SecurityIncidentResponse / Client / get_case

get_case

SecurityIncidentResponse.Client.get_case(**kwargs)

Grant permission to view a designated case.

See also: AWS API Documentation

Request Syntax

response = client.get_case(
    caseId='string'
)

Parameters:

caseId (string) –

[REQUIRED]

Required element for GetCase to identify the requested case ID.

Return type:

dict

Returns:

Response Syntax

{
    'title': 'string',
    'caseArn': 'string',
    'description': 'string',
    'caseStatus': 'Submitted'|'Acknowledged'|'Detection and Analysis'|'Containment, Eradication and Recovery'|'Post-incident Activities'|'Ready to Close'|'Closed',
    'engagementType': 'Security Incident'|'Investigation',
    'reportedIncidentStartDate': datetime(2015, 1, 1),
    'actualIncidentStartDate': datetime(2015, 1, 1),
    'impactedAwsRegions': [
        {
            'region': 'af-south-1'|'ap-east-1'|'ap-northeast-1'|'ap-northeast-2'|'ap-northeast-3'|'ap-south-1'|'ap-south-2'|'ap-southeast-1'|'ap-southeast-2'|'ap-southeast-3'|'ap-southeast-4'|'ap-southeast-5'|'ca-central-1'|'ca-west-1'|'cn-north-1'|'cn-northwest-1'|'eu-central-1'|'eu-central-2'|'eu-north-1'|'eu-south-1'|'eu-south-2'|'eu-west-1'|'eu-west-2'|'eu-west-3'|'il-central-1'|'me-central-1'|'me-south-1'|'sa-east-1'|'us-east-1'|'us-east-2'|'us-west-1'|'us-west-2'
        },
    ],
    'threatActorIpAddresses': [
        {
            'ipAddress': 'string',
            'userAgent': 'string'
        },
    ],
    'pendingAction': 'Customer'|'None',
    'impactedAccounts': [
        'string',
    ],
    'watchers': [
        {
            'email': 'string',
            'name': 'string',
            'jobTitle': 'string'
        },
    ],
    'createdDate': datetime(2015, 1, 1),
    'lastUpdatedDate': datetime(2015, 1, 1),
    'closureCode': 'Investigation Completed'|'Not Resolved'|'False Positive'|'Duplicate',
    'resolverType': 'AWS'|'Self',
    'impactedServices': [
        'string',
    ],
    'caseAttachments': [
        {
            'attachmentId': 'string',
            'fileName': 'string',
            'attachmentStatus': 'Verified'|'Failed'|'Pending',
            'creator': 'string',
            'createdDate': datetime(2015, 1, 1)
        },
    ],
    'closedDate': datetime(2015, 1, 1)
}

Response Structure

• (dict) –

  • title (string) –

    Response element for GetCase that provides the case title.

  • caseArn (string) –

    Response element for GetCase that provides the case ARN

  • description (string) –

    Response element for GetCase that provides contents of the case description.

  • caseStatus (string) –

    Response element for GetCase that provides the case status. Options for statuses include Submitted | Detection and Analysis | Eradication, Containment and Recovery | Post-Incident Activities | Closed

  • engagementType (string) –

    Response element for GetCase that provides the engagement type. Options for engagement type include Active Security Event | Investigations

  • reportedIncidentStartDate (datetime) –

    Response element for GetCase that provides the customer provided incident start date.

  • actualIncidentStartDate (datetime) –

    Response element for GetCase that provides the actual incident start date as identified by data analysis during the investigation.

  • impactedAwsRegions (list) –

    Response element for GetCase that provides the impacted regions.

    • (dict) –

      • region (string) –

  • threatActorIpAddresses (list) –

    Response element for GetCase that provides a list of suspicious IP addresses associated with unauthorized activity.

    • (dict) –

      • ipAddress (string) –

      • userAgent (string) –

  • pendingAction (string) –

    Response element for GetCase that provides identifies the case is waiting on customer input.

  • impactedAccounts (list) –

    Response element for GetCase that provides a list of impacted accounts.

    • (string) –

  • watchers (list) –

    Response element for GetCase that provides a list of Watchers added to the case.

    • (dict) –

      • email (string) –

      • name (string) –

      • jobTitle (string) –

  • createdDate (datetime) –

    Response element for GetCase that provides the date the case was created.

  • lastUpdatedDate (datetime) –

    Response element for GetCase that provides the date a case was last modified.

  • closureCode (string) –

    Response element for GetCase that provides the summary code for why a case was closed.

  • resolverType (string) –

    Response element for GetCase that provides the current resolver types. Options include self-supported | AWS-supported.

  • impactedServices (list) –

    Response element for GetCase that provides a list of impacted services.

    • (string) –

  • caseAttachments (list) –

    Response element for GetCase that provides a list of current case attachments.

    • (dict) –

      • attachmentId (string) –

      • fileName (string) –

      • attachmentStatus (string) –

      • creator (string) –

      • createdDate (datetime) –

  • closedDate (datetime) –

    Response element for GetCase that provides the date a specified case was closed.

Exceptions

• SecurityIncidentResponse.Client.exceptions.ServiceQuotaExceededException

• SecurityIncidentResponse.Client.exceptions.AccessDeniedException

• SecurityIncidentResponse.Client.exceptions.ValidationException

• SecurityIncidentResponse.Client.exceptions.SecurityIncidentResponseNotActiveException

• SecurityIncidentResponse.Client.exceptions.InternalServerException

• SecurityIncidentResponse.Client.exceptions.ConflictException

• SecurityIncidentResponse.Client.exceptions.ResourceNotFoundException

• SecurityIncidentResponse.Client.exceptions.ThrottlingException

• SecurityIncidentResponse.Client.exceptions.InvalidTokenException