"sort_order": 0
}
],
"selected_case_id": "string"
}

Response samples

200
default

Content type

application/json

{"message": "string",
"data": {"user_id": "string",
"organization_id": "string",
"selected_view_id": "string",
"selected_case_id": "string",
"selected_view_filter": {"severity": [0
],
"severity_label": ["string"
],
"status": [0
],
"status_label": ["string"
],
"disposition": [0
],
"disposition_label": ["string"
],
"provider": ["string"
],
"custom_field_values": [{"uuid": "string",
"value": null
}
],
"assignee": "string",
"assignee_id": ["string"
],
"watcher": "string",
"organization_id": ["string"
],
"categories": [{"category": "string",
"subcategory": "string"
}
],
"modified_at_time_range": {"from_date": 0,
"to_date": 0
},
"created_at_time_range": {"from_date": 0,
"to_date": 0
},
"queries": ["string"
],
"archived": true,
"only_escalated": true,
"only_descalated": true,
"only_marked_for_review": true,
"priority": [0
]
},
"selected_view_sort": [{"field": "string",
"sort_order": 0
}
],
"temp_filter": {"severity": [0
],
"severity_label": ["string"
],
"status": [0
],
"status_label": ["string"
],
"disposition": [0
],
"disposition_label": ["string"
],
"provider": ["string"
],
"custom_field_values": [{"uuid": "string",
"value": null
}
],
"assignee": "string",
"assignee_id": ["string"
],
"watcher": "string",
"organization_id": ["string"
],
"categories": [{"category": "string",
"subcategory": "string"
}
],
"modified_at_time_range": {"from_date": 0,
"to_date": 0
},
"created_at_time_range": {"from_date": 0,
"to_date": 0
},
"queries": ["string"
],
"archived": true,
"only_escalated": true,
"only_descalated": true,
"only_marked_for_review": true,
"priority": [0
]
},
"temp_sort": [{"field": "string",
"sort_order": 0
}
],
"last_updated": 0
}
}

Delete user's temporary filters for current session

Authorizations:

SessionCookie

header Parameters

User-ID required	string The User ID of the requestor.
Organization-ID required	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request

Responses

Response samples

200
default

Content type

application/json

{"message": "string"
}

Clear user's selected view preference

Authorizations:

SessionCookie

header Parameters

User-ID required	string The User ID of the requestor.
Organization-ID required	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request

Responses

Response samples

200
default

Content type

application/json

{"message": "string"
}

create a new custom field that can be used in cases

Authorizations:

SessionCookie

header Parameters

User-ID required	string The User ID of the requestor.
Organization-ID required	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request

Request Body schema: application/json
required

title required	string Title of the custom field
type required	integer (CustomFieldType) Enum: 0 5 10
scope required	integer (CustomFieldScope) Enum: 0 5
organization_id	string Organization to create custom field in. If value is not set, field will be created in the organization present in headers.

Responses

Request samples

Payload

Content type

application/json

{"title": "string",
"type": 0,
"scope": 0,
"organization_id": "string"
}

Response samples

200
default

Content type

application/json

{"message": "string",
"data": {"title": "string",
"type": 0,
"scope": 0,
"uuid": "string",
"organization_id": "string",
"organization_code": "string",
"created_at": 0,
"modified_at": 0,
"created_by": {"firstname": "string",
"lastname": "string",
"user_id": "string"
}
}
}

get custom case fields that the organization has access to

Authorizations:

SessionCookie

query Parameters

organization_id

required

string

Organization ID to filter custom case fields by.

header Parameters

User-ID required	string The User ID of the requestor.
Organization-ID required	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request

Request Body schema: application/json
required

search_query	string Search custom fields that matches the query
	object (CaseSort)

Responses

Request samples

Payload

Content type

application/json

{"search_query": "string",
"sort": {"field": "string",
"sort_order": 0
}
}

Response samples

200
default

Content type

application/json

{"message": "string",
"data": [{"title": "string",
"type": 0,
"scope": 0,
"uuid": "string",
"organization_id": "string",
"organization_code": "string",
"created_at": 0,
"modified_at": 0,
"created_by": {"firstname": "string",
"lastname": "string",
"user_id": "string"
}
}
],
"total": 0
}

delete a custom field if its not used in any case

Authorizations:

SessionCookie

path Parameters

field_id

required

string

The uuid of the custom field

header Parameters

User-ID required	string The User ID of the requestor.
Organization-ID required	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request

Responses

Response samples

200
default

Content type

application/json

{"message": "string"
}

update a case custom field (title)

Authorizations:

SessionCookie

path Parameters

field_id

required

string

The uuid of the custom field

header Parameters

User-ID required	string The User ID of the requestor.
Organization-ID required	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request

Request Body schema: application/json
required

title

string

Updated title of the custom field

Responses

Request samples

Payload

Content type

application/json

{"title": "string"
}

Response samples

200
default

Content type

application/json

{"message": "string",
"data": {"title": "string",
"type": 0,
"scope": 0,
"uuid": "string",
"organization_id": "string",
"organization_code": "string",
"created_at": 0,
"modified_at": 0,
"created_by": {"firstname": "string",
"lastname": "string",
"user_id": "string"
}
}
}

get custom case field values that are present in the cases available to the organization

Authorizations:

SessionCookie

query Parameters

page required	integer The page number to retrieve
size required	integer The number of items to retrieve per page
search	string The search query to filter the custom case fields by

header Parameters

User-ID required	string The User ID of the requestor.
Organization-ID required	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request

Responses

Response samples

200
default

Content type

application/json

{"message": "string",
"data": [{"uuid": "string",
"title": "string",
"value": null
}
],
"total": 0
}

get case configuration for the organizations

Authorizations:

SessionCookie

header Parameters

User-ID required	string The User ID of the requestor.
Organization-ID required	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request

Request Body schema: application/json
required

organization_ids

required

Array of strings

Organization ids to get case configurations for

Responses

Request samples

Payload

Content type

application/json

{"organization_ids": ["string"
]
}

Response samples

200
default

Content type

application/json

{"message": "string",
"data": [{"case_categories": [{"category_name": "string",
"sub_categories": [{"sub_category_name": "string"
}
]
}
],
"severity_options": [{"key": 0,
"label": "string",
"style_config": {"bg_color": "string",
"font_color": "string",
"font_size": "string",
"border": "string",
"border_radius": "string",
"size": "string",
"start_adornments": {"type": "string",
"src": "string",
"size": "string"
},
"end_adornments": {"type": "string",
"src": "string",
"size": "string"
},
"text_class": "string",
"show_clock_icon": true,
"wrapper_class": "string",
"show_modified_at_time": true,
"tooltip_title": "string",
"icon_src": "string",
"icon_color": "string"
}
}
],
"disposition_options": [{"key": 0,
"label": "string",
"style_config": {"bg_color": "string",
"font_color": "string",
"font_size": "string",
"border": "string",
"border_radius": "string",
"size": "string",
"start_adornments": {"type": "string",
"src": "string",
"size": "string"
},
"end_adornments": {"type": "string",
"src": "string",
"size": "string"
},
"text_class": "string",
"show_clock_icon": true,
"wrapper_class": "string",
"show_modified_at_time": true,
"tooltip_title": "string",
"icon_src": "string",
"icon_color": "string"
}
}
],
"status_options": [{"key": 0,
"label": "string",
"style_config": {"bg_color": "string",
"font_color": "string",
"font_size": "string",
"border": "string",
"border_radius": "string",
"size": "string",
"start_adornments": {"type": "string",
"src": "string",
"size": "string"
},
"end_adornments": {"type": "string",
"src": "string",
"size": "string"
},
"text_class": "string",
"show_clock_icon": true,
"wrapper_class": "string",
"show_modified_at_time": true,
"tooltip_title": "string",
"icon_src": "string",
"icon_color": "string"
}
}
],
"finding_risk_options": [{"key": 0,
"label": "string",
"style_config": {"bg_color": "string",
"font_color": "string",
"font_size": "string",
"border": "string",
"border_radius": "string",
"size": "string",
"start_adornments": {"type": "string",
"src": "string",
"size": "string"
},
"end_adornments": {"type": "string",
"src": "string",
"size": "string"
},
"text_class": "string",
"show_clock_icon": true,
"wrapper_class": "string",
"show_modified_at_time": true,
"tooltip_title": "string",
"icon_src": "string",
"icon_color": "string"
}
}
],
"action_status_options": [{"key": 0,
"label": "string",
"style_config": {"bg_color": "string",
"font_color": "string",
"font_size": "string",
"border": "string",
"border_radius": "string",
"size": "string",
"start_adornments": {"type": "string",
"src": "string",
"size": "string"
},
"end_adornments": {"type": "string",
"src": "string",
"size": "string"
},
"text_class": "string",
"show_clock_icon": true,
"wrapper_class": "string",
"show_modified_at_time": true,
"tooltip_title": "string",
"icon_src": "string",
"icon_color": "string"
}
}
],
"disabled_features": [{"name": "string"
}
],
"case_priority_config": {"analyst_priority_config": {"need_attention_statuses": [0
],
"active_statuses": [0
],
"closed_statuses": [0
]
},
"customer_priority_config": {"need_attention_statuses": [0
],
"active_statuses": [0
],
"closed_statuses": [0
]
}
},
"case_closed_statuses": [0
],
"organization_id": "string",
"reply_to_email": "string"
}
]
}

create a new case configuration for the organization

Authorizations:

SessionCookie

header Parameters

User-ID required	string The User ID of the requestor.
Organization-ID required	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request

Request Body schema: application/json
required

	Array of objects (CaseCategory)
	Array of objects (EnumOption)
	Array of objects (EnumOption)
	Array of objects (EnumOption)
	Array of objects (EnumOption)
	Array of objects (EnumOption)
	Array of objects (CaseFeature) list of case features disabled for the organization
	object (CasePriorityConfig) describe how cases will be divided in Need attention, Closed and Active tabs for the organization
case_closed_statuses	Array of integers list of statuses that will be shown in Closed tab
organization_id required	string Organization id of the organization
reply_to_email	string Email address to set as reply-to header in the emails sent by the organization

Responses

Request samples

Payload

Content type

application/json

{"case_categories": [{"category_name": "string",
"sub_categories": [{"sub_category_name": "string"
}
]
}
],
"severity_options": [{"key": 0,
"label": "string",
"style_config": {"bg_color": "string",
"font_color": "string",
"font_size": "string",
"border": "string",
"border_radius": "string",
"size": "string",
"start_adornments": {"type": "string",
"src": "string",
"size": "string"
},
"end_adornments": {"type": "string",
"src": "string",
"size": "string"
},
"text_class": "string",
"show_clock_icon": true,
"wrapper_class": "string",
"show_modified_at_time": true,
"tooltip_title": "string",
"icon_src": "string",
"icon_color": "string"
}
}
],
"disposition_options": [{"key": 0,
"label": "string",
"style_config": {"bg_color": "string",
"font_color": "string",
"font_size": "string",
"border": "string",
"border_radius": "string",
"size": "string",
"start_adornments": {"type": "string",
"src": "string",
"size": "string"
},
"end_adornments": {"type": "string",
"src": "string",
"size": "string"
},
"text_class": "string",
"show_clock_icon": true,
"wrapper_class": "string",
"show_modified_at_time": true,
"tooltip_title": "string",
"icon_src": "string",
"icon_color": "string"
}
}
],
"status_options": [{"key": 0,
"label": "string",
"style_config": {"bg_color": "string",
"font_color": "string",
"font_size": "string",
"border": "string",
"border_radius": "string",
"size": "string",
"start_adornments": {"type": "string",
"src": "string",
"size": "string"
},
"end_adornments": {"type": "string",
"src": "string",
"size": "string"
},
"text_class": "string",
"show_clock_icon": true,
"wrapper_class": "string",
"show_modified_at_time": true,
"tooltip_title": "string",
"icon_src": "string",
"icon_color": "string"
}
}
],
"finding_risk_options": [{"key": 0,
"label": "string",
"style_config": {"bg_color": "string",
"font_color": "string",
"font_size": "string",
"border": "string",
"border_radius": "string",
"size": "string",
"start_adornments": {"type": "string",
"src": "string",
"size": "string"
},
"end_adornments": {"type": "string",
"src": "string",
"size": "string"
},
"text_class": "string",
"show_clock_icon": true,
"wrapper_class": "string",
"show_modified_at_time": true,
"tooltip_title": "string",
"icon_src": "string",
"icon_color": "string"
}
}
],
"action_status_options": [{"key": 0,
"label": "string",
"style_config": {"bg_color": "string",
"font_color": "string",
"font_size": "string",
"border": "string",
"border_radius": "string",
"size": "string",
"start_adornments": {"type": "string",
"src": "string",
"size": "string"
},
"end_adornments": {"type": "string",
"src": "string",
"size": "string"
},
"text_class": "string",
"show_clock_icon": true,
"wrapper_class": "string",
"show_modified_at_time": true,
"tooltip_title": "string",
"icon_src": "string",
"icon_color": "string"
}
}
],
"disabled_features": [{"name": "string"
}
],
"case_priority_config": {"analyst_priority_config": {"need_attention_statuses": [0
],
"active_statuses": [0
],
"closed_statuses": [0
]
},
"customer_priority_config": {"need_attention_statuses": [0
],
"active_statuses": [0
],
"closed_statuses": [0
]
}
},
"case_closed_statuses": [0
],
"organization_id": "string",
"reply_to_email": "string"
}

Response samples

200
default

Content type

application/json

{"message": "string",
"data": {"case_categories": [{"category_name": "string",
"sub_categories": [{"sub_category_name": "string"
}
]
}
],
"severity_options": [{"key": 0,
"label": "string",
"style_config": {"bg_color": "string",
"font_color": "string",
"font_size": "string",
"border": "string",
"border_radius": "string",
"size": "string",
"start_adornments": {"type": "string",
"src": "string",
"size": "string"
},
"end_adornments": {"type": "string",
"src": "string",
"size": "string"
},
"text_class": "string",
"show_clock_icon": true,
"wrapper_class": "string",
"show_modified_at_time": true,
"tooltip_title": "string",
"icon_src": "string",
"icon_color": "string"
}
}
],
"disposition_options": [{"key": 0,
"label": "string",
"style_config": {"bg_color": "string",
"font_color": "string",
"font_size": "string",
"border": "string",
"border_radius": "string",
"size": "string",
"start_adornments": {"type": "string",
"src": "string",
"size": "string"
},
"end_adornments": {"type": "string",
"src": "string",
"size": "string"
},
"text_class": "string",
"show_clock_icon": true,
"wrapper_class": "string",
"show_modified_at_time": true,
"tooltip_title": "string",
"icon_src": "string",
"icon_color": "string"
}
}
],
"status_options": [{"key": 0,
"label": "string",
"style_config": {"bg_color": "string",
"font_color": "string",
"font_size": "string",
"border": "string",
"border_radius": "string",
"size": "string",
"start_adornments": {"type": "string",
"src": "string",
"size": "string"
},
"end_adornments": {"type": "string",
"src": "string",
"size": "string"
},
"text_class": "string",
"show_clock_icon": true,
"wrapper_class": "string",
"show_modified_at_time": true,
"tooltip_title": "string",
"icon_src": "string",
"icon_color": "string"
}
}
],
"finding_risk_options": [{"key": 0,
"label": "string",
"style_config": {"bg_color": "string",
"font_color": "string",
"font_size": "string",
"border": "string",
"border_radius": "string",
"size": "string",
"start_adornments": {"type": "string",
"src": "string",
"size": "string"
},
"end_adornments": {"type": "string",
"src": "string",
"size": "string"
},
"text_class": "string",
"show_clock_icon": true,
"wrapper_class": "string",
"show_modified_at_time": true,
"tooltip_title": "string",
"icon_src": "string",
"icon_color": "string"
}
}
],
"action_status_options": [{"key": 0,
"label": "string",
"style_config": {"bg_color": "string",
"font_color": "string",
"font_size": "string",
"border": "string",
"border_radius": "string",
"size": "string",
"start_adornments": {"type": "string",
"src": "string",
"size": "string"
},
"end_adornments": {"type": "string",
"src": "string",
"size": "string"
},
"text_class": "string",
"show_clock_icon": true,
"wrapper_class": "string",
"show_modified_at_time": true,
"tooltip_title": "string",
"icon_src": "string",
"icon_color": "string"
}
}
],
"disabled_features": [{"name": "string"
}
],
"case_priority_config": {"analyst_priority_config": {"need_attention_statuses": [0
],
"active_statuses": [0
],
"closed_statuses": [0
]
},
"customer_priority_config": {"need_attention_statuses": [0
],
"active_statuses": [0
],
"closed_statuses": [0
]
}
},
"case_closed_statuses": [0
],
"organization_id": "string",
"reply_to_email": "string"
}
}

copy case configuration for the organizations

Authorizations:

SessionCookie

query Parameters

from_organization_id required	string The organization id to copy the case configuration from
to_organization_id required	string The organization id to copy the case configuration to

header Parameters

User-ID required	string The User ID of the requestor.
Organization-ID required	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request

Responses

Response samples

200
default

Content type

application/json

{"message": "string",
"data": {"case_categories": [{"category_name": "string",
"sub_categories": [{"sub_category_name": "string"
}
]
}
],
"severity_options": [{"key": 0,
"label": "string",
"style_config": {"bg_color": "string",
"font_color": "string",
"font_size": "string",
"border": "string",
"border_radius": "string",
"size": "string",
"start_adornments": {"type": "string",
"src": "string",
"size": "string"
},
"end_adornments": {"type": "string",
"src": "string",
"size": "string"
},
"text_class": "string",
"show_clock_icon": true,
"wrapper_class": "string",
"show_modified_at_time": true,
"tooltip_title": "string",
"icon_src": "string",
"icon_color": "string"
}
}
],
"disposition_options": [{"key": 0,
"label": "string",
"style_config": {"bg_color": "string",
"font_color": "string",
"font_size": "string",
"border": "string",
"border_radius": "string",
"size": "string",
"start_adornments": {"type": "string",
"src": "string",
"size": "string"
},
"end_adornments": {"type": "string",
"src": "string",
"size": "string"
},
"text_class": "string",
"show_clock_icon": true,
"wrapper_class": "string",
"show_modified_at_time": true,
"tooltip_title": "string",
"icon_src": "string",
"icon_color": "string"
}
}
],
"status_options": [{"key": 0,
"label": "string",
"style_config": {"bg_color": "string",
"font_color": "string",
"font_size": "string",
"border": "string",
"border_radius": "string",
"size": "string",
"start_adornments": {"type": "string",
"src": "string",
"size": "string"
},
"end_adornments": {"type": "string",
"src": "string",
"size": "string"
},
"text_class": "string",
"show_clock_icon": true,
"wrapper_class": "string",
"show_modified_at_time": true,
"tooltip_title": "string",
"icon_src": "string",
"icon_color": "string"
}
}
],
"finding_risk_options": [{"key": 0,
"label": "string",
"style_config": {"bg_color": "string",
"font_color": "string",
"font_size": "string",
"border": "string",
"border_radius": "string",
"size": "string",
"start_adornments": {"type": "string",
"src": "string",
"size": "string"
},
"end_adornments": {"type": "string",
"src": "string",
"size": "string"
},
"text_class": "string",
"show_clock_icon": true,
"wrapper_class": "string",
"show_modified_at_time": true,
"tooltip_title": "string",
"icon_src": "string",
"icon_color": "string"
}
}
],
"action_status_options": [{"key": 0,
"label": "string",
"style_config": {"bg_color": "string",
"font_color": "string",
"font_size": "string",
"border": "string",
"border_radius": "string",
"size": "string",
"start_adornments": {"type": "string",
"src": "string",
"size": "string"
},
"end_adornments": {"type": "string",
"src": "string",
"size": "string"
},
"text_class": "string",
"show_clock_icon": true,
"wrapper_class": "string",
"show_modified_at_time": true,
"tooltip_title": "string",
"icon_src": "string",
"icon_color": "string"
}
}
],
"disabled_features": [{"name": "string"
}
],
"case_priority_config": {"analyst_priority_config": {"need_attention_statuses": [0
],
"active_statuses": [0
],
"closed_statuses": [0
]
},
"customer_priority_config": {"need_attention_statuses": [0
],
"active_statuses": [0
],
"closed_statuses": [0
]
}
},
"case_closed_statuses": [0
],
"organization_id": "string",
"reply_to_email": "string"
}
}

Dashboard

Retrieve metrics data

Authorizations:

SessionCookie

query Parameters

days	integer >= 1 Default: 7 Number of days to include in the metrics calculation (optional)
organization_id	string Additional org id filter. Only applicable for Airmdr employees. If empty, metrics for all organizations are shown.

header Parameters

User-ID required	string The User ID of the requestor.
Organization-ID	string The Organization ID associated with the requestor.
X-Request-ID	string The ID associated with the request

Responses

Response samples

200
default

Content type

application/json

{"message": "string",
"data": {"total_cases": 0,
"mean_time_to_ack": {"mean_metric_total": 0,
"daily_mean_metrics": {"property1": 0,
"property2": 0
},
"mean_metrics_intervals": {"property1": 0,
"property2": 0
}
},
"mean_time_to_investigate": {"mean_metric_total": 0,
"daily_mean_metrics": {"property1": 0,
"property2": 0
},
"mean_metrics_intervals": {"property1": 0,
"property2": 0
}
},
"mean_time_to_contain": {"mean_metric_total": 0,
"daily_mean_metrics": {"property1": 0,
"property2": 0
},
"mean_metrics_intervals": {"property1": 0,
"property2": 0
}
},
"mean_time_to_close": {"mean_metric_total": 0,
"daily_mean_metrics": {"property1": 0,
"property2": 0
},
"mean_metrics_intervals": {"property1": 0,
"property2": 0
}
},
"handled_by_darryl": 0,
"sub_category_count_darryl": {"property1": 0,
"property2": 0
},
"status_count": {"property1": 0,
"property2": 0
},
"severity_count": {"property1": 0,
"property2": 0
},
"escalated_to_customer_count": 0,
"case_count_per_day": {"property1": 0,
"property2": 0
}
}
}

Alerts

Create alerts

Authorizations:

SessionCookie

query Parameters

skip_investigation

boolean

Flag indicating whether the investigation for the alert should be skipped.

header Parameters

User-ID	string The User ID of the requestor. If requests are made through API Gateway, this header will be pre filled.
Organization-ID	string The Organization ID of the requestor. If requests are made through API Gateway, this header will be pre filled.
X-Request-ID	string The ID associated with the request. If requests are made through API Gateway, this header will be pre filled.
Organization-Hosturl	string The host url of the organization.

Request Body schema: application/json
required

Request body for creating alerts.

alert_content required	string The content/body of the alert
alert_provider required	string The provider/source of the alert (e.g. aws, microsoft_graph, etc.)
alert_type	string The type/category of the alert
fetched_playbook_id	string ID of the playbook that fetched this alert
fetched_playbook_name	string Name of the playbook that fetched this alert
fetched_execution_id	string Execution ID of the playbook run that fetched this alert
organization_code required	string Code/identifier of the organization this alert belongs to
	object (AlertsIOC)
created_at_source	integer <int64> Timestamp when the alert was created at the source/provider
add_alert_definition	boolean Flag to add alert definition to the alert content, True for alerts creating airmdr detection playbooks
is_test_alert	boolean Flag indicating whether this alert is a test alert and should be treated differently

Responses

Request samples

Payload

Content type

application/json

{"alert_content": "string",
"alert_provider": "string",
"alert_type": "string",
"fetched_playbook_id": "string",
"fetched_playbook_name": "string",
"fetched_execution_id": "string",
"organization_code": "string",
"alert_ioc": {"ip_address": ["string"
],
"domain": ["string"
],
"username": ["string"
],
"location": ["string"
],
"hostname": ["string"
],
"url": ["string"
],
"ioc_fields": { }
},
"created_at_source": 0,
"add_alert_definition": true,
"is_test_alert": true
}

Response samples

200
default

Content type

application/json

{"alert_id": "string",
"alert_uuid": "string",
"alert_content": "string",
"alert_provider": "string",
"alert_type": "string",
"alert_ioc": {"ip_address": ["string"
],
"domain": ["string"
],
"username": ["string"
],
"location": ["string"
],
"hostname": ["string"
],
"url": ["string"
],
"ioc_fields": { }
},
"organization_uuid": "string",
"organization_code": "string",
"created_by": "string",
"created_at": 0,
"modified_at": 0,
"created_at_source": 0,
"fetched_playbook_id": "string",
"fetched_playbook_name": "string",
"fetched_execution_id": "string",
"investigation_playbook_id": "string",
"investigation_playbook_name": "string",
"investigation_status": 0,
"investigation_retry_count": 0,
"investigation_completed_time": 0,
"execution_id": "string",
"linked_case_id": "string",
"alert_provider_details": {"name": "string",
"icon": "string",
"provider_id": "string"
},
"resolved": true,
"linked_case_details": [{"case_id": "string",
"investigation_status": 0,
"investigation_playbook_id": "string",
"investigation_playbook_name": "string",
"execution_id": "string",
"linked_manually": true
}
],
"connection_details": {"connection_id": "string",
"connection_name": "string"
},
"alert_type_details": {"alert_type": "string",
"alert_provider": "string",
"default_severity": 10,
"categories": ["string"
],
"mitre_tactics": ["string"
]
},
"alert_link": "string"
}

Analyze alerts

Authorizations:

SessionCookie

query Parameters

return_partial_data

boolean

Default: false

If true, returns whatever fields were identified even if some are missing. If false, returns error if any field is missing.

header Parameters

User-ID	string The User ID of the requestor. If requests are made through API Gateway, this header will be pre filled.
Organization-ID	string The Organization ID of the requestor. If requests are made through API Gateway, this header will be pre filled.
X-Request-ID	string The ID associated with the request. If requests are made through API Gateway, this header will be pre filled.
Organization-Hosturl	string The host url of the organization.

Request Body schema: application/json
required

Request body for analyzing alerts.

alert_content

required

string

Responses

Request samples

Payload

Content type

application/json

{"alert_content": "string"
}

Response samples

200
default

Content type

application/json

{"alert_content": "string",
"alert_provider": "string",
"alert_type": "string",
"created_at_source": 0
}

Export alerts data

Authorizations:

SessionCookie

header Parameters

User-ID	string The User ID of the requestor. If requests are made through API Gateway, this header will be pre filled.
Organization-ID	string The Organization ID of the requestor. If requests are made through API Gateway, this header will be pre filled.
X-Request-ID	string The ID associated with the request. If requests are made through API Gateway, this header will be pre filled.
Organization-Hosturl	string The host url of the organization.

Request Body schema: application/json
required

Request body for list alerts with search and filter.

	object (ListAlertsFilter)
	Array of objects (SortFields)
ignore_alert_content	boolean Flag to indicate whether to ignore the alert content. If true, the alert content will not be fetched.

Responses

Request samples

Payload

Content type

application/json

{"filter": {"global_search_query": "string",
"investigation_status": ["string"
],
"alert_id": "string",
"alert_provider": "string",
"alert_providers": ["string"
],
"alert_type": "string",
"alert_types": ["string"
],
"organization_code": "string",
"organization_codes": ["string"
],
"modified_at_time_range": {"from_date": 0,
"to_date": 0
},
"created_at_time_range": {"from_date": 0,
"to_date": 0
},
"connection_ids": ["string"
],
"unresolved": true,
"no_linked_cases": true
},
"sort": [{"field": "string",
"sort_order": 0
}
],
"ignore_alert_content": true
}

Response samples

default

Content type

application/json

{"message": "string"
}

get the details of an alert

Authorizations:

SessionCookie

path Parameters

alert_id

string

The ID associated with the alert

header Parameters

User-ID	string The User ID of the requestor. If requests are made through API Gateway, this header will be pre filled.
Organization-ID	string The Organization ID of the requestor. If requests are made through API Gateway, this header will be pre filled.
X-Request-ID	string The ID associated with the request. If requests are made through API Gateway, this header will be pre filled.
Organization-Hosturl	string The host url of the organization.

Responses

Response samples

200
default

Content type

application/json

{"alert_id": "string",
"alert_uuid": "string",
"alert_content": "string",
"alert_provider": "string",
"alert_type": "string",
"alert_ioc": {"ip_address": ["string"
],
"domain": ["string"
],
"username": ["string"
],
"location": ["string"
],
"hostname": ["string"
],
"url": ["string"
],
"ioc_fields": { }
},
"organization_uuid": "string",
"organization_code": "string",
"created_by": "string",
"created_at": 0,
"modified_at": 0,
"created_at_source": 0,
"fetched_playbook_id": "string",
"fetched_playbook_name": "string",
"fetched_execution_id": "string",
"investigation_playbook_id": "string",
"investigation_playbook_name": "string",
"investigation_status": 0,
"investigation_retry_count": 0,
"investigation_completed_time": 0,
"execution_id": "string",
"linked_case_id": "string",
"alert_provider_details": {"name": "string",
"icon": "string",
"provider_id": "string"
},
"resolved": true,
"linked_case_details": [{"case_id": "string",
"investigation_status": 0,
"investigation_playbook_id": "string",
"investigation_playbook_name": "string",
"execution_id": "string",
"linked_manually": true
}
],
"connection_details": {"connection_id": "string",
"connection_name": "string"
},
"alert_type_details": {"alert_type": "string",
"alert_provider": "string",
"default_severity": 10,
"categories": ["string"
],
"mitre_tactics": ["string"
]
},
"alert_link": "string"
}

update the details of an alert

Authorizations:

SessionCookie

path Parameters

alert_id

string

The ID associated with the alert

header Parameters

User-ID	string The User ID of the requestor. If requests are made through API Gateway, this header will be pre filled.
Organization-ID	string The Organization ID of the requestor. If requests are made through API Gateway, this header will be pre filled.
X-Request-ID	string The ID associated with the request. If requests are made through API Gateway, this header will be pre filled.
Organization-Hosturl	string The host url of the organization.

Request Body schema: application/json
required

Request body for updating an alert.

alert_provider	string
investigation_status	integer (AlertInvestigationStatus) Enum: 0 5 10 12 15 20
investigation_playbook_id	string
investigation_playbook_name	string
investigation_retry_count	integer
execution_id	string
linked_case_id	string
	object (AlertsIOC)
resolved	boolean

Responses

Request samples

Payload

Content type

application/json

{"alert_provider": "string",
"investigation_status": 0,
"investigation_playbook_id": "string",
"investigation_playbook_name": "string",
"investigation_retry_count": 0,
"execution_id": "string",
"linked_case_id": "string",
"alert_ioc": {"ip_address": ["string"
],
"domain": ["string"
],
"username": ["string"
],
"location": ["string"
],
"hostname": ["string"
],
"url": ["string"
],
"ioc_fields": { }
},
"resolved": true
}

Response samples

200
default

Content type

application/json

{"alert_id": "string",
"alert_uuid": "string",
"alert_content": "string",
"alert_provider": "string",
"alert_type": "string",
"alert_ioc": {"ip_address": ["string"
],
"domain": ["string"
],
"username": ["string"
],
"location": ["string"
],
"hostname": ["string"
],
"url": ["string"
],
"ioc_fields": { }
},
"organization_uuid": "string",
"organization_code": "string",
"created_by": "string",
"created_at": 0,
"modified_at": 0,
"created_at_source": 0,
"fetched_playbook_id": "string",
"fetched_playbook_name": "string",
"fetched_execution_id": "string",
"investigation_playbook_id": "string",
"investigation_playbook_name": "string",
"investigation_status": 0,
"investigation_retry_count": 0,
"investigation_completed_time": 0,
"execution_id": "string",
"linked_case_id": "string",
"alert_provider_details": {"name": "string",
"icon": "string",
"provider_id": "string"
},
"resolved": true,
"linked_case_details": [{"case_id": "string",
"investigation_status": 0,
"investigation_playbook_id": "string",
"investigation_playbook_name": "string",
"execution_id": "string",
"linked_manually": true
}
],
"connection_details": {"connection_id": "string",
"connection_name": "string"
},
"alert_type_details": {"alert_type": "string",
"alert_provider": "string",
"default_severity": 10,
"categories": ["string"
],
"mitre_tactics": ["string"
]
},
"alert_link": "string"
}

process or investigate the alert

investigate or re-investigate the alert

Authorizations:

SessionCookie

path Parameters

alert_id

string

The ID associated with the alert

header Parameters

User-ID	string The User ID of the requestor. If requests are made through API Gateway, this header will be pre filled.
Organization-ID	string The Organization ID of the requestor. If requests are made through API Gateway, this header will be pre filled.
X-Request-ID	string The ID associated with the request. If requests are made through API Gateway, this header will be pre filled.
Organization-Hosturl	string The host url of the organization.

Responses

Response samples

200
default

Content type

application/json

{"alert_id": "string",
"message": "string"
}

delete alerts in bulk

Authorizations:

SessionCookie

header Parameters

User-ID	string The User ID of the requestor. If requests are made through API Gateway, this header will be pre filled.
Organization-ID	string The Organization ID of the requestor. If requests are made through API Gateway, this header will be pre filled.
X-Request-ID	string The ID associated with the request. If requests are made through API Gateway, this header will be pre filled.
Organization-Hosturl	string The host url of the organization.

Request Body schema: application/json
required

alert_uuids

required

Array of strings

Responses

Request samples

Payload

Content type

application/json

{"alert_uuids": ["string"
]
}

Response samples

200
default

Content type

application/json

{"message": "string",
"data": ["string"
]
}

delete an alert

Authorizations:

SessionCookie

path Parameters

alert_id

string

The ID associated with the alert

header Parameters

User-ID	string The User ID of the requestor. If requests are made through API Gateway, this header will be pre filled.
Organization-ID	string The Organization ID of the requestor. If requests are made through API Gateway, this header will be pre filled.
X-Request-ID	string The ID associated with the request. If requests are made through API Gateway, this header will be pre filled.
Organization-Hosturl	string The host url of the organization.

Responses

Response samples

200
default

Content type

application/json

{"message": "string"
}

Get the list of Alert types

Authorizations:

SessionCookie

query Parameters

alert_provider

string

alert provider filter

header Parameters

User-ID	string The User ID of the requestor. If requests are made through API Gateway, this header will be pre filled.
Organization-ID	string The Organization ID of the requestor. If requests are made through API Gateway, this header will be pre filled.
X-Request-ID	string The ID associated with the request. If requests are made through API Gateway, this header will be pre filled.
Organization-Hosturl	string The host url of the organization.

Responses

Response samples

200
default

Content type

application/json

["string"
]

Get the list of alerts

Get the list of alerts per org

Authorizations:

SessionCookie

query Parameters

page	integer Page number for paginated results.
size	integer Number of results per page.

header Parameters

User-ID	string The User ID of the requestor. If requests are made through API Gateway, this header will be pre filled.
Organization-ID	string The Organization ID of the requestor. If requests are made through API Gateway, this header will be pre filled.
X-Request-ID	string The ID associated with the request. If requests are made through API Gateway, this header will be pre filled.
Organization-Hosturl	string The host url of the organization.

Request Body schema: application/json
required

Request body for list alerts with search and filter.

	object (ListAlertsFilter)
	Array of objects (SortFields)
ignore_alert_content	boolean Flag to indicate whether to ignore the alert content. If true, the alert content will not be fetched.

Responses

Request samples

Payload

Content type

application/json

{"filter": {"global_search_query": "string",
"investigation_status": ["string"
],
"alert_id": "string",
"alert_provider": "string",
"alert_providers": ["string"
],
"alert_type": "string",
"alert_types": ["string"
],
"organization_code": "string",
"organization_codes": ["string"
],
"modified_at_time_range": {"from_date": 0,
"to_date": 0
},
"created_at_time_range": {"from_date": 0,
"to_date": 0
},
"connection_ids": ["string"
],
"unresolved": true,
"no_linked_cases": true
},
"sort": [{"field": "string",
"sort_order": 0
}
],
"ignore_alert_content": true
}

Response samples

200
default

Content type

application/json

{"data": [{"alert_id": "string",
"alert_uuid": "string",
"alert_content": "string",
"alert_provider": "string",
"alert_type": "string",
"alert_ioc": {"ip_address": ["string"
],
"domain": ["string"
],
"username": ["string"
],
"location": ["string"
],
"hostname": ["string"
],
"url": ["string"
],
"ioc_fields": { }
},
"organization_uuid": "string",
"organization_code": "string",
"created_by": "string",
"created_at": 0,
"modified_at": 0,
"created_at_source": 0,
"fetched_playbook_id": "string",
"fetched_playbook_name": "string",
"fetched_execution_id": "string",
"investigation_playbook_id": "string",
"investigation_playbook_name": "string",
"investigation_status": 0,
"investigation_retry_count": 0,
"investigation_completed_time": 0,
"execution_id": "string",
"linked_case_id": "string",
"alert_provider_details": {"name": "string",
"icon": "string",
"provider_id": "string"
},
"resolved": true,
"linked_case_count": 0,
"alert_link": "string"
}
],
"total": 0
}

get the details of an alert given execution id

Authorizations:

SessionCookie

path Parameters

execution_id

string

The ID associated with the execution for which alert is to be fetched.

header Parameters

User-ID	string The User ID of the requestor. If requests are made through API Gateway, this header will be pre filled.
Organization-ID	string The Organization ID of the requestor. If requests are made through API Gateway, this header will be pre filled.
X-Request-ID	string The ID associated with the request. If requests are made through API Gateway, this header will be pre filled.
Organization-Hosturl	string The host url of the organization.

Responses

Response samples

200
default

Content type

application/json

{"alert_id": "string",
"alert_uuid": "string",
"alert_content": "string",
"alert_provider": "string",
"alert_type": "string",
"alert_ioc": {"ip_address": ["string"
],
"domain": ["string"
],
"username": ["string"
],
"location": ["string"
],
"hostname": ["string"
],
"url": ["string"
],
"ioc_fields": { }
},
"organization_uuid": "string",
"organization_code": "string",
"created_by": "string",
"created_at": 0,
"modified_at": 0,
"created_at_source": 0,
"fetched_playbook_id": "string",
"fetched_playbook_name": "string",
"fetched_execution_id": "string",
"investigation_playbook_id": "string",
"investigation_playbook_name": "string",
"investigation_status": 0,
"investigation_retry_count": 0,
"investigation_completed_time": 0,
"execution_id": "string",
"linked_case_id": "string",
"alert_provider_details": {"name": "string",
"icon": "string",
"provider_id": "string"
},
"resolved": true,
"linked_case_details": [{"case_id": "string",
"investigation_status": 0,
"investigation_playbook_id": "string",
"investigation_playbook_name": "string",
"execution_id": "string",
"linked_manually": true
}
],
"connection_details": {"connection_id": "string",
"connection_name": "string"
},
"alert_type_details": {"alert_type": "string",
"alert_provider": "string",
"default_severity": 10,
"categories": ["string"
],
"mitre_tactics": ["string"
]
},
"alert_link": "string"
}

Case Manager (1.0.0)

Case Manager V2

create a new v2 case

Authorizations:

header Parameters

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

get details of a v2 case

Authorizations:

path Parameters

query Parameters

header Parameters

Responses

Response samples

update details of a v2 case

Authorizations:

path Parameters

header Parameters

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

archive a case

Authorizations:

path Parameters

header Parameters

Responses

Response samples

delete a case

Authorizations:

path Parameters

header Parameters

Responses

Response samples

ignore/unignore the case from metrics.

Authorizations:

path Parameters

header Parameters

Responses

Response samples

add a new finding in case

Authorizations:

path Parameters

header Parameters

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

update a finding in the case

Authorizations:

path Parameters

header Parameters

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

delete a finding in a case

Authorizations:

path Parameters

header Parameters

Responses

Response samples

email details of a v2 case finding

Authorizations:

path Parameters

header Parameters

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

get evidence data for a finding based on uuid

Authorizations:

path Parameters

query Parameters

header Parameters

Responses

Response samples

email details of a v2 case

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required