Update connector API | Kibana Guide [master]

You are looking at preliminary documentation for a future release. Not what you want? See the current release documentation.

› › ›

« Run connector API Deprecated 7.x APIs »

Update connector APIedit

Updates the attributes for a connector.

For the most up-to-date API details, refer to the open API specification.

Requestedit

PUT <kibana host>:<port>/api/actions/connector/<id>

PUT <kibana host>:<port>/s/<space_id>/api/actions/connector/<id>

Prerequisitesedit

You must have all privileges for the Actions and Connectors feature in the Management section of the Kibana feature privileges.

Path parametersedit

id: (Required, string) The ID of the connector.
space_id: (Optional, string) An identifier for the space. If space_id is not provided in the URL, the default space is used.

Request bodyedit

config

(Required, object) The new connector configuration. Configuration properties vary depending on the connector type. For example:

Config properties

IBM Resilient connectors

apiUrl: (Required, string) The IBM Resilient instance URL.
orgId: (Required, string) The IBM Resilient organization ID.

For more information, refer to IBM Resilient.

Index connectors

executionTimeField: (Optional, string) Specifies a field that will contain the time the alert condition was detected. The default value is null.
index: (Required, string) The Elasticsearch index to be written to.
refresh: (Optional, boolean) The refresh policy for the write request. The default value is false.

For more information, refer to Index.

Jira connectors

apiUrl: (Required, string) The Jira instance URL.
projectKey: (Required, string) The Jira project key.

For more information, refer to Jira.

Opsgenie connectors

apiUrl: (Required, string) The Opsgenie URL. For example, https://api.opsgenie.com or https://api.eu.opsgenie.com. If you are using the xpack.actions.allowedHosts setting, make sure the hostname is added to the allowed hosts.

For more information, refer to Opsgenie.

ServiceNow ITOM, ServiceNow ITSM, and ServiceNow SecOps connectors

apiUrl: (Required, string) The ServiceNow instance URL.
clientId: (Required^*, string) The client ID assigned to your OAuth application. This property is required when isOAuth is true.
isOAuth: (Optional, string) The type of authentication to use. The default value is false, which means basic authentication is used instead of open authorization (OAuth).
jwtKeyId: (Required^*, string) The key identifier assigned to the JWT verifier map of your OAuth application. This property is required when isOAuth is true.
userIdentifierValue: (Required^*, string) The identifier to use for OAuth authentication. This identifier should be the user field you selected when you created an OAuth JWT API endpoint for external clients in your ServiceNow instance. For example, if the selected user field is Email, the user identifier should be the user’s email address. This property is required when isOAuth is true.
usesTableApi: (Optional, boolean) Determines whether the connector uses the Table API or the Import Set API. This property is supported only for ServiceNow ITSM and ServiceNow SecOps connectors. The default value is true.

If this property is set to false, the Elastic application should be installed in ServiceNow.

Swimlane connectors

apiUrl

(Required, string) The Swimlane instance URL.

appId

(Required, string) The Swimlane application ID.

connectorType

(Required, String) The type of the connector. Valid values are: all, alerts, cases.

mappings

(Optional, object) The field mapping.

Mappings properties

alertIdConfig

(Optional, object) Mapping for the alert ID.

fieldType: (Required, string) The type of the field in Swimlane.
id: (Required, string) The id of the field in Swimlane.
key: (Required, string) The key of the field in Swimlane.
name: (Required, string) The name of the field in Swimlane.

caseIdConfig

(Optional, object) Mapping for the case ID.

fieldType: (Required, string) The type of the field in Swimlane.
id: (Required, string) The id of the field in Swimlane.
key: (Required, string) The key of the field in Swimlane.
name: (Required, string) The name of the field in Swimlane.

caseNameConfig

(Optional, object) Mapping for the case name.

fieldType: (Required, string) The type of the field in Swimlane.
id: (Required, string) The id of the field in Swimlane.
key: (Required, string) The key of the field in Swimlane.
name: (Required, string) The name of the field in Swimlane.

commentsConfig

(Optional, object) Mapping for the case comments.

fieldType: (Required, string) The type of the field in Swimlane.
id: (Required, string) The id of the field in Swimlane.
key: (Required, string) The key of the field in Swimlane.
name: (Required, string) The name of the field in Swimlane.

descriptionConfig

(Optional, object) Mapping for the case description.

fieldType: (Required, string) The type of the field in Swimlane.
id: (Required, string) The id of the field in Swimlane.
key: (Required, string) The key of the field in Swimlane.
name: (Required, string) The name of the field in Swimlane.

ruleNameConfig

(Optional, object) Mapping for the name of the alert’s rule.

fieldType: (Required, string) The type of the field in Swimlane.
id: (Required, string) The id of the field in Swimlane.
key: (Required, string) The key of the field in Swimlane.
name: (Required, string) The name of the field in Swimlane.

severityConfig

(Optional, object) Mapping for the severity.

fieldType: (Required, string) The type of the field in Swimlane.
id: (Required, string) The id of the field in Swimlane.
key: (Required, string) The key of the field in Swimlane.
name: (Required, string) The name of the field in Swimlane.

For more information, refer to Swimlane.

Webhook - Case Management connectors

createCommentJson

(Optional, string) A JSON payload sent to the create comment URL to create a case comment. You can use variables to add Kibana Cases data to the payload. The required variable is case.comment. For example:

{
  "body": {{{case.comment}}}
}

Due to Mustache template variables (the text enclosed in triple braces, for example, {{{case.title}}}), the JSON is not validated when you create the connector. The JSON is validated once the Mustache variables have been placed when the REST method runs. Manually ensure that the JSON is valid, disregarding the Mustache variables, so the later validation will pass.

createCommentMethod

(Optional, string) The REST API HTTP request method to create a case comment in the third-party system. Valid values are either patch, post, and put. The default value is put.

createCommentUrl

(Optional, string) The REST API URL to create a case comment by ID in the third-party system. You can use a variable to add the external system ID to the URL. If you are using the xpack.actions.allowedHosts setting, make sure the hostname is added to the allowed hosts. For example:

https://testing-jira.atlassian.net/rest/api/2/issue/{{{external.system.id}}}/comment

createIncidentJson

(Required, string) A JSON payload sent to the create case URL to create a case. You can use variables to add case data to the payload. Required variables are case.title and case.description. For example:

{
	"fields": {
	  "summary": {{{case.title}}},
	  "description": {{{case.description}}},
	  "labels": {{{case.tags}}}
	}
}

Due to Mustache template variables (which is the text enclosed in triple braces, for example, {{{case.title}}}), the JSON is not validated when you create the connector. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid to avoid future validation errors; disregard Mustache variables during your review.

createIncidentMethod

(Optional, string) The REST API HTTP request method to create a case in the third-party system. Valid values are patch, post, and put. The default value is post.

createIncidentResponseKey

(Required, string) The JSON key in the create case response that contains the external case ID.

createIncidentUrl

(Required, string) The REST API URL to create a case in the third-party system. If you are using the xpack.actions.allowedHosts setting, make sure the hostname is added to the allowed hosts.

getIncidentResponseExternalTitleKey

(Required, string) The JSON key in get case response that contains the external case title.

getIncidentUrl

(Required, string) The REST API URL to get the case by ID from the third-party system. If you are using the xpack.actions.allowedHosts setting, make sure the hostname is added to the allowed hosts. You can use a variable to add the external system ID to the URL. For example:

https://testing-jira.atlassian.net/rest/api/2/issue/{{{external.system.id}}}

Due to Mustache template variables (the text enclosed in triple braces, for example, {{{case.title}}}), the JSON is not validated when you create the connector. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid, disregarding the Mustache variables, so the later validation will pass.

hasAuth

(Optional, boolean) If true, a username and password for login type authentication must be provided. The default value is true.

headers

(Optional, string) A set of key-value pairs sent as headers with the request URLs for the create case, update case, get case, and create comment methods.

updateIncidentJson

(Required, string) The JSON payload sent to the update case URL to update the case. You can use variables to add Kibana Cases data to the payload. Required variables are case.title and case.description. For example:

{
	"fields": {
	  "summary": {{{case.title}}},
	  "description": {{{case.description}}},
	  "labels": {{{case.tags}}}
	}
}

updateIncidentMethod

(Optional, string) The REST API HTTP request method to update the case in the third-party system. Valid values are patch, post, and put. The default value is put.

updateIncidentUrl

(Required, string) The REST API URL to update the case by ID in the third-party system. You can use a variable to add the external system ID to the URL. If you are using the xpack.actions.allowedHosts setting, make sure the hostname is added to the allowed hosts. For example:

https://testing-jira.atlassian.net/rest/api/2/issue/{{{external.system.ID}}}

viewIncidentUrl

(Required, string) The URL to view the case in the external system. You can use variables to add the external system ID or external system title to the URL.For example:

https://testing-jira.atlassian.net/browse/{{{external.system.title}}}

For more information, refer to Webhook - Case Management.

This object is not required for server log connectors.

For more configuration properties, refer to Connectors.

name

(Required, string) The new name of the connector.

secrets

(Required^*, object) The updated secrets configuration for the connector. Secrets properties vary depending on the connector type. For information about the secrets configuration properties, refer to Action and connector types.

Secrets properties

IBM Resilient connectors

apiKeyId: (Required, string) The authentication key ID for HTTP Basic authentication.
apiKeySecret: (Required, string) The authentication key secret for HTTP Basic authentication.

Jira connectors

apiToken: (Required, string) The Jira API authentication token for HTTP basic authentication.
email: (Required, string) The account email for HTTP Basic authentication.

Opsgenie connectors

apiKey: (Required, string) The Opsgenie API authentication key for HTTP Basic authentication.

ServiceNow ITOM, ServiceNow ITSM, and ServiceNow SecOps connectors

clientSecret: (Required^*, string) The client secret assigned to your OAuth application. This property is required when isOAuth is true.
password: (Required^*, string) The password for HTTP basic authentication. This property is required when isOAuth is false.
privateKey: (Required^*, string) The RSA private key that you created for use in ServiceNow. This property is required when isOAuth is true.
privateKeyPassword: (Required^*, string) The password for the RSA private key. This property is required when isOAuth is true and you set a password on your private key.
username: (Required^*, string) The username for HTTP basic authentication. This property is required when isOAuth is false.

Swimlane connectors

apiToken: (string) Swimlane API authentication token.

Webhook - Case Management connectors

password: (Optional, string) The password for HTTP basic authentication.
user: (Optional, string) The username for HTTP basic authentication.

This object is not required for index or server log connectors.

Response codesedit

200: Indicates a successful call.

Examplesedit

PUT api/actions/connector/c55b6eb0-6bad-11eb-9f3b-611eebc6c3ad
{
  "name": "updated-connector",
  "config": {
    "index": "updated-index"
  }
}

The API returns the following:

{
  "id": "c55b6eb0-6bad-11eb-9f3b-611eebc6c3ad",
  "connector_type_id": ".index",
  "name": "updated-connector",
  "config": {
    "index": "updated-index",
    "refresh": false,
    "executionTimeField": null
  },
  "is_preconfigured": false,
  "is_deprecated": false,
  "is_missing_secrets": false
}

« Run connector API Deprecated 7.x APIs »