:doc:`SecurityIncidentResponse <../../security-ir>` / Client / get_case

********
get_case
********



.. py:method:: SecurityIncidentResponse.Client.get_case(**kwargs)

  

  Returns the attributes of a case.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/security-ir-2018-05-10/GetCase>`_  


  **Request Syntax**
  ::

    response = client.get_case(
        caseId='string'
    )
    
  :type caseId: string
  :param caseId: **[REQUIRED]** 

    Required element for GetCase to identify the requested case ID.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'title': 'string',
          'caseArn': 'string',
          'description': 'string',
          'caseStatus': 'Submitted'|'Acknowledged'|'Detection and Analysis'|'Containment, Eradication and Recovery'|'Post-incident Activities'|'Ready to Close'|'Closed',
          'engagementType': 'Security Incident'|'Investigation',
          'reportedIncidentStartDate': datetime(2015, 1, 1),
          'actualIncidentStartDate': datetime(2015, 1, 1),
          'impactedAwsRegions': [
              {
                  'region': 'af-south-1'|'ap-east-1'|'ap-east-2'|'ap-northeast-1'|'ap-northeast-2'|'ap-northeast-3'|'ap-south-1'|'ap-south-2'|'ap-southeast-1'|'ap-southeast-2'|'ap-southeast-3'|'ap-southeast-4'|'ap-southeast-5'|'ap-southeast-6'|'ap-southeast-7'|'ca-central-1'|'ca-west-1'|'cn-north-1'|'cn-northwest-1'|'eu-central-1'|'eu-central-2'|'eu-north-1'|'eu-south-1'|'eu-south-2'|'eu-west-1'|'eu-west-2'|'eu-west-3'|'il-central-1'|'me-central-1'|'me-south-1'|'mx-central-1'|'sa-east-1'|'us-east-1'|'us-east-2'|'us-west-1'|'us-west-2'
              },
          ],
          'threatActorIpAddresses': [
              {
                  'ipAddress': 'string',
                  'userAgent': 'string'
              },
          ],
          'pendingAction': 'Customer'|'None',
          'impactedAccounts': [
              'string',
          ],
          'watchers': [
              {
                  'email': 'string',
                  'name': 'string',
                  'jobTitle': 'string'
              },
          ],
          'createdDate': datetime(2015, 1, 1),
          'lastUpdatedDate': datetime(2015, 1, 1),
          'closureCode': 'Investigation Completed'|'Not Resolved'|'False Positive'|'Duplicate',
          'resolverType': 'AWS'|'Self',
          'impactedServices': [
              'string',
          ],
          'caseAttachments': [
              {
                  'attachmentId': 'string',
                  'fileName': 'string',
                  'attachmentStatus': 'Verified'|'Failed'|'Pending',
                  'creator': 'string',
                  'createdDate': datetime(2015, 1, 1)
              },
          ],
          'closedDate': datetime(2015, 1, 1),
          'caseMetadata': [
              {
                  'key': 'string',
                  'value': 'string'
              },
          ]
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **title** *(string) --* 

        Response element for GetCase that provides the case title.

        
      

      - **caseArn** *(string) --* 

        Response element for GetCase that provides the case ARN

        
      

      - **description** *(string) --* 

        Response element for GetCase that provides contents of the case description.

        
      

      - **caseStatus** *(string) --* 

        Response element for GetCase that provides the case status. Options for statuses include ``Submitted | Detection and Analysis | Eradication, Containment and Recovery | Post-Incident Activities | Closed``

        
      

      - **engagementType** *(string) --* 

        Response element for GetCase that provides the engagement type. Options for engagement type include ``Active Security Event | Investigations``

        
      

      - **reportedIncidentStartDate** *(datetime) --* 

        Response element for GetCase that provides the customer provided incident start date.

        
      

      - **actualIncidentStartDate** *(datetime) --* 

        Response element for GetCase that provides the actual incident start date as identified by data analysis during the investigation.

        
      

      - **impactedAwsRegions** *(list) --* 

        Response element for GetCase that provides the impacted regions.

        
        

        - *(dict) --* 
          

          - **region** *(string) --* 
      
    
      

      - **threatActorIpAddresses** *(list) --* 

        Response element for GetCase that provides a list of suspicious IP addresses associated with unauthorized activity.

        
        

        - *(dict) --* 
          

          - **ipAddress** *(string) --* 
          

          - **userAgent** *(string) --* 
      
    
      

      - **pendingAction** *(string) --* 

        Response element for GetCase that identifies the case is waiting on customer input.

        
      

      - **impactedAccounts** *(list) --* 

        Response element for GetCase that provides a list of impacted accounts.

        
        

        - *(string) --* 
    
      

      - **watchers** *(list) --* 

        Response element for GetCase that provides a list of Watchers added to the case.

        
        

        - *(dict) --* 
          

          - **email** *(string) --* 
          

          - **name** *(string) --* 
          

          - **jobTitle** *(string) --* 
      
    
      

      - **createdDate** *(datetime) --* 

        Response element for GetCase that provides the date the case was created.

        
      

      - **lastUpdatedDate** *(datetime) --* 

        Response element for GetCase that provides the date a case was last modified.

        
      

      - **closureCode** *(string) --* 

        Response element for GetCase that provides the summary code for why a case was closed.

        
      

      - **resolverType** *(string) --* 

        Response element for GetCase that provides the current resolver types.

        
      

      - **impactedServices** *(list) --* 

        Response element for GetCase that provides a list of impacted services.

        
        

        - *(string) --* 
    
      

      - **caseAttachments** *(list) --* 

        Response element for GetCase that provides a list of current case attachments.

        
        

        - *(dict) --* 
          

          - **attachmentId** *(string) --* 
          

          - **fileName** *(string) --* 
          

          - **attachmentStatus** *(string) --* 
          

          - **creator** *(string) --* 
          

          - **createdDate** *(datetime) --* 
      
    
      

      - **closedDate** *(datetime) --* 

        Response element for GetCase that provides the date a specified case was closed.

        
      

      - **caseMetadata** *(list) --* 

        Case response metadata

        
        

        - *(dict) --* 

          Represents a single metadata entry associated with a case. Each entry consists of a key-value pair that provides additional contextual information about the case, such as classification tags, custom attributes, or system-generated properties.

          
          

          - **key** *(string) --* 

            The identifier for the metadata field. This key uniquely identifies the type of metadata being stored, such as "severity", "category", or "assignee".

            
          

          - **value** *(string) --* 

            The value associated with the metadata key. This contains the actual data for the metadata field identified by the key.

            
      
    
  
  **Exceptions**
  
  *   :py:class:`SecurityIncidentResponse.Client.exceptions.ServiceQuotaExceededException`

  
  *   :py:class:`SecurityIncidentResponse.Client.exceptions.AccessDeniedException`

  
  *   :py:class:`SecurityIncidentResponse.Client.exceptions.ValidationException`

  
  *   :py:class:`SecurityIncidentResponse.Client.exceptions.SecurityIncidentResponseNotActiveException`

  
  *   :py:class:`SecurityIncidentResponse.Client.exceptions.InternalServerException`

  
  *   :py:class:`SecurityIncidentResponse.Client.exceptions.ThrottlingException`

  
  *   :py:class:`SecurityIncidentResponse.Client.exceptions.ConflictException`

  
  *   :py:class:`SecurityIncidentResponse.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`SecurityIncidentResponse.Client.exceptions.InvalidTokenException`

  