Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Cases] Create API for retrieving all alerts for a case ID #101816

Closed
jonathan-buttner opened this issue Jun 9, 2021 · 2 comments · Fixed by #101878
Closed

[Cases] Create API for retrieving all alerts for a case ID #101816

jonathan-buttner opened this issue Jun 9, 2021 · 2 comments · Fixed by #101878
Assignees
@cnasikas @jonathan-buttner
Labels
Feature:Cases Cases feature Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting Security Solution Threat Hunting Team v7.14.0

Comments

@jonathan-buttner
Copy link
Contributor

jonathan-buttner commented Jun 9, 2021
edited
Loading

This issue is to track the work for creating an API within the cases plugin to retrieve all the alerts associated with a specific case ID.

The short term goal is to create an API that simply returns all of the alerts. In the future we can provide a more robust solution that allows doing search after or something similar.

For the implementation we can use what Larry suggested on the RBAC PR:

     const finder = soClient.createPointInTimeFinder<CaseUserActionAttributes>({
        type: CASE_USER_ACTION_SAVED_OBJECT,
        hasReference: { type, id },
        sortField: 'action_at',
        sortOrder: 'asc',
      });

      let result: Array<SavedObject<CaseUserActionAttributes>> = [];
      for await (const userActionSavedObject of finder.find()) {
        result = result.concat(userActionSavedObject.saved_objects);
      }
      return result;

Reference: #95058 (comment)
@botelastic botelastic bot added the needs-team Issues missing a team label label Jun 9, 2021
@jonathan-buttner jonathan-buttner added Feature:Cases Cases feature and removed needs-team Issues missing a team label labels Jun 9, 2021
@botelastic botelastic bot added the needs-team Issues missing a team label label Jun 9, 2021
@jonathan-buttner jonathan-buttner added Team:Threat Hunting Security Solution Threat Hunting Team v7.14.0 and removed needs-team Issues missing a team label labels Jun 9, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

@cnasikas cnasikas added the Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. label Jun 10, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@cnasikas cnasikas mentioned this issue Jun 10, 2021
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cnasikas cnasikas

@jonathan-buttner jonathan-buttner

Labels
Feature:Cases Cases feature Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting Security Solution Threat Hunting Team v7.14.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Cases] Route: Get all alerts attach to a case cnasikas/kibana
3 participants
@cnasikas @elasticmachine @jonathan-buttner