GET /forensics/case_management/case_create_tasks/{id}

Retrieves a case create task based on the supplied id.

Retrieves a case create task based on the supplied id.

Table 1. GET /forensics/case_management/case_create_tasks/{id} resource details
MIME Type

application/json

Table 2. GET /forensics/case_management/case_create_tasks/{id} request parameter details
Parameter Type Optionality Data Type MIME Type Description

id

path

Required

Number (Integer)

text/plain

Required - The id of the case create task to retrieve.

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.
Table 3. GET /forensics/case_management/case_create_tasks/{id} response codes
HTTP Response Code Unique Code Description

200

The case create task was retrieved.

404

1002

No case create task was found for the provided ID.

500

1020

An error occurred during the retrieval of the case create task.

Response Description

A case create task containing the following fields:
  • assigned_to - String Array - Usernames of users to give access to the case once it is created. Users must have the FORENSICS role. Authorized services are not allowed.
  • case_id - Long - ID for the created case .
  • case_name - String - Name to give the created case.
  • id - Long - ID for the case create task.
  • status - String - Possible values are:
    • COMPLETE - The case has been created across all managed hosts.
    • PARTIALLY_COMPLETE - The case was created on at least one managed host, but not all of them. The case is considered to be usable, but functionality might be limited. This usually means one or more managed hosts are down and the case is not created yet. The task completes after all offending managed hosts either complete the task, or are removed from the deployment.
    • PROCESSING - The task has been picked up by QRadar and is actively being processed. Cases are being created on the managed hosts.
    • WAITING - The task is waiting for its time to be processed. Nothing is being done at this time.

Response Sample


{
    "assigned_to": [
        "String"
    ],
    "case_id": 42,
    "id": 42,
    "name": "String",
    "state": "String <one of: COMPLETE, PARTIALLY_COMPLETE, PROCESSING, WAITING>"
}