kibana-cases

Server path: /kibana-cases | Type: Application | PCID required: Yes

Tools

Tool	Description
`kibana_cases_add_case_comment_default_space`	Add a case comment or alert
`kibana_cases_add_case_file_default_space`	Attach a file to a case
`kibana_cases_create_case_default_space`	Create a case
`kibana_cases_delete_case_comment_default_space`	Delete a case comment or alert
`kibana_cases_delete_case_comments_default_space`	Delete all case comments and alerts
`kibana_cases_delete_case_default_space`	Delete cases
`kibana_cases_find_case_activity_default_space`	Find case activity
`kibana_cases_find_case_comments_default_space`	Find case comments
`kibana_cases_find_case_connectors_default_space`	Get case connectors
`kibana_cases_find_cases_default_space`	Search cases
`kibana_cases_get_by_alert_default_space`	Get cases for an alert
`kibana_cases_get_case_alerts_default_space`	Get all alerts for a case
`kibana_cases_get_case_comment_default_space`	Get a case comment or alert
`kibana_cases_get_case_configuration_default_space`	Get case settings
`kibana_cases_get_case_default_space`	Get case information
`kibana_cases_get_case_reporters_default_space`	Get case creators
`kibana_cases_get_case_tags_default_space`	Get case tags
`kibana_cases_push_case_default_space`	Push a case to an external service
`kibana_cases_set_case_configuration_default_space`	Add case settings
`kibana_cases_update_case_comment_default_space`	Update a case comment or alert
`kibana_cases_update_case_configuration_default_space`	Update case settings
`kibana_cases_update_case_default_space`	Update cases

kibana_cases_add_case_comment_default_space

Add a case comment or alert Parameters:

Parameter	Type	Required	Default	Description
`caseId`	string	Yes	—	The identifier for the case. To retrieve case IDs, use the search cases (`_find)` API. All non-ASCII characters must be URL encoded.
`body`	object	Yes	—	The add comment to case API request body varies depending on whether you are adding an alert or a comment.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "caseId": {
      "type": "string",
      "description": "The identifier for the case. To retrieve case IDs, use the search cases (`_find)` API. All non-ASCII characters must be URL encoded."
    },
    "body": {
      "description": "The add comment to case API request body varies depending on whether you are adding an alert or a comment."
    }
  },
  "required": [
    "PCID",
    "caseId",
    "body"
  ]
}

kibana_cases_add_case_file_default_space

Attach a file to a case Parameters:

Parameter	Type	Required	Default	Description
`caseId`	string	Yes	—	The identifier for the case. To retrieve case IDs, use the search cases (`_find)` API. All non-ASCII characters must be URL encoded.
`file`	string	Yes	—	The file being attached to the case.
`filename`	string	No	—	The desired name of the file being attached to the case, it can be different than the name of the file in the filesystem. This should not include the file extension.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "caseId": {
      "type": "string",
      "description": "The identifier for the case. To retrieve case IDs, use the search cases (`_find)` API. All non-ASCII characters must be URL encoded."
    },
    "file": {
      "type": "string",
      "description": "The file being attached to the case."
    },
    "filename": {
      "type": "string",
      "description": "The desired name of the file being attached to the case, it can be different than the name of the file in the filesystem. **This should not include the file extension.**"
    }
  },
  "required": [
    "PCID",
    "caseId",
    "file"
  ]
}

kibana_cases_create_case_default_space

Create a case Parameters:

Parameter	Type	Required	Default	Description
`assignees`	object[]	No	—	An array containing users that are assigned to the case.
`category`	string	No	—	A word or phrase that categorizes the case.
`connector`	object	Yes	—	The connector value
`customFields`	object[]	No	—	Custom field values for a case. Any optional custom fields that are not specified in the request are set to null.
`description`	string	Yes	—	The description for the case.
`owner`	string	Yes	—	The application that owns the cases: Stack Management, Observability, or Elastic Security.
`settings`	object	Yes	—	An object that contains the case settings.
`severity`	string	No	—	The severity of the case.
`tags`	string[]	Yes	—	The words and phrases that help categorize cases. It can be an empty array.
`title`	string	Yes	—	A title for the case.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "assignees": {
      "type": "array",
      "items": {
        "type": "object"
      },
      "description": "An array containing users that are assigned to the case."
    },
    "category": {
      "type": "string",
      "description": "A word or phrase that categorizes the case."
    },
    "connector": {
      "description": "The connector value"
    },
    "customFields": {
      "type": "array",
      "items": {
        "type": "object"
      },
      "description": "Custom field values for a case. Any optional custom fields that are not specified in the request are set to null."
    },
    "description": {
      "type": "string",
      "description": "The description for the case."
    },
    "owner": {
      "type": "string",
      "description": "The application that owns the cases: Stack Management, Observability, or Elastic Security.",
      "enum": [
        "cases",
        "observability",
        "securitySolution"
      ]
    },
    "settings": {
      "type": "object",
      "description": "An object that contains the case settings.",
      "properties": {
        "extractObservables": {
          "type": "boolean",
          "description": "When true, observables (e.g. IPs, hashes, URLs) are automatically extracted from case comments. Optional; defaults to false when omitted."
        },
        "syncAlerts": {
          "type": "boolean",
          "description": "Turns alert syncing on or off."
        }
      },
      "required": [
        "syncAlerts"
      ]
    },
    "severity": {
      "type": "string",
      "description": "The severity of the case.",
      "enum": [
        "critical",
        "high",
        "low",
        "medium"
      ]
    },
    "tags": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "The words and phrases that help categorize cases. It can be an empty array."
    },
    "title": {
      "type": "string",
      "description": "A title for the case."
    }
  },
  "required": [
    "PCID",
    "connector",
    "description",
    "owner",
    "settings",
    "tags",
    "title"
  ]
}

kibana_cases_delete_case_comment_default_space

Delete a case comment or alert Parameters:

Parameter	Type	Required	Default	Description
`caseId`	string	Yes	—	The identifier for the case. To retrieve case IDs, use the search cases (`_find)` API. All non-ASCII characters must be URL encoded.
`commentId`	string	Yes	—	The identifier for the comment. To retrieve comment IDs, use the get case or search cases (`_find`) APIs.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "caseId": {
      "type": "string",
      "description": "The identifier for the case. To retrieve case IDs, use the search cases (`_find)` API. All non-ASCII characters must be URL encoded."
    },
    "commentId": {
      "type": "string",
      "description": "The identifier for the comment. To retrieve comment IDs, use the get case or search cases (`_find`) APIs."
    }
  },
  "required": [
    "PCID",
    "caseId",
    "commentId"
  ]
}

kibana_cases_delete_case_comments_default_space

Delete all case comments and alerts Parameters:

Parameter	Type	Required	Default	Description
`caseId`	string	Yes	—	The identifier for the case. To retrieve case IDs, use the search cases (`_find)` API. All non-ASCII characters must be URL encoded.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "caseId": {
      "type": "string",
      "description": "The identifier for the case. To retrieve case IDs, use the search cases (`_find)` API. All non-ASCII characters must be URL encoded."
    }
  },
  "required": [
    "PCID",
    "caseId"
  ]
}

kibana_cases_delete_case_default_space

Delete cases Parameters:

Parameter	Type	Required	Default	Description
`ids`	string[]	Yes	—	The cases that you want to removed. To get the case identifiers, use the search cases (`_find`) API. In the Dev Console, you can specify the array of cases in the following format: `ids=["e58e77e3-ef8e-4251-926f-efb115f3c4ec"]`. In `curl`, all non-ASCII characters must be URL encoded. For example: `ids=%5B%22e58e77e3-ef8e-4251-926f-efb115f3c4ec%22%5D`

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "ids": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "The cases that you want to removed. To get the case identifiers, use the search cases (`_find`) API. In the Dev Console, you can specify the array of cases in the following format: `ids=[\"e58e77e3-ef8e-4251-926f-efb115f3c4ec\"]`. In `curl`, all non-ASCII characters must be URL encoded. For example: `ids=%5B%22e58e77e3-ef8e-4251-926f-efb115f3c4ec%22%5D`"
    }
  },
  "required": [
    "PCID",
    "ids"
  ]
}

kibana_cases_find_case_activity_default_space

Find case activity Parameters:

Parameter	Type	Required	Default	Description
`caseId`	string	Yes	—	The identifier for the case. To retrieve case IDs, use the search cases (`_find)` API. All non-ASCII characters must be URL encoded.
`page`	integer	No	—	The page number to return.
`perPage`	integer	No	—	The number of items to return. Limited to 100 items.
`sortOrder`	string	No	—	Determines the sort order.
`types`	string[]	No	—	Determines the types of user actions to return.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "caseId": {
      "type": "string",
      "description": "The identifier for the case. To retrieve case IDs, use the search cases (`_find)` API. All non-ASCII characters must be URL encoded."
    },
    "page": {
      "type": "integer",
      "description": "The page number to return."
    },
    "perPage": {
      "type": "integer",
      "description": "The number of items to return. Limited to 100 items."
    },
    "sortOrder": {
      "type": "string",
      "description": "Determines the sort order.",
      "enum": [
        "asc",
        "desc"
      ]
    },
    "types": {
      "type": "array",
      "items": {
        "type": "string",
        "enum": [
          "action",
          "alert",
          "assignees",
          "attachment",
          "comment",
          "connector",
          "create_case",
          "description",
          "pushed",
          "settings",
          "severity",
          "status",
          "tags",
          "title",
          "user"
        ]
      },
      "description": "Determines the types of user actions to return."
    }
  },
  "required": [
    "PCID",
    "caseId"
  ]
}

kibana_cases_find_case_comments_default_space

Find case comments Parameters:

Parameter	Type	Required	Default	Description
`caseId`	string	Yes	—	The identifier for the case. To retrieve case IDs, use the search cases (`_find)` API. All non-ASCII characters must be URL encoded.
`page`	integer	No	—	The page number to return.
`perPage`	integer	No	—	The number of items to return. Limited to 100 items.
`sortOrder`	string	No	—	Determines the sort order.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "caseId": {
      "type": "string",
      "description": "The identifier for the case. To retrieve case IDs, use the search cases (`_find)` API. All non-ASCII characters must be URL encoded."
    },
    "page": {
      "type": "integer",
      "description": "The page number to return."
    },
    "perPage": {
      "type": "integer",
      "description": "The number of items to return. Limited to 100 items."
    },
    "sortOrder": {
      "type": "string",
      "description": "Determines the sort order.",
      "enum": [
        "asc",
        "desc"
      ]
    }
  },
  "required": [
    "PCID",
    "caseId"
  ]
}

kibana_cases_find_case_connectors_default_space

Get case connectors

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    }
  },
  "required": [
    "PCID"
  ]
}

kibana_cases_find_cases_default_space

Search cases Parameters:

Parameter	Type	Required	Default	Description
`assignees`	string[]	No	—	Filters the returned cases by assignees. Valid values are `none` or unique identifiers for the user profiles. These identifiers can be found by using the suggest user profile API.
`category`	string[]	No	—	Filters the returned cases by category.
`defaultSearchOperator`	string	No	—	he default operator to use for the simple_query_string.
`from`	string	No	—	Returns only cases that were created after a specific date. The date must be specified as a KQL data range or date match expression.
`owner`	string[]	No	—	A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read.
`page`	integer	No	—	The page number to return.
`perPage`	integer	No	—	The number of items to return. Limited to 100 items.
`reporters`	string[]	No	—	Filters the returned cases by the user name of the reporter.
`search`	string	No	—	An Elasticsearch simple_query_string query that filters the objects in the response.
`searchFields`	string[]	No	—	The fields to perform the simple_query_string parsed query against.
`severity`	string	No	—	The severity of the case.
`sortField`	string	No	—	Determines which field is used to sort the results.
`sortOrder`	string	No	—	Determines the sort order.
`status`	string	No	—	Filters the returned cases by state.
`tags`	string[]	No	—	Filters the returned cases by tags.
`to`	string	No	—	Returns only cases that were created before a specific date. The date must be specified as a KQL data range or date match expression.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "assignees": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "Filters the returned cases by assignees. Valid values are `none` or unique identifiers for the user profiles. These identifiers can be found by using the suggest user profile API."
    },
    "category": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "Filters the returned cases by category."
    },
    "defaultSearchOperator": {
      "type": "string",
      "description": "he default operator to use for the simple_query_string."
    },
    "from": {
      "type": "string",
      "description": "Returns only cases that were created after a specific date. The date must be specified as a KQL data range or date match expression."
    },
    "owner": {
      "type": "array",
      "items": {
        "type": "string",
        "enum": [
          "cases",
          "observability",
          "securitySolution"
        ]
      },
      "description": "A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read."
    },
    "page": {
      "type": "integer",
      "description": "The page number to return."
    },
    "perPage": {
      "type": "integer",
      "description": "The number of items to return. Limited to 100 items."
    },
    "reporters": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "Filters the returned cases by the user name of the reporter."
    },
    "search": {
      "type": "string",
      "description": "An Elasticsearch simple_query_string query that filters the objects in the response."
    },
    "searchFields": {
      "type": "array",
      "items": {
        "type": "string",
        "enum": [
          "description",
          "title"
        ]
      },
      "description": "The fields to perform the simple_query_string parsed query against."
    },
    "severity": {
      "type": "string",
      "description": "The severity of the case.",
      "enum": [
        "critical",
        "high",
        "low",
        "medium"
      ]
    },
    "sortField": {
      "type": "string",
      "description": "Determines which field is used to sort the results.",
      "enum": [
        "createdAt",
        "updatedAt",
        "closedAt",
        "title",
        "category",
        "status",
        "severity"
      ]
    },
    "sortOrder": {
      "type": "string",
      "description": "Determines the sort order.",
      "enum": [
        "asc",
        "desc"
      ]
    },
    "status": {
      "type": "string",
      "description": "Filters the returned cases by state.",
      "enum": [
        "closed",
        "in-progress",
        "open"
      ]
    },
    "tags": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "Filters the returned cases by tags."
    },
    "to": {
      "type": "string",
      "description": "Returns only cases that were created before a specific date. The date must be specified as a KQL data range or date match expression."
    }
  },
  "required": [
    "PCID"
  ]
}

kibana_cases_get_by_alert_default_space

Get cases for an alert Parameters:

Parameter	Type	Required	Default	Description
`alertId`	string	Yes	—	An identifier for the alert.
`owner`	string[]	No	—	A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "alertId": {
      "type": "string",
      "description": "An identifier for the alert."
    },
    "owner": {
      "type": "array",
      "items": {
        "type": "string",
        "enum": [
          "cases",
          "observability",
          "securitySolution"
        ]
      },
      "description": "A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read."
    }
  },
  "required": [
    "PCID",
    "alertId"
  ]
}

kibana_cases_get_case_alerts_default_space

Get all alerts for a case Parameters:

Parameter	Type	Required	Default	Description
`caseId`	string	Yes	—	The identifier for the case. To retrieve case IDs, use the search cases (`_find)` API. All non-ASCII characters must be URL encoded.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "caseId": {
      "type": "string",
      "description": "The identifier for the case. To retrieve case IDs, use the search cases (`_find)` API. All non-ASCII characters must be URL encoded."
    }
  },
  "required": [
    "PCID",
    "caseId"
  ]
}

kibana_cases_get_case_comment_default_space

Get a case comment or alert Parameters:

Parameter	Type	Required	Default	Description
`caseId`	string	Yes	—	The identifier for the case. To retrieve case IDs, use the search cases (`_find)` API. All non-ASCII characters must be URL encoded.
`commentId`	string	Yes	—	The identifier for the comment. To retrieve comment IDs, use the get case or search cases (`_find`) APIs.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "caseId": {
      "type": "string",
      "description": "The identifier for the case. To retrieve case IDs, use the search cases (`_find)` API. All non-ASCII characters must be URL encoded."
    },
    "commentId": {
      "type": "string",
      "description": "The identifier for the comment. To retrieve comment IDs, use the get case or search cases (`_find`) APIs."
    }
  },
  "required": [
    "PCID",
    "caseId",
    "commentId"
  ]
}

kibana_cases_get_case_configuration_default_space

Get case settings Parameters:

Parameter	Type	Required	Default	Description
`owner`	string[]	No	—	A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "owner": {
      "type": "array",
      "items": {
        "type": "string",
        "enum": [
          "cases",
          "observability",
          "securitySolution"
        ]
      },
      "description": "A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read."
    }
  },
  "required": [
    "PCID"
  ]
}

kibana_cases_get_case_default_space

Get case information Parameters:

Parameter	Type	Required	Default	Description
`caseId`	string	Yes	—	The identifier for the case. To retrieve case IDs, use the search cases (`_find)` API. All non-ASCII characters must be URL encoded.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "caseId": {
      "type": "string",
      "description": "The identifier for the case. To retrieve case IDs, use the search cases (`_find)` API. All non-ASCII characters must be URL encoded."
    }
  },
  "required": [
    "PCID",
    "caseId"
  ]
}

kibana_cases_get_case_reporters_default_space

Get case creators Parameters:

Parameter	Type	Required	Default	Description
`owner`	string[]	No	—	A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "owner": {
      "type": "array",
      "items": {
        "type": "string",
        "enum": [
          "cases",
          "observability",
          "securitySolution"
        ]
      },
      "description": "A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read."
    }
  },
  "required": [
    "PCID"
  ]
}

kibana_cases_get_case_tags_default_space

Get case tags Parameters:

Parameter	Type	Required	Default	Description
`owner`	string[]	No	—	A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "owner": {
      "type": "array",
      "items": {
        "type": "string",
        "enum": [
          "cases",
          "observability",
          "securitySolution"
        ]
      },
      "description": "A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read."
    }
  },
  "required": [
    "PCID"
  ]
}

kibana_cases_push_case_default_space

Push a case to an external service Parameters:

Parameter	Type	Required	Default	Description
`caseId`	string	Yes	—	The identifier for the case. To retrieve case IDs, use the search cases (`_find)` API. All non-ASCII characters must be URL encoded.
`connectorId`	string	Yes	—	An identifier for the connector. To retrieve connector IDs, use the find connectors API.
`body`	object	No	—	Request body

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "caseId": {
      "type": "string",
      "description": "The identifier for the case. To retrieve case IDs, use the search cases (`_find)` API. All non-ASCII characters must be URL encoded."
    },
    "connectorId": {
      "type": "string",
      "description": "An identifier for the connector. To retrieve connector IDs, use the find connectors API."
    },
    "body": {
      "type": "object",
      "description": "Request body"
    }
  },
  "required": [
    "PCID",
    "caseId",
    "connectorId"
  ]
}

kibana_cases_set_case_configuration_default_space

Add case settings Parameters:

Parameter	Type	Required	Default	Description
`closure_type`	string	Yes	—	Indicates whether a case is automatically closed when it is pushed to external systems (`close-by-pushing`) or not automatically closed (`close-by-user`).
`connector`	object	Yes	—	An object that contains the connector configuration.
`customFields`	object[]	No	—	Custom fields case configuration.
`owner`	string	Yes	—	The application that owns the cases: Stack Management, Observability, or Elastic Security.
`templates`	object[]	No	—	The templates value

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "closure_type": {
      "type": "string",
      "description": "Indicates whether a case is automatically closed when it is pushed to external systems (`close-by-pushing`) or not automatically closed (`close-by-user`).",
      "enum": [
        "close-by-pushing",
        "close-by-user"
      ]
    },
    "connector": {
      "type": "object",
      "description": "An object that contains the connector configuration.",
      "properties": {
        "fields": {
          "type": "object",
          "description": "The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`."
        },
        "id": {
          "type": "string",
          "description": "The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API."
        },
        "name": {
          "type": "string",
          "description": "The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API."
        },
        "type": {
          "type": "string",
          "description": "The type of connector."
        }
      },
      "required": [
        "fields",
        "id",
        "name",
        "type"
      ]
    },
    "customFields": {
      "type": "array",
      "items": {
        "type": "object"
      },
      "description": "Custom fields case configuration."
    },
    "owner": {
      "type": "string",
      "description": "The application that owns the cases: Stack Management, Observability, or Elastic Security.",
      "enum": [
        "cases",
        "observability",
        "securitySolution"
      ]
    },
    "templates": {
      "type": "array",
      "items": {
        "type": "object"
      },
      "description": "The templates value"
    }
  },
  "required": [
    "PCID",
    "closure_type",
    "connector",
    "owner"
  ]
}

kibana_cases_update_case_comment_default_space

Update a case comment or alert Parameters:

Parameter	Type	Required	Default	Description
`caseId`	string	Yes	—	The identifier for the case. To retrieve case IDs, use the search cases (`_find)` API. All non-ASCII characters must be URL encoded.
`body`	object	Yes	—	The update case comment API request body varies depending on whether you are updating an alert or a comment.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "caseId": {
      "type": "string",
      "description": "The identifier for the case. To retrieve case IDs, use the search cases (`_find)` API. All non-ASCII characters must be URL encoded."
    },
    "body": {
      "description": "The update case comment API request body varies depending on whether you are updating an alert or a comment."
    }
  },
  "required": [
    "PCID",
    "caseId",
    "body"
  ]
}

kibana_cases_update_case_configuration_default_space

Update case settings Parameters:

Parameter	Type	Required	Default	Description
`configurationId`	string	Yes	—	An identifier for the configuration.
`closure_type`	string	No	—	Indicates whether a case is automatically closed when it is pushed to external systems (`close-by-pushing`) or not automatically closed (`close-by-user`).
`connector`	object	No	—	An object that contains the connector configuration.
`customFields`	object[]	No	—	Custom fields case configuration.
`templates`	object[]	No	—	The templates value
`version`	string	Yes	—	The version of the connector. To retrieve the version value, use the get configuration API.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "configurationId": {
      "type": "string",
      "description": "An identifier for the configuration."
    },
    "closure_type": {
      "type": "string",
      "description": "Indicates whether a case is automatically closed when it is pushed to external systems (`close-by-pushing`) or not automatically closed (`close-by-user`).",
      "enum": [
        "close-by-pushing",
        "close-by-user"
      ]
    },
    "connector": {
      "type": "object",
      "description": "An object that contains the connector configuration.",
      "properties": {
        "fields": {
          "type": "object",
          "description": "The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`."
        },
        "id": {
          "type": "string",
          "description": "The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API."
        },
        "name": {
          "type": "string",
          "description": "The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API."
        },
        "type": {
          "type": "string",
          "description": "The type of connector."
        }
      },
      "required": [
        "fields",
        "id",
        "name",
        "type"
      ]
    },
    "customFields": {
      "type": "array",
      "items": {
        "type": "object"
      },
      "description": "Custom fields case configuration."
    },
    "templates": {
      "type": "array",
      "items": {
        "type": "object"
      },
      "description": "The templates value"
    },
    "version": {
      "type": "string",
      "description": "The version of the connector. To retrieve the version value, use the get configuration API."
    }
  },
  "required": [
    "PCID",
    "configurationId",
    "version"
  ]
}

kibana_cases_update_case_default_space

Update cases Parameters:

Parameter	Type	Required	Default	Description
`cases`	object[]	Yes	—	An array containing one or more case objects.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "cases": {
      "type": "array",
      "items": {
        "type": "object"
      },
      "description": "An array containing one or more case objects."
    }
  },
  "required": [
    "PCID",
    "cases"
  ]
}

Triggers API

Platform API

Embedded MCP Servers

Application MCP Servers

Skills Guides

Tools

kibana_cases_add_case_comment_default_space

kibana_cases_add_case_file_default_space

kibana_cases_create_case_default_space

kibana_cases_delete_case_comment_default_space

kibana_cases_delete_case_comments_default_space

kibana_cases_delete_case_default_space

kibana_cases_find_case_activity_default_space

kibana_cases_find_case_comments_default_space

kibana_cases_find_case_connectors_default_space

kibana_cases_find_cases_default_space

kibana_cases_get_by_alert_default_space

kibana_cases_get_case_alerts_default_space

kibana_cases_get_case_comment_default_space

kibana_cases_get_case_configuration_default_space

kibana_cases_get_case_default_space

kibana_cases_get_case_reporters_default_space

kibana_cases_get_case_tags_default_space

kibana_cases_push_case_default_space

kibana_cases_set_case_configuration_default_space

kibana_cases_update_case_comment_default_space

kibana_cases_update_case_configuration_default_space

kibana_cases_update_case_default_space

Triggers API

Platform API

Embedded MCP Servers

Application MCP Servers

Skills Guides

​Tools

​kibana_cases_add_case_comment_default_space

​kibana_cases_add_case_file_default_space

​kibana_cases_create_case_default_space

​kibana_cases_delete_case_comment_default_space

​kibana_cases_delete_case_comments_default_space

​kibana_cases_delete_case_default_space

​kibana_cases_find_case_activity_default_space

​kibana_cases_find_case_comments_default_space

​kibana_cases_find_case_connectors_default_space

​kibana_cases_find_cases_default_space

​kibana_cases_get_by_alert_default_space

​kibana_cases_get_case_alerts_default_space

​kibana_cases_get_case_comment_default_space

​kibana_cases_get_case_configuration_default_space

​kibana_cases_get_case_default_space

​kibana_cases_get_case_reporters_default_space

​kibana_cases_get_case_tags_default_space

​kibana_cases_push_case_default_space

​kibana_cases_set_case_configuration_default_space

​kibana_cases_update_case_comment_default_space

​kibana_cases_update_case_configuration_default_space

​kibana_cases_update_case_default_space

Tools

kibana_cases_add_case_comment_default_space

kibana_cases_add_case_file_default_space

kibana_cases_create_case_default_space

kibana_cases_delete_case_comment_default_space

kibana_cases_delete_case_comments_default_space

kibana_cases_delete_case_default_space

kibana_cases_find_case_activity_default_space

kibana_cases_find_case_comments_default_space

kibana_cases_find_case_connectors_default_space

kibana_cases_find_cases_default_space

kibana_cases_get_by_alert_default_space

kibana_cases_get_case_alerts_default_space

kibana_cases_get_case_comment_default_space

kibana_cases_get_case_configuration_default_space

kibana_cases_get_case_default_space

kibana_cases_get_case_reporters_default_space

kibana_cases_get_case_tags_default_space

kibana_cases_push_case_default_space

kibana_cases_set_case_configuration_default_space

kibana_cases_update_case_comment_default_space

kibana_cases_update_case_configuration_default_space

kibana_cases_update_case_default_space