Find Cases API endpoint

rpiccio · May 2, 2021, 2:56pm

Hi!

I've been playing a bit with the Find Cases API endpoint but I'm unable to filter cases by any field other than status, reporters and tags.

I've tried the Saved Objects filter parameter with lots of expresions to try to filter cases updated after some date but with no luck.

Is this possible? Or is not supported at the moment?

Regards,
Romano.

Xavier_Mouligneau · May 6, 2021, 2:05am

Hi rpiccio,

You are right that's the only fields which are supported at the moment. I think that we also allow the search query parameter to search case name.

We will love that you create an enhancement ticket with the label threat hunting team to see what kind of request you have and it might match with some of our use case in the near future.

Best,
Xavier

system · June 3, 2021, 2:06am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Search UI - Is it Possible to Add An "Exists" Filter Elastic Search	1	16	September 19, 2024
Make query case sensitive Elastic Search elastic-app-search	2	217	August 15, 2023
Case Sensitive Query for Text fields in Elasticsearch Elasticsearch	7	3772	March 21, 2021
In App Search API how to check if the field exists or not in a document during search Elastic Search elastic-app-search	5	1345	December 19, 2019
Case-Insensitive regex-based search for text fields in ES 5.6.3 Elasticsearch	1	417	June 9, 2019

Find Cases API endpoint

Related topics