:doc:`SecurityIncidentResponse <../../security-ir>` / Client / update_case

***********
update_case
***********



.. py:method:: SecurityIncidentResponse.Client.update_case(**kwargs)

  

  Updates an existing case.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/security-ir-2018-05-10/UpdateCase>`_  


  **Request Syntax**
  ::

    response = client.update_case(
        caseId='string',
        title='string',
        description='string',
        reportedIncidentStartDate=datetime(2015, 1, 1),
        actualIncidentStartDate=datetime(2015, 1, 1),
        engagementType='Security Incident'|'Investigation',
        watchersToAdd=[
            {
                'email': 'string',
                'name': 'string',
                'jobTitle': 'string'
            },
        ],
        watchersToDelete=[
            {
                'email': 'string',
                'name': 'string',
                'jobTitle': 'string'
            },
        ],
        threatActorIpAddressesToAdd=[
            {
                'ipAddress': 'string',
                'userAgent': 'string'
            },
        ],
        threatActorIpAddressesToDelete=[
            {
                'ipAddress': 'string',
                'userAgent': 'string'
            },
        ],
        impactedServicesToAdd=[
            'string',
        ],
        impactedServicesToDelete=[
            'string',
        ],
        impactedAwsRegionsToAdd=[
            {
                'region': 'af-south-1'|'ap-east-1'|'ap-east-2'|'ap-northeast-1'|'ap-northeast-2'|'ap-northeast-3'|'ap-south-1'|'ap-south-2'|'ap-southeast-1'|'ap-southeast-2'|'ap-southeast-3'|'ap-southeast-4'|'ap-southeast-5'|'ap-southeast-6'|'ap-southeast-7'|'ca-central-1'|'ca-west-1'|'cn-north-1'|'cn-northwest-1'|'eu-central-1'|'eu-central-2'|'eu-north-1'|'eu-south-1'|'eu-south-2'|'eu-west-1'|'eu-west-2'|'eu-west-3'|'il-central-1'|'me-central-1'|'me-south-1'|'mx-central-1'|'sa-east-1'|'us-east-1'|'us-east-2'|'us-west-1'|'us-west-2'
            },
        ],
        impactedAwsRegionsToDelete=[
            {
                'region': 'af-south-1'|'ap-east-1'|'ap-east-2'|'ap-northeast-1'|'ap-northeast-2'|'ap-northeast-3'|'ap-south-1'|'ap-south-2'|'ap-southeast-1'|'ap-southeast-2'|'ap-southeast-3'|'ap-southeast-4'|'ap-southeast-5'|'ap-southeast-6'|'ap-southeast-7'|'ca-central-1'|'ca-west-1'|'cn-north-1'|'cn-northwest-1'|'eu-central-1'|'eu-central-2'|'eu-north-1'|'eu-south-1'|'eu-south-2'|'eu-west-1'|'eu-west-2'|'eu-west-3'|'il-central-1'|'me-central-1'|'me-south-1'|'mx-central-1'|'sa-east-1'|'us-east-1'|'us-east-2'|'us-west-1'|'us-west-2'
            },
        ],
        impactedAccountsToAdd=[
            'string',
        ],
        impactedAccountsToDelete=[
            'string',
        ],
        caseMetadata=[
            {
                'key': 'string',
                'value': 'string'
            },
        ]
    )
    
  :type caseId: string
  :param caseId: **[REQUIRED]** 

    Required element for UpdateCase to identify the case ID for updates.

    

  
  :type title: string
  :param title: 

    Optional element for UpdateCase to provide content for the title field.

    

  
  :type description: string
  :param description: 

    Optional element for UpdateCase to provide content for the description field.

    

  
  :type reportedIncidentStartDate: datetime
  :param reportedIncidentStartDate: 

    Optional element for UpdateCase to provide content for the customer reported incident start date field.

    

  
  :type actualIncidentStartDate: datetime
  :param actualIncidentStartDate: 

    Optional element for UpdateCase to provide content for the incident start date field.

    

  
  :type engagementType: string
  :param engagementType: 

    Optional element for UpdateCase to provide content for the engagement type field. ``Available engagement types include Security Incident | Investigation``.

    

  
  :type watchersToAdd: list
  :param watchersToAdd: 

    Optional element for UpdateCase to provide content to add additional watchers to a case.

    

  
    - *(dict) --* 

    
      - **email** *(string) --* **[REQUIRED]** 

      
      - **name** *(string) --* 

      
      - **jobTitle** *(string) --* 

      
    

  :type watchersToDelete: list
  :param watchersToDelete: 

    Optional element for UpdateCase to provide content to remove existing watchers from a case.

    

  
    - *(dict) --* 

    
      - **email** *(string) --* **[REQUIRED]** 

      
      - **name** *(string) --* 

      
      - **jobTitle** *(string) --* 

      
    

  :type threatActorIpAddressesToAdd: list
  :param threatActorIpAddressesToAdd: 

    Optional element for UpdateCase to provide content to add additional suspicious IP addresses related to a case.

    

  
    - *(dict) --* 

    
      - **ipAddress** *(string) --* **[REQUIRED]** 

      
      - **userAgent** *(string) --* 

      
    

  :type threatActorIpAddressesToDelete: list
  :param threatActorIpAddressesToDelete: 

    Optional element for UpdateCase to provide content to remove suspicious IP addresses from a case.

    

  
    - *(dict) --* 

    
      - **ipAddress** *(string) --* **[REQUIRED]** 

      
      - **userAgent** *(string) --* 

      
    

  :type impactedServicesToAdd: list
  :param impactedServicesToAdd: 

    Optional element for UpdateCase to provide content to add services impacted.

    

  
    - *(string) --* 

    

  :type impactedServicesToDelete: list
  :param impactedServicesToDelete: 

    Optional element for UpdateCase to provide content to remove services impacted.

    

  
    - *(string) --* 

    

  :type impactedAwsRegionsToAdd: list
  :param impactedAwsRegionsToAdd: 

    Optional element for UpdateCase to provide content to add regions impacted.

    

  
    - *(dict) --* 

    
      - **region** *(string) --* **[REQUIRED]** 

      
    

  :type impactedAwsRegionsToDelete: list
  :param impactedAwsRegionsToDelete: 

    Optional element for UpdateCase to provide content to remove regions impacted.

    

  
    - *(dict) --* 

    
      - **region** *(string) --* **[REQUIRED]** 

      
    

  :type impactedAccountsToAdd: list
  :param impactedAccountsToAdd: 

    Optional element for UpdateCase to provide content to add accounts impacted.

     

    .. note::

      

      AWS account ID's may appear less than 12 characters and need to be zero-prepended. An example would be ``123123123`` which is nine digits, and with zero-prepend would be ``000123123123``. Not zero-prepending to 12 digits could result in errors.

      

    

  
    - *(string) --* 

    

  :type impactedAccountsToDelete: list
  :param impactedAccountsToDelete: 

    Optional element for UpdateCase to provide content to add accounts impacted.

     

    .. note::

      

      AWS account ID's may appear less than 12 characters and need to be zero-prepended. An example would be ``123123123`` which is nine digits, and with zero-prepend would be ``000123123123``. Not zero-prepending to 12 digits could result in errors.

      

    

  
    - *(string) --* 

    

  :type caseMetadata: list
  :param caseMetadata: 

    Update the case request with case metadata

    

  
    - *(dict) --* 

      Represents a single metadata entry associated with a case. Each entry consists of a key-value pair that provides additional contextual information about the case, such as classification tags, custom attributes, or system-generated properties.

      

    
      - **key** *(string) --* **[REQUIRED]** 

        The identifier for the metadata field. This key uniquely identifies the type of metadata being stored, such as "severity", "category", or "assignee".

        

      
      - **value** *(string) --* **[REQUIRED]** 

        The value associated with the metadata key. This contains the actual data for the metadata field identified by the key.

        

      
    

  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {}
      
    **Response Structure**

    

    - *(dict) --* 
  
  **Exceptions**
  
  *   :py:class:`SecurityIncidentResponse.Client.exceptions.ServiceQuotaExceededException`

  
  *   :py:class:`SecurityIncidentResponse.Client.exceptions.AccessDeniedException`

  
  *   :py:class:`SecurityIncidentResponse.Client.exceptions.ValidationException`

  
  *   :py:class:`SecurityIncidentResponse.Client.exceptions.SecurityIncidentResponseNotActiveException`

  
  *   :py:class:`SecurityIncidentResponse.Client.exceptions.InternalServerException`

  
  *   :py:class:`SecurityIncidentResponse.Client.exceptions.ThrottlingException`

  
  *   :py:class:`SecurityIncidentResponse.Client.exceptions.ConflictException`

  
  *   :py:class:`SecurityIncidentResponse.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`SecurityIncidentResponse.Client.exceptions.InvalidTokenException`

  