Update a connector
Headers
-
elastic-api-version string
The version of the API to use
Value is
2023-10-31
. Default value is2023-10-31
. -
A required header to protect against CSRF attacks
Path parameters
-
An identifier for the connector.
Body
-
The display name for the connector.
config object
The connector configuration details.
One of: bedrock_config object crowdstrike_config object d3security_config object email_config object gemini_config object resilient_config object index_config object jira_config object genai_azure_config object genai_openai_config object opsgenie_config object pagerduty_config object sentinelone_config object servicenow_config object servicenow_itom_config object slack_api_config object swimlane_config object thehive_config object tines_config object torq_config object webhook_config object cases_webhook_config object xmatters_config objectDefines properties for connectors when type is
.bedrock
.Hide attributes Show attributes
-
The Amazon Bedrock request URL.
-
defaultModel string
The generative artificial intelligence model for Amazon Bedrock to use. Current support is for the Anthropic Claude models.
Default value is
anthropic.claude-3-5-sonnet-20240620-v1:0
.
Defines config properties for connectors when type is
.crowdstrike
.Hide attribute Show attribute
-
The CrowdStrike tenant URL. If you are using the
xpack.actions.allowedHosts
setting, add the hostname to the allowed hosts.
Defines properties for connectors when type is
.d3security
.Hide attribute Show attribute
-
The D3 Security API request URL. If you are using the
xpack.actions.allowedHosts
setting, add the hostname to the allowed hosts.
Defines properties for connectors when type is
.email
.Hide attributes Show attributes
-
clientId string | null
The client identifier, which is a part of OAuth 2.0 client credentials authentication, in GUID format. If
service
isexchange_server
, this property is required. -
The from address for all emails sent by the connector. It must be specified in
user@host-name
format. -
hasAuth boolean
Specifies whether a user and password are required inside the secrets configuration.
Default value is
true
. -
host string
The host name of the service provider. If the
service
iselastic_cloud
(for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored. Ifservice
isother
, this property must be defined. -
oauthTokenUrl string | null
-
port integer
The port to connect to on the service provider. If the
service
iselastic_cloud
(for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored. Ifservice
isother
, this property must be defined. -
secure boolean
Specifies whether the connection to the service provider will use TLS. If the
service
iselastic_cloud
(for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored. -
service string
The name of the email service.
Values are
elastic_cloud
,exchange_server
,gmail
,other
,outlook365
, orses
. -
tenantId string | null
The tenant identifier, which is part of OAuth 2.0 client credentials authentication, in GUID format. If
service
isexchange_server
, this property is required.
Defines properties for connectors when type is
.gemini
.Hide attributes Show attributes
-
The Google Gemini request URL.
-
defaultModel string
The generative artificial intelligence model for Google Gemini to use.
Default value is
gemini-1.5-pro-001
. -
The GCP region where the Vertex AI endpoint enabled.
-
The Google ProjectID that has Vertex AI endpoint enabled.
Defines properties for connectors when type is
.resilient
.Defines properties for connectors when type is
.index
.Hide attributes Show attributes
-
executionTimeField string | null
A field that indicates when the document was indexed.
-
The Elasticsearch index to be written to.
-
refresh boolean
The refresh policy for the write request, which affects when changes are made visible to search. Refer to the refresh setting for Elasticsearch document APIs.
Default value is
false
.
Defines properties for connectors when type is
.jira
.Hide attributes Show attributes
-
The Jira instance URL.
-
The Jira project key.
Defines properties for connectors when type is
.gen-ai
and the API provider isAzure OpenAI
.Hide attributes Show attributes
-
The OpenAI API provider.
Value is
Azure OpenAI
. -
The OpenAI API endpoint.
Defines properties for connectors when type is
.gen-ai
and the API provider isOpenAI
.Hide attributes Show attributes
-
The OpenAI API provider.
Value is
OpenAI
. -
The OpenAI API endpoint.
-
defaultModel string
The default model to use for requests.
Defines properties for connectors when type is
.opsgenie
.Hide attribute Show attribute
-
The Opsgenie URL. For example,
https://api.opsgenie.com
orhttps://api.eu.opsgenie.com
. If you are using thexpack.actions.allowedHosts
setting, add the hostname to the allowed hosts.
Defines properties for connectors when type is
.pagerduty
.Hide attribute Show attribute
-
apiUrl string | null
The PagerDuty event URL.
Defines properties for connectors when type is
.sentinelone
.Hide attribute Show attribute
-
The SentinelOne tenant URL. If you are using the
xpack.actions.allowedHosts
setting, add the hostname to the allowed hosts.
Defines properties for connectors when type is
.servicenow
.Hide attributes Show attributes
-
The ServiceNow instance URL.
-
clientId string
The client ID assigned to your OAuth application. This property is required when
isOAuth
istrue
. -
isOAuth boolean
The type of authentication to use. The default value is false, which means basic authentication is used instead of open authorization (OAuth).
Default value is
false
. -
jwtKeyId string
The key identifier assigned to the JWT verifier map of your OAuth application. This property is required when
isOAuth
istrue
. -
userIdentifierValue string
The identifier to use for OAuth authentication. This identifier should be the user field you selected when you created an OAuth JWT API endpoint for external clients in your ServiceNow instance. For example, if the selected user field is
Email
, the user identifier should be the user's email address. This property is required whenisOAuth
istrue
. -
usesTableApi boolean
Determines whether the connector uses the Table API or the Import Set API. This property is supported only for ServiceNow ITSM and ServiceNow SecOps connectors. NOTE: If this property is set to
false
, the Elastic application should be installed in ServiceNow.Default value is
true
.
Defines properties for connectors when type is
.servicenow-itom
.Hide attributes Show attributes
-
The ServiceNow instance URL.
-
clientId string
The client ID assigned to your OAuth application. This property is required when
isOAuth
istrue
. -
isOAuth boolean
The type of authentication to use. The default value is false, which means basic authentication is used instead of open authorization (OAuth).
Default value is
false
. -
jwtKeyId string
The key identifier assigned to the JWT verifier map of your OAuth application. This property is required when
isOAuth
istrue
. -
userIdentifierValue string
The identifier to use for OAuth authentication. This identifier should be the user field you selected when you created an OAuth JWT API endpoint for external clients in your ServiceNow instance. For example, if the selected user field is
Email
, the user identifier should be the user's email address. This property is required whenisOAuth
istrue
.
Defines properties for connectors when type is
.slack_api
.Hide attribute Show attribute
-
allowedChannels array[object]
A list of valid Slack channels.
Defines properties for connectors when type is
.swimlane
.Hide attributes Show attributes
-
The Swimlane instance URL.
-
The Swimlane application ID.
-
The type of connector. Valid values are
all
,alerts
, andcases
.Values are
all
,alerts
, orcases
. -
mappings object
The field mapping.
Hide mappings attributes Show mappings attributes object
-
alertIdConfig object
Mapping for the alert ID.
-
caseIdConfig object
Mapping for the case ID.
-
caseNameConfig object
Mapping for the case name.
-
commentsConfig object
Mapping for the case comments.
-
descriptionConfig object
Mapping for the case description.
Hide descriptionConfig attributes Show descriptionConfig attributes object
-
ruleNameConfig object
Mapping for the name of the alert's rule.
-
severityConfig object
Mapping for the severity.
-
Defines configuration properties for connectors when type is
.thehive
.Hide attributes Show attributes
-
organisation string
The organisation in TheHive that will contain the alerts or cases. By default, the connector uses the default organisation of the user account that created the API key.
-
The instance URL in TheHive. If you are using the
xpack.actions.allowedHosts
setting, add the hostname to the allowed hosts.
Defines properties for connectors when type is
.tines
.Hide attribute Show attribute
-
The Tines tenant URL. If you are using the
xpack.actions.allowedHosts
setting, make sure this hostname is added to the allowed hosts.
Defines properties for connectors when type is
.torq
.Hide attribute Show attribute
-
The endpoint URL of the Elastic Security integration in Torq.
Defines properties for connectors when type is
.webhook
.Hide attributes Show attributes
-
authType string | null
The type of authentication to use: basic, SSL, or none.
Values are
webhook-authentication-basic
orwebhook-authentication-ssl
. -
ca string
A base64 encoded version of the certificate authority file that the connector can trust to sign and validate certificates. This option is available for all authentication types.
-
certType string
If the
authType
iswebhook-authentication-ssl
, specifies whether the certificate authentication data is in a CRT and key file format or a PFX file format.Values are
ssl-crt-key
orssl-pfx
. -
hasAuth boolean
If true, a username and password for login type authentication must be provided.
Default value is
true
. -
headers object | null
A set of key-value pairs sent as headers with the request.
-
method string
The HTTP request method, either
post
orput
.Values are
post
orput
. Default value ispost
. -
url string
The request URL. If you are using the
xpack.actions.allowedHosts
setting, add the hostname to the allowed hosts. -
verificationMode string
Controls the verification of certificates. Use
full
to validate that the certificate has an issue date within thenot_before
andnot_after
dates, chains to a trusted certificate authority (CA), and has a hostname or IP address that matches the names within the certificate. Usecertificate
to validate the certificate and verify that it is signed by a trusted authority; this option does not check the certificate hostname. Usenone
to skip certificate validation.Values are
certificate
,full
, ornone
. Default value isfull
.
Defines properties for connectors when type is
.cases-webhook
.Hide attributes Show attributes
-
authType string | null
The type of authentication to use: basic, SSL, or none.
Values are
webhook-authentication-basic
orwebhook-authentication-ssl
. -
ca string
A base64 encoded version of the certificate authority file that the connector can trust to sign and validate certificates. This option is available for all authentication types.
-
certType string
If the
authType
iswebhook-authentication-ssl
, specifies whether the certificate authentication data is in a CRT and key file format or a PFX file format.Values are
ssl-crt-key
orssl-pfx
. -
createCommentJson string
A JSON payload sent to the create comment URL to create a case comment. You can use variables to add Kibana Cases data to the payload. The required variable is
case.comment
. Due to Mustache template variables (the text enclosed in triple braces, for example,{{{case.title}}}
), the JSON is not validated when you create the connector. The JSON is validated once the Mustache variables have been placed when the REST method runs. Manually ensure that the JSON is valid, disregarding the Mustache variables, so the later validation will pass. -
createCommentMethod string
The REST API HTTP request method to create a case comment in the third-party system. Valid values are
patch
,post
, andput
.Values are
patch
,post
, orput
. Default value isput
. -
createCommentUrl string
The REST API URL to create a case comment by ID in the third-party system. You can use a variable to add the external system ID to the URL. If you are using the
xpack.actions.allowedHosts setting
, add the hostname to the allowed hosts. -
A JSON payload sent to the create case URL to create a case. You can use variables to add case data to the payload. Required variables are
case.title
andcase.description
. Due to Mustache template variables (which is the text enclosed in triple braces, for example,{{{case.title}}}
), the JSON is not validated when you create the connector. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid to avoid future validation errors; disregard Mustache variables during your review. -
createIncidentMethod string
The REST API HTTP request method to create a case in the third-party system. Valid values are
patch
,post
, andput
.Values are
patch
,post
, orput
. Default value ispost
. -
The JSON key in the create external case response that contains the case ID.
-
The REST API URL to create a case in the third-party system. If you are using the
xpack.actions.allowedHosts
setting, add the hostname to the allowed hosts. -
The JSON key in get external case response that contains the case title.
-
The REST API URL to get the case by ID from the third-party system. If you are using the
xpack.actions.allowedHosts
setting, add the hostname to the allowed hosts. You can use a variable to add the external system ID to the URL. Due to Mustache template variables (the text enclosed in triple braces, for example,{{{case.title}}}
), the JSON is not validated when you create the connector. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid, disregarding the Mustache variables, so the later validation will pass. -
hasAuth boolean
If true, a username and password for login type authentication must be provided.
Default value is
true
. -
headers string
A set of key-value pairs sent as headers with the request URLs for the create case, update case, get case, and create comment methods.
-
The JSON payload sent to the update case URL to update the case. You can use variables to add Kibana Cases data to the payload. Required variables are
case.title
andcase.description
. Due to Mustache template variables (which is the text enclosed in triple braces, for example,{{{case.title}}}
), the JSON is not validated when you create the connector. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid to avoid future validation errors; disregard Mustache variables during your review. -
updateIncidentMethod string
The REST API HTTP request method to update the case in the third-party system. Valid values are
patch
,post
, andput
.Values are
patch
,post
, orput
. Default value isput
. -
The REST API URL to update the case by ID in the third-party system. You can use a variable to add the external system ID to the URL. If you are using the
xpack.actions.allowedHosts
setting, add the hostname to the allowed hosts. -
verificationMode string
Controls the verification of certificates. Use
full
to validate that the certificate has an issue date within thenot_before
andnot_after
dates, chains to a trusted certificate authority (CA), and has a hostname or IP address that matches the names within the certificate. Usecertificate
to validate the certificate and verify that it is signed by a trusted authority; this option does not check the certificate hostname. Usenone
to skip certificate validation.Values are
certificate
,full
, ornone
. Default value isfull
. -
The URL to view the case in the external system. You can use variables to add the external system ID or external system title to the URL.
Defines properties for connectors when type is
.xmatters
.Hide attributes Show attributes
-
secrets object
One of: bedrock_secrets object crowdstrike_secrets object d3security_secrets object email_secrets object gemini_secrets object resilient_secrets object jira_secrets object teams_secrets object genai_secrets object opsgenie_secrets object pagerduty_secrets object sentinelone_secrets object servicenow_secrets object slack_api_secrets object swimlane_secrets object thehive_secrets object tines_secrets object torq_secrets object webhook_secrets object cases_webhook_secrets object xmatters_secrets objectDefines secrets for connectors when type is
.bedrock
.Defines secrets for connectors when type is
.crowdstrike
.Hide attributes Show attributes
-
The CrowdStrike API client identifier.
-
The CrowdStrike API client secret to authenticate the
clientId
.
Defines secrets for connectors when type is
.d3security
.Hide attribute Show attribute
-
The D3 Security token.
Defines secrets for connectors when type is
.email
.Hide attributes Show attributes
-
clientSecret string
The Microsoft Exchange Client secret for OAuth 2.0 client credentials authentication. It must be URL-encoded. If
service
isexchange_server
, this property is required. -
password string
The password for HTTP basic authentication. If
hasAuth
is set totrue
, this property is required. -
user string
The username for HTTP basic authentication. If
hasAuth
is set totrue
, this property is required.
Defines secrets for connectors when type is
.gemini
.Hide attribute Show attribute
-
The service account credentials JSON file. The service account should have Vertex AI user IAM role assigned to it.
Defines secrets for connectors when type is
.resilient
.Hide attributes Show attributes
-
The authentication key ID for HTTP Basic authentication.
-
The authentication key secret for HTTP Basic authentication.
Defines secrets for connectors when type is
.jira
.Defines secrets for connectors when type is
.teams
.Hide attribute Show attribute
-
The URL of the incoming webhook. If you are using the
xpack.actions.allowedHosts
setting, add the hostname to the allowed hosts.
Defines secrets for connectors when type is
.gen-ai
.Hide attribute Show attribute
-
apiKey string
The OpenAI API key.
Defines secrets for connectors when type is
.opsgenie
.Hide attribute Show attribute
-
The Opsgenie API authentication key for HTTP Basic authentication.
Defines secrets for connectors when type is
.pagerduty
.Hide attribute Show attribute
-
A 32 character PagerDuty Integration Key for an integration on a service.
Defines secrets for connectors when type is
.sentinelone
.Hide attribute Show attribute
-
The A SentinelOne API token.
Defines secrets for connectors when type is
.servicenow
,.servicenow-sir
, or.servicenow-itom
.Hide attributes Show attributes
-
clientSecret string
The client secret assigned to your OAuth application. This property is required when
isOAuth
istrue
. -
password string
The password for HTTP basic authentication. This property is required when
isOAuth
isfalse
. -
privateKey string
The RSA private key that you created for use in ServiceNow. This property is required when
isOAuth
istrue
. -
privateKeyPassword string
The password for the RSA private key. This property is required when
isOAuth
istrue
and you set a password on your private key. -
username string
The username for HTTP basic authentication. This property is required when
isOAuth
isfalse
.
Defines secrets for connectors when type is
.slack
.Hide attribute Show attribute
-
Slack bot user OAuth token.
Defines secrets for connectors when type is
.swimlane
.Hide attribute Show attribute
-
apiToken string
Swimlane API authentication token.
Defines secrets for connectors when type is
.thehive
.Hide attribute Show attribute
-
The API key for authentication in TheHive.
Defines secrets for connectors when type is
.tines
.Defines secrets for connectors when type is
.torq
.Hide attribute Show attribute
-
The secret of the webhook authentication header.
Defines secrets for connectors when type is
.webhook
.Hide attributes Show attributes
-
crt string
If
authType
iswebhook-authentication-ssl
andcertType
isssl-crt-key
, it is a base64 encoded version of the CRT or CERT file. -
key string
If
authType
iswebhook-authentication-ssl
andcertType
isssl-crt-key
, it is a base64 encoded version of the KEY file. -
pfx string
If
authType
iswebhook-authentication-ssl
andcertType
isssl-pfx
, it is a base64 encoded version of the PFX or P12 file. -
password string
The password for HTTP basic authentication or the passphrase for the SSL certificate files. If
hasAuth
is set totrue
andauthType
iswebhook-authentication-basic
, this property is required. -
user string
The username for HTTP basic authentication. If
hasAuth
is set totrue
andauthType
iswebhook-authentication-basic
, this property is required.
Hide attributes Show attributes
-
crt string
If
authType
iswebhook-authentication-ssl
andcertType
isssl-crt-key
, it is a base64 encoded version of the CRT or CERT file. -
key string
If
authType
iswebhook-authentication-ssl
andcertType
isssl-crt-key
, it is a base64 encoded version of the KEY file. -
pfx string
If
authType
iswebhook-authentication-ssl
andcertType
isssl-pfx
, it is a base64 encoded version of the PFX or P12 file. -
password string
The password for HTTP basic authentication. If
hasAuth
is set totrue
and andauthType
iswebhook-authentication-basic
, this property is required. -
user string
The username for HTTP basic authentication. If
hasAuth
is set totrue
andauthType
iswebhook-authentication-basic
, this property is required.
Defines secrets for connectors when type is
.xmatters
.Hide attributes Show attributes
-
password string
A user name for HTTP basic authentication. It is applicable only when
usesBasic
istrue
. -
secretsUrl string
The request URL for the Elastic Alerts trigger in xMatters with the API key included in the URL. It is applicable only when
usesBasic
isfalse
. -
user string
A password for HTTP basic authentication. It is applicable only when
usesBasic
istrue
.
-
Responses
-
200 application/json; Elastic-Api-Version=2023-10-31
Indicates a successful call.
Hide response attributes Show response attributes object
-
config object
-
The connector type identifier.
-
The identifier for the connector.
-
Indicates whether the connector is deprecated.
-
is_missing_secrets boolean
Indicates whether the connector is missing secrets.
-
Indicates whether the connector is preconfigured. If true, the
config
andis_missing_secrets
properties are omitted from the response. -
Indicates whether the connector is used for system actions.
-
The name of the rule.
-
curl \
-X PUT https://localhost:5601/api/actions/connector/{id} \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31" \
-H "elastic-api-version: 2023-10-31" \
-H "kbn-xsrf: true"
{
"name": "updated-connector",
"config": {
"index": "updated-index"
}
}
{
"config": {},
"connector_type_id": "string",
"id": "string",
"is_deprecated": true,
"is_missing_secrets": true,
"is_preconfigured": true,
"is_system_action": true,
"name": "string"
}