Set default Elastic Security UI connector
editSet default Elastic Security UI connector
editSets the default connector in the Elastic Security UI.
Console supports only Elasticsearch APIs. Console doesn’t allow interactions with Kibana APIs. You must use curl
or another HTTP tool instead. For more information, refer to Run Elasticsearch API requests.
Connectors are used to interface with external systems. You can only call this method after you have created a connector (see Create connector). After a connector has been created and assigned, call Create or update an external incident to send cases to the external system.
You can also set the default connector in the Elastic Security UI for each case individually (see Update case).
Request URL
editPOST <kibana host>:<port>/api/cases/configure
Request body
editA JSON object with these fields:
Name | Type | Description | Required |
---|---|---|---|
|
Object containing the connector’s configuration. |
Yes |
|
|
String |
Determines whether a case is automatically closed in Elastic Security when it is pushed to external systems. Valid values are:
|
Yes |
Name | Type | Description | Required |
---|---|---|---|
|
String |
The ID of the connector you want to use for sending cases to external systems. |
Yes |
|
String |
The connector name. |
Yes |
|
String |
The type of the connector. Must be one of these:
|
Yes |
|
Object |
Object containing the connector’s fields. For Jira connectors:
For ServiceNow SecOps connectors:
For Jira connectors:
For IBM Resilient connectors:
For Swimlane connectors:
|
Yes |
Call Find connectors to retrieve connector IDs and names.
Fields can be set but are not being used by case configuration. You can set the fields of the connector at Create case.
Example request
editPOST api/cases/configure { "connector": { "id": "131d4448-abe0-4789-939d-8ef60680b498", "name": "Jira", "type": ".jira", "fields": null, }, "closure_type": "close-by-user", "owner": "securitySolution", }
Response code
edit-
200
- Indicates a successful call.
Example response
edit{ "connector": { "id": "131d4448-abe0-4789-939d-8ef60680b498", "name": "Jira", "type": ".jira", "fields": null, }, "closure_type": "close-by-user", "created_at": "2020-03-30T13:31:38.083Z", "created_by": { "email": "moneypenny@hms.gov.uk", "full_name": "Ms Moneypenny", "username": "moneypenny" }, "error": null, "id": "7349772f-421a-4de3-b8bb-2d9b22ccee30", "mappings":[ { "source":"title", "target":"summary", "action_type": "overwrite" }, { "source":"description", "target":"description", "action_type": "overwrite" }, { "source":"comments", "target":"comments", "action_type":"append" } ], "owner": "securitySolution", "updated_at": null, "updated_by": null, "version": "WzE3NywxXQ==" }
Elastic Security case |
|
Elastic Security case |
|
Elastic Security case |