Related Concepts: Case Manipulation

This function closes the current case. This is the same as manually closing the case. Function requires the reason for closure, a root cause and a comment.

siemplify.close_case(reason=reason, root_cause=root_cause, comment=comment)

Parameters

Param Name Param Type Possible Values Comments Mandatory Parameter
reason string One of three predefined strings available in the close popup (when done manually): “NotMalicious”, “Malicious” and “Maintenance” When creating an action, there is a parameter type named “Case close reason” that can be used. The user will have to choose from the three possible reasons and won’t be able to input their own strings Yes
root_cause string A string taken from the “Case close root cause” table in the settings Similar to the previous parameter, there is an action parameter type called “Close case root cause” which forces the user to choose from values available in the relevant table Yes
comment string Any string could be used here Comment should describe the case, but is not restricted Yes
case_id string 12345 Unique case identifier. No
alert_identifier string 12345 Unique alert identifier. No

Return Type

NoneType

Example:

Sample Code
from SiemplifyAction import SiemplifyAction
siemplify = SiemplifyAction()
reason = "Maintenance"
root_cause = "Employee Error"
comment = "User accidentally activated a correlation before it was ready to be used and triggered this alert"
siemplify.close_case(reason=reason, root_cause=root_cause, comment=comment)
Result Behavior
The case gets closed with the specified reason, root cause and comment. 
Result Value
None