Hi!
I've been playing a bit with the Find Cases API endpoint but I'm unable to filter cases by any field other than status, reporters and tags.
I've tried the Saved Objects filter parameter with lots of expresions to try to filter cases updated after some date but with no luck.
Is this possible? Or is not supported at the moment?
Regards,
Romano.
Hi rpiccio,
You are right that's the only fields which are supported at the moment. I think that we also allow the search query parameter to search case name.
We will love that you create an enhancement ticket with the label threat hunting team to see what kind of request you have and it might match with some of our use case in the near future.
Best,
Xavier
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.