elastic · lcawl · Sep 27, 2024 · Sep 23, 2024 · Sep 24, 2024 · Sep 24, 2024
@@ -32,6 +32,7 @@ You can push {elastic-sec} cases to these third-party systems:
 * {jira} (including Jira Service Desk)
 * {ibm-r}
 * {swimlane}
+* TheHive
 * {webhook-cm}
 
 To push cases, you need to create a connector, which stores the information required to interact with an external system. After you have created a connector, you can set {elastic-sec} cases to automatically close when they are sent to external systems.
@@ -42,13 +43,14 @@ https://www.elastic.co/subscriptions[appropriate license], and your role needs *
 To create a new connector:
 
 . From the *Incident management system* list, select *Add new connector*.
-. Select the system to send cases to: *{sn}*, *{jira}*, *{ibm-r}*, *{swimlane}*, or *{webhook-cm}*.
+. Select the system to send cases to: *{sn}*, *{jira}*, *{ibm-r}*, *{swimlane}*, *TheHive*, or *{webhook-cm}*.
 . Enter your required settings. For connector configuration details, refer to:
 - {kibana-ref}/servicenow-action-type.html[{sn-itsm} connector]
 - {kibana-ref}/servicenow-sir-action-type.html[{sn-sir} connector]
 - {kibana-ref}/jira-action-type.html[{jira} connector]
 - {kibana-ref}/resilient-action-type.html[{ibm-r} connector]
 - {kibana-ref}/swimlane-action-type.html[{swimlane} connector]
+- {kibana-ref}/thehive-action-type.html[TheHive connector]
 - {kibana-ref}/cases-webhook-action-type.html[{webhook-cm} connector]
 
 To change the settings of an existing connector:
@@ -63,38 +65,16 @@ To change the default connector used to send cases to external systems, select t
 [[mapped-case-fields]]
 ==== Mapped case fields
 
-When you export an {elastic-sec} case to an external system, case fields are mapped to existing fields in {sn}, {jira}, {ibm-r}, and {swimlane}. For the {webhook-cm} connector, case fields can be mapped to custom or pre-existing fields in the external system you're connecting to.
+When you export an {elastic-sec} case to an external system, case fields are mapped to existing fields in the external system.
+For example, the case title is mapped to the short description in {sn} and the summary in {jira} incidents.
+Case tags are mapped to labels in {jira}.
+Case comments are mapped to work notes in {sn}.
 
-Once fields are mapped, you can push updates to external systems, and mapped fields are overwritten or appended. Retrieving data from external systems is not supported.
+When you use a {webhook-cm} connector, case fields can be mapped to custom or existing fields.
 
-|===
+When you push updates to external systems, mapped fields are either overwritten or appended, depending on the field and the connector.
 
-| *Case field* | *Mapped field*
-
-| Title
-
-a| The case `Title` field is mapped to corresponding fields in external systems. Mapped field values are overwritten when you push updates.
-
-* *{sn}*: `Short description`
-* *{jira}*: `Summary`
-* *{ibm-r}*: `Name`
-* *{swimlane}*: `Description`
-
-| Description
-| The case `Description` field is mapped to the `Description` field in all systems. Mapped field values are overwritten when you push updates.
-
-| Comments
-
-a| The case `Comments` field is mapped to corresponding fields in external systems.
-
-* *{sn}*: `Work Notes`
-* *{jira}*: `Comments`
-* *{ibm-r}*: `Comments`
-* *{swimlane}*: `Comments`
-
-New and edited comments are added to incident records when pushed to {sn}, {jira}, or {ibm-r}. Comments pushed to {swimlane} are appended to the `Comment` field in {swimlane} and posted individually.
-
-|===
+Retrieving data from external systems is not supported.
 
 [float]
 [[cases-ui-custom-fields]]

@@ -28,6 +28,7 @@ You can push ((elastic-sec)) cases to these third-party systems:
 * ((jira)) (including Jira Service Desk)
 * ((ibm-r))
 * ((swimlane))
+* TheHive
 * ((webhook-cm))
 
 To push cases, you need to create a connector, which stores the information required to interact with an external system. After you have created a connector, you can set ((elastic-sec)) cases to automatically close when they are sent to external systems.
@@ -40,7 +41,7 @@ To create a new connector
 
 1. From the **Incident management system** list, select **Add new connector**.
 
-1. Select the system to send cases to: **((sn))**, **((jira))**, **((ibm-r))**, **((swimlane))**, or **((webhook-cm))**.
+1. Select the system to send cases to: **((sn))**, **((jira))**, **((ibm-r))**, **((swimlane))**, **TheHive**, or **((webhook-cm))**.
    ![Shows the page for creating connectors](../images/cases-settings/security-cases-connectors.png)
    {/* NOTE: This is an autogenerated screenshot. Do not edit it directly. */}
 
@@ -50,6 +51,7 @@ To create a new connector
     - [((jira)) connector](((kibana-ref))/jira-action-type.html)
     - [((ibm-r)) connector](((kibana-ref))/resilient-action-type.html)
     - [((swimlane)) connector](((kibana-ref))/swimlane-action-type.html)
+    - [TheHive connector](((kibana-ref))/thehive-action-type.html)
     - [((webhook-cm)) connector](((kibana-ref))/cases-webhook-action-type.html)
 
 To change the settings of an existing connector:
@@ -62,70 +64,16 @@ To change the default connector used to send cases to external systems, select t
 
 ### Mapped case fields
 
-When you export an ((elastic-sec)) case to an external system, case fields are mapped to existing fields in ((sn)), ((jira)), ((ibm-r)), and ((swimlane)). For the ((webhook-cm)) connector, case fields can be mapped to custom or pre-existing fields in the external system you're connecting to.
-
-Once fields are mapped, you can push updates to external systems, and mapped fields are overwritten or appended. Retrieving data from external systems is not supported.
-
-<DocTable columns={[
-  {
-    "title": "Case field",
-    "width": "20%"
-  },
-  {
-    "title": "Mapped field",
-    "width": "80%"
-  }
-]}>
-  <DocRow>
-    <DocCell>
-      Title
-
-
-    </DocCell>
-    <DocCell>
-      The case `Title` field is mapped to corresponding fields in external systems. Mapped field values are overwritten when you push updates.
-
-      * **((sn))**: `Short description`
-      * **((jira))**: `Summary`
-      * **((ibm-r))**: `Name`
-      * **((swimlane))**: `Description`
-
-
-
-    </DocCell>
-  </DocRow>
-  <DocRow>
-    <DocCell>
-      Description
-
-    </DocCell>
-    <DocCell>
-      The case `Description` field is mapped to the `Description` field in all systems. Mapped field values are overwritten when you push updates.
-
-
-    </DocCell>
-  </DocRow>
-  <DocRow>
-    <DocCell>
-      Comments
-
-
-    </DocCell>
-    <DocCell>
-      The case `Comments` field is mapped to corresponding fields in external systems.
-
-      * **((sn))**: `Work Notes`
-      * **((jira))**: `Comments`
-      * **((ibm-r))**: `Comments`
-      * **((swimlane))**: `Comments`
-
-
-      New and edited comments are added to incident records when pushed to ((sn)), ((jira)), or ((ibm-r)). Comments pushed to ((swimlane)) are appended to the `Comment` field in ((swimlane)) and posted individually.
-
-
-    </DocCell>
-  </DocRow>
-</DocTable>
+When you export an ((elastic-sec)) case to an external system, case fields are mapped to existing fields in the external system.
+For example, the case title is mapped to the short description in ((sn)) and the summary in ((jira)) incidents.
+Case tags are mapped to labels in ((jira)).
+Case comments are mapped to work notes in ((sn)).
+
+When you use a ((webhook-cm)) connector, case fields can be mapped to custom or existing fields.
+
+When you push updates to external systems, mapped fields are either overwritten or appended, depending on the field and the connector.
+
+Retrieving data from external systems is not supported.
 
 ## Custom fields