Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SIEM] [Docs] Cases API #761

Merged
merged 25 commits into from
Apr 2, 2020
Merged

[SIEM] [Docs] Cases API #761

merged 25 commits into from
Apr 2, 2020

Conversation

benskelker
Copy link
Contributor

@benskelker benskelker commented Dec 17, 2019
edited
Loading

Documents cases API

Resolves #703

Preview

@benskelker benskelker force-pushed the siem_case_api branch 3 times, most recently from 1bf8752 to 8a55add Compare January 28, 2020 18:02
@benskelker benskelker force-pushed the siem_case_api branch 5 times, most recently from 4ae4179 to f96f2c9 Compare February 10, 2020 16:28
@benskelker benskelker force-pushed the siem_case_api branch 4 times, most recently from b8470ad to 1e6cc14 Compare February 20, 2020 14:01
@benskelker benskelker changed the title [SIEM] [Docs] Cases api [SIEM] [Docs] Cases API Feb 25, 2020
@benskelker benskelker marked this pull request as ready for review February 27, 2020 10:59
@benskelker
Copy link
Contributor Author

@stephmilovic
No rush with this, but when you get a chance please take a look to make sure I'm going in the right direction. If anyone else should review this, feel free to add them or ping me.

Thanks,

@benskelker benskelker force-pushed the siem_case_api branch 2 times, most recently from 63fdeeb to 5f46192 Compare March 3, 2020 08:39
@benskelker benskelker force-pushed the siem_case_api branch 2 times, most recently from 8f05b90 to ff5c401 Compare March 12, 2020 14:14
@benskelker benskelker requested review from XavierM and cnasikas March 17, 2020 10:08
@cnasikas
Copy link
Member

This PR introduced new changes to the ServiceNow action API:

elastic/kibana#60052

stephmilovic
stephmilovic requested changes Apr 2, 2020
View reviewed changes
Copy link

@stephmilovic stephmilovic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've reviewed the case and comment api docs. Let me know when you've made my requested updates. @cnasikas is going to review the configure/connect/actions stuff today as well

@benskelker
Copy link
Contributor Author

I've reviewed the case and comment api docs. Let me know when you've made my requested updates. @cnasikas is going to review the configure/connect/actions stuff today as well

Thanks - will do

@cnasikas
Copy link
Member

cnasikas commented Apr 2, 2020
edited
Loading

Hi!

Notes:

  • Create or update an external incident: If an error is produced by our connector the response code will be 200 but the status in the response will be error. Example: { actionId: "ba7be107-5826-48b7-b9d2-43d456fada00", status: "error", message: "an error occurred while running the action executor", serviceMessage: "[Action][ServiceNow]: Unable to create incident. Error: Request failed with status code 404", retry: false }.

  • Update case configuration

    • Fields are optional except version.
    • connector_name is missing (also optional).

  • Reporter's API is missing:

    • Route: /api/cases/reporters
    • Method: GET
    • Response: Array of { email, fullname, username }

  • User actions API is missing

  • Find cases route is missing the following fields: fields, defaultSearchOperator, search, searchFields. @XavierM Should we document these fields?

stephmilovic
stephmilovic approved these changes Apr 2, 2020
View reviewed changes
Copy link

@stephmilovic stephmilovic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM on the cases and comments. Please wait for @cnasikas approval before merging. Thanks @benskelker for keeping up with all of our changes 🚀

@XavierM XavierM mentioned this pull request Apr 2, 2020
Merged
@cnasikas
Copy link
Member

cnasikas commented Apr 2, 2020

LGTM! Thank you!

@benskelker benskelker merged commit 81c20d9 into elastic:master Apr 2, 2020
benskelker added a commit to benskelker/stack-docs that referenced this pull request Apr 2, 2020
@benskelker
[SIEM] [Docs] Cases API (elastic#761)
61aa715 
* intial case api docs

* starts updating the api

* updates patch comments

* api updates

* starts conf api

* more conf api stuff

* minor fixes

* more updates

* proofing

* typo

* formatting

* gets rid of me

* adds delete all comments method

* corrections after feedback

* corrections 2

* corrections continued

* cmore corrections

* and more corrections

* even more

* rebase

* adds reporters to find

* corrections

* corrections II

* connector corrections

* final corrections
@benskelker benskelker mentioned this pull request Apr 2, 2020
Merged
benskelker added a commit to benskelker/stack-docs that referenced this pull request Apr 2, 2020
@benskelker
[SIEM] [Docs] Cases API (elastic#761)
642f3a4 
* intial case api docs

* starts updating the api

* updates patch comments

* api updates

* starts conf api

* more conf api stuff

* minor fixes

* more updates

* proofing

* typo

* formatting

* gets rid of me

* adds delete all comments method

* corrections after feedback

* corrections 2

* corrections continued

* cmore corrections

* and more corrections

* even more

* rebase

* adds reporters to find

* corrections

* corrections II

* connector corrections

* final corrections
@benskelker benskelker mentioned this pull request Apr 2, 2020
Merged
benskelker added a commit that referenced this pull request Apr 3, 2020
@benskelker
[SIEM] [Docs] Cases API (#761) (#977)
964419c 
* intial case api docs

* starts updating the api

* updates patch comments

* api updates

* starts conf api

* more conf api stuff

* minor fixes

* more updates

* proofing

* typo

* formatting

* gets rid of me

* adds delete all comments method

* corrections after feedback

* corrections 2

* corrections continued

* cmore corrections

* and more corrections

* even more

* rebase

* adds reporters to find

* corrections

* corrections II

* connector corrections

* final corrections
benskelker added a commit that referenced this pull request Apr 3, 2020
@benskelker
[SIEM] [Docs] Cases API (#761) (#976)
5329c68 
* intial case api docs

* starts updating the api

* updates patch comments

* api updates

* starts conf api

* more conf api stuff

* minor fixes

* more updates

* proofing

* typo

* formatting

* gets rid of me

* adds delete all comments method

* corrections after feedback

* corrections 2

* corrections continued

* cmore corrections

* and more corrections

* even more

* rebase

* adds reporters to find

* corrections

* corrections II

* connector corrections

* final corrections
@benskelker benskelker deleted the siem_case_api branch April 3, 2020 05:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cnasikas cnasikas cnasikas left review comments

@XavierM XavierM XavierM left review comments

@stephmilovic stephmilovic stephmilovic approved these changes

Assignees
No one assigned
Labels
Team:SIEM v7.7.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Docs] Document case management API
4 participants
@benskelker @cnasikas @XavierM @stephmilovic