Set default Elastic Security UI connector

edit

Set default Elastic Security UI connector

edit

Sets the default connector in the Elastic Security UI.

Connectors are used to interface with external systems. You can only call this method after you have created a connector (see Create connector). After a connector has been created and assigned, call Create or update an external incident to send cases to the external system.

You can also set the default connector in the Elastic Security UI for each case individually (see Update case).

Request URL

edit

POST <kibana host>:<port>/api/cases/configure

Request body

edit

A JSON object with these fields:

Name Type Description Required

connector_id

String

The connector ID.

Yes

connector_name

String

The connector name.

Yes

closure_type

String

Determines whether a case is automatically closed in Elastic Security when it is pushed to external systems. Valid values are:

  • close-by-pushing: Elastic Security cases are automatically closed when they are pushed.
  • close-by-user: Elastic Security cases are not automatically closed.

Yes

Call Find connectors to retrieve connector IDs and names.

Example request

edit
POST api/cases/configure
{
  "connector_id": "61787f53-4eee-4741-8df6-8fe84fa616f7",
  "closure_type": "close-by-user",
  "connector_name": "ServiceNow"
}

Response code

edit
200
Indicates a successful call.

Example response

edit
{
  "connector_id": "61787f53-4eee-4741-8df6-8fe84fa616f7",
  "closure_type": "close-by-user",
  "connector_name": "ServiceNow",
  "created_at": "2020-03-30T13:31:38.083Z",
  "created_by": {
    "email": "moneypenny@hms.gov.uk",
    "full_name": "Ms Moneypenny",
    "username": "moneypenny"
  },
  "updated_at": null,
  "updated_by": null,
  "version": "WzE3NywxXQ=="
}