The
unit21_idfield is being deprecated for Entities, Events, and Instruments after September 30, 2023. Requests that useunit21_idforassociated_entitiesandassociated_eventsfor this endpoint will fail.entity_idandevent_idshould be used instead. More information.
Returns an array of top-level information about cases in your environment.
Because the response is paginated, the request body has a limit and offset field. At least one must be filled.
limitindicates how many objects the request returns (the page maximum is 50)offsetindicates the offset for pagination. Anoffsetvalue of 1 starts with the environment's first record.
To narrow down your case search, we provide filter parameters to this endpoint. Note that all list inputs function as an "or" filter, as in any one of the values must match the selected case(s):
| Field | Type | Description |
|---|---|---|
created_after | Numeric | Cases created on or after this unix timestamp |
created_before | Numeric | Cases created before this unix timestamp |
dispositions | String[] | List of case disposition states (defined on an integration basis) |
dispositioned_after | Numeric | Cases with a disposition most recently updated after this unix timestamp |
dispositioned_before | Numeric | Cases with a disposition most recently updated before this unix timestamp |
dispositioned_by | String[] | List of agent emails. Returns alerts with a disposition most recently changed by agents in the list |
rules | Numeric[] | List of Unit21 rule ids that are associated with the case |
associated_entities | String[] | List of entity ids associated with this case |
associated_events | String[] | List of event ids associated with this case |
associated_alerts | Numeric[] | List of Unit21 alert ids associated with this case |
sources | String[] | Must be list of alert sources: INTERNAL, EXTERNAL |
statuses | String[] | Must be list of alert statuses: OPEN, CLOSED |
tag_filters | String[] | List of string tags (key:value) or keys to associate this case with (e.g. case_type:high_velocity or case_type). If only the key is provided, we will match against all tags with that key |
limit | Numeric | A limit on the number of objects to be returned. Limit can range between 1 and 50, and the default is 10 |
offset | Numeric | The offset for pagination. Default is 1 |
options | Object | Options for the data included in the returned cases. Removing unneeded options can improve response speed |
The total_count field contains the total number of case where the response_count field contains the number of cases included in the response.
Follow the links for more information: