[Security Solutions][Case] Settings per case per connector

[cnasikas]

Summary

This PR allows users to specify connector incident fields when cases are being sent to them. Specifically:

• Jira: issue type, priority, and parent issue in the case of a subtask.
• IBM Resilient: issue types, and severity.
• ServiceNow: urgency, severity, and impact.

Ref: #76222, #76212, #75622

Dev docs

• To create a case (POST <kibana host>:<port>/api/cases) you need to provide a connector. Requests without a connector response to 400 Bad Request.
• To update the connector of a case (PATCH <kibana host>:<port>/api/cases) you need to provide the connector. The previously connector_id attribute has been removed in favor of the connector attribute.
• To sets the default connector (POST <kibana host>:<port>/api/cases/configure) you need to provide a connector. The previously connector_id and connector_name attributes have been removed in favor of the connector attribute.
• To update the connector’s case closure settings (PATCH <kibana host>:<port>/api/cases/configure) you need to provide a connector. The previously connector_id and connector_name attributes have been removed in favor of the connector attribute.

Connector schema:

connector

Property	Description	Type
id	ID of the connector used for pushing case updates to external systems.	string
name	The connector name.	string
type	The type of the connector. Must be one of these: .servicenow, jira, .resilient, and .none	string
fields	Object containing the connector’s fields.	fields

fields

For ServiceNow connectors:

Property	Description	Type
urgency	The urgency of the incident.	string
severity	The severity of the incident.	string
impact	The impact of the incident.	string

For Jira connectors:

Property	Description	Type
issueType	The issue type of the issue.	string
priority	The priority of the issue.	string
parent	The key of the parent issue (Valid when the issue type is Sub-task).	string

For IBM Resilient connectors:

Property	Description	Type
issueTypes	The issue types of the issue.	string[]
severityCode	The severity code of the issue.	string

Checklist

Delete any items that are not applicable to this PR.

• Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n support
• Documentation was added for features that require explanation or tutorials
• Unit or functional tests were updated or added to match the most common scenarios
• This was checked for keyboard-only and screenreader accessibility
• This renders correctly on smaller devices using a responsive layout. (You can test this in your browser
• This was checked for cross-browser compatibility

For maintainers

• This was checked for breaking API changes and was labeled appropriately

[XavierM]

I tested locally, migration has been working as expected. I was able to create/update cases with these new settings fields. I review the code and I thought the fields registry is a great way of implementation. It will be easy to add new connectors and features on top of it.

@stephmilovic did also a good job by refactoring code and spending time fixing bugs and clean up the code. Great teamwork here!!! never easy when you have the pressure of feature freeze.

I think we can all feel like Christos today ;)

[stephmilovic]

LGTM! LTFF!

[kibanamachine]

💚 Build Succeeded

• continuous-integration/kibana-ci/pull-request
• Commit: ad024db

Metrics [docs]

@kbn/optimizer bundle module count

id	before	after	diff
securitySolution	1998	2027	+29

async chunks size

id	before	after	diff
securitySolution	10.3MB	10.4MB	+103.4KB

distributable file count

id	before	after	diff
default	48094	48104	+10

page load bundle size

id	before	after	diff
securitySolution	587.2KB	592.9KB	+5.7KB

Saved Objects .kibana field count

id	before	after	diff
cases	32	38	+6
cases-configure	14	19	+5
total			+11

History

• 💚 Build #80157 succeeded ad024db
• 💚 Build #80133 succeeded 24bfbc6
• 💚 Build #80097 succeeded d700222
• 💚 Build #80008 succeeded b87113d
• 💔 Build #79984 failed 4262a0f

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

[gchaps]

@cnasikas For this PR to be included in the breaking changes doc, I need a write up that includes the details and impact of the change. See this breaking changes doc for an example.

[cnasikas]

@gchaps This PR updates our docs to accommodate the breaking changes. Is that enough or do you want me to post the details here?

[cjcenizal]

@cnasikas Ideally, there would be a section in the PR description that identifies the breaking changes for people who want to understand the changes encapsulated by the PR. Here are some good examples: #80766, #65467, #42353

[cnasikas]

@cjcenizal Thanks for your feedback. I updated the description accordingly and improve the labeling for the release note.

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)