Cases Commands¶
cases¶
View and manage cases.
Usage:
cases [OPTIONS] COMMAND [ARGS]...
Options:
--log-stderr Enable logging to stderr.
--log-file TEXT Specify file path to write log output to.
--log-level TEXT Set level for Incydr client logging.
--help Show this message and exit.
cases bulk-update¶
Bulk update cases from a file.
Takes a single arg FILE which specifies the path to the file (use "-" to read from stdin).
File format can either be CSV or JSON Lines format (Default is CSV).
Valid CSV columns that correspond to update-able case fields include:
number(REQUIRED) - Case number.assignee- actor ID or username of the administrator assigned to the case. Performs an additional lookup if a username is passed.description- Brief optional description.findings- Markdown formatted text summarizing the findings for a case.name- Case name.status- Case status. One ofARCHIVED,CLOSEDorOPEN.subject- User ID or username of the case subject. Performs an additional lookup if a username is passed.
Usage:
cases bulk-update [OPTIONS] FILE
Options:
-f, --format [csv|json-lines] Specify format of input file: 'csv' or 'json-
lines'. Defaults to 'csv'.
--log-stderr Enable logging to stderr.
--log-file TEXT Specify file path to write log output to.
--log-level TEXT Set level for Incydr client logging.
--help Show this message and exit.
cases create¶
Create a case.
Usage:
cases create [OPTIONS] NAME
Options:
--description TEXT Case description.
--subject TEXT User of the subject of the case. Takes a user ID or a
username. Performs an additional lookup if a username
is passed.
--assignee TEXT User of the assignee of the case. Takes an actor ID or a
username. Performs an additional lookup if a username
is passed.
--findings TEXT Markdown formatted details of case notes.
--log-stderr Enable logging to stderr.
--log-file TEXT Specify file path to write log output to.
--log-level TEXT Set level for Incydr client logging.
--help Show this message and exit.
cases delete¶
Delete a case.
Usage:
cases delete [OPTIONS] CASE_NUMBER
Options:
--log-stderr Enable logging to stderr.
--log-file TEXT Specify file path to write log output to.
--log-level TEXT Set level for Incydr client logging.
--help Show this message and exit.
cases download¶
Download one or more files related to a case to the specified target folder.
Defaults to downloading all files if no options are passed.
If more than one file is specified the download will be in ZIP format.
Usage:
cases download [OPTIONS] CASE_NUMBER
Options:
--path TEXT The file path where to save the file. Defaults to the
current directory.
--summary Download a case summary in PDF format.
--file-events Download all file event data for a case in CSV format.
--source-files Download the source files for file events associated
with a case.
--source-file TEXT Download a source file for a specific event. Takes the
event ID. Incompatible with other download options.
--log-stderr Enable logging to stderr.
--log-file TEXT Specify file path to write log output to.
--log-level TEXT Set level for Incydr client logging.
--help Show this message and exit.
cases file-events¶
View and update file events associated with a case.
Usage:
cases file-events [OPTIONS] COMMAND [ARGS]...
Options:
--help Show this message and exit.
cases file-events add¶
Attach file events to a case specified by CASE_NUMBER.
EVENT_IDS can be either a comma-delimited string of event IDs:
add CASE_NUMBER "id-1,id-2,id-3,..."
Or a CSV or JSON Lines formatted file:
add CASE_NUMBER @path_to_csv --format csv
add CASE_NUMBER @path_to_json --format json-lines
CSV format requires a header row and a column with name matching either "event_id" or "eventId".
Input can also be parsed from stdin using "-" as the command argument, so you can add events
directly from an incydr file-events search command to a case:
incydr file-events search SEARCH_OPTIONS --format json-lines | incydr cases add CASE_NUMBER --format json-lines -
Usage:
cases file-events add [OPTIONS] CASE_NUMBER EVENT_IDS
Options:
-f, --format [csv|json-lines]
--log-stderr Enable logging to stderr.
--log-file TEXT Specify file path to write log output to.
--log-level TEXT Set level for Incydr client logging.
--help Show this message and exit.
cases file-events list¶
List file events attached to a case.
Usage:
cases file-events list [OPTIONS] CASE_NUMBER
Options:
-f, --format TABLEFORMAT Format to print result. One of 'table', 'json-
pretty', 'json-lines', or 'csv. If environment has
INCYDR_USE_RICH=false set, defaults to 'json-
lines', else defaults to 'table'.
--columns TEXT Comma-delimited string of column names. Nested
values should be specified in dot-notation. Limits
output to contain only the specified columns in
CSV or Table format. Ignored for JSON output
formats.
--log-stderr Enable logging to stderr.
--log-file TEXT Specify file path to write log output to.
--log-level TEXT Set level for Incydr client logging.
--help Show this message and exit.
cases file-events remove¶
Remove file events from a case specified by CASE_NUMBER.
EVENT_IDS can be either a comma-delimited string of event IDs:
remove CASE_NUMBER "id-1,id-2,id-3,..."
Or a CSV or JSON Lines formatted file:
remove CASE_NUMBER @path_to_csv --format csv
remove CASE_NUMBER @path_to_json --format json-lines
CSV format requires a header row and a column with name matching either "event_id" or "eventId".
Input can also be parsed from stdin using "-" as the command argument, so you can remove all events from a case
by sending the output of cases file-events list command into cases file-events remove:
incydr cases file-events list CASE_NUMBER --format json-lines | incydr cases remove CASE_NUMBER --format json-lines -
Usage:
cases file-events remove [OPTIONS] CASE_NUMBER EVENT_IDS
Options:
-f, --format [csv|json-lines] Specify format of input file: 'csv' or 'json-
lines'. Defaults to 'csv'.
-f, --format [csv|json-lines]
--log-stderr Enable logging to stderr.
--log-file TEXT Specify file path to write log output to.
--log-level TEXT Set level for Incydr client logging.
--help Show this message and exit.
cases file-events show¶
Show details for a file event attached to a case.
Usage:
cases file-events show [OPTIONS] CASE_NUMBER EVENT_ID
Options:
-f, --format SINGLEFORMAT Format to print result. One of 'rich', 'json-
pretty', or 'json-lines'. If environment has
INCYDR_USE_RICH=false set, defaults to 'json-
lines', else defaults to 'rich'.
--log-stderr Enable logging to stderr.
--log-file TEXT Specify file path to write log output to.
--log-level TEXT Set level for Incydr client logging.
--help Show this message and exit.
cases list¶
List all cases.
Usage:
cases list [OPTIONS]
Options:
-f, --format TABLEFORMAT Format to print result. One of 'table', 'json-
pretty', 'json-lines', or 'csv. If environment has
INCYDR_USE_RICH=false set, defaults to 'json-
lines', else defaults to 'table'.
--columns TEXT Comma-delimited string of column names. Nested
values should be specified in dot-notation. Limits
output to contain only the specified columns in
CSV or Table format. Ignored for JSON output
formats.
--log-stderr Enable logging to stderr.
--log-file TEXT Specify file path to write log output to.
--log-level TEXT Set level for Incydr client logging.
--help Show this message and exit.
cases show¶
Show details for a single case.
Usage:
cases show [OPTIONS] CASE_NUMBER
Options:
-f, --format SINGLEFORMAT Format to print result. One of 'rich', 'json-
pretty', or 'json-lines'. If environment has
INCYDR_USE_RICH=false set, defaults to 'json-
lines', else defaults to 'rich'.
--log-stderr Enable logging to stderr.
--log-file TEXT Specify file path to write log output to.
--log-level TEXT Set level for Incydr client logging.
--help Show this message and exit.
cases update¶
Update a single case. Pass the updated value for a field to the corresponding command option.
Usage:
cases update [OPTIONS] CASE_NUMBER
Options:
--assignee TEXT The administrator assigned to the case. Takes a user ID
or a username. Performs an additional lookup if a
username is passed.
--description TEXT Brief optional description.
--findings TEXT Markdown formatted text summarizing the findings for a
case.
--name TEXT Case name.
--status TEXT Case status. One of `ARCHIVED`, `CLOSED` or `OPEN`.
--subject TEXT The case subject. Takes a user ID or a username.
Performs an additional lookup if a username is passed.
--log-stderr Enable logging to stderr.
--log-file TEXT Specify file path to write log output to.
--log-level TEXT Set level for Incydr client logging.
--help Show this message and exit.