-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution][Case] ServiceNow SIR Connector #88655
[Security Solution][Case] ServiceNow SIR Connector #88655
Conversation
9b60537
to
222688f
Compare
f7e6bd4
to
277b184
Compare
fe99938
to
961ba01
Compare
42e992b
to
c3549f0
Compare
f8c4c49
to
81b2189
Compare
Pinging @elastic/security-solution (Team: SecuritySolution) |
Pinging @elastic/security-threat-hunting (Team:Threat Hunting) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Alerting related changes LGTM.
67ff678
to
3e3bb25
Compare
…ana into cases_servicenow_sir_fields
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Really exciting feature for our user, as always your code is clean and readable. Thanks a lot for getting this new connector.
6601a48
to
47ef8e5
Compare
…timeline-and-rollover-info * 'master' of github.com:elastic/kibana: (47 commits) [Fleet] Use TS project references (elastic#87574) before/beforeEach clean up (elastic#90663) [Vega] user should be able to set a specific tilemap service using the mapStyle property (elastic#88440) [Security Solution][Case] ServiceNow SIR Connector (elastic#88655) [Search Sessions] Enable extend from management (elastic#90558) [ILM] Delete phase redesign (rework) (elastic#90291) [APM-UI][E2E] use withGithubStatus step (elastic#90651) Add folding in kb-monaco and update some viewers (elastic#90152) [Grok Debugger] Changed test to wait for grok debugger container to exist to fix test flakiness (elastic#90543) Strongly typed EUI theme for styled-components (elastic#90106) Fix vega renovate label (elastic#90591) [Uptime] Migrate to TypeScript project references (elastic#90510) [Monitoring] Migrate data source for legacy alerts to monitoring data directly (elastic#87377) [Upgrade Assistant] Add A11y Tests (elastic#90265) [Time to Visualize] Adds functional tests for linking/unlinking panel from embeddable library (elastic#89612) [dev-utils/ship-ci-stats] fail when CI stats is down (elastic#90678) chore(NA): remove write permissions on Bazel remote cache for PRs (elastic#90652) chore(NA): move bazel workspace status from bash script into nodejs executable (elastic#90560) Use default ES distribution for functional tests (elastic#88737) [Alerts] Jira: Disallow labels with spaces (elastic#90548) ... # Conflicts: # x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/components/timeline/timeline.tsx # x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/lib/absolute_timing_to_relative_timing.test.ts # x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/lib/absolute_timing_to_relative_timing.ts
…0743) Co-authored-by: Xavier Mouligneau <[email protected]> Co-authored-by: Xavier Mouligneau <[email protected]>
💔 Build Failed
Failed CI Steps
Metrics [docs]
History
To update your PR or re-run it, just comment with: |
Summary
Release Notes: Adds ServiceNow SIR case connector
This PR implements the case's fields for the ServiveNow SIR connector.
Create case:
Create.case.SIR.mp4
Push case to SIR:
SIR.push.mp4
Technical details:
api/cases/configure/connectors/<connector_id>/push
andapi/cases/<case_id>/_push
into one route. The new route endpoint iscase/<case_id>/connector/<connector_id>/_push
.x-pack/plugins/security_solution/public/cases/components/connectors
folder.getChoices
introduced in [Alerts] ServiceNow SIR Connector #88190.get
case client method. It returns a case.getUserActions
case client method. It returns the case's user action.getAlerts
case client method. It returns the requested alerts.work_notes
.push
case client method. It push a case to an external service.destination.ip
,source.ip
,file.hash.sha256
, andurl.full
are pushed to ServiceNow SIR indest_ip
,source_ip
,malware_hash
, andmalware_url
accordingly. The values of the fields are constructed from all alerts attach to a case. Exampledest_ip: 192.168.1.1,192.168.1.2,...
Depends on #88190
Meta issue: #82676
Release note
Checklist
Delete any items that are not applicable to this PR.
For maintainers