Get case by ID.

Parameters

ParameterDescription
Case IDThe ID of the case to return. It can be obtained by the List Case action.
Disable SSL EnforcementEnable this option to skip SSL verification of the server’s certificate chain and host name. This may increase security vulnerabilities, but can be useful for testing or when custom verification is employed.

Example Output

{
	"ArcSightESM": {
		"Cases": {
			"URI": "/All Cases/All Cases/Downloads/test",
			"action": "BLOCK_OR_SHUTDOWN",
			"associatedImpact": "AVAILABILITY",
			"attackAgent": "INSIDER",
			"attackMechanism": "PHYSICAL",
			"attributeInitializationInProgress": false,
			"consequenceSeverity": "INSIGNIFICANT",
			"createdDate": "2019-02-04T12:33:21.000Z",
			"createdTime": {
				"day": 4,
				"hour": 7,
				"milliSecond": 646,
				"minute": 33,
				"month": 1,
				"second": 21,
				"timezoneID": "America/New_York",
				"year": 2019
			},
			"createdTimestamp": 1549283601646,
			"creatorName": "admin",
			"deprecated": false,
			"detectionTime": {
				"day": 5,
				"hour": 4,
				"milliSecond": 986,
				"minute": 20,
				"month": 1,
				"second": 41,
				"timezoneID": "America/New_York",
				"year": 2019
			},
			"disabled": false,
			"displayID": 10017,
			"estimatedStartTime": {
				"day": 5,
				"hour": 4,
				"milliSecond": 525,
				"minute": 19,
				"month": 1,
				"second": 55,
				"timezoneID": "America/New_York",
				"year": 2019
			},
			"eventIDs": [
				12395741,
				45696713,
				78996719
			],
			"frequency": "NEVER_OR_ONCE",
			"history": "KNOWN_OCCURENCE",
			"inCache": false,
			"inactive": false,
			"initialized": true,
			"isAdditionalLoaded": false,
			"localID": 30064771012,
			"modificationCount": 1462,
			"modifiedDate": "2020-05-10T10:42:34.000Z",
			"modifiedTime": {
				"day": 10,
				"hour": 6,
				"milliSecond": 194,
				"minute": 42,
				"month": 4,
				"second": 34,
				"timezoneID": "America/New_York",
				"year": 2020
			},
			"modifiedTimestamp": 1589107354194,
			"modifierName": "admin",
			"name": "test",
			"numberOfOccurences": 0,
			"operationalImpact": "NO_IMPACT",
			"reference": {
				"id": "12ax-uGgBABCWb2puJdY8ZA==",
				"isModifiable": true,
				"managerID": "A1xxqmYBABCAXZPTkLg+BA==",
				"referenceName": "Case",
				"referenceString": "<Resource URI=\"/All Cases/All Cases/Downloads/test\" ID=\"12ax-uGgBABCWb2puJdY8ZA==\"/>",
				"referenceType": 7,
				"uri": "/All Cases/All Cases/Downloads/test"
			},
			"reportingLevel": 1,
			"resistance": "HIGH",
			"resourceid": "12ax-uGgBABCWb2puJdY8ZA==",
			"securityClassification": "UNCLASSIFIED",
			"securityClassificationCode": "P I   D U A B ",
			"sensitivity": "UNCLASSIFIED",
			"stage": "QUEUED",
			"state": 2,
			"ticketType": "INTERNAL",
			"type": 7,
			"typeName": "Case",
			"vulnerability": "DESIGN",
			"vulnerabilityType1": "ACCIDENTAL",
			"vulnerabilityType2": "EMI_RFI"
		}
	}
}

Workflow Library Example

Get Case with Arcsight Esm and Send Results Via Email

Preview this Workflow on desktop

Get case by ID.

Parameters

ParameterDescription
Case IDThe ID of the case to return. It can be obtained by the List Case action.
Disable SSL EnforcementEnable this option to skip SSL verification of the server’s certificate chain and host name. This may increase security vulnerabilities, but can be useful for testing or when custom verification is employed.

Example Output

{
	"ArcSightESM": {
		"Cases": {
			"URI": "/All Cases/All Cases/Downloads/test",
			"action": "BLOCK_OR_SHUTDOWN",
			"associatedImpact": "AVAILABILITY",
			"attackAgent": "INSIDER",
			"attackMechanism": "PHYSICAL",
			"attributeInitializationInProgress": false,
			"consequenceSeverity": "INSIGNIFICANT",
			"createdDate": "2019-02-04T12:33:21.000Z",
			"createdTime": {
				"day": 4,
				"hour": 7,
				"milliSecond": 646,
				"minute": 33,
				"month": 1,
				"second": 21,
				"timezoneID": "America/New_York",
				"year": 2019
			},
			"createdTimestamp": 1549283601646,
			"creatorName": "admin",
			"deprecated": false,
			"detectionTime": {
				"day": 5,
				"hour": 4,
				"milliSecond": 986,
				"minute": 20,
				"month": 1,
				"second": 41,
				"timezoneID": "America/New_York",
				"year": 2019
			},
			"disabled": false,
			"displayID": 10017,
			"estimatedStartTime": {
				"day": 5,
				"hour": 4,
				"milliSecond": 525,
				"minute": 19,
				"month": 1,
				"second": 55,
				"timezoneID": "America/New_York",
				"year": 2019
			},
			"eventIDs": [
				12395741,
				45696713,
				78996719
			],
			"frequency": "NEVER_OR_ONCE",
			"history": "KNOWN_OCCURENCE",
			"inCache": false,
			"inactive": false,
			"initialized": true,
			"isAdditionalLoaded": false,
			"localID": 30064771012,
			"modificationCount": 1462,
			"modifiedDate": "2020-05-10T10:42:34.000Z",
			"modifiedTime": {
				"day": 10,
				"hour": 6,
				"milliSecond": 194,
				"minute": 42,
				"month": 4,
				"second": 34,
				"timezoneID": "America/New_York",
				"year": 2020
			},
			"modifiedTimestamp": 1589107354194,
			"modifierName": "admin",
			"name": "test",
			"numberOfOccurences": 0,
			"operationalImpact": "NO_IMPACT",
			"reference": {
				"id": "12ax-uGgBABCWb2puJdY8ZA==",
				"isModifiable": true,
				"managerID": "A1xxqmYBABCAXZPTkLg+BA==",
				"referenceName": "Case",
				"referenceString": "<Resource URI=\"/All Cases/All Cases/Downloads/test\" ID=\"12ax-uGgBABCWb2puJdY8ZA==\"/>",
				"referenceType": 7,
				"uri": "/All Cases/All Cases/Downloads/test"
			},
			"reportingLevel": 1,
			"resistance": "HIGH",
			"resourceid": "12ax-uGgBABCWb2puJdY8ZA==",
			"securityClassification": "UNCLASSIFIED",
			"securityClassificationCode": "P I   D U A B ",
			"sensitivity": "UNCLASSIFIED",
			"stage": "QUEUED",
			"state": 2,
			"ticketType": "INTERNAL",
			"type": 7,
			"typeName": "Case",
			"vulnerability": "DESIGN",
			"vulnerabilityType1": "ACCIDENTAL",
			"vulnerabilityType2": "EMI_RFI"
		}
	}
}

Workflow Library Example

Get Case with Arcsight Esm and Send Results Via Email

Preview this Workflow on desktop