The SIEM app is now a part of the Elastic Security solution. Click here to view SIEM documentation for previous releases.
Elastic Docs Elastic Security Solution [7.9] Elastic Security APIs Cases API
« Delete case Update case configurations »

Set default Elastic Security UI connectoredit

Sets the default connector in the Elastic Security UI.

Connectors are used to interface with external systems. You can only call this method after you have created a connector (see Create connector). After a connector has been created and assigned, call Create or update an external incident to send cases to the external system.

You can also set the default connector in the Elastic Security UI for each case individually (see Update case).

Request URLedit

POST <kibana host>:<port>/api/cases/configure

Request bodyedit

A JSON object with these fields:

Name Type Description Required

connector_id

String

The connector ID.

Yes

connector_name

String

The connector name.

Yes

closure_type

String

Determines whether a case is automatically closed in Elastic Security when it is pushed to external systems. Valid values are:

  • close-by-pushing: Elastic Security cases are automatically closed when they are pushed.
  • close-by-user: Elastic Security cases are not automatically closed.

Yes

Call Find connectors to retrieve connector IDs and names.

Example requestedit

POST api/cases/configure
{
  "connector_id": "61787f53-4eee-4741-8df6-8fe84fa616f7",
  "closure_type": "close-by-user",
  "connector_name": "ServiceNow"
}

Response codeedit

200
Indicates a successful call.

Example responseedit

{
  "connector_id": "61787f53-4eee-4741-8df6-8fe84fa616f7",
  "closure_type": "close-by-user",
  "connector_name": "ServiceNow",
  "created_at": "2020-03-30T13:31:38.083Z",
  "created_by": {
    "email": "moneypenny@hms.gov.uk",
    "full_name": "Ms Moneypenny",
    "username": "moneypenny"
  },
  "updated_at": null,
  "updated_by": null,
  "version": "WzE3NywxXQ=="
}
« Delete case Update case configurations »