Update a Case

PUT

workspace

{ws_id}

case_management

table

cases

{case_id}

curl --request PUT \
  --url https://app.blinkops.com/api/v1/workspace/{ws_id}/case_management/table/cases/{case_id} \
  --header 'BLINK-API-KEY: <api-key>' \
  --header 'Content-Type: */*' \
  --data '{
  "case_manager": [
    "john.doe@blinkops.com"
  ],
  "case_tags": [
    "Malware",
    "Ransomware",
    "Insider Threat"
  ],
  "mitre_attack": [
    "Reconnaissance",
    "Resource Development"
  ],
  "name": "New Case",
  "overview": "<p>1. New Malware detected</p>",
  "severity": 3,
  "sla": 259200000,
  "sla_expiry": 60000,
  "status": "OPEN",
  "summary": "Summary of the case",
  "type": "Malware",
  "vendors": [
    "CrowdStrike"
  ]
}'

{
  "case_manager": [
    "john.doe@blinkops.com"
  ],
  "case_tags": [
    "Malware",
    "Ransomware",
    "Insider Threat"
  ],
  "mitre_attack": [
    "Reconnaissance",
    "Resource Development"
  ],
  "name": "New Case",
  "overview": "<p>1. New Malware detected</p>",
  "severity": 3,
  "sla": 259200000,
  "sla_expiry": 60000,
  "status": "OPEN",
  "summary": "Summary of the case",
  "type": "Malware",
  "vendors": [
    "CrowdStrike"
  ]
}

Authorizations

BLINK-API-KEY

string

header

required

Use your API key to access BlinkOps API. To generate an API key, please log in to your BlinkOps account and navigate to the API Keys section in the user settings page. Add the generated key to your request headers as BLINK-API-KEY.

Path Parameters

ws_id

string

required

Workspace ID

case_id

string

required

Case ID

Body

*/*

Case Data

case_manager

string[]

case_tags

enum<string>[]

Available options:

Malware,

Ransomware,

Insider Threat,

VIP,

Workstation,

Server,

Data Leak,

Data Theft,

Account Compromise,

Adware,

Crypto Miner,

Fraud

mitre_attack

enum<string>[]

Available options:

Reconnaissance,

Resource Development,

Initial Access,

Execution,

Persistence,

Privilege Escalation,

Defense Evasion,

Credential Access,

Discovery,

Lateral Movement,

Collection,

Command and Control,

Exfiltration,

Impact

name

string

overview

string

severity

integer

sla

integer

sla_expiry

integer

status

enum<string>

Available options:

OPEN,

IN PROGRESS,

CLOSED

summary

string

type

enum<string>

Available options:

Malware,

Ransomware,

Adware,

Spyware,

Crypto Miner,

Data Exfiltration,

Insider Threat,

Network Intrusion,

DoS,

DDoS,

MITM,

SQL Injection,

Email Spoofing,

DNS Spoofing,

C2 Communications,

Rogue Device,

Brute Force,

Phishing,

Compromised Credentials,

Account Takeover,

Physical,

Vulnerability,

Reconnaissance,

Domain Takeover,

Lateral Movement,

Network Exposure,

Data Exposure,

Credential Exposure,

Suspicious User Activity,

Suspicious Login,

Suspicious Network Activity,

Suspicious USB Device,

Security Policy Violation,

Security Compliance Violation

vendors

enum<string>[]

Available options:

CrowdStrike,

Checkpoint,

Delinea,

Securonix,

Falcon LogScale,

Splunk,

ArcSight,

SolarWinds Service Desk,

Datadog,

SentinelOne,

Microsoft Defender For Cloud,

Microsoft Defender For Cloud Apps,

Microsoft Defender For Endpoints

Response

200

*/*

case_manager

string[]

case_tags

enum<string>[]

Available options:

Malware,

Ransomware,

Insider Threat,

VIP,

Workstation,

Server,

Data Leak,

Data Theft,

Account Compromise,

Adware,

Crypto Miner,

Fraud

mitre_attack

enum<string>[]

Available options:

Reconnaissance,

Resource Development,

Initial Access,

Execution,

Persistence,

Privilege Escalation,

Defense Evasion,

Credential Access,

Discovery,

Lateral Movement,

Collection,

Command and Control,

Exfiltration,

Impact

name

string

overview

string

severity

integer

sla

integer

sla_expiry

integer

status

enum<string>

Available options:

OPEN,

IN PROGRESS,

CLOSED

summary

string

type

enum<string>

Available options:

Malware,

Ransomware,

Adware,

Spyware,

Crypto Miner,

Data Exfiltration,

Insider Threat,

Network Intrusion,

DoS,

DDoS,

MITM,

SQL Injection,

Email Spoofing,

DNS Spoofing,

C2 Communications,

Rogue Device,

Brute Force,

Phishing,

Compromised Credentials,

Account Takeover,

Physical,

Vulnerability,

Reconnaissance,

Domain Takeover,

Lateral Movement,

Network Exposure,

Data Exposure,

Credential Exposure,

Suspicious User Activity,

Suspicious Login,

Suspicious Network Activity,

Suspicious USB Device,

Security Policy Violation,

Security Compliance Violation

vendors

enum<string>[]

Available options:

CrowdStrike,

Checkpoint,

Delinea,

Securonix,

Falcon LogScale,

Splunk,

ArcSight,

SolarWinds Service Desk,

Datadog,

SentinelOne,

Microsoft Defender For Cloud,

Microsoft Defender For Cloud Apps,

Microsoft Defender For Endpoints

Was this page helpful?

Create a Case Create an Observable

curl --request PUT \
  --url https://app.blinkops.com/api/v1/workspace/{ws_id}/case_management/table/cases/{case_id} \
  --header 'BLINK-API-KEY: <api-key>' \
  --header 'Content-Type: */*' \
  --data '{
  "case_manager": [
    "john.doe@blinkops.com"
  ],
  "case_tags": [
    "Malware",
    "Ransomware",
    "Insider Threat"
  ],
  "mitre_attack": [
    "Reconnaissance",
    "Resource Development"
  ],
  "name": "New Case",
  "overview": "<p>1. New Malware detected</p>",
  "severity": 3,
  "sla": 259200000,
  "sla_expiry": 60000,
  "status": "OPEN",
  "summary": "Summary of the case",
  "type": "Malware",
  "vendors": [
    "CrowdStrike"
  ]
}'

{
  "case_manager": [
    "john.doe@blinkops.com"
  ],
  "case_tags": [
    "Malware",
    "Ransomware",
    "Insider Threat"
  ],
  "mitre_attack": [
    "Reconnaissance",
    "Resource Development"
  ],
  "name": "New Case",
  "overview": "<p>1. New Malware detected</p>",
  "severity": 3,
  "sla": 259200000,
  "sla_expiry": 60000,
  "status": "OPEN",
  "summary": "Summary of the case",
  "type": "Malware",
  "vendors": [
    "CrowdStrike"
  ]
}

Get Started

API

Connections

Workflows

Case Management

Users

Groups

Executions

Workspaces

Authorizations

Path Parameters

Body

Response