- Kibana Guide: other versions:
- What is Kibana?
- What’s new in 8.17
- Kibana concepts
- Quick start
- Set up
- Install Kibana
- Configure Kibana
- AI Assistant settings
- Alerting and action settings
- APM settings
- Banners settings
- Cases settings
- Enterprise Search settings
- Fleet settings
- i18n settings
- Logging settings
- Logs settings
- Metrics settings
- Monitoring settings
- Reporting settings
- Search sessions settings
- Secure settings
- Security settings
- Spaces settings
- Task Manager settings
- Telemetry settings
- URL drilldown settings
- Start and stop Kibana
- Access Kibana
- Securing access to Kibana
- Add data
- Upgrade Kibana
- Configure security
- Configure reporting
- Configure logging
- Configure monitoring
- Command line tools
- Production considerations
- Discover
- Dashboards
- Canvas
- Maps
- Build a map to compare metrics by country or region
- Track, visualize, and alert on assets in real time
- Map custom regions with reverse geocoding
- Heat map layer
- Tile layer
- Vector layer
- Plot big data
- Search geographic data
- Configure map settings
- Connect to Elastic Maps Service
- Import geospatial data
- Troubleshoot
- Reporting and sharing
- Machine learning
- Graph
- Alerting
- Observability
- Search
- Security
- Dev Tools
- Fleet
- Osquery
- Stack Monitoring
- Stack Management
- Cases
- Connectors
- Amazon Bedrock
- Cases
- CrowdStrike
- D3 Security
- Google Gemini
- IBM Resilient
- Index
- Jira
- Microsoft Teams
- Observability AI Assistant
- OpenAI
- Opsgenie
- PagerDuty
- SentinelOne
- Server log
- ServiceNow ITSM
- ServiceNow SecOps
- ServiceNow ITOM
- Swimlane
- Slack
- TheHive
- Tines
- Torq
- Webhook
- Webhook - Case Management
- xMatters
- Preconfigured connectors
- License Management
- Maintenance windows
- Manage data views
- Numeral Formatting
- Rollup Jobs
- Manage saved objects
- Security
- Spaces
- Advanced Settings
- Tags
- Upgrade Assistant
- Watcher
- REST API
- Get features API
- Kibana spaces APIs
- Kibana role management APIs
- User session management APIs
- Saved objects APIs
- Data views API
- Index patterns APIs
- Alerting APIs
- Action and connector APIs
- Cases APIs
- Import and export dashboard APIs
- Logstash configuration management APIs
- Machine learning APIs
- Osquery manager API
- Short URLs APIs
- Get Task Manager health
- Upgrade assistant APIs
- Synthetics APIs
- Uptime APIs
- Kibana plugins
- Troubleshooting
- Accessibility
- Release notes
- Upgrade notes
- Kibana 8.17.1
- Kibana 8.17.0
- Kibana 8.16.3
- Kibana 8.16.2
- Kibana 8.16.1
- Kibana 8.16.0
- Kibana 8.15.5
- Kibana 8.15.4
- Kibana 8.15.3
- Kibana 8.15.2
- Kibana 8.15.1
- Kibana 8.15.0
- Kibana 8.14.3
- Kibana 8.14.2
- Kibana 8.14.1
- Kibana 8.14.0
- Kibana 8.13.4
- Kibana 8.13.3
- Kibana 8.13.2
- Kibana 8.13.1
- Kibana 8.13.0
- Kibana 8.12.2
- Kibana 8.12.1
- Kibana 8.12.0
- Kibana 8.11.4
- Kibana 8.11.3
- Kibana 8.11.2
- Kibana 8.11.1
- Kibana 8.11.0
- Kibana 8.10.4
- Kibana 8.10.3
- Kibana 8.10.2
- Kibana 8.10.1
- Kibana 8.10.0
- Kibana 8.9.2
- Kibana 8.9.1
- Kibana 8.9.0
- Kibana 8.8.2
- Kibana 8.8.1
- Kibana 8.8.0
- Kibana 8.7.1
- Kibana 8.7.0
- Kibana 8.6.1
- Kibana 8.6.0
- Kibana 8.5.2
- Kibana 8.5.1
- Kibana 8.5.0
- Kibana 8.4.3
- Kibana 8.4.2
- Kibana 8.4.1
- Kibana 8.4.0
- Kibana 8.3.3
- Kibana 8.3.2
- Kibana 8.3.1
- Kibana 8.3.0
- Kibana 8.2.3
- Kibana 8.2.2
- Kibana 8.2.1
- Kibana 8.2.0
- Kibana 8.1.3
- Kibana 8.1.2
- Kibana 8.1.1
- Kibana 8.1.0
- Kibana 8.0.0
- Kibana 8.0.0-rc2
- Kibana 8.0.0-rc1
- Kibana 8.0.0-beta1
- Kibana 8.0.0-alpha2
- Kibana 8.0.0-alpha1
- Developer guide
Webhook - Case Management connector and action
editWebhook - Case Management connector and action
editThe Webhook - Case Management connector uses axios to send POST, PUT, and GET requests to a case management RESTful API web service. [8.15.0] Added in 8.15.0.
Create connectors in Kibana
editYou can create connectors in Stack Management > Connectors or as needed when you’re creating a rule. In the first step, you must provide a name for the connector and its authentication details. For example:
In the second step, you must provide the information necessary to create cases in the external system. For example:
In the third step, you must provide information related to retrieving case details from the external system. For example:
In the fourth step, you must provide information necessary to update cases in the external system. You can also optionally provide information to add comments to cases. For example:
Connector configuration
editWebhook - Case Management connectors have the following configuration properties:
- Authentication
- The authentication type: none, basic, or SSL. If you choose basic authentication, you must provide a user name and password. If you choose SSL authentication, you must provide SSL server certificate authentication data in a CRT and key file format or a PFX file format. You can also optionally provide a passphrase if the files are password-protected.
- Certificate authority
-
A certificate authority (CA) that the connector can trust, for example to sign and validate server certificates. This option is available for all authentication types. You can choose from the following verification modes:
-
Full
: Validate that the certificate has an issue date within thenot_before
andnot_after
dates, chains to a trusted certificate authority, and has a hostname or IP address that matches the names within the certificate. -
Certificate
: Validate that the certificate it is signed by a trusted authority. This option does not check the certificate hostname. -
None
: Skip certificate validation.
-
- Create case method
-
The REST API HTTP request method to create a case in the third-party system:
post
(default),put
, orpatch
. - Create case object
-
A JSON payload sent to the create case URL to create a case. Use the variable selector to add case data to the payload. Required variables are
case.title
andcase.description
. For example:{ "fields": { "summary": {{{case.title}}}, "description": {{{case.description}}}, "labels": {{{case.tags}}} } }
Due to Mustache template variables (the text enclosed in triple braces, for example,
{{{case.title}}}
), the JSON is not validated in this step. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid, disregarding the Mustache variables, so the later validation will pass. - Create case response external key
- The JSON key in the create external case response that contains the case ID.
- Create case URL
-
The REST API URL to create a case in the third-party system.
If you are using the
xpack.actions.allowedHosts
setting, make sure the hostname is added to the allowed hosts. - Create comment method
-
The optional REST API HTTP request method to create a case comment in the third-party system:
post
,put
(default), orpatch
. - Create comment object
-
An optional JSON payload sent to the create comment URL to create a case comment. Use the variable selector to add Kibana cases data to the payload. The required variable is
case.comment
. For example:{ "body": {{{case.comment}}} }
Due to Mustache template variables (the text enclosed in triple braces, for example,
{{{case.title}}}
), the JSON is not validated in this step. The JSON is validated once the mustache variables have been placed and when REST method runs. We recommend manually ensuring that the JSON is valid, disregarding the Mustache variables, so the later validation will pass. - Create comment URL
-
The optional REST API URL to create a case comment by ID in the third-party system. Use the variable selector to add the external system ID to the URL. If you are using the
xpack.actions.allowedHosts
setting, make sure the hostname is added to the allowed hosts. For example:https://testing-jira.atlassian.net/rest/api/2/issue/{{{external.system.id}}}/comment
- External case view URL
-
The URL to view the case in the external system. Use the variable selector to add the external system ID or external system title to the URL. For example:
https://testing-jira.atlassian.net/browse/{{{external.system.title}}}
- Get case response external title key
- The JSON key in the get external case response that contains the case title.
- Get case URL
-
The REST API URL to GET case by ID from the third-party system. Use the variable selector to add the external system ID to the URL. If you are using the
xpack.actions.allowedHosts
setting, make sure the hostname is added to the allowed hosts. For example:https://testing-jira.atlassian.net/rest/api/2/issue/{{{external.system.id}}}
Due to Mustache template variables (the text enclosed in triple braces, for example,
{{{case.title}}}
), the JSON is not validated in this step. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid, disregarding the Mustache variables, so the later validation will pass. - HTTP headers
-
A set of key-value pairs sent as headers with the request URLs for the create case, update case, get case, and create comment methods.
For example, set
Content-Type
to the appropriate media type for your requests. - Update case method
-
The REST API HTTP request method to update the case in the third-party system:
post
,put
(default), orpatch
. - Update case object
-
A JSON payload sent to the update case URL to update the case. Use the variable selector to add {Kibana} cases data to the payload. Required variables are
case.title
andcase.description
. For example:{ "fields": { "summary": {{{case.title}}}, "description": {{{case.description}}}, "labels": {{{case.tags}}} } }
Due to Mustache template variables (which is the text enclosed in triple braces, for example,
{{{case.title}}}
), the JSON is not validated in this step. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid to avoid future validation errors; disregard Mustache variables during your review. - Update case URL
-
The REST API URL to update the case by ID in the third-party system. Use the variable selector to add the external system ID to the URL. If you are using the
xpack.actions.allowedHosts
setting, make sure the hostname is added to the allowed hosts. For example:https://testing-jira.atlassian.net/rest/api/2/issue/{{{external.system.ID}}}
Test connectors
editYou can test connectors as you’re creating or editing the connector in Kibana. For example:
Webhook - Case Management actions have the following configuration properties:
- Additional comments
- Additional information for the client, such as how to troubleshoot the issue.
- Case ID
- A unique case identifier.
- Description
- The details about the incident.
- Labels
- The labels for the incident.
- Severity
-
The severity of the case can be
critical
,high
,low
, ormedium
. - Status
-
The status of the case can be
closed
,in-progress
oropen
. - Summary
- A brief case summary.
- Tags
- A list of tags that can be used to filter cases.
Connector networking configuration
editUse the action configuration settings to customize connector networking configurations, such as proxies, certificates, or TLS settings. You can set configurations that apply to all your connectors or use xpack.actions.customHostSettings
to set per-host configurations.
On this page
ElasticON events are back!
Learn about the Elastic Search AI Platform from the experts at our live events.
Register now