UpdateCase - AWS Security Incident Response
Request SyntaxURI Request ParametersRequest BodyResponse SyntaxResponse ElementsErrorsSee Also

UpdateCase

Updates an existing case.

Request Syntax

POST /v1/cases/caseId/update-case HTTP/1.1
Content-type: application/json

{
   "actualIncidentStartDate": number,
   "description": "string",
   "engagementType": "string",
   "impactedAccountsToAdd": [ "string" ],
   "impactedAccountsToDelete": [ "string" ],
   "impactedAwsRegionsToAdd": [ 
      { 
         "region": "string"
      }
   ],
   "impactedAwsRegionsToDelete": [ 
      { 
         "region": "string"
      }
   ],
   "impactedServicesToAdd": [ "string" ],
   "impactedServicesToDelete": [ "string" ],
   "reportedIncidentStartDate": number,
   "threatActorIpAddressesToAdd": [ 
      { 
         "ipAddress": "string",
         "userAgent": "string"
      }
   ],
   "threatActorIpAddressesToDelete": [ 
      { 
         "ipAddress": "string",
         "userAgent": "string"
      }
   ],
   "title": "string",
   "watchersToAdd": [ 
      { 
         "email": "string",
         "jobTitle": "string",
         "name": "string"
      }
   ],
   "watchersToDelete": [ 
      { 
         "email": "string",
         "jobTitle": "string",
         "name": "string"
      }
   ]
}

URI Request Parameters

The request uses the following URI parameters.

caseId

Required element for UpdateCase to identify the case ID for updates.

Length Constraints: Minimum length of 10. Maximum length of 32.

Pattern: \d{10,32}.*

Required: Yes

Request Body

The request accepts the following data in JSON format.

actualIncidentStartDate

Optional element for UpdateCase to provide content for the incident start date field.

Type: Timestamp

Required: No

description

Optional element for UpdateCase to provide content for the description field.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 8000.

Required: No

engagementType

Optional element for UpdateCase to provide content for the engagement type field. Available engagement types include Security Incident | Investigation.

Type: String

Valid Values: Security Incident | Investigation

Required: No

impactedAccountsToAdd

Optional element for UpdateCase to provide content to add accounts impacted.

Note

AWS account ID's may appear less than 12 characters and need to be zero-prepended. An example would be 123123123 which is nine digits, and with zero-prepend would be 000123123123. Not zero-prepending to 12 digits could result in errors.

Type: Array of strings

Array Members: Minimum number of 0 items. Maximum number of 200 items.

Length Constraints: Fixed length of 12.

Pattern: [0-9]{12}

Required: No

impactedAccountsToDelete

Optional element for UpdateCase to provide content to add accounts impacted.

Note

AWS account ID's may appear less than 12 characters and need to be zero-prepended. An example would be 123123123 which is nine digits, and with zero-prepend would be 000123123123. Not zero-prepending to 12 digits could result in errors.

Type: Array of strings

Array Members: Minimum number of 0 items. Maximum number of 200 items.

Length Constraints: Fixed length of 12.

Pattern: [0-9]{12}

Required: No

impactedAwsRegionsToAdd

Optional element for UpdateCase to provide content to add regions impacted.

Type: Array of ImpactedAwsRegion objects

Array Members: Minimum number of 0 items. Maximum number of 50 items.

Required: No

impactedAwsRegionsToDelete

Optional element for UpdateCase to provide content to remove regions impacted.

Type: Array of ImpactedAwsRegion objects

Array Members: Minimum number of 0 items. Maximum number of 50 items.

Required: No

impactedServicesToAdd

Optional element for UpdateCase to provide content to add services impacted.

Type: Array of strings

Array Members: Minimum number of 0 items. Maximum number of 600 items.

Length Constraints: Minimum length of 2. Maximum length of 50.

Pattern: [a-zA-Z0-9 -.():]+

Required: No

impactedServicesToDelete

Optional element for UpdateCase to provide content to remove services impacted.

Type: Array of strings

Array Members: Minimum number of 0 items. Maximum number of 600 items.

Length Constraints: Minimum length of 2. Maximum length of 50.

Pattern: [a-zA-Z0-9 -.():]+

Required: No

reportedIncidentStartDate

Optional element for UpdateCase to provide content for the customer reported incident start date field.

Type: Timestamp

Required: No

threatActorIpAddressesToAdd

Optional element for UpdateCase to provide content to add additional suspicious IP addresses related to a case.

Type: Array of ThreatActorIp objects

Array Members: Minimum number of 0 items. Maximum number of 200 items.

Required: No

threatActorIpAddressesToDelete

Optional element for UpdateCase to provide content to remove suspicious IP addresses from a case.

Type: Array of ThreatActorIp objects

Array Members: Minimum number of 0 items. Maximum number of 200 items.

Required: No

title

Optional element for UpdateCase to provide content for the title field.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 300.

Required: No

watchersToAdd

Optional element for UpdateCase to provide content to add additional watchers to a case.

Type: Array of Watcher objects

Array Members: Minimum number of 0 items. Maximum number of 30 items.

Required: No

watchersToDelete

Optional element for UpdateCase to provide content to remove existing watchers from a case.

Type: Array of Watcher objects

Array Members: Minimum number of 0 items. Maximum number of 30 items.

Required: No

Response Syntax

HTTP/1.1 200

Response Elements

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

message

The ID of the resource which lead to the access denial.

HTTP Status Code: 403

ConflictException

message

The exception message.

resourceId

The ID of the conflicting resource.

resourceType

The type of the conflicting resource.

HTTP Status Code: 409

InternalServerException

message

The exception message.

retryAfterSeconds

The number of seconds after which to retry the request.

HTTP Status Code: 500

InvalidTokenException

message

The exception message.

HTTP Status Code: 423

ResourceNotFoundException

message

The exception message.

HTTP Status Code: 404

SecurityIncidentResponseNotActiveException

message

The exception message.

HTTP Status Code: 400

ServiceQuotaExceededException

message

The exception message.

quotaCode

The code of the quota.

resourceId

The ID of the requested resource which lead to the service quota exception.

resourceType

The type of the requested resource which lead to the service quota exception.

serviceCode

The service code of the quota.

HTTP Status Code: 402

ThrottlingException

message

The exception message.

quotaCode

The quota code of the exception.

retryAfterSeconds

The number of seconds after which to retry the request.

serviceCode

The service code of the exception.

HTTP Status Code: 429

ValidationException

fieldList

The fields which lead to the exception.

message

The exception message.

reason

The reason for the exception.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: