This function creates Siemplify case with the alerts and events contained in the case_info dictionary 

siemplify.create_case(case_info)

Parameters

Param Name Param Type Possible Values Comments Mandatory Parameter
case_info dict See example. The details of the case to create. The dictionary keys must be in snake case. Yes

Return Type 

NoneType

Example

Sample code 
 
import time
import uuid


from SiemplifyAction import SiemplifyAction
from SiemplifyUtils import output_handler


@output_handler
def main():
    siemplify = SiemplifyAction()
    case_info = {
        "events": [
            {
                "_fields": {
                    "base_event_ids": "[]",
                    "parent_event_id": -1,
                    "device_product": "DLP_Product"
                },
                "_raw_data_fields": {
                    "application_protocol": "TCP",
                    "category_outcome": "blocked",
                    "destination_address": "10.0.0.28",
                    "destination_host_name": "lab@siemplify.local",
                    "destination_port": "770",
                    "destination_process_name": "MrlCS.sob",
                    "destination_user_name": "XWzNr1l@gmail.com",
                    "device_address": "172.21.135.124",
                    "device_event_class_id": "Data Exfiltration",
                    "device_host_name": "ckIYC2",
                    "field_24": "B0:E7:DF:6C:EF:71",
                    "device_product": "DLP_Product",
                    "usb": "USB_DEVICE_1",
                    "device_vendor": "Vendor",
                    "event_id": "0aa16009-5bb4-41a3-91ed-81347442ca29",
                    "manager_receipt_time": "1522059443000",
                    "message": "Data Exfiltration",
                    "name": "Data Exfiltration",
                    "source_user_name": "User41@siemplify",
                    "severity": "8",
                    "source_address": "10.0.0.51",
                    "cs1": "VID_078654",
                    "source_host_name": "AppTransaction.db.siemplify",
                    "start_time": "1522059443000",
                    "end_time": "1522059443000",
                    "sourcetype": "DLP_Product"
                }
            }
        ],
        "ticket_id": str(uuid.uuid4()),
        "description": "Data Exfiltration",
        "display_id": str(uuid.uuid4()),
        "reason": None,
        "source_system_name": "Arcsight",
        "name": "Data Exfiltration",
        "device_vendor": "DLP",
        "device_product": "DLP_Product",
        "start_time": str(int(time.time())),
        "end_time": str(int(time.time())),
        "priority": 0,
        "rule_generator": "Data Exfiltration",
        "extensions": [],
        "is_test_case": False
    }
    siemplify.create_case(case_info=case_info)
    siemplify.end('done', 'done')
    if __name__ == "__main__":

    main()
Result Behavior 
The case with the provided case data is created.
Result Value 
None