maxmustermann/kibana
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
kibana/x-pack/plugins/case/README.md
Christos Nasikas 52c6b7b81b
[Security Solution][Case] Create comment types (#82715)
2020-11-20 21:03:05 +02:00

99 lines
5.3 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Case Workflow
*Experimental Feature*
Elastic is developing a Case Management Workflow. Follow our progress:
- [Case API Documentation](https://documenter.getpostman.com/view/172706/SW7c2SuF?version=latest)
- [Github Meta](https://github.com/elastic/kibana/issues/50103)
# Action types
See [Kibana Actions](https://github.com/elastic/kibana/tree/master/x-pack/plugins/actions) for more information.
## Case
ID: `.case`
The params properties are modelled after the arguments to the [Cases API](https://www.elastic.co/guide/en/security/master/cases-api-overview.html).
### `config`
This action has no `config` properties.
### `secrets`
This action type has no `secrets` properties.
### `params`
| Property | Description | Type |
| --------------- | ------------------------------------------------------------------------- | ------ |
| subAction | The sub action to perform. It can be `create`, `update`, and `addComment` | string |
| subActionParams | The parameters of the sub action | object |
#### `subActionParams (create)`
| Property | Description | Type |
| ----------- | --------------------------------------------------------------------- | ----------------------- |
| tile | The cases title. | string |
| description | The cases description. | string |
| tags | String array containing words and phrases that help categorize cases. | string[] |
| connector | Object containing the connectors configuration. | [connector](#connector) |
#### `subActionParams (update)`
| Property | Description | Type |
| ----------- | ---------------------------------------------------------- | ----------------------- |
| id | The ID of the case being updated. | string |
| tile | The updated case title. | string |
| description | The updated case description. | string |
| tags | The updated case tags. | string |
| connector | Object containing the connectors configuration. | [connector](#connector) |
| status | The updated case status, which can be: `open` or `closed`. | string |
| version | The current case version. | string |
#### `subActionParams (addComment)`
| Property | Description | Type |
| -------- | ----------------------------------------------------------------------- | ----------------- |
| type | The type of the comment | `user` \| `alert` |
| comment | The comment. Valid only when type is `user`. | string |
| alertId | The alert ID. Valid only when the type is `alert` | string |
| index | The index where the alert is saved. Valid only when the type is `alert` | string |
#### `connector`
| Property | Description | Type |
| -------- | ------------------------------------------------------------------------------------------------- | ----------------- |
| id | ID of the connector used for pushing case updates to external systems. | string |
| name | The connector name. | string |
| type | The type of the connector. Must be one of these: `.servicenow`, `jira`, `.resilient`, and `.none` | string |
| fields | Object containing the connectors fields. | [fields](#fields) |
#### `fields`
For ServiceNow connectors:
| Property | Description | Type |
| -------- | ----------------------------- | ------ |
| urgency | The urgency of the incident. | string |
| severity | The severity of the incident. | string |
| impact | The impact of the incident. | string |
For Jira connectors:
| Property | Description | Type |
| --------- | -------------------------------------------------------------------- | ------ |
| issueType | The issue type of the issue. | string |
| priority | The priority of the issue. | string |
| parent | The key of the parent issue (Valid when the issue type is Sub-task). | string |
For IBM Resilient connectors:
| Property | Description | Type |
| ------------ | ------------------------------- | -------- |
| issueTypes | The issue types of the issue. | string[] |
| severityCode | The severity code of the issue. | string |
Reference in a new issue View git blame Copy permalink