Actions API (for pushing cases to external systems)edit

This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features.

You can push Elastic Security cases to these third-party systems:

  • ServiceNow
  • Jira (including Jira Service Desk)
  • IBM Resilient

To push cases, you need to create a connector using the Kibana Actions API, which stores the information required to interface with the external system.

Elastic Security uses these external APIs to send cases:

To send cases to an external system and keep the Elastic Security UI updated:

  1. Create connector: Create the connector (Actions API).
  2. Set default Elastic Security UI connector or Update case configurations: If required, configure connector options (Cases API).
  3. Create or update an external incident: Send the case to an external system (Actions API). You must store the returned data as it is required for updating the the Elastic Security case.
  4. Add external details to case: Update the Elastic Security case with the associated external system data returned in step 3 (Cases API).