The unit21_id field is being deprecated for Entities, Events, and Instruments after September 30, 2023. Requests that use unit21_id for entity_ids and event_ids for this endpoint will fail. entity_id and event_id should be used instead. More information.
Creates a new case, sending case data in the request body.
To create a case, you MUST include the following fields: case_id, title, and created_at. The other top-level fields are optional.
If we receive a request to create a case for an case_id that already exists in our system, we will respond with a 409 error code indicating that this case cannot be created/updated. You must use the /case/update endpoint to update a case.
You can add the following objects to a case:
Alerts that are associated with this case. Consists of alert_ids
Transactions affiliated with the case. Consists of event_ids
Entities affiliated with the case. Consists of entity_ids