UpdateCaseStatus - AWS Security Incident Response
Request SyntaxURI Request ParametersRequest BodyResponse SyntaxResponse ElementsErrorsSee Also

UpdateCaseStatus

Updates the state transitions for a designated cases.

Self-managed: the following states are available for self-managed cases.

  • Submitted → Detection and Analysis

  • Detection and Analysis → Containment, Eradication, and Recovery

  • Detection and Analysis → Post-incident Activities

  • Containment, Eradication, and Recovery → Detection and Analysis

  • Containment, Eradication, and Recovery → Post-incident Activities

  • Post-incident Activities → Containment, Eradication, and Recovery

  • Post-incident Activities → Detection and Analysis

  • Any → Closed

AWS supported: You must use the CloseCase API to close.

Request Syntax

POST /v1/cases/caseId/update-case-status HTTP/1.1
Content-type: application/json

{
   "caseStatus": "string"
}

URI Request Parameters

The request uses the following URI parameters.

caseId

Required element for UpdateCaseStatus to identify the case to update.

Length Constraints: Minimum length of 10. Maximum length of 32.

Pattern: \d{10,32}.*

Required: Yes

Request Body

The request accepts the following data in JSON format.

caseStatus

Required element for UpdateCaseStatus to identify the status for a case. Options include Submitted | Detection and Analysis | Containment, Eradication and Recovery | Post-incident Activities.

Type: String

Valid Values: Submitted | Detection and Analysis | Containment, Eradication and Recovery | Post-incident Activities

Required: Yes

Response Syntax

HTTP/1.1 201
Content-type: application/json

{
   "caseStatus": "string"
}

Response Elements

If the action is successful, the service sends back an HTTP 201 response.

The following data is returned in JSON format by the service.

caseStatus

Response element for UpdateCaseStatus showing the newly configured status.

Type: String

Valid Values: Submitted | Detection and Analysis | Containment, Eradication and Recovery | Post-incident Activities

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

HTTP Status Code: 403

ConflictException

HTTP Status Code: 409

InternalServerException

HTTP Status Code: 500

InvalidTokenException

HTTP Status Code: 423

ResourceNotFoundException

HTTP Status Code: 404

SecurityIncidentResponseNotActiveException

HTTP Status Code: 400

ServiceQuotaExceededException

HTTP Status Code: 402

ThrottlingException

HTTP Status Code: 429

ValidationException

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: