The
unit21_idfield is being deprecated for Entities, Events, and Instruments after September 30, 2023. Requests that useunit21_idforentity_idsandevent_idsfor this endpoint will fail.entity_idandevent_idshould be used instead. More information.
Creates a new case, sending case data in the request body.
To create a case, you MUST include the following fields: case_id, title, and created_at. The other top-level fields are optional.
If we receive a request to create a case for an case_id that already exists in our system, we will respond with a 409 error code indicating that this case cannot be created/updated. You must use the /case/update endpoint to update a case.
You can add the following objects to a case:
| Field | Type | Description |
|---|---|---|
alerts | Array[] | Alerts that are associated with this case. Consists of alert_ids |
events | Array[] | Transactions affiliated with the case. Consists of event_ids |
entities | Array[] | Entities affiliated with the case. Consists of entity_ids |
Updates to a cases's case_id are not allowed.
Follow the links for more information:
The response will consist of the following fields:
| Field | Type | Description |
|---|---|---|
case_id | String | Unique identifier of the case on your platform |
previously_existed | Boolean | If case (with the same case_id) already exists |