Returns an array of top-level information about cases in your environment.
Because the response is paginated, the request body has a
offset field. At least one must be filled.
limit indicates how many objects the request returns (the page maximum is 50)
offset indicates the offset for pagination. An
offset value of 1 starts with the environment's first record.
To narrow down your case search, we provide filter parameters to this endpoint. Note that all list inputs function as an "or" filter, as in any one of the values must match the selected case(s):
|Numeric||Cases created on or after this unix timestamp|
|Numeric||Cases created before this unix timestamp|
|String||List of case disposition states (defined on an integration basis)|
|Numeric||Cases with a disposition most recently updated after this unix timestamp|
|Numeric||Cases with a disposition most recently updated before this unix timestamp|
|String||List of agent emails. Returns alerts with a disposition most recently changed by agents in the list|
|Numeric||List of Unit21 rule ids that are associated with the case|
|Numeric||List of Unit21 entity ids associated with this case|
|Numeric||List of Unit21 event ids associated with this case|
|Numeric||List of Unit21 alert ids associated with this case|
|String||Must be list of alert sources: |
|String||Must be list of alert statuses: |
|String||List of string tags (|
key:value) or keys to associate this case with (e.g.
case_type). If only the key is provided, we will match against all tags with that key
|Numeric||A limit on the number of objects to be returned. Limit can range between 1 and 50, and the default is 10|
|Numeric||The offset for pagination. Default is 1|
|Object||Options for the data included in the returned cases. Removing unneeded options can improve response speed|
total_count field contains the total number of case where the
response_count field contains the number of cases included in the response.
Follow the links for more information: