diff --git a/docs/cases/api/cases-api/cases-api-find-cases-by-alert.asciidoc b/docs/cases/api/cases-api/cases-api-find-cases-by-alert.asciidoc index 4e43717e18..8e01d07799 100644 --- a/docs/cases/api/cases-api/cases-api-find-cases-by-alert.asciidoc +++ b/docs/cases/api/cases-api/cases-api-find-cases-by-alert.asciidoc @@ -1,19 +1,19 @@ [[cases-api-find-cases-by-alert]] -=== Find Cases by Alert +=== Find cases by alert -Retrieves all case IDs that have a specific alert attached to the cases. +Uses an alert ID (`alert id`) to retrieve the case IDs of any cases the alert is attached to. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. +TIP: The case ID is identical to the case's saved object ID. -NOTE: The case ID refers to the cases saved object ID field. +NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. ==== Request URL -`GET :/api/cases/alerts/` +`GET :/api/cases/alerts/` ===== URL parts -The URL must include the `alert ID` of the alert that you are interested in find the associated cases it is attached to. +The URL must include the alert ID, which is used to retrieve any cases the alert is attached to. ===== URL query parameters @@ -21,13 +21,13 @@ The URL must include the `alert ID` of the alert that you are interested in find |============================================== |Name |Type |Description |Required -|`owner` |String or String[] |A filter to limit the retrieved case IDs to a specific set of applications. If this parameter is omitted, the response will contain all case IDs that the user has access to read. |No +|`owner` |String or String[] |A filter to limit the retrieved case IDs to a specific set of applications. If you omit this parameter, the response will contain every case ID that the user has `read` access to. |No |============================================== ===== Example request -Returns all case IDs with the alert `293f1bc0-74f6-11ea-b83a-553aecdb28b6` attached to them: +Returns case IDs with the alert ID `293f1bc0-74f6-11ea-b83a-553aecdb28b6` attached to them: [source,sh] -------------------------------------------------- @@ -42,11 +42,20 @@ GET api/cases/alerts/293f1bc0-74f6-11ea-b83a-553aecdb28b6 ==== Response payload -A JSON array listing the retrieved case IDs. +A JSON array containing any case IDs associated with the specified alert. Case titles are also retrieved. ===== Example response [source,json] -------------------------------------------------- -["8af6ac20-74f6-11ea-b83a-553aecdb28b6", "a18b38a0-71b0-11ea-a0b2-c51ea50a58e2"] +[ + { + "id": "8af6ac20-74f6-11ea-b83a-553aecdb28b6", + "title": "Test 1" + }, + { + "id": "a18b38a0-71b0-11ea-a0b2-c51ea50a58e2", + "title": "Test 2" + } +] --------------------------------------------------