Get case activity
Deprecated
Returns all user activity for a case. Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; use the find user actions API instead. You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're seeking.
Path parameters
-
The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded.
Responses
-
Indicates a successful call.
Hide response attributes Show response attributes object
-
Values are
add,create,delete,push_to_service, orupdate. -
The application that owns the cases: Stack Management, Observability, or Elastic Security.
Values are
cases,observability, orsecuritySolution. payload
object | null Required One of: Cases_payload_alert_commentobject Cases_payload_assigneesobject Cases_payload_connectorobject Cases_payload_create_caseobject Cases_payload_deleteobject | null Cases_payload_descriptionobject Cases_payload_pushedobject Cases_payload_settingsobject Cases_payload_severityobject Cases_payload_statusobject Cases_payload_tagsobject Cases_payload_titleobject Cases_payload_user_commentobject Hide attribute Show attribute
Hide attribute Show attribute
-
An array containing users that are assigned to the case.
Not more than
10elements.
Hide attribute Show attribute
-
Hide connector attributes Show connector attributes object
-
An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.
Hide fields attributes Show fields attributes object | null
-
The case identifier for Swimlane connectors.
-
The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.
-
Indicates whether cases will send a comma-separated list of destination IPs for ServiceNow SecOps connectors.
-
The effect an incident had on business for ServiceNow ITSM connectors.
-
The type of issue for Jira connectors.
-
The type of incident for IBM Resilient connectors.
-
Indicates whether cases will send a comma-separated list of malware hashes for ServiceNow SecOps connectors.
-
Indicates whether cases will send a comma-separated list of malware URLs for ServiceNow SecOps connectors.
-
The key of the parent issue, when the issue type is sub-task for Jira connectors.
-
The priority of the issue for Jira and ServiceNow SecOps connectors.
-
The severity of the incident for ServiceNow ITSM connectors.
-
The severity code of the incident for IBM Resilient connectors.
-
Indicates whether cases will send a comma-separated list of source IPs for ServiceNow SecOps connectors.
-
The subcategory of the incident for ServiceNow ITSM connectors.
-
The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.
-
-
The identifier for the connector. To create a case without a connector, use
none. -
The name of the connector. To create a case without a connector, use
none. -
The type of connector.
Values are
.cases-webhook,.jira,.none,.resilient,.servicenow,.servicenow-sir, or.swimlane.
-
Hide attributes Show attributes
-
An array containing users that are assigned to the case.
Not more than
10elements. -
Hide connector attributes Show connector attributes object
-
An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.
Hide fields attributes Show fields attributes object | null
-
The case identifier for Swimlane connectors.
-
The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.
-
Indicates whether cases will send a comma-separated list of destination IPs for ServiceNow SecOps connectors.
-
The effect an incident had on business for ServiceNow ITSM connectors.
-
The type of issue for Jira connectors.
-
The type of incident for IBM Resilient connectors.
-
Indicates whether cases will send a comma-separated list of malware hashes for ServiceNow SecOps connectors.
-
Indicates whether cases will send a comma-separated list of malware URLs for ServiceNow SecOps connectors.
-
The key of the parent issue, when the issue type is sub-task for Jira connectors.
-
The priority of the issue for Jira and ServiceNow SecOps connectors.
-
The severity of the incident for ServiceNow ITSM connectors.
-
The severity code of the incident for IBM Resilient connectors.
-
Indicates whether cases will send a comma-separated list of source IPs for ServiceNow SecOps connectors.
-
The subcategory of the incident for ServiceNow ITSM connectors.
-
The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.
-
-
The identifier for the connector. To create a case without a connector, use
none. -
The name of the connector. To create a case without a connector, use
none. -
The type of connector.
Values are
.cases-webhook,.jira,.none,.resilient,.servicenow,.servicenow-sir, or.swimlane.
-
-
The application that owns the cases: Stack Management, Observability, or Elastic Security.
Values are
cases,observability, orsecuritySolution. -
An object that contains the case settings.
-
The severity of the case.
Values are
critical,high,low, ormedium. Default value islow. -
The status of the case.
Values are
closed,in-progress, oropen.
If the
actionisdeleteand thetypeisdelete_case, the payload is nullable.Hide attribute Show attribute
-
Hide externalService attributes Show externalService attributes object | null
-
-
The type of action.
Values are
assignees,create_case,comment,connector,delete_case,description,pushed,tags,title,status,settings, orseverity.
-
-
Authorization information is missing or invalid.
curl \
--request GET 'https://localhost:5601/api/cases/9c235210-6834-11ea-a78c-6ffb38a34414/user_actions' \
--header "Authorization: $API_KEY"