[FR] API v2 Endpoint for Bulk Case Creation/Import

[vitormserrao-ux]

Currently, IRIS v2.4.22 exposes REST API v2 endpoints for managing Customers, Evidence Types, IOC Types, and Custom Attributes, but lacks a documented endpoint for bulk creation or import of cases/incidents.

Problem:

✅ POST /api/v2/customers — case creation works

✅ POST /api/v1/alerts — alert management available

❌ POST /api/v2/cases — does not exist

This limitation forces users to create cases manually via the UI or via case templates, preventing automation of incident ingestion from external sources (CSV, SIEM alerts, ticketing systems, etc.).

Expected Behavior:

A REST API v2 endpoint allowing programmatic case creation with support for:

Case name/title

Description

Customer assignment

Custom attributes

Bulk import from structured data (JSON/CSV)

Actual Behavior:

No documented or functional endpoint exists. Attempting POST /api/v2/cases returns HTTP 404 NOT FOUND.

Environment:

IRIS Version: v2.4.22

Deployment: Docker Compose

API: v2

Workaround:
Currently limited to UI-based creation or direct database manipulation (unsupported).

Related Issues:

Similar API expansion requests: #819, #791-#794 (users, groups, alerts)

[vitormserrao-ux]

Complementary Information - We are migrating 1281 historical incidents into IRIS from an existing ticketing system. All incident data is available in structured format (CSV/JSON).:

Current Workaround (not scalable):
Manual GUI entry: ~2-3 min per case = 40-64 hours for 1281 cases
High error rate (~5-10%)
Impractical for production deployment

@whikernel