List cases

Returns an array of top-level information about cases in your environment.

Because the response is paginated, the request body has a limit and offset field. At least one must be filled.

  • limit indicates how many objects the request returns (the page maximum is 50)
  • offset indicates the offset for pagination. An offset value of 1 starts with the environment's first record.

To narrow down your case search, we provide filter parameters to this endpoint. Note that all list inputs function as an "or" filter, as in any one of the values must match the selected case(s):

FieldTypeDescription
created_afterNumericCases created on or after this unix timestamp
created_beforeNumericCases created before this unix timestamp
dispositionsString[]List of case disposition states (defined on an integration basis)
dispositioned_afterNumericCases with a disposition most recently updated after this unix timestamp
dispositioned_beforeNumericCases with a disposition most recently updated before this unix timestamp
dispositioned_byString[]List of agent emails. Returns alerts with a disposition most recently changed by agents in the list
rulesNumeric[]List of Unit21 rule ids that are associated with the case
associated_entitiesNumeric[]List of Unit21 entity ids associated with this case
associated_eventsNumeric[]List of Unit21 event ids associated with this case
associated_alertsNumeric[]List of Unit21 alert ids associated with this case
sourcesString[]Must be list of alert sources: INTERNAL, EXTERNAL
statusesString[]Must be list of alert statuses: OPEN, CLOSED
tag_filtersString[]List of string tags (key:value) or keys to associate this case with (e.g. case_type:high_velocity or case_type). If only the key is provided, we will match against all tags with that key
limitNumericA limit on the number of objects to be returned. Limit can range between 1 and 50, and the default is 10
offsetNumericThe offset for pagination. Default is 1
optionsObjectOptions for the data included in the returned cases. Removing unneeded options can improve response speed

The total_count field contains the total number of case where the response_count field contains the number of cases included in the response.

Follow the links for more information:

Language
Authentication
Header
URL
Click Try It! to start a request and see the response here!