maxmustermann/kibana
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
kibana/x-pack/plugins/case
History
Steph Milovic 335cd1f6fc
[Security Solution] [Cases] Move field mappings from actions to cases (#84587)
2020-12-15 07:06:11 -07:00
..
common [Security Solution] [Cases] Move field mappings from actions to cases (#84587) 2020-12-15 07:06:11 -07:00
server [Security Solution] [Cases] Move field mappings from actions to cases (#84587) 2020-12-15 07:06:11 -07:00
jest.config.js Jest multi-project configuration (#77894) 2020-12-02 11:42:23 -08:00
kibana.json [Security Solution][Case] Sync cases with alerts (#84731) 2020-12-14 21:11:53 +02:00
README.md [Security Solution][Case] Create comment types (#82715) 2020-11-20 21:03:05 +02:00

README.md

Case Workflow

Experimental Feature

Elastic is developing a Case Management Workflow. Follow our progress:

Action types

See Kibana Actions for more information.

Case

ID: .case

The params properties are modelled after the arguments to the Cases API.

config

This action has no config properties.

secrets

This action type has no secrets properties.

params

Property Description Type
subAction The sub action to perform. It can be create, update, and addComment string
subActionParams The parameters of the sub action object

subActionParams (create)

Property Description Type
tile The cases title. string
description The cases description. string
tags String array containing words and phrases that help categorize cases. string[]
connector Object containing the connectors configuration. connector

subActionParams (update)

Property Description Type
id The ID of the case being updated. string
tile The updated case title. string
description The updated case description. string
tags The updated case tags. string
connector Object containing the connectors configuration. connector
status The updated case status, which can be: open or closed. string
version The current case version. string

subActionParams (addComment)

Property Description Type
type The type of the comment user | alert
comment The comment. Valid only when type is user. string
alertId The alert ID. Valid only when the type is alert string
index The index where the alert is saved. Valid only when the type is alert string

connector

Property Description Type
id ID of the connector used for pushing case updates to external systems. string
name The connector name. string
type The type of the connector. Must be one of these: .servicenow, jira, .resilient, and .none string
fields Object containing the connectors fields. fields

fields

For ServiceNow connectors:

Property Description Type
urgency The urgency of the incident. string
severity The severity of the incident. string
impact The impact of the incident. string

For Jira connectors:

Property Description Type
issueType The issue type of the issue. string
priority The priority of the issue. string
parent The key of the parent issue (Valid when the issue type is Sub-task). string

For IBM Resilient connectors:

Property Description Type
issueTypes The issue types of the issue. string[]
severityCode The severity code of the issue. string