Method: legacyCases.createManualCase

Full name: projects.locations.instances.legacyCases.createManualCase

Creates a manual case that will be displayed in your case queue in the same way as other cases.

HTTP request


POST https://chronicle.africa-south1.rep.googleapis.com/v1alpha/{name}/legacyCases:createManualCase

Path parameters

Parameters
name

string

Required. The resource name of the LegacyCase to retrieve. Format: projects/{project}/locations/{location}/instances/{instance}/LegacyCases

Request body

The request body contains data with the following structure:

JSON representation 
{
  "title": string,
  "reason": string,
  "environment": string,
  "assignedUser": string,
  "tags": [
    string
  ],
  "playbooks": [
    string
  ],
  "entities": [
    {
      object (LegacyCaseApiSecurityEntityDataModel)
    }
  ],
  "alertName": string,
  "occurenceTime": string,
  "priority": enum (CasePriority),
  "slaExpirationDateTime": string,
  "isImportant": boolean,
  "automaticPlaybookAttachment": boolean
}
Fields
title

string

Required. Title is the title of the manual case.
reason

string

Optional. Reason is the reason for the manual case.
environment

string

Optional. Environment is the environment of the manual case.
assignedUser

string

Required. AssignedUser is the user assigned to the manual case.
tags[]

string

Optional. Tags is a list of tags for the manual case.
playbooks[]

string

Optional. Playbooks is a list of playbook GUIDs for the manual case.
entities[]

object (LegacyCaseApiSecurityEntityDataModel)

Optional. Entities is a list of entities for the manual case.
alertName

string

Optional. AlertName is the name of the alert.
occurenceTime

string (Timestamp format)

Optional. OccurrenceTime is the occurrence time of the event. Represents DateTime OccurrenceTime as unix time

Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
priority

enum (CasePriority)

Optional. Priority is the priority of the manual case.
slaExpirationDateTime

string (Timestamp format)

Optional. SlaExpirationDateTime is the SLA expiration time. Represents DateTime SlaExpirationDateTime as unix time

Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
isImportant

boolean

Optional. IsImportant indicates if the case is important.
automaticPlaybookAttachment

boolean

Optional. AutomaticPlaybookAttachment indicates if the case should be automatically attached to a playbook.

Response body

Response message for legacyCases.createManualCase.

If successful, the response body contains data with the following structure:

JSON representation 
{
  "payload": string
}
Fields
payload

string (int64 format)

Output only. The id of the created case.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the name resource:

  • chronicle.legacyCases.createManual

For more information, see the IAM documentation.

CasePriority

CasePriority represents the priority of a case. LINT.IfChange(CasePriority)

Enums
UNCHANGED Unchanged case priority.
LOW Low case priority.
MEDIUM Medium case priority.
HIGH High case priority.
CRITICAL Critical case priority.
INFORMATIVE Informative case priority.