Skip to main content
PUT
/
workspace
/
{ws_id}
/
case_management
/
table
/
cases
/
{case_id}
Update a Case
curl --request PUT \
  --url https://app.blinkops.com/api/v1/workspace/{ws_id}/case_management/table/cases/{case_id} \
  --header 'BLINK-API-KEY: <api-key>' \
  --header 'Content-Type: */*' \
  --data '
{
  "case_manager": [
    "[email protected]"
  ],
  "case_tags": [
    "Malware",
    "Ransomware",
    "Insider Threat"
  ],
  "mitre_attack": [
    "Reconnaissance",
    "Resource Development"
  ],
  "name": "New Case",
  "overview": "<p>1. New Malware detected</p>",
  "severity": 3,
  "sla": 259200000,
  "sla_expiry": 60000,
  "status": "OPEN",
  "summary": "Summary of the case",
  "type": "Malware",
  "vendors": [
    "CrowdStrike"
  ]
}
'
{
  "case_manager": [
    "[email protected]"
  ],
  "case_tags": [
    "Malware",
    "Ransomware",
    "Insider Threat"
  ],
  "mitre_attack": [
    "Reconnaissance",
    "Resource Development"
  ],
  "name": "New Case",
  "overview": "<p>1. New Malware detected</p>",
  "severity": 3,
  "sla": 259200000,
  "sla_expiry": 60000,
  "status": "OPEN",
  "summary": "Summary of the case",
  "type": "Malware",
  "vendors": [
    "CrowdStrike"
  ]
}

Authorizations

BLINK-API-KEY
string
header
required

Use your API key to access BlinkOps API. To generate an API key, please log in to your BlinkOps account and navigate to the API Keys section in the user settings page. Add the generated key to your request headers as BLINK-API-KEY.

Path Parameters

ws_id
string
required

Workspace ID

case_id
string
required

Case ID

Body

*/*

Case Data

case_manager
string[]
Example:
["[email protected]"]
case_tags
enum<string>[]
Available options:
Malware,
Ransomware,
Insider Threat,
VIP,
Workstation,
Server,
Data Leak,
Data Theft,
Account Compromise,
Adware,
Crypto Miner,
Fraud
Example:
["Malware", "Ransomware", "Insider Threat"]
mitre_attack
enum<string>[]
Available options:
Reconnaissance,
Resource Development,
Initial Access,
Execution,
Persistence,
Privilege Escalation,
Defense Evasion,
Credential Access,
Discovery,
Lateral Movement,
Collection,
Command and Control,
Exfiltration,
Impact
Example:
["Reconnaissance", "Resource Development"]
name
string
Example:

"New Case"

overview
string
Example:

"<p>1. New Malware detected</p>"

severity
integer
Example:

3

sla
integer
Example:

259200000

sla_expiry
integer
Example:

60000

status
enum<string>
Available options:
OPEN,
IN PROGRESS,
CLOSED
Example:

"OPEN"

summary
string
Example:

"Summary of the case"

type
enum<string>
Available options:
Malware,
Ransomware,
Adware,
Spyware,
Crypto Miner,
Data Exfiltration,
Insider Threat,
Network Intrusion,
DoS,
DDoS,
MITM,
SQL Injection,
Email Spoofing,
DNS Spoofing,
C2 Communications,
Rogue Device,
Brute Force,
Phishing,
Compromised Credentials,
Account Takeover,
Physical,
Vulnerability,
Reconnaissance,
Domain Takeover,
Lateral Movement,
Network Exposure,
Data Exposure,
Credential Exposure,
Suspicious User Activity,
Suspicious Login,
Suspicious Network Activity,
Suspicious USB Device,
Security Policy Violation,
Security Compliance Violation
Example:

"Malware"

vendors
enum<string>[]
Available options:
CrowdStrike,
Checkpoint,
Delinea,
Securonix,
Falcon LogScale,
Splunk,
ArcSight,
SolarWinds Service Desk,
Datadog,
SentinelOne,
Microsoft Defender For Cloud,
Microsoft Defender For Cloud Apps,
Microsoft Defender For Endpoints
Example:
["CrowdStrike"]

Response

OK

case_manager
string[]
Example:
["[email protected]"]
case_tags
enum<string>[]
Available options:
Malware,
Ransomware,
Insider Threat,
VIP,
Workstation,
Server,
Data Leak,
Data Theft,
Account Compromise,
Adware,
Crypto Miner,
Fraud
Example:
["Malware", "Ransomware", "Insider Threat"]
mitre_attack
enum<string>[]
Available options:
Reconnaissance,
Resource Development,
Initial Access,
Execution,
Persistence,
Privilege Escalation,
Defense Evasion,
Credential Access,
Discovery,
Lateral Movement,
Collection,
Command and Control,
Exfiltration,
Impact
Example:
["Reconnaissance", "Resource Development"]
name
string
Example:

"New Case"

overview
string
Example:

"<p>1. New Malware detected</p>"

severity
integer
Example:

3

sla
integer
Example:

259200000

sla_expiry
integer
Example:

60000

status
enum<string>
Available options:
OPEN,
IN PROGRESS,
CLOSED
Example:

"OPEN"

summary
string
Example:

"Summary of the case"

type
enum<string>
Available options:
Malware,
Ransomware,
Adware,
Spyware,
Crypto Miner,
Data Exfiltration,
Insider Threat,
Network Intrusion,
DoS,
DDoS,
MITM,
SQL Injection,
Email Spoofing,
DNS Spoofing,
C2 Communications,
Rogue Device,
Brute Force,
Phishing,
Compromised Credentials,
Account Takeover,
Physical,
Vulnerability,
Reconnaissance,
Domain Takeover,
Lateral Movement,
Network Exposure,
Data Exposure,
Credential Exposure,
Suspicious User Activity,
Suspicious Login,
Suspicious Network Activity,
Suspicious USB Device,
Security Policy Violation,
Security Compliance Violation
Example:

"Malware"

vendors
enum<string>[]
Available options:
CrowdStrike,
Checkpoint,
Delinea,
Securonix,
Falcon LogScale,
Splunk,
ArcSight,
SolarWinds Service Desk,
Datadog,
SentinelOne,
Microsoft Defender For Cloud,
Microsoft Defender For Cloud Apps,
Microsoft Defender For Endpoints
Example:
["CrowdStrike"]