Swimlane connector and actionedit

The Swimlane connector uses the Swimlane REST API to create Swimlane records.

Connector configurationedit

Swimlane connectors have the following configuration properties.

Name
The name of the connector.
URL
Swimlane instance URL.
Application ID
Swimlane application ID.
API token
Swimlane API authentication token for HTTP Basic authentication.

Preconfigured connector typeedit

 my-swimlane:
   name: preconfigured-swimlane-connector-type
   actionTypeId: .swimlane
   config:
     apiUrl: https://elastic.swimlaneurl.us
     appId: app-id
     mappings:
       alertIdConfig:
         fieldType: text
         id: agp4s
         key: alert-id
         name: Alert ID
       caseIdConfig:
         fieldType: text
         id: ae1mi
         key: case-id
         name: Case ID
       caseNameConfig:
         fieldType: text
         id: anxnr
         key: case-name
         name: Case Name
       commentsConfig:
         fieldType: comments
         id: au18d
         key: comments
         name: Comments
       descriptionConfig:
         fieldType: text
         id: ae1gd
         key: description
         name: Description
       ruleNameConfig:
         fieldType: text
         id: avfsl
         key: rule-name
         name: Rule Name
       severityConfig:
         fieldType: text
         id: a71ik
         key: severity
         name: severity
   secrets:
     apiToken: tokenkeystorevalue

Config defines information for the connector type.

apiUrl
An address that corresponds to URL.
appId
A key that corresponds to Application ID.

Secrets defines sensitive information for the connector type.

apiToken
A string that corresponds to API Token. Should be stored in the Kibana keystore.

Define connector in Stack Managementedit

Define Swimlane connector properties.

Swimlane connector

Test Swimlane action parameters.

Swimlane params test

Action configurationedit

Swimlane actions have the following configuration properties.

Comments
Additional information for the client, such as how to troubleshoot the issue.
Severity
The severity of the incident.

Alert ID and Rule Name are filled automatically. Specifically, Alert ID is set to {{alert.id}} and Rule Name to {{rule.name}}.