The
unit21_id
field is being deprecated for Entities, Events, and Instruments after September 30, 2023. Requests that useunit21_id
forentity_ids
andevent_ids
for this endpoint will fail.entity_id
andevent_id
should be used instead. More information.
Creates a new case, sending case data in the request body.
To create a case, you MUST include the following fields: case_id
, title
, and created_at
. The other top-level fields are optional.
If we receive a request to create a case for an case_id
that already exists in our system, we will respond with a 409 error code indicating that this case cannot be created/updated. You must use the /case/update
endpoint to update a case.
You can add the following objects to a case:
Field | Type | Description |
---|---|---|
alerts | Array[] | Alerts that are associated with this case. Consists of alert_id s |
events | Array[] | Transactions affiliated with the case. Consists of event_id s |
entities | Array[] | Entities affiliated with the case. Consists of entity_id s |
Updates to a cases's case_id
are not allowed.
Follow the links for more information:
The response will consist of the following fields:
Field | Type | Description |
---|---|---|
case_id | String | Unique identifier of the case on your platform |
previously_existed | Boolean | If case (with the same case_id ) already exists |