SecurityIncidentResponse / Client / get_case

get_case#

SecurityIncidentResponse.Client.get_case(**kwargs)#

Grant permission to view a designated case.

See also: AWS API Documentation

Request Syntax

response = client.get_case(
    caseId='string'
)
Parameters:

caseId (string) –

[REQUIRED]

Required element for GetCase to identify the requested case ID.

Return type:

dict

Returns:

Response Syntax

{
    'title': 'string',
    'caseArn': 'string',
    'description': 'string',
    'caseStatus': 'Submitted'|'Acknowledged'|'Detection and Analysis'|'Containment, Eradication and Recovery'|'Post-incident Activities'|'Ready to Close'|'Closed',
    'engagementType': 'Security Incident'|'Investigation',
    'reportedIncidentStartDate': datetime(2015, 1, 1),
    'actualIncidentStartDate': datetime(2015, 1, 1),
    'impactedAwsRegions': [
        {
            'region': 'af-south-1'|'ap-east-1'|'ap-northeast-1'|'ap-northeast-2'|'ap-northeast-3'|'ap-south-1'|'ap-south-2'|'ap-southeast-1'|'ap-southeast-2'|'ap-southeast-3'|'ap-southeast-4'|'ap-southeast-5'|'ca-central-1'|'ca-west-1'|'cn-north-1'|'cn-northwest-1'|'eu-central-1'|'eu-central-2'|'eu-north-1'|'eu-south-1'|'eu-south-2'|'eu-west-1'|'eu-west-2'|'eu-west-3'|'il-central-1'|'me-central-1'|'me-south-1'|'sa-east-1'|'us-east-1'|'us-east-2'|'us-west-1'|'us-west-2'
        },
    ],
    'threatActorIpAddresses': [
        {
            'ipAddress': 'string',
            'userAgent': 'string'
        },
    ],
    'pendingAction': 'Customer'|'None',
    'impactedAccounts': [
        'string',
    ],
    'watchers': [
        {
            'email': 'string',
            'name': 'string',
            'jobTitle': 'string'
        },
    ],
    'createdDate': datetime(2015, 1, 1),
    'lastUpdatedDate': datetime(2015, 1, 1),
    'closureCode': 'Investigation Completed'|'Not Resolved'|'False Positive'|'Duplicate',
    'resolverType': 'AWS'|'Self',
    'impactedServices': [
        'string',
    ],
    'caseAttachments': [
        {
            'attachmentId': 'string',
            'fileName': 'string',
            'attachmentStatus': 'Verified'|'Failed'|'Pending',
            'creator': 'string',
            'createdDate': datetime(2015, 1, 1)
        },
    ],
    'closedDate': datetime(2015, 1, 1)
}

Response Structure

  • (dict) –

    • title (string) –

      Response element for GetCase that provides the case title.

    • caseArn (string) –

      Response element for GetCase that provides the case ARN

    • description (string) –

      Response element for GetCase that provides contents of the case description.

    • caseStatus (string) –

      Response element for GetCase that provides the case status. Options for statuses include Submitted | Detection and Analysis | Eradication, Containment and Recovery | Post-Incident Activities | Closed

    • engagementType (string) –

      Response element for GetCase that provides the engagement type. Options for engagement type include Active Security Event | Investigations

    • reportedIncidentStartDate (datetime) –

      Response element for GetCase that provides the customer provided incident start date.

    • actualIncidentStartDate (datetime) –

      Response element for GetCase that provides the actual incident start date as identified by data analysis during the investigation.

    • impactedAwsRegions (list) –

      Response element for GetCase that provides the impacted regions.

      • (dict) –

        • region (string) –

    • threatActorIpAddresses (list) –

      Response element for GetCase that provides a list of suspicious IP addresses associated with unauthorized activity.

      • (dict) –

        • ipAddress (string) –

        • userAgent (string) –

    • pendingAction (string) –

      Response element for GetCase that provides identifies the case is waiting on customer input.

    • impactedAccounts (list) –

      Response element for GetCase that provides a list of impacted accounts.

      • (string) –

    • watchers (list) –

      Response element for GetCase that provides a list of Watchers added to the case.

      • (dict) –

        • email (string) –

        • name (string) –

        • jobTitle (string) –

    • createdDate (datetime) –

      Response element for GetCase that provides the date the case was created.

    • lastUpdatedDate (datetime) –

      Response element for GetCase that provides the date a case was last modified.

    • closureCode (string) –

      Response element for GetCase that provides the summary code for why a case was closed.

    • resolverType (string) –

      Response element for GetCase that provides the current resolver types. Options include self-supported | AWS-supported.

    • impactedServices (list) –

      Response element for GetCase that provides a list of impacted services.

      • (string) –

    • caseAttachments (list) –

      Response element for GetCase that provides a list of current case attachments.

      • (dict) –

        • attachmentId (string) –

        • fileName (string) –

        • attachmentStatus (string) –

        • creator (string) –

        • createdDate (datetime) –

    • closedDate (datetime) –

      Response element for GetCase that provides the date a specified case was closed.

Exceptions

  • SecurityIncidentResponse.Client.exceptions.ServiceQuotaExceededException

  • SecurityIncidentResponse.Client.exceptions.AccessDeniedException

  • SecurityIncidentResponse.Client.exceptions.ValidationException

  • SecurityIncidentResponse.Client.exceptions.SecurityIncidentResponseNotActiveException

  • SecurityIncidentResponse.Client.exceptions.InternalServerException

  • SecurityIncidentResponse.Client.exceptions.ConflictException

  • SecurityIncidentResponse.Client.exceptions.ResourceNotFoundException

  • SecurityIncidentResponse.Client.exceptions.ThrottlingException

  • SecurityIncidentResponse.Client.exceptions.InvalidTokenException