SecurityIncidentResponse / Client / create_case

create_case¶

SecurityIncidentResponse.Client.create_case(**kwargs)¶

Creates a new case.

Request Syntax

response = client.create_case(
    clientToken='string',
    resolverType='AWS'|'Self',
    title='string',
    description='string',
    engagementType='Security Incident'|'Investigation',
    reportedIncidentStartDate=datetime(2015, 1, 1),
    impactedAccounts=[
        'string',
    ],
    watchers=[
        {
            'email': 'string',
            'name': 'string',
            'jobTitle': 'string'
        },
    ],
    threatActorIpAddresses=[
        {
            'ipAddress': 'string',
            'userAgent': 'string'
        },
    ],
    impactedServices=[
        'string',
    ],
    impactedAwsRegions=[
        {
            'region': 'af-south-1'|'ap-east-1'|'ap-east-2'|'ap-northeast-1'|'ap-northeast-2'|'ap-northeast-3'|'ap-south-1'|'ap-south-2'|'ap-southeast-1'|'ap-southeast-2'|'ap-southeast-3'|'ap-southeast-4'|'ap-southeast-5'|'ap-southeast-7'|'ca-central-1'|'ca-west-1'|'cn-north-1'|'cn-northwest-1'|'eu-central-1'|'eu-central-2'|'eu-north-1'|'eu-south-1'|'eu-south-2'|'eu-west-1'|'eu-west-2'|'eu-west-3'|'il-central-1'|'me-central-1'|'me-south-1'|'mx-central-1'|'sa-east-1'|'us-east-1'|'us-east-2'|'us-west-1'|'us-west-2'
        },
    ],
    tags={
        'string': 'string'
    }
)

Parameters:

clientToken (string) –

Note
The clientToken field is an idempotency key used to ensure that repeated attempts for a single action will be ignored by the server during retries. A caller supplied unique ID (typically a UUID) should be provided.

This field is autopopulated if not provided.
resolverType (string) –
[REQUIRED]

Required element used in combination with CreateCase to identify the resolver type.
title (string) –
[REQUIRED]

Required element used in combination with CreateCase to provide a title for the new case.
description (string) –
[REQUIRED]

Required element used in combination with CreateCase

to provide a description for the new case.
engagementType (string) –
[REQUIRED]

Required element used in combination with CreateCase to provide an engagement type for the new cases. Available engagement types include Security Incident | Investigation
reportedIncidentStartDate (datetime) –
[REQUIRED]

Required element used in combination with CreateCase to provide an initial start date for the unauthorized activity.
impactedAccounts (list) –
[REQUIRED]

Required element used in combination with CreateCase to provide a list of impacted accounts.

Note
AWS account ID’s may appear less than 12 characters and need to be zero-prepended. An example would be 123123123 which is nine digits, and with zero-prepend would be 000123123123. Not zero-prepending to 12 digits could result in errors.
- (string) –
watchers (list) –
[REQUIRED]

Required element used in combination with CreateCase to provide a list of entities to receive notifications for case updates.
- (dict) –
  - email (string) – [REQUIRED]
  - name (string) –
  - jobTitle (string) –
threatActorIpAddresses (list) –
An optional element used in combination with CreateCase to provide a list of suspicious internet protocol addresses associated with unauthorized activity.
- (dict) –
  - ipAddress (string) – [REQUIRED]
  - userAgent (string) –
impactedServices (list) –
An optional element used in combination with CreateCase to provide a list of services impacted.
- (string) –
impactedAwsRegions (list) –
An optional element used in combination with CreateCase to provide a list of impacted regions.
- (dict) –
  - region (string) – [REQUIRED]
tags (dict) –
An optional element used in combination with CreateCase to add customer specified tags to a case.
- (string) –
  - (string) –

Return type:

dict

Returns:

Response Syntax

{
    'caseId': 'string'
}

Response Structure

(dict) –
- caseId (string) –
  
  A response element providing responses for requests to CreateCase. This element responds with the case ID.

create_case¶

Request Syntax

Note

Note

Response Syntax

Response Structure

Exceptions