Add external details to case
editAdd external details to case
editAdds the data returned from an external system to the specified case.
After sending a new or updated case to an external system using the Actions API, you must associate the external system’s returned object with the case in Elastic Security.
Request URL
editPOST <kibana host>:<port>/api/cases/<case ID>/_push
URL parts
editThe URL must include the case ID
of the case you are updating. Call
Find cases to retrieve case IDs.
Request body
editA JSON object with the data returned from the external system:
Name | Type | Description | Required |
---|---|---|---|
|
String |
The ID of the connector used to send the case to the external system. |
Yes |
|
String |
The name of the connector used to send the case to the external system.. |
Yes |
|
String |
The |
Yes |
|
String |
The |
Yes |
|
String |
The |
Yes |
Example request
editPOST api/cases/718265d0-733a-11ea-a0b2-c51ea50a58e2/_push "connector_id": "61787f53-4eee-4741-8df6-8fe84fa616f7", "connector_name": "ServiceNow", "external_id": "74c15d07dbb300106ba884da0b9619a0", "external_title": "INC0010016", "external_url": "https://dev78437.service-now.com/nav_to.do?uri=incident.do?sys_id=74c15d07dbb300106ba884da0b9619a0" }
Response code
edit-
200
- Indicates a successful call.
Response payload
editThe updated JSON case object.
Example response
edit{ "id": "718265d0-733a-11ea-a0b2-c51ea50a58e2", "version": "WzMyNywxXQ==", "comments": [], "totalComment": 0, "closed_at": null, "closed_by": null, "created_at": "2020-03-31T10:29:03.781Z", "created_by": { "email": "ahunley@imf.usa.gov", "full_name": "Alan Hunley", "username": "ahunley" }, "external_service": { "pushed_at": "2020-03-31T10:56:10.959Z", "pushed_by": { "username": "ahunley", "full_name": "Alan Hunley", "email": "ahunley@imf.usa.gov" }, "connector_id": "61787f53-4eee-4741-8df6-8fe84fa616f7", "connector_name": "ServiceNow", "external_id": "74c15d07dbb300106ba884da0b9619a0", "external_title": "INC0010016", "external_url": "https://dev78437.service-now.com/nav_to.do?uri=incident.do?sys_id=74c15d07dbb300106ba884da0b9619a0" }, "updated_at": "2020-03-31T10:56:10.959Z", "updated_by": { "username": "ahunley", "full_name": "Alan Hunley", "email": "ahunley@imf.usa.gov" }, "title": "This case will self-destruct in 5 seconds", "tags": [], "description": "James Bond clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants.", "status": "open" }