--- openapi: 3.0.3 info: title: Case Management Service description: This page describes the available endpoints for the Axon Case Management API. For more information on the Axon API, refer to https://docs.logrhythm.com/axon/docs/axon-api-guide. version: 20231023222151-75b8af2 tags: - name: Case Activity Management - name: Case Attachment Management - name: Case Management paths: /case-management-svc/v1/tenants/{tenantId}/activities: post: tags: - Case Activity Management summary: Create an Activity description: "* This method will return 400 upon receiving an invalid request.\ \ \n* This method will return 401 for unauthenticated users. \n* This method\ \ will return 403 for authenticated users who request a forbidden resource.\ \ \n" parameters: - name: tenantId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/Activity' responses: "201": description: Created content: application/json: schema: $ref: '#/components/schemas/Comment' /case-management-svc/v1/tenants/{tenantId}/activities/byCaseId/{caseId}: get: tags: - Case Activity Management summary: Retrieve all the activity entries for a specific case and tenant. description: "* This method will return 401 for unauthenticated users. \n* This\ \ method will return 403 for authenticated users who request a forbidden resource.\ \ \n* This method will return 404 upon receiving a identifier that does not\ \ exist. \n" parameters: - name: caseId in: path required: true schema: type: string - name: tenantId in: path description: The identifier of the tenant required: true schema: type: string - name: afterId in: query description: "The id of the item prior to the items you would like returned.\ \ A not present, or empty value means you want to start with the first result." schema: type: string example: 0f54a194-d75a-4a60-8c68-d4b8e66c971c - name: limit in: query description: The maximum number of results that a response page can contain. schema: format: int32 default: 10 type: integer - name: sort in: query description: The order you would like the results in. example: field:asc responses: "200": description: All Activity entries for a Case content: application/json: schema: $ref: '#/components/schemas/SeekPageResponseActivityResponse' /case-management-svc/v1/tenants/{tenantId}/activities/{id}: get: tags: - Case Activity Management summary: Retrieve an activity by id for a tenant. description: "* This method will return 401 for unauthenticated users. \n* This\ \ method will return 403 for authenticated users who request a forbidden resource.\ \ \n* This method will return 404 upon receiving a identifier that does not\ \ exist. \n" parameters: - name: id in: path description: The system identifier for this object required: true schema: type: string readOnly: true - name: tenantId in: path description: The identifier of the tenant. required: true schema: type: string readOnly: true example: boreas responses: "200": description: Comment content: application/json: schema: $ref: '#/components/schemas/UnaryResponseActivityResponse' put: tags: - Case Activity Management summary: Update a Activity description: "* This method will return 400 upon receiving an invalid request.\ \ \n* This method will return 401 for unauthenticated users. \n* This method\ \ will return 403 for authenticated users who request a forbidden resource.\ \ \n* This method will return 404 upon receiving a identifier that does not\ \ exist. \n" parameters: - name: id in: path description: The system identifier for this object required: true schema: type: string readOnly: true - name: tenantId in: path description: The identifier of the tenant. required: true schema: type: string readOnly: true example: boreas requestBody: content: application/json: schema: $ref: '#/components/schemas/Activity' responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/UnaryResponseActivity' patch: tags: - Case Activity Management summary: Update a Activity Description description: "* This method will return 400 upon receiving an invalid request.\ \ \n* This method will return 401 for unauthenticated users. \n* This method\ \ will return 403 for authenticated users who request a forbidden resource.\ \ \n* This method will return 404 upon receiving a identifier that does not\ \ exist. \n" parameters: - name: id in: path description: The system identifier for this object required: true schema: type: string readOnly: true - name: tenantId in: path description: The identifier of the tenant. required: true schema: type: string readOnly: true example: boreas requestBody: content: application/json: schema: type: string responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/UnaryResponseActivity' /case-management-svc/v1/tenants/{tenantId}/attachments/{id}: put: tags: - Case Attachment Management summary: Update an Attachment description: "* This method will return 400 upon receiving an invalid request.\ \ \n* This method will return 401 for unauthenticated users. \n* This method\ \ will return 403 for authenticated users who request a forbidden resource.\ \ \n* This method will return 404 upon receiving a identifier that does not\ \ exist. \n" parameters: - name: id in: path description: The system identifier for this object required: true schema: type: string readOnly: true - name: tenantId in: path description: The identifier of the tenant. required: true schema: type: string readOnly: true example: boreas requestBody: content: application/json: schema: $ref: '#/components/schemas/Attachment' responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/UnaryResponseAttachment' /case-management-svc/v1/tenants/{tenantId}/cases: get: tags: - Case Management summary: Retrieve all the cases for a tenant. description: "* This method will return 400 upon receiving an invalid request.\ \ \n* This method will return 401 for unauthenticated users. \n* This method\ \ will return 403 for authenticated users who request a forbidden resource.\ \ \n" parameters: - name: tenantId in: path description: The identifier of the tenant required: true schema: type: string - name: afterId in: query description: "The id of the item prior to the items you would like returned.\ \ A not present, or empty value means you want to start with the first result." schema: type: string example: 0f54a194-d75a-4a60-8c68-d4b8e66c971c - name: limit in: query description: The maximum number of results that a response page can contain. schema: format: int32 default: 10 type: integer - name: sort in: query description: The order you would like the results in. example: field:asc responses: "200": description: All Cases content: application/json: schema: $ref: '#/components/schemas/SeekPageResponseCaseResponse' put: tags: - Case Management summary: "Change status, severity, description, owner or add a comment for multiple\ \ Cases." description: "Changes the status, severity, description, owner or add a comment\ \ for multiple Cases" parameters: - name: tenantId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/BulkUpdateParameters' responses: "200": description: Case content: application/json: schema: $ref: '#/components/schemas/Response' post: tags: - Case Management summary: Create a Case description: "* This method will return 400 upon receiving an invalid request.\ \ \n* This method will return 401 for unauthenticated users. \n* This method\ \ will return 403 for authenticated users who request a forbidden resource.\ \ \n" parameters: - name: tenantId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/Case' responses: "201": description: Created content: application/json: schema: $ref: '#/components/schemas/Case' /case-management-svc/v1/tenants/{tenantId}/cases/byNumber/{number}: get: tags: - Case Management summary: Retrieve a case by number for a tenant. description: "* This method will return 400 upon receiving an invalid request.\ \ \n* This method will return 401 for unauthenticated users. \n* This method\ \ will return 403 for authenticated users who request a forbidden resource.\ \ \n" parameters: - name: number in: path required: true schema: format: int32 type: integer - name: tenantId in: path required: true schema: type: string responses: "200": description: Case content: application/json: schema: $ref: '#/components/schemas/UnaryResponseCaseResponse' /case-management-svc/v1/tenants/{tenantId}/cases/byStatusAndPriorityAndOwnerPattern: get: tags: - Case Management summary: Retrieve all the cases for a tenant. description: "* This method will return 400 upon receiving an invalid request.\ \ \n* This method will return 401 for unauthenticated users. \n* This method\ \ will return 403 for authenticated users who request a forbidden resource.\ \ \n" parameters: - name: tenantId in: path description: The identifier of the tenant required: true schema: type: string - name: afterId in: query description: "The id of the item prior to the items you would like returned.\ \ A not present, or empty value means you want to start with the first result." schema: type: string example: 0f54a194-d75a-4a60-8c68-d4b8e66c971c - name: limit in: query description: The maximum number of results that a response page can contain. schema: format: int32 default: 10 type: integer - name: ownerEmail in: query description: Owner email pattern schema: type: string example: '%road_runn%' - name: severity in: query description: Priority pattern schema: type: string example: CRIT - name: sort in: query description: The order you would like the results in. example: field:asc - name: status in: query description: Status pattern schema: type: string example: CLO responses: "200": description: All Cases content: application/json: schema: $ref: '#/components/schemas/SeekPageResponseCaseResponse' /case-management-svc/v1/tenants/{tenantId}/cases/metrics: get: tags: - Case Management summary: Retrieve case metrics for a tenant. description: "* This method will return 400 upon receiving an invalid request.\ \ \n* This method will return 401 for unauthenticated users. \n* This method\ \ will return 403 for authenticated users who request a forbidden resource.\ \ \n" parameters: - name: tenantId in: path required: true schema: type: string responses: "200": description: Case Count Metrics content: application/json: schema: $ref: '#/components/schemas/UnaryResponseCaseCountMetricResponse' /case-management-svc/v1/tenants/{tenantId}/cases/search: get: tags: - Case Management summary: Search for cases in a tenant using a string. description: "* This method will return 400 upon receiving an invalid request.\ \ \n* This method will return 401 for unauthenticated users. \n* This method\ \ will return 403 for authenticated users who request a forbidden resource.\ \ \n" parameters: - name: tenantId in: path description: The identifier of the tenant required: true schema: type: string - name: afterId in: query description: "The id of the item prior to the items you would like returned.\ \ A not present, or empty value means you want to start with the first result." schema: type: string example: 0f54a194-d75a-4a60-8c68-d4b8e66c971c - name: caseStatus in: query description: "Case Status used to determine which cases are eligible for search,\ \ are closed cases included? defaults to \"all\"" required: false schema: type: string example: "open, or all" - name: limit in: query description: The maximum number of results that a response page can contain. schema: format: int32 default: 10 type: integer - name: searchCriteria in: query description: "Search Query in the form of a string that will search against\ \ case name, case number, and case description. % sign does a fuzzy match\ \ on characters preceding or following." required: true schema: type: string example: '%feb%' - name: sort in: query description: The order you would like the results in. example: field:asc responses: "200": description: Search Cases by given string and case status content: application/json: schema: $ref: '#/components/schemas/SeekPageResponseCaseResponse' /case-management-svc/v1/tenants/{tenantId}/cases/{id}: get: tags: - Case Management summary: Retrieve a case by id for a tenant. description: "* This method will return 400 upon receiving an invalid request.\ \ \n* This method will return 401 for unauthenticated users. \n* This method\ \ will return 403 for authenticated users who request a forbidden resource.\ \ \n" parameters: - name: id in: path description: The system identifier for this object required: true schema: type: string readOnly: true - name: tenantId in: path description: The identifier of the tenant. required: true schema: type: string readOnly: true example: boreas responses: "200": description: Case content: application/json: schema: $ref: '#/components/schemas/UnaryResponseCaseResponse' put: tags: - Case Management summary: Update a Case description: "* This method will return 400 upon receiving an invalid request.\ \ \n* This method will return 401 for unauthenticated users. \n* This method\ \ will return 403 for authenticated users who request a forbidden resource.\ \ \n* This method will return 404 upon receiving a identifier that does not\ \ exist. \n" parameters: - name: id in: path description: The system identifier for this object required: true schema: type: string readOnly: true - name: tenantId in: path description: The identifier of the tenant. required: true schema: type: string readOnly: true example: boreas requestBody: content: application/json: schema: $ref: '#/components/schemas/Case' responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/UnaryResponseCaseResponse' components: schemas: Activity: title: Activity description: A Activity object required: - tenantId - caseId - description - type - createdBy - updatedBy type: object allOf: - $ref: '#/components/schemas/Identifier' properties: tenantId: type: string readOnly: true id: pattern: "^[a-zA-Z0-9\\-._~]{2,40}$" type: string readOnly: true createdOn: format: date-time description: The born-on date of this entity type: string readOnly: true updatedOn: format: date-time description: The last time this entity has been modified. type: string readOnly: true caseId: description: The id of the Case the Activity belongs to. pattern: \S type: string example: "123456789" description: description: The description of the Activity. pattern: \S type: string example: Details of the event queryFilter: description: The queryFilter of the Activity. type: string example: Details of the event type: description: The type of the activity. type: string allOf: - $ref: '#/components/schemas/ActivityType' example: COMMENT | LOG | ATTACHMENT createdBy: description: The id of the user who created the Activity. type: string readOnly: true example: "123456789" updatedBy: description: The id of the user who updated the Activity. type: string readOnly: true example: "123456789" firstLogDate: format: date-time description: The date of the earliest attached log for the Case type: string readOnly: true lastLogDate: format: date-time description: The date of the latest attached log for the Activity entry type: string readOnly: true logs: description: The list of Logs associated with this Activity. type: array items: $ref: '#/components/schemas/Log' attachments: type: array items: $ref: '#/components/schemas/Attachment' ActivityResponse: required: - tenantId - caseId - description - type - createdBy - updatedBy type: object properties: tenantId: type: string readOnly: true id: pattern: "^[a-zA-Z0-9\\-._~]{2,40}$" type: string readOnly: true createdOn: format: date-time description: The born-on date of this entity type: string readOnly: true updatedOn: format: date-time description: The last time this entity has been modified. type: string readOnly: true caseId: description: The id of the Case the Activity belongs to. pattern: \S type: string example: "123456789" description: description: The description of the Activity. pattern: \S type: string example: Details of the event queryFilter: description: The queryFilter of the Activity. type: string example: Details of the event type: description: The type of the activity. type: string allOf: - $ref: '#/components/schemas/ActivityType' example: COMMENT | LOG | ATTACHMENT createdBy: description: The id of the user who created the Activity. type: string readOnly: true example: "123456789" updatedBy: description: The id of the user who updated the Activity. type: string readOnly: true example: "123456789" firstLogDate: format: date-time description: The date of the earliest attached log for the Case type: string readOnly: true lastLogDate: format: date-time description: The date of the latest attached log for the Activity entry type: string readOnly: true logs: description: The list of Logs associated with this Activity. type: array items: $ref: '#/components/schemas/Log' attachments: type: array items: $ref: '#/components/schemas/Attachment' createdByEmail: type: string updatedByEmail: type: string logCount: format: int32 type: integer ActivityType: enum: - LOG - ATTACHMENT - COMMENT - HISTORY type: string Attachment: title: Attachment description: An Attachment object required: - tenantId - activityId - name - location type: object allOf: - $ref: '#/components/schemas/Identifier' properties: tenantId: type: string readOnly: true id: pattern: "^[a-zA-Z0-9\\-._~]{2,40}$" type: string readOnly: true createdOn: format: date-time description: The born-on date of this entity type: string readOnly: true updatedOn: format: date-time description: The last time this entity has been modified. type: string readOnly: true activityId: description: The id of the activity the Attachment belongs to. pattern: \S type: string readOnly: true example: "123456789" name: description: The name the Attachment. pattern: \S type: string example: File Name location: description: The location the Attachment. pattern: \S type: string example: File Location AuditContext: required: - userId - requestId type: object properties: userId: pattern: \S type: string impersonatorId: type: string requestId: pattern: \S type: string AuditLog: required: - tenantId - serviceName - type - action type: object allOf: - $ref: '#/components/schemas/Identifier' properties: tenantId: type: string readOnly: true id: pattern: "^[a-zA-Z0-9\\-._~]{2,40}$" type: string readOnly: true createdOn: format: date-time description: The born-on date of this entity type: string readOnly: true updatedOn: format: date-time description: The last time this entity has been modified. type: string readOnly: true auditedOn: description: The date the audit log occurred represented by a String formatted date. type: string allOf: - $ref: '#/components/schemas/Instant' example: 2020-08-19T21:01:20.123456Z record: type: string example: "{\"RECORD\":\"TEST\"}" comment: type: string serviceName: pattern: \S type: string type: pattern: \S type: string action: pattern: \S type: string entityId: type: string context: $ref: '#/components/schemas/AuditContext' subject: $ref: '#/components/schemas/AuditSubject' logRhythmSignalType: description: The date the audit log occurred represented by a String formatted date. type: string example: 2020-08-19T21:01:20.123456Z AuditSubject: required: - subjectId - resourceType type: object properties: subjectId: pattern: \S type: string resourceType: pattern: \S type: string related: type: object additionalProperties: type: array items: type: string example: User: - User1 - User2 AutoCase: title: AutoCase description: A Case object for Automated Case Creation required: - tenantId - name - createdBy - priority - analyticsRuleName - commonEventIds - logs type: object properties: tenantId: pattern: \S type: string name: description: The name of the case. pattern: \S type: string example: Phishing from Sweden owner: description: The person who owns the case. type: string example: 8dd79ade-f1ca-455c-bf90-085af754f162 createdBy: description: The person who created the case. pattern: \S type: string example: 8dd79ade-f1ca-455c-bf90-085af754f162 priority: description: Enum indicating the priority of the case default: NONE pattern: \S type: string example: CRITICAL description: description: The description of the case. type: string example: Possible phishing attempt from Sweden analyticsRuleName: pattern: \S type: string analyticsRuleDescription: type: string threatId: type: string threatName: type: string commonEventIds: minItems: 1 type: array items: type: string logs: minItems: 1 type: array items: $ref: '#/components/schemas/AutoLog' observationGroups: type: object additionalProperties: type: string AutoLog: type: object properties: logId: type: string logDate: $ref: '#/components/schemas/Instant' BaseModel: title: BaseModel description: A basic model for entities with an identifier required: - tenantId type: object properties: tenantId: type: string readOnly: true id: pattern: "^[a-zA-Z0-9\\-._~]{2,40}$" type: string readOnly: true createdOn: format: date-time description: The born-on date of this entity type: string readOnly: true updatedOn: format: date-time description: The last time this entity has been modified. type: string readOnly: true BaseModel1: title: BaseModel description: A basic model for entities with an identifier required: - tenantId type: object properties: tenantId: type: string readOnly: true id: pattern: "^[a-zA-Z0-9\\-._~]{2,40}$" type: string readOnly: true createdOn: format: date-time description: The born-on date of this entity type: string readOnly: true updatedOn: format: date-time description: The last time this entity has been modified. type: string readOnly: true Batch: title: Batch description: A Batch object required: - tenantId - signals type: object properties: tenantId: type: string readOnly: true id: pattern: "^[a-zA-Z0-9\\-._~]{2,40}$" type: string readOnly: true createdOn: format: date-time description: The born-on date of this entity type: string readOnly: true updatedOn: format: date-time description: The last time this entity has been modified. type: string readOnly: true signals: minItems: 1 type: array items: $ref: '#/components/schemas/SignalEnvelope' BulkUpdateParameters: required: - status - severity - comment type: object properties: status: description: Enum indicating the status for the bulk change default: NEW type: string allOf: - $ref: '#/components/schemas/CaseStatus' example: IN_PROGRESS severity: description: Enum indicating the severity for the bulk change default: NONE type: string allOf: - $ref: '#/components/schemas/CaseSeverity' example: CRITICAL ownerId: description: The id of the person for the bulk change. type: string example: "123456789" description: description: The description. type: string example: Possible phishing attempt from Sweden comment: description: The comment of the Activity. type: string example: Details of the event caseIds: description: The id of the cases to be changed type: array items: type: string Case: title: Case description: A Case object required: - tenantId - name - status - severity - createdBy - updatedBy type: object allOf: - $ref: '#/components/schemas/Identifier' properties: tenantId: type: string readOnly: true id: pattern: "^[a-zA-Z0-9\\-._~]{2,40}$" type: string readOnly: true createdOn: format: date-time description: The born-on date of this entity type: string readOnly: true updatedOn: format: date-time description: The last time this entity has been modified. type: string readOnly: true ownerUserId: description: The id of the person who owns the case. type: string example: "123456789" number: format: int32 description: The number identifying the case. type: integer readOnly: true example: 123456789 name: description: The name of the case. pattern: \S type: string example: Phishing from Sweden description: description: The description of the case. type: string example: Possible phishing attempt from Sweden incident: description: Flag indicating whether or not it is an incident default: false type: boolean example: true valid: description: Flag indicating whether or not the case is determined to be valid default: false type: boolean example: true status: description: Enum indicating the current status of the case default: NEW type: string allOf: - $ref: '#/components/schemas/CaseStatus' example: IN_PROGRESS severity: description: Enum indicating the severity of the case default: NONE type: string allOf: - $ref: '#/components/schemas/CaseSeverity' example: CRITICAL observationName: type: string createdBy: description: The id of the user who created the case. type: string readOnly: true example: "123456789" updatedBy: description: The id of the user who updated the case. type: string readOnly: true example: "123456789" firstLogDate: format: date-time description: The date of the earliest attached log for the Case type: string readOnly: true lastLogDate: format: date-time description: The date of the latest attached log for the Case type: string readOnly: true collaborators: description: The id of the collaborators on the case type: array items: $ref: '#/components/schemas/Collaborator' CaseCountMetricResponse: type: object properties: numberOfCasesByStatus: type: object additionalProperties: format: int32 type: integer numberOfCasesBySeverity: type: object additionalProperties: format: int32 type: integer numberOfUnassignedCases: format: int32 type: integer numberOpenCases: format: int32 type: integer CaseResponse: required: - tenantId - name - status - severity - createdBy - updatedBy type: object properties: tenantId: type: string readOnly: true id: pattern: "^[a-zA-Z0-9\\-._~]{2,40}$" type: string readOnly: true createdOn: format: date-time description: The born-on date of this entity type: string readOnly: true updatedOn: format: date-time description: The last time this entity has been modified. type: string readOnly: true ownerUserId: description: The id of the person who owns the case. type: string example: "123456789" number: format: int32 description: The number identifying the case. type: integer readOnly: true example: 123456789 name: description: The name of the case. pattern: \S type: string example: Phishing from Sweden description: description: The description of the case. type: string example: Possible phishing attempt from Sweden incident: description: Flag indicating whether or not it is an incident default: false type: boolean example: true valid: description: Flag indicating whether or not the case is determined to be valid default: false type: boolean example: true status: description: Enum indicating the current status of the case default: NEW type: string allOf: - $ref: '#/components/schemas/CaseStatus' example: IN_PROGRESS severity: description: Enum indicating the severity of the case default: NONE type: string allOf: - $ref: '#/components/schemas/CaseSeverity' example: CRITICAL observationName: type: string createdBy: description: The id of the user who created the case. type: string readOnly: true example: "123456789" updatedBy: description: The id of the user who updated the case. type: string readOnly: true example: "123456789" firstLogDate: format: date-time description: The date of the earliest attached log for the Case type: string readOnly: true lastLogDate: format: date-time description: The date of the latest attached log for the Case type: string readOnly: true collaborators: description: The id of the collaborators on the case type: array items: $ref: '#/components/schemas/Collaborator' ownerUserEmail: type: string createdByEmail: type: string updatedByEmail: type: string CaseSeverity: enum: - CRITICAL - HIGH - MEDIUM - LOW - NONE type: string CaseStatus: enum: - NEW - IN_PROGRESS - CLOSED_RESOLVED - CLOSED_NO_ACTION - CLOSED_FALSE_POSITIVE - WAITING type: string Collaborator: title: Collaborator description: A Collaborator object required: - tenantId - caseId - collaboratorId type: object allOf: - $ref: '#/components/schemas/Identifier' properties: tenantId: type: string readOnly: true id: pattern: "^[a-zA-Z0-9\\-._~]{2,40}$" type: string readOnly: true createdOn: format: date-time description: The born-on date of this entity type: string readOnly: true updatedOn: format: date-time description: The last time this entity has been modified. type: string readOnly: true caseId: description: The id of the case the collaborator belongs to. pattern: \S type: string readOnly: true example: "123456789" collaboratorId: description: The content of the collaborator. pattern: \S type: string example: "11223344" collaboratorEmail: type: string readOnly: true Comment: title: Comment description: A Comment object required: - tenantId - activityId - comment type: object allOf: - $ref: '#/components/schemas/Identifier' properties: tenantId: type: string readOnly: true id: pattern: "^[a-zA-Z0-9\\-._~]{2,40}$" type: string readOnly: true createdOn: format: date-time description: The born-on date of this entity type: string readOnly: true updatedOn: format: date-time description: The last time this entity has been modified. type: string readOnly: true activityId: description: The id of the activity the comment belongs to. pattern: \S type: string example: "123456789" comment: description: The content of the comment. pattern: \S type: string example: Details of the event CommonEvent: title: CommonEvent description: A CommonEvent object required: - tenantId - mappable - systemManaged - arrayable type: object allOf: - $ref: '#/components/schemas/Identifier' properties: id: pattern: "^[a-zA-Z0-9\\-._~]{2,40}$" type: string readOnly: true tenantId: type: string readOnly: true createdOn: format: date-time description: The born-on date of this entity type: string readOnly: true updatedOn: format: date-time description: The last time this entity has been modified. type: string readOnly: true group: type: string key: type: string type: type: string state: type: string mappable: type: boolean example: true systemManaged: type: boolean example: true displayName: type: object allOf: - $ref: '#/components/schemas/MapWrapperStringString' additionalProperties: type: string writeOnly: true description: type: object allOf: - $ref: '#/components/schemas/MapWrapperStringString' additionalProperties: type: string writeOnly: true arrayable: type: boolean example: true Computed: title: Computed description: Container for computed values type: object properties: computed: type: object additionalProperties: $ref: '#/components/schemas/RelatedData' readOnly: true Error: title: Error description: Allows us to pass detailed errors through grpc required: - status - message type: object properties: status: format: int32 type: integer example: 200 message: pattern: \S type: string example: Bad Data Error1: type: object properties: status: format: int32 type: integer message: type: string validationFailures: type: array items: $ref: '#/components/schemas/ValidationFailure' ErrorCode: enum: - UNDEFINED - NO_SIGNAL_SOURCES - NO_IDENTIFICATION_POLICIES - NO_MATCHING_IDENTIFICATION_POLICIES - NO_NORMALIZATION_POLICY - NORMALIZATION_POLICY_PROCESSING_FAILURE - MISSING_REQUIRED_FIELDS - INDEXING_FAILURE - DDS_DATA_TYPE_NOT_FOUND - DATA_DOES_NOT_MATCH_DDS - TIMESTAMP_BEING_A_FUTURE_TIME type: string Event: title: Event description: An Event object required: - tenantId - topic - message - type type: object allOf: - $ref: '#/components/schemas/Identifier' properties: tenantId: type: string readOnly: true id: pattern: "^[a-zA-Z0-9\\-._~]{2,40}$" type: string readOnly: true createdOn: format: date-time description: The born-on date of this entity type: string readOnly: true updatedOn: format: date-time description: The last time this entity has been modified. type: string readOnly: true topic: description: The topic associated with this event type: string example: web-socket-topic message: description: The message contained within this event (string or serialized json string) minLength: 1 type: string example: "{\"name\": \"jonny appleseed\"}" type: description: The type of this event's message type: string example: java.lang.String EventSchema: type: object properties: fields: type: object additionalProperties: type: string IdentificationDecisions: title: IdentificationDecisions description: An IdentificationDecisions object type: object properties: signalSource: $ref: '#/components/schemas/SignalSource' memoizedData: $ref: '#/components/schemas/MemoizedData' processingError: $ref: '#/components/schemas/ProcessingError' signalNormalizationPolicyId: type: string example: A UUID Identifier: title: Identifier description: Container for identification of tenant and entities required: - tenantId type: object properties: id: pattern: "^[a-zA-Z0-9\\-._~]{2,40}$" type: string readOnly: true tenantId: type: string readOnly: true Instant: format: date-time type: string example: 2022-03-10T16:15:50Z JsonPatchRequest: type: object example: - op: replace path: /lastName value: Ottman LimitOffsetPageRequest: title: LimitOffsetPaginationRequest description: The information needed to make a limit offset pagination request. type: object properties: limit: format: int32 minimum: 0 type: integer sort: $ref: '#/components/schemas/Sort' pageNumber: format: int32 minimum: 1 type: integer discriminator: propertyName: pageNumber LimitOffsetPageResponse: description: "The result of a LimitOffsetRequest. Contains the matching content\ \ items, as well as information about the result." type: object properties: computed: type: object additionalProperties: $ref: '#/components/schemas/RelatedData' requestId: type: string error: $ref: '#/components/schemas/Error1' status: $ref: '#/components/schemas/Status' paginationInfo: description: "Information about the response, which may be used to make\ \ another request" type: object allOf: - $ref: '#/components/schemas/LimitOffsetPaginationInfo' content: description: The result data type: array items: type: object LimitOffsetPaginationInfo: description: "Metadata about the results of LimitOffsetPaginationRequest, which\ \ can be used to make further LimitOffsetPaginationRequests" type: object properties: totalElements: format: int32 description: The total number of elements in the result set. type: integer Location: type: object properties: startIndex: format: int32 type: integer endIndex: format: int32 type: integer Log: title: Logs description: A Log object. required: - tenantId - activityId - logId type: object allOf: - $ref: '#/components/schemas/Identifier' properties: tenantId: type: string readOnly: true id: pattern: "^[a-zA-Z0-9\\-._~]{2,40}$" type: string readOnly: true createdOn: format: date-time description: The born-on date of this entity type: string readOnly: true updatedOn: format: date-time description: The last time this entity has been modified. type: string readOnly: true activityId: description: The id of the activity the Log belongs to. pattern: \S type: string readOnly: true example: "123456789" logId: description: The id of the Case the Activity belongs to. pattern: \S type: string example: "123456789" logDate: format: date-time description: The date of the log type: string readOnly: true MapWrapperStringString: type: object properties: map: type: object additionalProperties: type: string entries: type: array items: type: object properties: key: type: string value: type: string MatchingPolicyIdentifiers: title: MatchingPolicyIdentifiers description: A collection of associated identifiers for a policy type: object properties: signalSourceTypeId: type: string identificationPolicyId: type: string normalizationPolicyId: type: string MemoizedData: type: object properties: processingResults: type: object additionalProperties: $ref: '#/components/schemas/ProcessingResult' Metadata: title: Metadata description: Container for metadata for entities required: - metadata type: object properties: metadata: type: object additionalProperties: type: string readOnly: true Observation: type: object properties: type: $ref: '#/components/schemas/ObservationType' qName: type: string name: type: string parent: $ref: '#/components/schemas/Observation' children: type: array items: $ref: '#/components/schemas/Observation' map: type: object additionalProperties: $ref: '#/components/schemas/Observation' value: type: string location: $ref: '#/components/schemas/Location' ObservationType: enum: - DICT - ARRAY - VALUE type: string ProcessingError: title: ProcessingError description: An object capturing the cause and a description of the error encountered during signal processing. required: - status type: object properties: status: $ref: '#/components/schemas/ErrorCode' message: type: string ProcessingExceptionRecord: title: ProcessingExceptionRecord description: A record of the processing exception. Links the actual processing error to the signal which encountered the error. required: - errors - signal type: object properties: errors: type: array items: $ref: '#/components/schemas/ProcessingError' signal: $ref: '#/components/schemas/SignalEnvelope' ProcessingResult: type: object properties: isSuccess: type: boolean extractedData: type: object additionalProperties: type: string success: type: boolean Protocol: enum: - UNKNOWN - SYSLOG - REST - GRPC - WINDOWS_EVENT_LOG - FLAT_FILE - PUSH_STREAMING type: string RawBatch: title: RawBatch description: A RawBatch object required: - tenantId - messages type: object properties: tenantId: type: string readOnly: true id: pattern: "^[a-zA-Z0-9\\-._~]{2,40}$" type: string readOnly: true createdOn: format: date-time description: The born-on date of this entity type: string readOnly: true updatedOn: format: date-time description: The last time this entity has been modified. type: string readOnly: true messages: minItems: 1 type: array items: $ref: '#/components/schemas/RawSignal' RawSignal: title: RawSignal description: A RawSignal object required: - rawMessage type: object properties: rawMessage: type: string example: Log Data Region Processor Response: title: RegionProcessorResponse description: A DTO response object for a Region Processor type: object properties: id: description: The identifier of the region processor type: string example: JSON displayName: description: The display name of the region processor type: string example: JSON regionProcessorTemplates: description: The list of possible values for this region processor's options including predefined styles type: array items: $ref: '#/components/schemas/Region Processor Template' contexts: type: array items: $ref: '#/components/schemas/RegionProcessingContext' Region Processor Template: title: RegionProcessorTemplate description: A DTO response object for a Region Processor Option type: object properties: templateName: description: The name of the template for the region processor type: string example: CUSTOM values: description: The list of possible options for this template type: array items: $ref: '#/components/schemas/Region Processor Template Value' Region Processor Template Constraints: title: RegionProcessorTemplateConstraints description: A DTO response object for a Region Processor Option Constraints type: object properties: required: description: Whether or not this field in the option is required type: boolean example: true whitespaceAllowed: description: "Whether or not the form field can be submitted with whitespace\ \ characters only (default: false)." type: boolean example: true maxLength: format: int32 description: The maximum length of the value for this field if the value is a string type: integer example: 1 Region Processor Template Value: title: RegionProcessorTemplateValue description: A DTO response object for a Region Processor Option Value type: object properties: schemaId: description: The id of this option value type: string example: delimiter displayName: description: The display name of this option value type: string example: Delimiter valueType: description: What type of value this option should be rendered as on the frontend type: string example: string constraints: description: Any constraints the frontend should apply to validation for this value type: object allOf: - $ref: '#/components/schemas/Region Processor Template Constraints' defaultValue: description: The default value (if any) for this option type: string example: "-" help: description: Helpful information about this option's value type: string values: description: Allowed values if this option type is 'enum' type: array items: type: string RegionProcessingContext: enum: - ROOT - SEQUENCE - VALUE type: string RelatedData: title: RelatedData description: Container of related data for entities type: object properties: morselMetadata: type: object additionalProperties: type: object additionalProperties: type: string writeOnly: true stringMetadata: type: object additionalProperties: type: string writeOnly: true readOnly: true Response: type: object properties: computed: type: object additionalProperties: $ref: '#/components/schemas/RelatedData' requestId: type: string error: $ref: '#/components/schemas/Error1' status: $ref: '#/components/schemas/Status' SeekPageResponse: description: "The result of a SeekPageRequest. Contains the matching content\ \ items, as well as information about the result." type: object properties: computed: type: object additionalProperties: $ref: '#/components/schemas/RelatedData' requestId: type: string error: $ref: '#/components/schemas/Error1' status: $ref: '#/components/schemas/Status' paginationInfo: description: "Information about the response, which may be used to make\ \ another request" type: object allOf: - $ref: '#/components/schemas/SeekPaginationInfo' content: description: The result data type: array items: $ref: '#/components/schemas/BaseModel' SeekPageResponseActivityResponse: description: "The result of a SeekPageRequest. Contains the matching content\ \ items, as well as information about the result." type: object properties: computed: type: object additionalProperties: $ref: '#/components/schemas/RelatedData' requestId: type: string error: $ref: '#/components/schemas/Error1' status: $ref: '#/components/schemas/Status' paginationInfo: description: "Information about the response, which may be used to make\ \ another request" type: object allOf: - $ref: '#/components/schemas/SeekPaginationInfo' content: description: The result data type: array items: $ref: '#/components/schemas/ActivityResponse' SeekPageResponseCaseResponse: description: "The result of a SeekPageRequest. Contains the matching content\ \ items, as well as information about the result." type: object properties: computed: type: object additionalProperties: $ref: '#/components/schemas/RelatedData' requestId: type: string error: $ref: '#/components/schemas/Error1' status: $ref: '#/components/schemas/Status' paginationInfo: description: "Information about the response, which may be used to make\ \ another request" type: object allOf: - $ref: '#/components/schemas/SeekPaginationInfo' content: description: The result data type: array items: $ref: '#/components/schemas/CaseResponse' SeekPaginationInfo: title: SeekPaginationInfo description: Contains information about a SeekPageResponse which can be used to make additional SeekPageRequests type: object properties: totalCount: format: int64 description: The total number of entities in the result set. type: integer nextPage: description: The id which should be used in a SeekPageRequest to get the next page. type: string SelectorElement: type: object properties: type: type: string observation: type: object allOf: - $ref: '#/components/schemas/Observation' writeOnly: true hydrated: type: boolean mappable: type: boolean elementText: type: string selector: type: string value: type: string matchBegin: format: int32 type: integer matchEnd: format: int32 type: integer childElements: type: array items: $ref: '#/components/schemas/SelectorElement' SequenceElementSuggestionRequest: title: SequenceElementSuggestionRequest description: Signal element suggestion request for observeSequence. type: object properties: rawSignal: type: string processingGuidance: type: string SignalEnvelope: title: SignalEnvelope description: A SignalEnvelope object required: - tenantId - originalMessage - transits type: object properties: tenantId: type: string readOnly: true id: pattern: "^[a-zA-Z0-9\\-._~]{2,40}$" type: string readOnly: true createdOn: format: date-time description: The born-on date of this entity type: string readOnly: true updatedOn: format: date-time description: The last time this entity has been modified. type: string readOnly: true originalMessage: $ref: '#/components/schemas/RawSignal' transits: type: array items: $ref: '#/components/schemas/Transit' identificationDecisions: $ref: '#/components/schemas/IdentificationDecisions' event: $ref: '#/components/schemas/EventSchema' updatedSignal: type: boolean updateStrategy: $ref: '#/components/schemas/UpdateStrategy' SignalObservationRequest: title: SignalObservationRequest description: Signal observation request for observeWithGuidance. required: - rawSignal type: object properties: rawSignal: minLength: 1 type: string processingGuidance: type: array items: type: string SignalSource: title: SignalSource description: SignalSource object type: object properties: signalSourceId: type: string signalSourceName: type: string signalSourceTypeId: type: string signalSourceTypeName: type: string signalSourceDefaultTimezone: type: string Sort: required: - sortFields type: object properties: sortFields: minItems: 1 type: array items: $ref: '#/components/schemas/SortField' SortField: required: - fieldName type: object properties: fieldName: pattern: \S type: string ascending: type: boolean Status: enum: - OK - CREATED - ACCEPTED - NO_CONTENT - RESET_CONTENT - PARTIAL_CONTENT - MOVED_PERMANENTLY - FOUND - SEE_OTHER - NOT_MODIFIED - USE_PROXY - TEMPORARY_REDIRECT - BAD_REQUEST - UNAUTHORIZED - PAYMENT_REQUIRED - FORBIDDEN - NOT_FOUND - METHOD_NOT_ALLOWED - NOT_ACCEPTABLE - PROXY_AUTHENTICATION_REQUIRED - REQUEST_TIMEOUT - CONFLICT - GONE - LENGTH_REQUIRED - PRECONDITION_FAILED - REQUEST_ENTITY_TOO_LARGE - REQUEST_URI_TOO_LONG - UNSUPPORTED_MEDIA_TYPE - REQUESTED_RANGE_NOT_SATISFIABLE - EXPECTATION_FAILED - PRECONDITION_REQUIRED - TOO_MANY_REQUESTS - REQUEST_HEADER_FIELDS_TOO_LARGE - INTERNAL_SERVER_ERROR - NOT_IMPLEMENTED - BAD_GATEWAY - SERVICE_UNAVAILABLE - GATEWAY_TIMEOUT - HTTP_VERSION_NOT_SUPPORTED - NETWORK_AUTHENTICATION_REQUIRED type: string Transit: title: Transit description: A network hop/transit an individual piece of signal has traveled. Captures host and service. required: - type - host - port - reportingService - protocol - timestamp type: object properties: type: $ref: '#/components/schemas/TransitType' host: pattern: \S type: string port: format: int32 type: integer reportingService: pattern: \S type: string protocol: type: string allOf: - $ref: '#/components/schemas/Protocol' example: REST timestamp: type: string allOf: - $ref: '#/components/schemas/Instant' example: 2011-12-03T10:15:30Z collectorId: type: string externalId: type: string externalType: type: string TransitType: enum: - UNKNOWN_TRANSIT - RECEIVE - SEND type: string TypedEvent: title: TypedEvent description: A Typed Event object required: - tenantId - topic - message - type type: object allOf: - $ref: '#/components/schemas/Identifier' properties: tenantId: type: string readOnly: true id: pattern: "^[a-zA-Z0-9\\-._~]{2,40}$" type: string readOnly: true createdOn: format: date-time description: The born-on date of this entity type: string readOnly: true updatedOn: format: date-time description: The last time this entity has been modified. type: string readOnly: true topic: description: The topic associated with this event type: string example: web-socket-topic message: description: The message contained within this event (string or serialized json string) minLength: 1 type: string example: "{\"name\": \"jonny appleseed\"}" type: description: The type of this event's message type: string example: java.lang.String UnaryResponse: required: - content type: object properties: computed: type: object additionalProperties: $ref: '#/components/schemas/RelatedData' requestId: type: string error: $ref: '#/components/schemas/Error1' status: $ref: '#/components/schemas/Status' content: type: object discriminator: propertyName: content UnaryResponseActivity: required: - content type: object properties: computed: type: object additionalProperties: $ref: '#/components/schemas/RelatedData' requestId: type: string error: $ref: '#/components/schemas/Error1' status: $ref: '#/components/schemas/Status' content: $ref: '#/components/schemas/Activity' discriminator: propertyName: content UnaryResponseActivityResponse: required: - content type: object properties: computed: type: object additionalProperties: $ref: '#/components/schemas/RelatedData' requestId: type: string error: $ref: '#/components/schemas/Error1' status: $ref: '#/components/schemas/Status' content: $ref: '#/components/schemas/ActivityResponse' discriminator: propertyName: content UnaryResponseAttachment: required: - content type: object properties: computed: type: object additionalProperties: $ref: '#/components/schemas/RelatedData' requestId: type: string error: $ref: '#/components/schemas/Error1' status: $ref: '#/components/schemas/Status' content: $ref: '#/components/schemas/Attachment' discriminator: propertyName: content UnaryResponseCaseCountMetricResponse: required: - content type: object properties: computed: type: object additionalProperties: $ref: '#/components/schemas/RelatedData' requestId: type: string error: $ref: '#/components/schemas/Error1' status: $ref: '#/components/schemas/Status' content: $ref: '#/components/schemas/CaseCountMetricResponse' discriminator: propertyName: content UnaryResponseCaseResponse: required: - content type: object properties: computed: type: object additionalProperties: $ref: '#/components/schemas/RelatedData' requestId: type: string error: $ref: '#/components/schemas/Error1' status: $ref: '#/components/schemas/Status' content: $ref: '#/components/schemas/CaseResponse' discriminator: propertyName: content UpdateStrategy: enum: - ADD_VALUES - DELETE_VALUES - REPLACE type: string ValidationFailure: type: object properties: field: type: string message: type: string securitySchemes: bearerAuth: type: http scheme: bearer bearerFormat: JWT apiKeyAuth: type: apiKey name: Authorization in: header