SecurityIncidentResponse / Client / create_case
create_case#
- SecurityIncidentResponse.Client.create_case(**kwargs)#
Grants permission to create a new case.
See also: AWS API Documentation
Request Syntax
response = client.create_case( clientToken='string', resolverType='AWS'|'Self', title='string', description='string', engagementType='Security Incident'|'Investigation', reportedIncidentStartDate=datetime(2015, 1, 1), impactedAccounts=[ 'string', ], watchers=[ { 'email': 'string', 'name': 'string', 'jobTitle': 'string' }, ], threatActorIpAddresses=[ { 'ipAddress': 'string', 'userAgent': 'string' }, ], impactedServices=[ 'string', ], impactedAwsRegions=[ { 'region': 'af-south-1'|'ap-east-1'|'ap-northeast-1'|'ap-northeast-2'|'ap-northeast-3'|'ap-south-1'|'ap-south-2'|'ap-southeast-1'|'ap-southeast-2'|'ap-southeast-3'|'ap-southeast-4'|'ap-southeast-5'|'ca-central-1'|'ca-west-1'|'cn-north-1'|'cn-northwest-1'|'eu-central-1'|'eu-central-2'|'eu-north-1'|'eu-south-1'|'eu-south-2'|'eu-west-1'|'eu-west-2'|'eu-west-3'|'il-central-1'|'me-central-1'|'me-south-1'|'sa-east-1'|'us-east-1'|'us-east-2'|'us-west-1'|'us-west-2' }, ], tags={ 'string': 'string' } )
- Parameters:
clientToken (string) –
Required element used in combination with CreateCase.
This field is autopopulated if not provided.
resolverType (string) –
[REQUIRED]
Required element used in combination with CreateCase to identify the resolver type. Available resolvers include self-supported | aws-supported.
title (string) –
[REQUIRED]
Required element used in combination with CreateCase to provide a title for the new case.
description (string) –
[REQUIRED]
Required element used in combination with CreateCase to provide a description for the new case.
engagementType (string) –
[REQUIRED]
Required element used in combination with CreateCase to provide an engagement type for the new cases. Available engagement types include Security Incident | Investigation
reportedIncidentStartDate (datetime) –
[REQUIRED]
Required element used in combination with CreateCase to provide an initial start date for the unauthorized activity.
impactedAccounts (list) –
[REQUIRED]
Required element used in combination with CreateCase to provide a list of impacted accounts.
(string) –
watchers (list) –
[REQUIRED]
Required element used in combination with CreateCase to provide a list of entities to receive notifications for case updates.
(dict) –
email (string) – [REQUIRED]
name (string) –
jobTitle (string) –
threatActorIpAddresses (list) –
An optional element used in combination with CreateCase to provide a list of suspicious internet protocol addresses associated with unauthorized activity.
(dict) –
ipAddress (string) – [REQUIRED]
userAgent (string) –
impactedServices (list) –
An optional element used in combination with CreateCase to provide a list of services impacted.
(string) –
impactedAwsRegions (list) –
An optional element used in combination with CreateCase to provide a list of impacted regions.
(dict) –
region (string) – [REQUIRED]
tags (dict) –
An optional element used in combination with CreateCase to add customer specified tags to a case.
(string) –
(string) –
- Return type:
dict
- Returns:
Response Syntax
{ 'caseId': 'string' }
Response Structure
(dict) –
caseId (string) –
A response element providing responses for requests to CreateCase. This element responds with the case ID.
Exceptions
SecurityIncidentResponse.Client.exceptions.ServiceQuotaExceededExceptionSecurityIncidentResponse.Client.exceptions.AccessDeniedExceptionSecurityIncidentResponse.Client.exceptions.ValidationExceptionSecurityIncidentResponse.Client.exceptions.SecurityIncidentResponseNotActiveExceptionSecurityIncidentResponse.Client.exceptions.InternalServerExceptionSecurityIncidentResponse.Client.exceptions.ConflictExceptionSecurityIncidentResponse.Client.exceptions.ResourceNotFoundExceptionSecurityIncidentResponse.Client.exceptions.ThrottlingExceptionSecurityIncidentResponse.Client.exceptions.InvalidTokenException