Currently the primary difference between the Alerts API and the Case API is the grouping behavior. Cases created via the Alerts API will include all alerts associated with a given subject. Cases created via the Case API are just created with the details provided in the request to Hummingbird. The grouping behavior of the Alerts API results in fewer cases and overall less work for investigators. We are also actively developing additional functionality to add intelligent handling to alerts registered over the Alerts API. For these reasons, we recommend using the Alerts API for alerts generated from any monitoring systems.