Find Cases API endpoint


I've been playing a bit with the Find Cases API endpoint but I'm unable to filter cases by any field other than status, reporters and tags.

I've tried the Saved Objects filter parameter with lots of expresions to try to filter cases updated after some date but with no luck.

Is this possible? Or is not supported at the moment?


Hi rpiccio,

You are right that's the only fields which are supported at the moment. I think that we also allow the search query parameter to search case name.

We will love that you create an enhancement ticket with the label threat hunting team to see what kind of request you have and it might match with some of our use case in the near future.


1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.