-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SIEM] Case workflow integration with third-party system(s) #50103
Comments
Pinging @elastic/siem (Team:SIEM) |
@MikePaquette there's a lot of interesting overlap between case workflow and some of the emerging concepts in Kibana like actions & connectors, "kibana alerting", user-events, and "kibana notifications" - and I think much of the use case is portable to other domains. I'd like to see Kibana stack services being able to support aspects of this that are not security & SIEM specific, if there are any gaps we should fill them. |
Ideally you'd like the external system to make an http request into Kibana to indicate a case has been closed, but ... we're not there yet. Kinda falls into the "chat-ops" or related areas. In the meantime however, creating an an alert or even just task manager task to somehow look for "newly closed cases" or such could work.! |
Describe the feature:
Add a basic case workflow integration with third party systems in SIEM app.
Describe a specific use case for the feature:
SOC analysts and investigators using SIEM app need a way to coordinate their work inside SIEM with work being done by them or others in an external case/ticket management system, security incident response system, or security orchestration/automated response system.
Specifically they want to be able to:
The text was updated successfully, but these errors were encountered: