-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution][Case] Case action type #80870
Conversation
b389c52
to
1b43497
Compare
5f2634d
to
1b43497
Compare
Pinging @elastic/kibana-alerting-services (Team:Alerting Services) |
Pinging @elastic/siem (Team:SIEM) |
8b7c649
to
7ca66e5
Compare
const { savedObjectsClient } = services; | ||
const caseClient = createCaseClient({ | ||
savedObjectsClient, | ||
request: {} as KibanaRequest, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm confused about why we're passing an empty object and typing it. Instead can this value be undefined? Can we change the type?
interface UserActionUsernameProps { | ||
username: string; | ||
fullName?: string; | ||
username?: string | null; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is it true that username
will only be undefined when type: alert
?? can we check for this and say something like Automated Alert
(maybe ask product) instead of Unknown
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A non authenticated user can create cases. In this case, the username will be null
. I agree about asking product about a suitable name.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe user is Kibana?
93f08e9
to
10e233f
Compare
8cae74e
to
fee00ae
Compare
fee00ae
to
e010cb8
Compare
Co-authored-by: Mike Côté <[email protected]>
15b64dd
to
da442fc
Compare
Overall the PR looks great! It is a very promising first iteration for introducing a Case as a connector across Kibana.
|
Thanks a lot for your review! About 1) this PR is gonna add the parameters for the action. You are right about moving Case Comment Type related work to another PR. Sorry about that! |
* Init connector * Add test * Improve comment type * Add integration tests * Fix i18n * Improve tests * Show unknown when username is null * Improve comment type * Pass connector to case client * Improve type after PR elastic#82125 * Add comment migration test * Fix integration tests * Fix reporter on table * Create case connector ui * Add connector to README * Improve casting on executor * Translate name * Improve test * Create comment type enum * Fix type * Fix i18n * Move README to cases * Filter out case connector from alerting Co-authored-by: Mike Côté <[email protected]> Co-authored-by: Mike Côté <[email protected]>
* Init connector * Add test * Improve comment type * Add integration tests * Fix i18n * Improve tests * Show unknown when username is null * Improve comment type * Pass connector to case client * Improve type after PR #82125 * Add comment migration test * Fix integration tests * Fix reporter on table * Create case connector ui * Add connector to README * Improve casting on executor * Translate name * Improve test * Create comment type enum * Fix type * Fix i18n * Move README to cases * Filter out case connector from alerting Co-authored-by: Mike Côté <[email protected]>
Summary
This PR creates the case connector.
Depends on: #81018
API
Create case action
URI:
/api/actions/action
Method:
POST
Body:
Response:
Create case
URI:
/api/actions/action/<id>/_execute
Method:
POST
Body:
Response:
Update case
URI:
/api/actions/action/<id>/_execute
Method:
POST
Body:
Response:
Add comment to case
URI:
/api/actions/action/<id>/_execute
Method:
POST
Body:
Response:
Breaking changes:
A new field was introduced to cases' comments. It must be provided when adding a comment to a case. Specifically:
user
Checklist
Delete any items that are not applicable to this PR.
For maintainers