[8.19] XSOAR Connector (#212049) (#224698)

# Backport

This will backport the following commits from `main` to `8.19`:
- [XSOAR Connector
(#212049)](#212049)

<!--- Backport version: 10.0.1 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Brijesh
Khunt","email":"[email protected]"},"sourceCommit":{"committedDate":"2025-06-20T12:50:07Z","message":"XSOAR
Connector (#212049)\n\n## Summary\n\nXSOAR action connector, enabling
users to send alerts generated by the\nrule detection engine to Palo
Alto XSOAR for automation and remediation.\n\n### **create
connector**\n\n![xsoar-connector](https://github.com/user-attachments/assets/14d9791b-0242-42b5-b9e4-975d7f6826cc)\n\n###
**test connector**\n1. **test
page**\n\n![xsoar-params-test](https://github.com/user-attachments/assets/2bdd3b79-7f5f-4d52-836b-f458c390e55c)\n\n2.
**select
playbook**\n\n![xsoar-select-playbook](https://github.com/user-attachments/assets/23787b24-31b0-4f56-b451-0e8b42c79797)\n\n###
Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers
should verify this PR satisfies this list as well.\n\n- [x] Any text
added follows [EUI's
writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\nsentence case text and includes
[i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n-
[
]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas
added for features that require explanation or tutorials\n- [x] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [x] If a plugin
configuration key changed, check if it needs to be\nallowlisted in the
cloud and added to the
[docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n-
[x] This was checked for breaking HTTP API changes, and any
breaking\nchanges have been approved by the breaking-change committee.
The\n`release_note:breaking` label should be applied in these
situations.\n- [x] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n- [x] The PR description includes the
appropriate Release Notes section,\nand the correct `release_note:*`
label is applied per
the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n\n###
For maintainers\n\n- [ ] This was checked for breaking API changes and
was
[labeled\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n\n---------\n\nCo-authored-by:
kibanamachine
<[email protected]>\nCo-authored-by: Sergi
Massaneda <[email protected]>\nCo-authored-by: Nastasha Solomon
<[email protected]>\nCo-authored-by:
Elastic Machine
<[email protected]>","sha":"3fcdc062fa0867ffa6502823e2b31f8f2ad99ac9","branchLabelMapping":{"^v9.1.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:ResponseOps","Team:
SecuritySolution","release_note:feature","backport:version","v9.1.0","v8.19.0"],"title":"XSOAR
Connector","number":212049,"url":"https://github.com/elastic/kibana/pull/212049","mergeCommit":{"message":"XSOAR
Connector (#212049)\n\n## Summary\n\nXSOAR action connector, enabling
users to send alerts generated by the\nrule detection engine to Palo
Alto XSOAR for automation and remediation.\n\n### **create
connector**\n\n![xsoar-connector](https://github.com/user-attachments/assets/14d9791b-0242-42b5-b9e4-975d7f6826cc)\n\n###
**test connector**\n1. **test
page**\n\n![xsoar-params-test](https://github.com/user-attachments/assets/2bdd3b79-7f5f-4d52-836b-f458c390e55c)\n\n2.
**select
playbook**\n\n![xsoar-select-playbook](https://github.com/user-attachments/assets/23787b24-31b0-4f56-b451-0e8b42c79797)\n\n###
Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers
should verify this PR satisfies this list as well.\n\n- [x] Any text
added follows [EUI's
writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\nsentence case text and includes
[i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n-
[
]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas
added for features that require explanation or tutorials\n- [x] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [x] If a plugin
configuration key changed, check if it needs to be\nallowlisted in the
cloud and added to the
[docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n-
[x] This was checked for breaking HTTP API changes, and any
breaking\nchanges have been approved by the breaking-change committee.
The\n`release_note:breaking` label should be applied in these
situations.\n- [x] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n- [x] The PR description includes the
appropriate Release Notes section,\nand the correct `release_note:*`
label is applied per
the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n\n###
For maintainers\n\n- [ ] This was checked for breaking API changes and
was
[labeled\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n\n---------\n\nCo-authored-by:
kibanamachine
<[email protected]>\nCo-authored-by: Sergi
Massaneda <[email protected]>\nCo-authored-by: Nastasha Solomon
<[email protected]>\nCo-authored-by:
Elastic Machine
<[email protected]>","sha":"3fcdc062fa0867ffa6502823e2b31f8f2ad99ac9"}},"sourceBranch":"main","suggestedTargetBranches":["8.19"],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/212049","number":212049,"mergeCommit":{"message":"XSOAR
Connector (#212049)\n\n## Summary\n\nXSOAR action connector, enabling
users to send alerts generated by the\nrule detection engine to Palo
Alto XSOAR for automation and remediation.\n\n### **create
connector**\n\n![xsoar-connector](https://github.com/user-attachments/assets/14d9791b-0242-42b5-b9e4-975d7f6826cc)\n\n###
**test connector**\n1. **test
page**\n\n![xsoar-params-test](https://github.com/user-attachments/assets/2bdd3b79-7f5f-4d52-836b-f458c390e55c)\n\n2.
**select
playbook**\n\n![xsoar-select-playbook](https://github.com/user-attachments/assets/23787b24-31b0-4f56-b451-0e8b42c79797)\n\n###
Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers
should verify this PR satisfies this list as well.\n\n- [x] Any text
added follows [EUI's
writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\nsentence case text and includes
[i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n-
[
]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas
added for features that require explanation or tutorials\n- [x] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [x] If a plugin
configuration key changed, check if it needs to be\nallowlisted in the
cloud and added to the
[docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n-
[x] This was checked for breaking HTTP API changes, and any
breaking\nchanges have been approved by the breaking-change committee.
The\n`release_note:breaking` label should be applied in these
situations.\n- [x] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n- [x] The PR description includes the
appropriate Release Notes section,\nand the correct `release_note:*`
label is applied per
the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n\n###
For maintainers\n\n- [ ] This was checked for breaking API changes and
was
[labeled\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n\n---------\n\nCo-authored-by:
kibanamachine
<[email protected]>\nCo-authored-by: Sergi
Massaneda <[email protected]>\nCo-authored-by: Nastasha Solomon
<[email protected]>\nCo-authored-by:
Elastic Machine
<[email protected]>","sha":"3fcdc062fa0867ffa6502823e2b31f8f2ad99ac9"}},{"branch":"8.19","label":"v8.19.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Brijesh Khunt <[email protected]>

Author: semd

docs/docset.yml

@@ -0,0 +1,64 @@
+project: 'Kibana docs'
+products:
+  - id: kibana
+exclude:
+  - settings-gen/readme.md
+  - development/plugins/expressions/public/kibana-plugin-plugins-expressions-public.createdefaultinspectoradapters.md
+cross_links:
+  - apm-agent-nodejs
+  - apm-agent-rum-js
+  - docs-content
+  - ecs
+  - elasticsearch
+toc:
+  - toc: reference
+  - toc: release-notes
+  - toc: extend
+subs:
+  version: "9.0.0"
+  branch: "9.0"
+  ecloud:   "Elastic Cloud"
+  ech:   "Elastic Cloud Hosted"
+  ess:   "Elasticsearch Service"
+  ece:   "Elastic Cloud Enterprise"
+  serverless-full:   "Elastic Cloud Serverless"
+  security-app:   "Elastic Security app"
+  stack-manage-app:   "Stack Management"
+  stack-monitor-app:   "Stack Monitoring"
+  rules-ui:   "Rules"
+  connectors-ui:   "Connectors"
+  connectors-feature:   "Actions and Connectors"
+  hosted-ems:   "Elastic Maps Server"
+  data-sources:   "data views"
+  agent:   "Elastic Agent"
+  agents:   "Elastic Agents"
+  fleet:   "Fleet"
+  fleet-server:   "Fleet Server"
+  package-manager:   "Elastic Package Manager"
+  stack:   "Elastic Stack"
+  es:   "Elasticsearch"
+  kib:   "Kibana"
+  ls:   "Logstash"
+  security-features:   "security features"
+  stack-security-features:   "Elastic Stack security features"
+  endpoint-sec:   "Endpoint Security"
+  swimlane:   "Swimlane"
+  sn:   "ServiceNow"
+  sn-itsm:   "ServiceNow ITSM"
+  sn-itom:   "ServiceNow ITOM"
+  sn-sir:   "ServiceNow SecOps"
+  ibm-r:   "IBM Resilient"
+  webhook:   "Webhook"
+  webhook-cm:   "Webhook - Case Management"
+  opsgenie:   "Opsgenie"
+  bedrock:   "Amazon Bedrock"
+  gemini:   "Google Gemini"
+  hive:   "TheHive"
+  xsoar:   "XSOAR"
+  report-features:   "reporting features"
+  ml:   "machine learning"
+  ccs:   "cross-cluster search"
+  anomaly-job:   "anomaly detection job"
+  observability:   "Observability"
+  kib-repo:   "https://github.com/elastic/kibana/"
+  kib-pull: "https://github.com/elastic/kibana/pull/"

docs/reference/connectors-kibana.md

@@ -0,0 +1,124 @@
+---
+mapped_pages:
+  - https://www.elastic.co/guide/en/kibana/current/action-types.html
+navigation_title: Connectors
+applies_to:
+  serverless: ga
+  stack: ga
+---
+# Kibana connectors [action-types]
+
+Connectors provide a central place to store connection information for services and integrations with Elastic or third party systems.
+Actions are instantiations of a connector that are linked to rules and run as background tasks on the {{kib}} server when rule conditions are met.
+{{kib}} provides the following types of connectors:
+
+* [{{bedrock}}](/reference/connectors-kibana/bedrock-action-type.md): Send a request to {{bedrock}}.
+* [Cases](/reference/connectors-kibana/cases-action-type.md): Add alerts to cases.
+* [CrowdStrike](/reference/connectors-kibana/crowdstrike-action-type.md): Send a request to CrowdStrike.
+* [D3 Security](/reference/connectors-kibana/d3security-action-type.md): Send a request to D3 Security.
+* [{{gemini}}](/reference/connectors-kibana/gemini-action-type.md): Send a request to {{gemini}}.
+* [Elastic Managed LLM](/reference/connectors-kibana/elastic-managed-llm.md): Send a request to Elastic Managed LLM.
+* [Email](/reference/connectors-kibana/email-action-type.md): Send email from your server.
+* [{{ibm-r}}](/reference/connectors-kibana/resilient-action-type.md): Create an incident in {{ibm-r}}.
+* [Index](/reference/connectors-kibana/index-action-type.md): Index data into Elasticsearch.
+* [Jira](/reference/connectors-kibana/jira-action-type.md): Create an incident in Jira.
+* [Microsoft Defender for Endpoint](/reference/connectors-kibana/defender-action-type.md): Send requests to  Microsoft Defender-enrolled hosts.
+* [Microsoft Teams](/reference/connectors-kibana/teams-action-type.md): Send a message to a Microsoft Teams channel.
+* [Observability AI Assistant](/reference/connectors-kibana/obs-ai-assistant-action-type.md): Add AI-driven insights and custom actions to your workflow.
+* [OpenAI](/reference/connectors-kibana/openai-action-type.md): Send a request to OpenAI.
+* [{{opsgenie}}](/reference/connectors-kibana/opsgenie-action-type.md): Create or close an alert in {{opsgenie}}.
+* [PagerDuty](/reference/connectors-kibana/pagerduty-action-type.md): Send an event in PagerDuty.
+* [SentinelOne](/reference/connectors-kibana/sentinelone-action-type.md): Send a request to SentinelOne.
+* [ServerLog](/reference/connectors-kibana/server-log-action-type.md): Add a message to a Kibana log.
+* [{{sn-itsm}}](/reference/connectors-kibana/servicenow-action-type.md): Create an incident in {{sn}}.
+* [{{sn-sir}}](/reference/connectors-kibana/servicenow-sir-action-type.md): Create a security incident in {{sn}}.
+* [{{sn-itom}}](/reference/connectors-kibana/servicenow-itom-action-type.md): Create an event in {{sn}}.
+* [Slack](/reference/connectors-kibana/slack-action-type.md): Send a message to a Slack channel or user.
+* [{{swimlane}}](/reference/connectors-kibana/swimlane-action-type.md): Create an incident in {{swimlane}}.
+* [{{hive}}](/reference/connectors-kibana/thehive-action-type.md): Create cases and alerts in {{hive}}.
+* [Tines](/reference/connectors-kibana/tines-action-type.md): Send events to a Tines Story.
+* [Torq](/reference/connectors-kibana/torq-action-type.md): Trigger a Torq workflow.
+* [{{webhook}}](/reference/connectors-kibana/webhook-action-type.md): Send a request to a web service.
+* [{{webhook-cm}}](/reference/connectors-kibana/cases-webhook-action-type.md): Send a request to a Case Management web service.
+* [xMatters](/reference/connectors-kibana/xmatters-action-type.md): Send actionable alerts to on-call xMatters resources.
+* [{{xsoar}}](/reference/connectors-kibana/xsoar-action-type.md): Create an incident in Cortex {{xsoar}}.
+
+::::{note}
+Some connector types are paid commercial features, while others are free. For a comparison of the Elastic subscription levels, go to [the subscription page](https://www.elastic.co/subscriptions).
+
+::::
+
+
+
+## Managing connectors [connector-management]
+
+Rules use connectors to route actions to different destinations like log files, ticketing systems, and messaging tools. While each {{kib}} app can offer their own types of rules, they typically share connectors. **{{stack-manage-app}} > {{connectors-ui}}** offers a central place to view and manage all the connectors in the current space.
+
+% TO DO: Use `:class: screenshot`
+![Example connector listing in the {{rules-ui}} UI](images/connector-listing.png)
+
+
+## Required permissions [_required_permissions_2]
+
+Access to connectors is granted based on your privileges to alerting-enabled features. For more information, go to [Security](docs-content://explore-analyze/alerts-cases/alerts/alerting-setup.md#alerting-security).
+
+
+## Connector networking configuration [_connector_networking_configuration]
+
+Use the [action configuration settings](/reference/configuration-reference/alerting-settings.md#action-settings) to customize connector networking configurations, such as proxies, certificates, or TLS settings. You can set configurations that apply to all your connectors or use `xpack.actions.customHostSettings` to set per-host configurations.
+
+
+## Connector list [connectors-list]
+
+In **{{stack-manage-app}} > {{connectors-ui}}**, you can find a list of the connectors in the current space. You can use the search bar to find specific connectors by name and type. The **Type** dropdown also enables you to filter to a subset of connector types.
+
+% TO DO: Use `:class: screenshot`
+![Filtering the connector list by types of connectors](images/connector-filter-by-type.png)
+
+You can delete individual connectors using the trash icon. Alternatively, select multiple connectors and delete them in bulk using the **Delete** button.
+
+% TO DO: Use `:class: screenshot`
+![Deleting connectors individually or in bulk](images/connector-delete.png)
+
+::::{note}
+You can delete a connector even if there are still actions referencing it. When this happens the action will fail to run and errors appear in the {{kib}} logs.
+
+::::
+
+
+
+## Creating a new connector [creating-new-connector]
+
+New connectors can be created with the **Create connector** button, which guides you to select the type of connector and configure its properties.
+
+% TO DO: Use `:class: screenshot`
+![Connector select type](images/connector-select-type.png)
+
+After you create a connector, it is available for use any time you set up an action in the current space.
+
+For out-of-the-box and standardized connectors, refer to [preconfigured connectors](/reference/connectors-kibana/pre-configured-connectors.md).
+
+::::{tip}
+You can also manage connectors as resources with the [Elasticstack provider](https://registry.terraform.io/providers/elastic/elasticstack/latest) for Terraform. For more details, refer to the [elasticstack_kibana_action_connector](https://registry.terraform.io/providers/elastic/elasticstack/latest/docs/resources/kibana_action_connector) resource.
+::::
+
+
+
+## Importing and exporting connectors [importing-and-exporting-connectors]
+
+To import and export connectors, use the [Saved Objects Management UI](docs-content://explore-analyze/find-and-organize/saved-objects.md).
+
+% TO DO: Use `:class: screenshot`
+![Connectors import banner](images/connectors-import-banner.png)
+
+If a connector is missing sensitive information after the import, a **Fix** button appears in **{{connectors-ui}}**.
+
+% TO DO: Use `:class: screenshot`
+![Connectors with missing secrets](images/connectors-with-missing-secrets.png)
+
+
+## Monitoring connectors [monitoring-connectors]
+
+The [Task Manager health API](docs-content://deploy-manage/monitor/kibana-task-manager-health-monitoring.md) helps you understand the performance of all tasks in your environment. However, if connectors fail to run, they will report as successful to Task Manager. The failure stats will not accurately depict the performance of connectors.
+
+For more information on connector successes and failures, refer to the [Event log index](docs-content://explore-analyze/alerts-cases/alerts/event-log-index.md).

docs/reference/connectors-kibana/xsoar-action-type.md

@@ -0,0 +1,80 @@
+---
+navigation_title: "{{xsoar}}"
+mapped_pages:
+  - https://www.elastic.co/guide/en/kibana/current/xsoar-action-type.html
+---
+
+# {{xsoar}} connector and action [xsoar-action-type]
+
+
+{{xsoar}} connector uses the [{{xsoar}} REST API](https://cortex-panw.stoplight.io/docs/cortex-xsoar-8/m0qlgh9inh4vk-create-or-update-an-incident) to create Cortex {{xsoar}} incidents.
+
+
+## Create connectors in {{kib}} [define-xsoar-ui]
+
+You can create connectors in **{{stack-manage-app}} > {{connectors-ui}}** or as needed when you’re creating a rule. For example:
+
+% TO DO: Use `:class: screenshot`
+![XSOAR connector](../images/xsoar-connector.png)
+
+
+### Connector configuration [xsoar-connector-configuration]
+
+{{xsoar}} connectors have the following configuration properties:
+
+Name
+:   The name of the connector.
+
+URL
+:   The {{xsoar}} instance URL.
+
+API key
+:   The {{xsoar}} API key for authentication.
+
+    ::::{note}
+    If you do not have an API key, refer to [Create a new API key](https://cortex-panw.stoplight.io/docs/cortex-xsoar-8/t09y7hrb5d14m-create-a-new-api-key) to make one for your {{xsoar}} instance.
+    ::::
+
+API key id
+:   The {{xsoar}} API key ID for authentication. (Mandatory for cloud instance users.)
+
+
+## Test connectors [xsoar-action-configuration]
+
+You can test connectors as you’re creating or editing the connector in {{kib}}. For example:
+
+% TO DO: Use `:class: screenshot`
+![XSOAR params test](../images/xsoar-params-test.png)
+
+{{xsoar}} actions have the following configuration properties.
+
+Name
+:   The incident name.
+
+Playbook
+:   The playbook to associate with the incident.
+
+Start investigation
+:   If turned on, will automatically start the investigation process after the incident is created.
+
+Severity
+:   The severity of the incident. Can be `Unknown`, `Informational`, `Low`, `Medium`, `High` or `Critical`.
+
+    ::::{note}
+    Turn on `Keep severity from rule` to create an incident that inherits the rule's severity.
+    ::::
+
+Body
+:   A JSON payload that includes additional parameters to be included in the API request.
+
+    ```json
+    {
+      "details": "This is an example incident",
+      "type": "Unclassified"
+    }
+    ```
+
+
+## Connector networking configuration [xsoar-connector-networking-configuration]
+
+Use the [Action configuration settings](/reference/configuration-reference/alerting-settings.md#action-settings) to customize connector networking configurations, such as proxies, certificates, or TLS settings. You can set configurations that apply to all your connectors or use `xpack.actions.customHostSettings` to set per-host configurations.

docs/reference/images/xsoar-connector.png

@@ -0,0 +1,69 @@
+project: 'Kibana reference'
+toc:
+  - file: index.md
+  - file: kibana-accessibility-statement.md
+  - file: configuration-reference.md
+    children:
+      - file: cloud/elastic-cloud-kibana-settings.md
+      - file: configuration-reference/general-settings.md
+      - file: configuration-reference/ai-assistant-settings.md
+      - file: configuration-reference/alerting-settings.md
+      - file: configuration-reference/apm-settings.md
+      - file: configuration-reference/banner-settings.md
+      - file: configuration-reference/cases-settings.md
+      - file: configuration-reference/fleet-settings.md
+      - file: configuration-reference/internationalization-settings.md
+      - file: configuration-reference/logging-settings.md
+      - file: configuration-reference/logs-settings.md
+      - file: configuration-reference/map-settings.md
+      - file: configuration-reference/metrics-settings.md
+      - file: configuration-reference/monitoring-settings.md
+      - file: configuration-reference/reporting-settings.md
+      - file: configuration-reference/search-sessions-settings.md
+      - file: configuration-reference/security-settings.md
+      - file: configuration-reference/spaces-settings.md
+      - file: configuration-reference/task-manager-settings.md
+      - file: configuration-reference/telemetry-settings.md
+      - file: configuration-reference/url-drilldown-settings.md
+  - file: advanced-settings.md
+  - file: kibana-audit-events.md
+  - file: connectors-kibana.md
+    children:
+      - file: connectors-kibana/bedrock-action-type.md
+      - file: connectors-kibana/cases-action-type.md
+      - file: connectors-kibana/crowdstrike-action-type.md
+      - file: connectors-kibana/d3security-action-type.md
+      - file: connectors-kibana/elastic-managed-llm.md
+      - file: connectors-kibana/email-action-type.md
+      - file: connectors-kibana/gemini-action-type.md
+      - file: connectors-kibana/resilient-action-type.md
+      - file: connectors-kibana/index-action-type.md
+      - file: connectors-kibana/jira-action-type.md
+      - file: connectors-kibana/defender-action-type.md
+      - file: connectors-kibana/teams-action-type.md
+      - file: connectors-kibana/obs-ai-assistant-action-type.md
+      - file: connectors-kibana/openai-action-type.md
+      - file: connectors-kibana/opsgenie-action-type.md
+      - file: connectors-kibana/pagerduty-action-type.md
+      - file: connectors-kibana/sentinelone-action-type.md
+      - file: connectors-kibana/server-log-action-type.md
+      - file: connectors-kibana/servicenow-action-type.md
+      - file: connectors-kibana/servicenow-sir-action-type.md
+      - file: connectors-kibana/servicenow-itom-action-type.md
+      - file: connectors-kibana/swimlane-action-type.md
+      - file: connectors-kibana/slack-action-type.md
+      - file: connectors-kibana/thehive-action-type.md
+      - file: connectors-kibana/tines-action-type.md
+      - file: connectors-kibana/torq-action-type.md
+      - file: connectors-kibana/webhook-action-type.md
+      - file: connectors-kibana/cases-webhook-action-type.md
+      - file: connectors-kibana/xmatters-action-type.md
+      - file: connectors-kibana/xsoar-action-type.md
+      - file: connectors-kibana/pre-configured-connectors.md
+  - file: kibana-plugins.md
+  - file: commands.md
+    children:
+      - file: commands/kibana-encryption-keys.md
+      - file: commands/kibana-verification-code.md
+  - file: osquery-exported-fields.md
+  - file: osquery-manager-prebuilt-packs.md