Method: legacySdk.legacyCreateCase

HTTP request
Path parameters
Request body
- JSON representation
Response body
Authorization scopes
CaseType
CasePriority
LoadDataTypeEnumQueue
IngestionSourceType
Try it!

Full name: projects.locations.instances.legacySdk.legacyCreateCase

Legacy RPC for create case.

HTTP request

Choose a location:

Path parameters

Parameters

Parameters
`instance`	`string` Required. The CreateCase request. Format: projects/{project}/locations/{location}/instances/{instance}/legacySdk:createCase

instance

string

Required. The CreateCase request. Format: projects/{project}/locations/{location}/instances/{instance}/legacySdk:createCase

Request body

The request body contains data with the following structure:

JSON representation

JSON representation
{ "creatorUserId": string, "events": [ { object } ], "environment": string, "sourceSystemName": string, "ticketId": string, "description": string, "displayId": string, "reason": string, "name": string, "deviceVendor": string, "deviceProduct": string, "startTime": string, "endTime": string, "ruleGenerator": string, "sourceGroupingIdentifier": string, "playbookTriggerKeywords": [ string ], "attachments": [ { object (`SdkCaseInfoAttachment`) } ], "isTrimmed": boolean, "sourceSystemUrl": string, "sourceRuleIdentifier": string, "siemAlertId": string, "updatedFields": [ { object (`SdkPropertyValue`) } ], "alertUpdateSupported": boolean, "alertMetadata": { string: value, ... }, "dataAccessScope": string, "extensions": [ { object (`SdkPropertyValue`) } ], "type": enum (`CaseType`), "priority": enum (`CasePriority`), "dataType": enum (`LoadDataTypeEnumQueue`), "sourceType": enum (`IngestionSourceType`) }

{
  "creatorUserId": string,
  "events": [
    {
      object
    }
  ],
  "environment": string,
  "sourceSystemName": string,
  "ticketId": string,
  "description": string,
  "displayId": string,
  "reason": string,
  "name": string,
  "deviceVendor": string,
  "deviceProduct": string,
  "startTime": string,
  "endTime": string,
  "ruleGenerator": string,
  "sourceGroupingIdentifier": string,
  "playbookTriggerKeywords": [
    string
  ],
  "attachments": [
    {
      object (SdkCaseInfoAttachment)
    }
  ],
  "isTrimmed": boolean,
  "sourceSystemUrl": string,
  "sourceRuleIdentifier": string,
  "siemAlertId": string,
  "updatedFields": [
    {
      object (SdkPropertyValue)
    }
  ],
  "alertUpdateSupported": boolean,
  "alertMetadata": {
    string: value,
    ...
  },
  "dataAccessScope": string,
  "extensions": [
    {
      object (SdkPropertyValue)
    }
  ],
  "type": enum (CaseType),
  "priority": enum (CasePriority),
  "dataType": enum (LoadDataTypeEnumQueue),
  "sourceType": enum (IngestionSourceType)
}

Fields
`creatorUserId`	`string` Required. Request
`events[]`	`object (Struct format)` Optional. List of the events that make up this case
`environment`	`string` Optional. Case environment
`sourceSystemName`	`string` Optional. Name of the source system - based on the connector
`ticketId`	`string` Optional. External case id received from the external product - based on the connector
`description`	`string` Optional. Case description
`displayId`	`string` Optional. External case display id received from the external product - based on the connector
`reason`	`string` Optional. Case reason
`name`	`string` Optional. Case name
`deviceVendor`	`string` Optional. Case product vendor - based on the connector
`deviceProduct`	`string` Optional. Case product vendor - based on the connector
`startTime`	`string (int64 format)` Output only. Case starting time in unix format as milliseconds - based on the connector
`endTime`	`string (int64 format)` Output only. Case ending time in unix format as milliseconds - based on the connector
`ruleGenerator`	`string` Optional. Rule that generates this case - based on the connector
`sourceGroupingIdentifier`	`string` Optional. Source grouping identifier will be used to group alert into one case - depends on alert grouping configuration - based on the connector
`playbookTriggerKeywords[]`	`string` Optional. Playbook trigger keywords - used for 'Alert Trigger Value' playbook trigger type. A comparison is made between those playbook keywords items and the trigger value set by the user.
`attachments[]`	`object (SdkCaseInfoAttachment)` Optional. Case attachments - based on the connector
`isTrimmed`	`boolean` Optional. Flag that indicates whether the case got trimmed or not
`sourceSystemUrl`	`string` Required. Configured source url - defined in the connector that ingested this alert
`sourceRuleIdentifier`	`string` Required. Configured source rule url - defined in the connector that ingested this alert
`siemAlertId`	`string` Optional. Chronicle SIEM alert identifier. In case the identifier is null, then, it is assumed that it is not synced with the SIEM. To avoid syncing the alert, SiemAlertId can be set to -1.
`updatedFields[]`	`object (SdkPropertyValue)` Optional. Alert Updated Fields. Key-Value pairs of alert fields that were updated recently.
`alertUpdateSupported`	`boolean` Optional. Is Alert Origin supports updates. Indicating if the alert source system support alert updates.
`alertMetadata`	`map (key: string, value: value (Value format))` Optional. Additional alert metadata as key-value pairs. Supports various fields with different types of values. Only recognized fields will be parsed and processed by the ingestion pipeline. An object containing a list of `"key": value` pairs. Example: `{ "name": "wrench", "mass": "1.3kg", "count": "3" }`.
`dataAccessScope`	`string` Required. The Chronicle SIEM resource name of the DataAccessScope of this alert.
`extensions[] (deprecated)`	`object (SdkPropertyValue)` Extensions
`type`	`enum (CaseType)` Required. Case type
`priority`	`enum (CasePriority)` Required. Case priority
`dataType`	`enum (LoadDataTypeEnumQueue)` Required. Case data type
`sourceType`	`enum (IngestionSourceType)` Required. Case source type

Response body

If successful, the response body is an empty JSON object.

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

CaseType

CaseType enum.

Enums
`EXTERNAL`	External.
`TEST`	Test.
`REQUEST`	Request.

CasePriority

CasePriority enum.

Enums
`INFORMATIVE`	Informative.
`UNCHANGED`	Unchanged.
`LOW`	Low.
`MEDIUM`	Medium.
`HIGH`	High.
`CRITICAL`	Critical.

LoadDataTypeEnumQueue

LoadDataTypeEnumQueue enum.

Enums
`EVENTS`	Events.
`CASES`	Cases.
`CONNECTOR_LOG`	Connector log.
`CONNECTOR_OVERFLOW`	Connector overflow.

IngestionSourceType

IngestionSourceType enum.

Enums
`CONNECTOR`	Connector.
`WEBHOOK`	Webhook.

Method: legacySdk.legacyCreateCase Stay organized with collections Save and categorize content based on your preferences.