UpdateCaseStatus - AWS Security Incident Response

UpdateCaseStatus

Updates the state transitions for a designated cases.

Self-managed: the following states are available for self-managed cases.

  • Submitted → Detection and Analysis

  • Detection and Analysis → Containment, Eradication, and Recovery

  • Detection and Analysis → Post-incident Activities

  • Containment, Eradication, and Recovery → Detection and Analysis

  • Containment, Eradication, and Recovery → Post-incident Activities

  • Post-incident Activities → Containment, Eradication, and Recovery

  • Post-incident Activities → Detection and Analysis

  • Any → Closed

AWS supported: You must use the CloseCase API to close.

Request Syntax

POST /v1/cases/caseId/update-case-status HTTP/1.1 Content-type: application/json { "caseStatus": "string" }

URI Request Parameters

The request uses the following URI parameters.

caseId

Required element for UpdateCaseStatus to identify the case to update.

Length Constraints: Minimum length of 10. Maximum length of 32.

Pattern: \d{10,32}.*

Required: Yes

Request Body

The request accepts the following data in JSON format.

caseStatus

Required element for UpdateCaseStatus to identify the status for a case. Options include Submitted | Detection and Analysis | Containment, Eradication and Recovery | Post-incident Activities.

Type: String

Valid Values: Submitted | Detection and Analysis | Containment, Eradication and Recovery | Post-incident Activities

Required: Yes

Response Syntax

HTTP/1.1 201 Content-type: application/json { "caseStatus": "string" }

Response Elements

If the action is successful, the service sends back an HTTP 201 response.

The following data is returned in JSON format by the service.

caseStatus

Response element for UpdateCaseStatus showing the newly configured status.

Type: String

Valid Values: Submitted | Detection and Analysis | Containment, Eradication and Recovery | Post-incident Activities

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

message

The ID of the resource which lead to the access denial.

HTTP Status Code: 403

ConflictException

message

The exception message.

resourceId

The ID of the conflicting resource.

resourceType

The type of the conflicting resource.

HTTP Status Code: 409

InternalServerException

message

The exception message.

retryAfterSeconds

The number of seconds after which to retry the request.

HTTP Status Code: 500

InvalidTokenException

message

The exception message.

HTTP Status Code: 423

ResourceNotFoundException

message

The exception message.

HTTP Status Code: 404

SecurityIncidentResponseNotActiveException

message

The exception message.

HTTP Status Code: 400

ServiceQuotaExceededException

message

The exception message.

quotaCode

The code of the quota.

resourceId

The ID of the requested resource which lead to the service quota exception.

resourceType

The type of the requested resource which lead to the service quota exception.

serviceCode

The service code of the quota.

HTTP Status Code: 402

ThrottlingException

message

The exception message.

quotaCode

The quota code of the exception.

retryAfterSeconds

The number of seconds after which to retry the request.

serviceCode

The service code of the exception.

HTTP Status Code: 429

ValidationException

fieldList

The fields which lead to the exception.

message

The exception message.

reason

The reason for the exception.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: