This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features.
You can push Elastic Security cases to these third-party systems:
- Jira (including Jira Service Desk)
- IBM Resilient
To push cases, you need to create a connector using the Kibana Actions API, which stores the information required to interface with the external system.
Elastic Security uses these external APIs to send cases:
To send cases to an external system and keep the Elastic Security UI updated:
- Create connector: Create the connector (Actions API).
- Set default Elastic Security UI connector or Update case configurations: If required, configure connector options (Cases API).
- Create or update an external incident: Send the case to an external system (Actions API). You must store the returned data as it is required for updating the the Elastic Security case.
- Add external details to case: Update the Elastic Security case with the associated external system data returned in step 3 (Cases API).