Skip to main content

Create a Case

POST 
/workspace/:ws_id/case_management/table/cases

Adds a new Case record.

Request

Path Parameters

    ws_id stringrequired

    Workspace ID

Body

required

Case Data

    case_manager string[]
    case_tags string[]

    Possible values: [Malware, Ransomware, Insider Threat, VIP, Workstation, Server, Data Leak, Data Theft, Account Compromise, Adware, Crypto Miner, Fraud]

    mitre_attack string[]

    Possible values: [Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration, Impact]

    name string
    overview string
    severity integer

    Possible values: [1, 2, 3, 4]

    sla integer
    sla_expiry integer
    status string

    Possible values: [OPEN, IN PROGRESS, CLOSED]

    summary string
    type string

    Possible values: [Malware, Ransomware, Adware, Spyware, Crypto Miner, Data Exfiltration, Insider Threat, Network Intrusion, DoS, DDoS, MITM, SQL Injection, Email Spoofing, DNS Spoofing, C2 Communications, Rogue Device, Brute Force, Phishing, Compromised Credentials, Account Takeover, Physical, Vulnerability, Reconnaissance, Domain Takeover, Lateral Movement, Network Exposure, Data Exposure, Credential Exposure, Suspicious User Activity, Suspicious Login, Suspicious Network Activity, Suspicious USB Device, Security Policy Violation, Security Compliance Violation]

    vendors string[]

    Possible values: [CrowdStrike, Checkpoint, Delinea, Securonix, Falcon LogScale, Splunk, ArcSight, SolarWinds Service Desk, Datadog, SentinelOne, Microsoft Defender For Cloud, Microsoft Defender For Cloud Apps, Microsoft Defender For Endpoints]

Responses

OK

Schema
    case_manager string[]
    case_tags string[]

    Possible values: [Malware, Ransomware, Insider Threat, VIP, Workstation, Server, Data Leak, Data Theft, Account Compromise, Adware, Crypto Miner, Fraud]

    mitre_attack string[]

    Possible values: [Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration, Impact]

    name string
    overview string
    severity integer

    Possible values: [1, 2, 3, 4]

    sla integer
    sla_expiry integer
    status string

    Possible values: [OPEN, IN PROGRESS, CLOSED]

    summary string
    type string

    Possible values: [Malware, Ransomware, Adware, Spyware, Crypto Miner, Data Exfiltration, Insider Threat, Network Intrusion, DoS, DDoS, MITM, SQL Injection, Email Spoofing, DNS Spoofing, C2 Communications, Rogue Device, Brute Force, Phishing, Compromised Credentials, Account Takeover, Physical, Vulnerability, Reconnaissance, Domain Takeover, Lateral Movement, Network Exposure, Data Exposure, Credential Exposure, Suspicious User Activity, Suspicious Login, Suspicious Network Activity, Suspicious USB Device, Security Policy Violation, Security Compliance Violation]

    vendors string[]

    Possible values: [CrowdStrike, Checkpoint, Delinea, Securonix, Falcon LogScale, Splunk, ArcSight, SolarWinds Service Desk, Datadog, SentinelOne, Microsoft Defender For Cloud, Microsoft Defender For Cloud Apps, Microsoft Defender For Endpoints]

Loading...