diff --git a/docs/cases/cases-manage-settings.asciidoc b/docs/cases/cases-manage-settings.asciidoc index 918665d6b7..f1ed423dba 100644 --- a/docs/cases/cases-manage-settings.asciidoc +++ b/docs/cases/cases-manage-settings.asciidoc @@ -32,6 +32,7 @@ You can push {elastic-sec} cases to these third-party systems: * {jira} (including Jira Service Desk) * {ibm-r} * {swimlane} +* {hive} * {webhook-cm} To push cases, you need to create a connector, which stores the information required to interact with an external system. After you have created a connector, you can set {elastic-sec} cases to automatically close when they are sent to external systems. @@ -42,13 +43,14 @@ https://www.elastic.co/subscriptions[appropriate license], and your role needs * To create a new connector: . From the *Incident management system* list, select *Add new connector*. -. Select the system to send cases to: *{sn}*, *{jira}*, *{ibm-r}*, *{swimlane}*, or *{webhook-cm}*. +. Select the system to send cases to: *{sn}*, *{jira}*, *{ibm-r}*, *{swimlane}*, *{hive}*, or *{webhook-cm}*. . Enter your required settings. For connector configuration details, refer to: - {kibana-ref}/servicenow-action-type.html[{sn-itsm} connector] - {kibana-ref}/servicenow-sir-action-type.html[{sn-sir} connector] - {kibana-ref}/jira-action-type.html[{jira} connector] - {kibana-ref}/resilient-action-type.html[{ibm-r} connector] - {kibana-ref}/swimlane-action-type.html[{swimlane} connector] +- {kibana-ref}/thehive-action-type.html[{hive} connector] - {kibana-ref}/cases-webhook-action-type.html[{webhook-cm} connector] To change the settings of an existing connector: @@ -63,38 +65,16 @@ To change the default connector used to send cases to external systems, select t [[mapped-case-fields]] ==== Mapped case fields -When you export an {elastic-sec} case to an external system, case fields are mapped to existing fields in {sn}, {jira}, {ibm-r}, and {swimlane}. For the {webhook-cm} connector, case fields can be mapped to custom or pre-existing fields in the external system you're connecting to. +When you export an {elastic-sec} case to an external system, case fields are mapped to existing fields in the external system. +For example, the case title is mapped to the short description in {sn} and the summary in {jira} incidents. +Case tags are mapped to labels in {jira}. +Case comments are mapped to work notes in {sn}. -Once fields are mapped, you can push updates to external systems, and mapped fields are overwritten or appended. Retrieving data from external systems is not supported. +When you use a {webhook-cm} connector, case fields can be mapped to custom or existing fields. -|=== +When you push updates to external systems, mapped fields are either overwritten or appended, depending on the field and the connector. -| *Case field* | *Mapped field* - -| Title - -a| The case `Title` field is mapped to corresponding fields in external systems. Mapped field values are overwritten when you push updates. - -* *{sn}*: `Short description` -* *{jira}*: `Summary` -* *{ibm-r}*: `Name` -* *{swimlane}*: `Description` - -| Description -| The case `Description` field is mapped to the `Description` field in all systems. Mapped field values are overwritten when you push updates. - -| Comments - -a| The case `Comments` field is mapped to corresponding fields in external systems. - -* *{sn}*: `Work Notes` -* *{jira}*: `Comments` -* *{ibm-r}*: `Comments` -* *{swimlane}*: `Comments` - -New and edited comments are added to incident records when pushed to {sn}, {jira}, or {ibm-r}. Comments pushed to {swimlane} are appended to the `Comment` field in {swimlane} and posted individually. - -|=== +Retrieving data from external systems is not supported. [float] [[cases-ui-custom-fields]] diff --git a/docs/serverless/images/cases-settings/security-cases-connectors.png b/docs/serverless/images/cases-settings/security-cases-connectors.png deleted file mode 100644 index 8e49dd1f22..0000000000 Binary files a/docs/serverless/images/cases-settings/security-cases-connectors.png and /dev/null differ diff --git a/docs/serverless/investigate/cases-settings.mdx b/docs/serverless/investigate/cases-settings.mdx index 91aea82390..a87b8a0cb0 100644 --- a/docs/serverless/investigate/cases-settings.mdx +++ b/docs/serverless/investigate/cases-settings.mdx @@ -28,6 +28,7 @@ You can push ((elastic-sec)) cases to these third-party systems: * ((jira)) (including Jira Service Desk) * ((ibm-r)) * ((swimlane)) +* ((hive)) * ((webhook-cm)) To push cases, you need to create a connector, which stores the information required to interact with an external system. After you have created a connector, you can set ((elastic-sec)) cases to automatically close when they are sent to external systems. @@ -40,9 +41,7 @@ To create a new connector 1. From the **Incident management system** list, select **Add new connector**. -1. Select the system to send cases to: **((sn))**, **((jira))**, **((ibm-r))**, **((swimlane))**, or **((webhook-cm))**. - ![Shows the page for creating connectors](../images/cases-settings/security-cases-connectors.png) - {/* NOTE: This is an autogenerated screenshot. Do not edit it directly. */} +1. Select the system to send cases to: **((sn))**, **((jira))**, **((ibm-r))**, **((swimlane))**, **((hive))**, or **((webhook-cm))**. 1. Enter your required settings. For connector configuration details, refer to: - [((sn-itsm)) connector](((kibana-ref))/servicenow-action-type.html) @@ -50,6 +49,7 @@ To create a new connector - [((jira)) connector](((kibana-ref))/jira-action-type.html) - [((ibm-r)) connector](((kibana-ref))/resilient-action-type.html) - [((swimlane)) connector](((kibana-ref))/swimlane-action-type.html) + - [((hive)) connector](((kibana-ref))/thehive-action-type.html) - [((webhook-cm)) connector](((kibana-ref))/cases-webhook-action-type.html) To change the settings of an existing connector: @@ -62,70 +62,16 @@ To change the default connector used to send cases to external systems, select t ### Mapped case fields -When you export an ((elastic-sec)) case to an external system, case fields are mapped to existing fields in ((sn)), ((jira)), ((ibm-r)), and ((swimlane)). For the ((webhook-cm)) connector, case fields can be mapped to custom or pre-existing fields in the external system you're connecting to. - -Once fields are mapped, you can push updates to external systems, and mapped fields are overwritten or appended. Retrieving data from external systems is not supported. - - - - - Title - - - - - The case `Title` field is mapped to corresponding fields in external systems. Mapped field values are overwritten when you push updates. - - * **((sn))**: `Short description` - * **((jira))**: `Summary` - * **((ibm-r))**: `Name` - * **((swimlane))**: `Description` - - - - - - - - Description - - - - The case `Description` field is mapped to the `Description` field in all systems. Mapped field values are overwritten when you push updates. - - - - - - - Comments - - - - - The case `Comments` field is mapped to corresponding fields in external systems. - - * **((sn))**: `Work Notes` - * **((jira))**: `Comments` - * **((ibm-r))**: `Comments` - * **((swimlane))**: `Comments` - - - New and edited comments are added to incident records when pushed to ((sn)), ((jira)), or ((ibm-r)). Comments pushed to ((swimlane)) are appended to the `Comment` field in ((swimlane)) and posted individually. - - - - - +When you export an ((elastic-sec)) case to an external system, case fields are mapped to existing fields in the external system. +For example, the case title is mapped to the short description in ((sn)) and the summary in ((jira)) incidents. +Case tags are mapped to labels in ((jira)). +Case comments are mapped to work notes in ((sn)). + +When you use a ((webhook-cm)) connector, case fields can be mapped to custom or existing fields. + +When you push updates to external systems, mapped fields are either overwritten or appended, depending on the field and the connector. + +Retrieving data from external systems is not supported. ## Custom fields