You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Collect and share information about security issues by opening a case in {{elastic-sec}}. Cases allow you to track key investigation details, collect alerts in a central location, and more. The {{elastic-sec}} UI provides several ways to create and manage cases. Alternatively, you can use the [cases API](https://www.elastic.co/docs/api/doc/kibana/group/endpoint-cases) to perform the same tasks.
17
10
@@ -30,7 +23,7 @@ You can also send cases to these external systems by [configuring external conne
30
23
:::
31
24
32
25
::::{note}
33
-
From {{elastic-sec}}, you cannot access cases created in {{observability}} or Stack Management.
26
+
From {{elastic-sec}} in the {{stack}}, you cannot access cases created in {{observability}} or Stack Management.
% Internal links rely on the following IDs being on this page (e.g. as a heading ID, paragraph ID, etc):
17
-
18
-
$$$cases-templates$$$
19
-
20
-
$$$cases-ui-custom-fields$$$
21
-
22
-
$$$cases-ui-integrations$$$
23
-
24
-
$$$cases-observable-types$$$
25
-
26
-
$$$security-cases-settings-templates$$$
27
-
28
-
$$$security-cases-settings-custom-fields$$$
29
-
30
-
$$$security-cases-observable-types$$$
31
-
32
-
33
-
34
-
To change case closure options, add custom fields, templates, and connectors for external incident management systems, and create custom observable types, find **Cases** in the navigation menu or search for `Security/Cases` by using the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md), then click **Settings**.
9
+
To change case closure options, add custom fields, templates, and connectors for external incident management systems, and create custom observable types. In the {{stack}}, find **Cases** in the navigation menu or search for `Security/Cases` by using the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md), then click **Settings**. In {{serverless-short}}, you can access case settings in an {{elastic-sec}} project, go to **Cases** → **Settings**.
To view and change case settings, you must have the appropriate {{kib}} feature privileges. Refer to [Cases requirements](/solutions/security/investigate/cases-requirements.md).
17
+
On {{stack}}, view and change case settings, you must have the appropriate {{kib}} feature privileges. Refer to [Cases requirements](/solutions/security/investigate/cases-requirements.md).
43
18
::::
44
19
45
20
@@ -48,7 +23,7 @@ To view and change case settings, you must have the appropriate {{kib}} feature
48
23
49
24
If you close cases in your external incident management system, the cases will remain open in {{elastic-sec}} until you close them manually.
50
25
51
-
To close cases when they are sent to an external system, select **Automatically close cases when pushing new incident to external system**.
26
+
To close cases when they are sent to an external system, select the option to automatically close cases when pushing new incident to external system.
52
27
53
28
54
29
## External incident management systems [cases-ui-integrations]
@@ -66,7 +41,7 @@ You can push {{elastic-sec}} cases to these third-party systems:
66
41
To push cases, you need to create a connector, which stores the information required to interact with an external system. After you have created a connector, you can set {{elastic-sec}} cases to automatically close when they are sent to external systems.
67
42
68
43
::::{important}
69
-
To create connectors and send cases to external systems, you need the [appropriate license](https://www.elastic.co/subscriptions), and your role needs **All** privileges for the **Action and Connectors** feature. For more information, refer to [Cases requirements](/solutions/security/investigate/cases-requirements.md).
44
+
To create connectors and send cases to external systems, ensure you have the appropriate role privileges and [{{stack}} subscription](https://www.elastic.co/pricing) or [{{serverless-short}} project tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md). For more information, refer to [Cases requirements](/solutions/security/investigate/cases-requirements.md).
70
45
::::
71
46
72
47
@@ -154,7 +129,7 @@ If you update or delete templates, existing cases are unaffected.
154
129
## Observable types [cases-observable-types]
155
130
156
131
::::{admonition} Requirements
157
-
To use observables, you must have a [Platinum subscription](https://www.elastic.co/pricing) or higher.
132
+
Ensure you have the appropriate [{{stack}} subscription](https://www.elastic.co/pricing) or [{{serverless-short}} project tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md).
0 commit comments