a7c9d3f1e0
* Renaming alerts to rules * Updating formatted messages * Updating i18n labels * Completed renaming in UI * Updating client routes including redirect * wip docs update * Reverting title changes for now * Fixing types check * Fixing unit tests * Fixing functional test * Fixing functional test * docs wip * wip docs update * Finished first run through docs * docs docs docs * Fixing bad merge * Fixing functional test * Docs cleanup * Cleaning up i18n labels * Fixing functional test * Updating screenshots * Updating screenshots * Updating screenshots * Updating terminology in alerting examples * Updating terminology in alerting examples Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
65 lines
2.2 KiB
Plaintext
65 lines
2.2 KiB
Plaintext
[role="xpack"]
|
|
[[resilient-action-type]]
|
|
=== IBM Resilient connector and action
|
|
++++
|
|
<titleabbrev>IBM Resilient</titleabbrev>
|
|
++++
|
|
|
|
The IBM Resilient connector uses the https://developer.ibm.com/security/resilient/rest/[RESILIENT REST v2] to create IBM Resilient incidents.
|
|
|
|
[float]
|
|
[[resilient-connector-configuration]]
|
|
==== Connector configuration
|
|
|
|
IBM Resilient connectors have the following configuration properties.
|
|
|
|
Name:: The name of the connector. The name is used to identify a connector in the **Stack Management** UI connector listing, and in the connector list when configuring an action.
|
|
URL:: IBM Resilient instance URL.
|
|
Organization ID:: IBM Resilient organization ID.
|
|
API key ID:: The authentication key ID for HTTP Basic authentication.
|
|
API key secret:: The authentication key secret for HTTP Basic authentication.
|
|
|
|
[float]
|
|
[[Preconfigured-resilient-configuration]]
|
|
==== Preconfigured connector type
|
|
|
|
[source,text]
|
|
--
|
|
my-resilient:
|
|
name: preconfigured-resilient-connector-type
|
|
actionTypeId: .resilient
|
|
config:
|
|
apiUrl: https://elastic.resilient.net
|
|
orgId: ES
|
|
secrets:
|
|
apiKeyId: testuser
|
|
apiKeySecret: tokenkeystorevalue
|
|
--
|
|
|
|
Config defines information for the connector type.
|
|
|
|
`apiUrl`:: An address that corresponds to *URL*.
|
|
`orgId`:: An ID that corresponds to *Organization ID*.
|
|
|
|
Secrets defines sensitive information for the connector type.
|
|
|
|
`apiKeyId`:: A string that corresponds to *API key ID*.
|
|
`apiKeySecret`:: A string that corresponds to *API Key secret*. Should be stored in the <<creating-keystore, {kib} keystore>>.
|
|
|
|
[float]
|
|
[[resilient-action-configuration]]
|
|
==== Action configuration
|
|
|
|
IBM Resilient actions have the following configuration properties.
|
|
|
|
Incident types:: The type of the incident.
|
|
Severity code:: The severity of the incident.
|
|
Name:: A name for the issue, used for searching the contents of the knowledge base.
|
|
Description:: The details about the incident.
|
|
Additional comments:: Additional information for the client, such as how to troubleshoot the issue.
|
|
|
|
[[configuring-resilient]]
|
|
==== Configure IBM Resilient
|
|
|
|
IBM Resilient offers https://www.ibm.com/security/intelligent-orchestration/resilient[Instances], which you can use to test incidents.
|