:doc:`SecurityIncidentResponse <../../security-ir>` / Client / create_case

***********
create_case
***********



.. py:method:: SecurityIncidentResponse.Client.create_case(**kwargs)

  

  Creates a new case.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/security-ir-2018-05-10/CreateCase>`_  


  **Request Syntax**
  ::

    response = client.create_case(
        clientToken='string',
        resolverType='AWS'|'Self',
        title='string',
        description='string',
        engagementType='Security Incident'|'Investigation',
        reportedIncidentStartDate=datetime(2015, 1, 1),
        impactedAccounts=[
            'string',
        ],
        watchers=[
            {
                'email': 'string',
                'name': 'string',
                'jobTitle': 'string'
            },
        ],
        threatActorIpAddresses=[
            {
                'ipAddress': 'string',
                'userAgent': 'string'
            },
        ],
        impactedServices=[
            'string',
        ],
        impactedAwsRegions=[
            {
                'region': 'af-south-1'|'ap-east-1'|'ap-east-2'|'ap-northeast-1'|'ap-northeast-2'|'ap-northeast-3'|'ap-south-1'|'ap-south-2'|'ap-southeast-1'|'ap-southeast-2'|'ap-southeast-3'|'ap-southeast-4'|'ap-southeast-5'|'ap-southeast-6'|'ap-southeast-7'|'ca-central-1'|'ca-west-1'|'cn-north-1'|'cn-northwest-1'|'eu-central-1'|'eu-central-2'|'eu-north-1'|'eu-south-1'|'eu-south-2'|'eu-west-1'|'eu-west-2'|'eu-west-3'|'il-central-1'|'me-central-1'|'me-south-1'|'mx-central-1'|'sa-east-1'|'us-east-1'|'us-east-2'|'us-west-1'|'us-west-2'
            },
        ],
        tags={
            'string': 'string'
        }
    )
    
  :type clientToken: string
  :param clientToken: 

    

    .. note::

      

      The ``clientToken`` field is an idempotency key used to ensure that repeated attempts for a single action will be ignored by the server during retries. A caller supplied unique ID (typically a UUID) should be provided.

      

    

    This field is autopopulated if not provided.

  
  :type resolverType: string
  :param resolverType: **[REQUIRED]** 

    Required element used in combination with CreateCase to identify the resolver type.

    

  
  :type title: string
  :param title: **[REQUIRED]** 

    Required element used in combination with CreateCase to provide a title for the new case.

    

  
  :type description: string
  :param description: **[REQUIRED]** 

    Required element used in combination with CreateCase

     

    to provide a description for the new case.

    

  
  :type engagementType: string
  :param engagementType: **[REQUIRED]** 

    Required element used in combination with CreateCase to provide an engagement type for the new cases. Available engagement types include Security Incident | Investigation

    

  
  :type reportedIncidentStartDate: datetime
  :param reportedIncidentStartDate: **[REQUIRED]** 

    Required element used in combination with CreateCase to provide an initial start date for the unauthorized activity.

    

  
  :type impactedAccounts: list
  :param impactedAccounts: **[REQUIRED]** 

    Required element used in combination with CreateCase to provide a list of impacted accounts.

     

    .. note::

      

      AWS account ID's may appear less than 12 characters and need to be zero-prepended. An example would be ``123123123`` which is nine digits, and with zero-prepend would be ``000123123123``. Not zero-prepending to 12 digits could result in errors.

      

    

  
    - *(string) --* 

    

  :type watchers: list
  :param watchers: **[REQUIRED]** 

    Required element used in combination with CreateCase to provide a list of entities to receive notifications for case updates.

    

  
    - *(dict) --* 

    
      - **email** *(string) --* **[REQUIRED]** 

      
      - **name** *(string) --* 

      
      - **jobTitle** *(string) --* 

      
    

  :type threatActorIpAddresses: list
  :param threatActorIpAddresses: 

    An optional element used in combination with CreateCase to provide a list of suspicious internet protocol addresses associated with unauthorized activity.

    

  
    - *(dict) --* 

    
      - **ipAddress** *(string) --* **[REQUIRED]** 

      
      - **userAgent** *(string) --* 

      
    

  :type impactedServices: list
  :param impactedServices: 

    An optional element used in combination with CreateCase to provide a list of services impacted.

    

  
    - *(string) --* 

    

  :type impactedAwsRegions: list
  :param impactedAwsRegions: 

    An optional element used in combination with CreateCase to provide a list of impacted regions.

    

  
    - *(dict) --* 

    
      - **region** *(string) --* **[REQUIRED]** 

      
    

  :type tags: dict
  :param tags: 

    An optional element used in combination with CreateCase to add customer specified tags to a case.

    

  
    - *(string) --* 

    
      - *(string) --* 

      


  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'caseId': 'string'
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **caseId** *(string) --* 

        A response element providing responses for requests to CreateCase. This element responds with the case ID.

        
  
  **Exceptions**
  
  *   :py:class:`SecurityIncidentResponse.Client.exceptions.ServiceQuotaExceededException`

  
  *   :py:class:`SecurityIncidentResponse.Client.exceptions.AccessDeniedException`

  
  *   :py:class:`SecurityIncidentResponse.Client.exceptions.ValidationException`

  
  *   :py:class:`SecurityIncidentResponse.Client.exceptions.SecurityIncidentResponseNotActiveException`

  
  *   :py:class:`SecurityIncidentResponse.Client.exceptions.InternalServerException`

  
  *   :py:class:`SecurityIncidentResponse.Client.exceptions.ThrottlingException`

  
  *   :py:class:`SecurityIncidentResponse.Client.exceptions.ConflictException`

  
  *   :py:class:`SecurityIncidentResponse.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`SecurityIncidentResponse.Client.exceptions.InvalidTokenException`

  