Skip to content

Commit

Permalink
[Security Solution] Webhook - Case Management Connector Documentation (
Browse files Browse the repository at this point in the history
…#137726)

Co-authored-by: lcawl <lcawley@elastic.co>
  • Loading branch information
stephmilovic and lcawl authored Aug 12, 2022
1 parent 1b71ff9 commit 9f1416f
Show file tree
Hide file tree
Showing 13 changed files with 423 additions and 25 deletions.
42 changes: 23 additions & 19 deletions docs/management/action-types.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -7,58 +7,62 @@ Connectors provide a central place to store connection information for services
[cols="2"]
|===

a| <<email-action-type, Email>>
a| <<email-action-type,Email>>

| Send email from your server.

a| <<resilient-action-type, IBM Resilient>>
a| <<resilient-action-type,{ibm-r}>>

| Create an incident in IBM Resilient.
| Create an incident in {ibm-r}.

a| <<index-action-type, Index>>
a| <<index-action-type,Index>>

| Index data into Elasticsearch.

a| <<jira-action-type, Jira>>
a| <<jira-action-type,Jira>>

| Create an incident in Jira.

a| <<teams-action-type, Microsoft Teams>>
a| <<teams-action-type,Microsoft Teams>>

| Send a message to a Microsoft Teams channel.

a| <<pagerduty-action-type, PagerDuty>>
a| <<pagerduty-action-type,PagerDuty>>

| Send an event in PagerDuty.

a| <<server-log-action-type, ServerLog>>
a| <<server-log-action-type,ServerLog>>

| Add a message to a Kibana log.

a| <<servicenow-action-type, ServiceNow ITSM>>
a| <<servicenow-action-type,{sn-itsm}>>

| Create an incident in ServiceNow.
| Create an incident in {sn}.

a| <<servicenow-sir-action-type, ServiceNow SecOps>>
a| <<servicenow-sir-action-type,{sn-sir}>>

| Create a security incident in ServiceNow.
| Create a security incident in {sn}.

a| <<servicenow-itom-action-type, ServiceNow ITOM>>
a| <<servicenow-itom-action-type,{sn-itom}>>

| Create an event in ServiceNow.
| Create an event in {sn}.

a| <<slack-action-type, Slack>>
a| <<slack-action-type,Slack>>

| Send a message to a Slack channel or user.

a| <<swimlane-action-type, Swimlane>>
a| <<swimlane-action-type,{swimlane}>>

| Create an incident in Swimlane.
| Create an incident in {swimlane}.

a| <<webhook-action-type, Webhook>>
a| <<webhook-action-type, {webhook}>>

| Send a request to a web service.

a| <<cases-webhook-action-type,{webhook-cm}>>

| Send a request to a Case Management web service.

a| <<xmatters-action-type,xMatters>>

| Send actionable alerts to on-call xMatters resources.
Expand All @@ -68,7 +72,7 @@ a| <<xmatters-action-type,xMatters>>
==============================================
Some connector types are paid commercial features, while others are free.
For a comparison of the Elastic subscription levels,
see https://www.elastic.co/subscriptions[the subscription page].
see {subscriptions}[the subscription page].
==============================================

[float]
Expand Down
15 changes: 9 additions & 6 deletions docs/management/cases/add-connectors.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,12 @@ preview::[]
You can add connectors to cases to push information to these external incident
management systems:

* IBM Resilient
* Jira
* ServiceNow ITSM
* ServiceNow SecOps
* {ibm-r}
* {jira}
* {sn-itsm}
* {sn-sir}
* {swimlane}
* {webhook-cm}

NOTE: To create connectors and send cases to external systems, you must have the
appropriate {kib} feature privileges. Refer to <<setup-cases>>.
Expand All @@ -34,7 +35,8 @@ image::images/cases-connectors.png[]

. Enter your required settings. Refer to <<resilient-action-type>>,
<<jira-action-type>>, <<servicenow-action-type>>, <<servicenow-sir-action-type>>,
or <<swimlane-action-type>> for connector configuration details.
<<swimlane-action-type>>, or <<cases-webhook-action-type>> for connector
configuration details.

. Click *Save*.

Expand All @@ -53,4 +55,5 @@ external system, update the case closure options.
. To change the default connector for new cases, select the connector from the
*Incident management system* list.

. To update a connector, click *Update <connector name>* and edit the connector fields as required.
. To update a connector, click *Update <connector name>* and edit the connector
fields as required.
Loading

0 comments on commit 9f1416f

Please sign in to comment.