Elasticsearch Kibana API - Case Management filtering via API requests

yzaritskyi · November 30, 2022, 10:14am

Hey all!

I'm investigating the REST API of Kibana. I'm interested in the implementation of some automatization processes using our SOAR.

I have configured the Webhook for Case Management, and now I get the Cases when some are created. But the data sent by webhook is too little, and I want to perform some actions with the Case that was sent. To perform most API actions with the Case I need to get the Case id.

To do that, I sent the API call Find Cases, then I got the list of all cases and find one I'm interested.

My question is: Is there a way to send the same API call I do, but with some filters? For example, could I send an API call that will find all cases with a specific title, user assignees, severity, etc?

I will be glad to see some examples if someone can provide them. Thank you!

yzaritskyi · November 30, 2022, 10:30am

I performed this API call to find a specified case, but only one field for filtering is not enough for me.

How could I find a case for example "title": x AND "description": y.

This query doesn't work:

It returns me the two Cases:

The first one is the right one that is was looking for.
title: "case made by alert escalation"
description: "description made by analyst"

But also, there is one more Case with values:
title: "case testing"
description: "that's description made by analyst"

system · December 28, 2022, 10:31am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.