Add TheHive connector for cases (#4292)

* Add TheHive connector for cases * Add TheHive connector for serverless cases * Refresh automated screenshot * Update docs/en/serverless/cases/manage-cases-settings.mdx Co-authored-by: DeDe Morton <[email protected]> --------- Co-authored-by: DeDe Morton <[email protected]> (cherry picked from commit 241b955) # Conflicts: # docs/en/serverless/cases/manage-cases-settings.mdx # docs/en/serverless/images/observability-cases-add-connector.png
elastic · Sep 25, 2024 · 5fc8caa · 5fc8caa
1 parent 855ef55
commit 5fc8caa
Show file tree

Hide file tree

Showing 3 changed files with 132 additions and 3 deletions.
diff --git a/docs/en/observability/manage-cases-settings.asciidoc b/docs/en/observability/manage-cases-settings.asciidoc
@@ -27,6 +27,7 @@ cases with that system using _connectors_. These third-party systems are support
 * {jira} (including {jira} Service Desk)
 * {ibm-r}
 * {swimlane}
+* TheHive
 * {webhook-cm}
 
 IMPORTANT: To send cases to external systems, you need the appropriate license, and your role must
@@ -43,15 +44,15 @@ After creating a connector, you can set your cases to
 === Create a connector
 
 . From the *Incident management system* list, select *Add new connector*.
-. Select the system to send cases to: *{sn}*, *{jira}*, *{ibm-r}*, *{swimlane}*,
-or *{webhook-cm}*.
+. Select the system to send cases to: *{sn}*, *{jira}*, *{ibm-r}*, *{swimlane}*, *TheHive*, or *{webhook-cm}*.
 
 . Enter your required settings. For connector configuration details, refer to
 {kibana-ref}/resilient-action-type.html[{ibm-r} connector],
 {kibana-ref}/jira-action-type.html[{jira} connector],
 {kibana-ref}/servicenow-action-type.html[{sn-itsm} connector],
 {kibana-ref}/servicenow-sir-action-type.html[{sn-sir} connector],
-{kibana-ref}/swimlane-action-type.html[{swimlane} connector], or
+{kibana-ref}/swimlane-action-type.html[{swimlane} connector], 
+{kibana-ref}/thehive-action-type.html[TheHive connector], or
 {kibana-ref}/cases-webhook-action-type.html[{webhook-cm} connector].
 
 . Click *Save*.

diff --git a/docs/en/serverless/cases/manage-cases-settings.mdx b/docs/en/serverless/cases/manage-cases-settings.mdx
@@ -0,0 +1,128 @@
+---
+slug: /serverless/observability/case-settings
+title: Configure case settings
+description: Change the default behavior of ((observability)) cases by adding connectors, custom fields, templates, and closure options.
+tags: [ 'serverless', 'observability', 'how-to' ]
+---
+
+<p><DocBadge template="technical preview" /></p>
+
+import Roles from '../partials/roles.mdx'
+
+<Roles role="Editor" goal="create and edit connectors" />
+
+To access case settings in an ((observability)) project, go to **Cases** → **Settings**.
+
+![View case settings](../images/observability-cases-settings.png)
+{/* NOTE: This is an autogenerated screenshot. Do not edit it directly. */}
+
+## Case closures
+
+If you close cases in your external incident management system, the cases will remain open in Elastic Observability until you close them manually (the information is only sent in one direction).
+
+To close cases when they are sent to an external system, select **Automatically close cases when pushing new incident to external system**.
+
+## External incident management systems
+
+If you are using an external incident management system, you can integrate Elastic Observability
+cases with this system using connectors. These third-party systems are supported:
+
+* ((ibm-r))
+* ((jira)) (including ((jira)) Service Desk)
+* ((sn-itsm))
+* ((sn-sir))
+* ((swimlane))
+* TheHive
+* ((webhook-cm))
+
+You need to create a connector to send cases, which stores the information required to interact
+with an external system. For each case, you can send the title, description, and comment when
+you choose to push the case — for the **Webhook - Case Management** connector, you can also
+send the status and severity fields.
+
+<DocCallOut title="Important" color="warning">
+{/* TODO: Verify user roles needed to create connectors... */}
+To add, modify, or delete a connector, you must have the Admin user role for the project
+(or a more permissive role).
+</DocCallOut>
+
+After creating a connector, you can set your cases to
+automatically close when they are sent to an external system.
+
+### Create a connector
+
+1. From the **Incident management system** list, select **Add new connector**.
+1. Select the system to send cases to: **((sn))**, **((jira))**, **((ibm-r))**,
+   **((swimlane))**, **TheHive**, or **((webhook-cm))**.
+
+    ![Add a connector to send cases to an external source](../images/observability-cases-add-connector.png)
+    {/* NOTE: This is an autogenerated screenshot. Do not edit it directly. */}
+
+1. Enter your required settings. For connector configuration details, refer to:
+   -  [((ibm-r)) connector](((kibana-ref))/resilient-action-type.html)
+   -  [((jira)) connector](((kibana-ref))/jira-action-type.html)
+   -  [((sn-itsm)) connector](((kibana-ref))/servicenow-action-type.html)
+   -  [((sn-sir)) connector](((kibana-ref))/servicenow-sir-action-type.html)
+   -  [((swimlane)) connector](((kibana-ref))/swimlane-action-type.html)
+   -  [TheHive connector](((kibana-ref))/thehive-action-type.html)
+   -  [((webhook-cm)) connector](((kibana-ref))/cases-webhook-action-type.html)
+
+1. Click **Save**.
+
+### Edit a connector
+
+You can create additional connectors, update existing connectors, and change the connector used to send cases to external systems.
+
+<DocCallOut title="Tip">
+You can also configure which connector is used for each case individually. Refer to <DocLink slug="/serverless/observability/create-a-new-case"/>.
+</DocCallOut>
+
+To change the default connector used to send cases to external systems:
+
+1. Select the required connector from the **Incident management system** list.
+
+To update an existing connector:
+
+1. Click **Update \<connector name>**.
+1. Update the connector fields as required.
+
+## Custom fields
+
+You can add optional and required fields for customized case collaboration.
+
+To create a custom field:
+
+1. In the **Custom fields** section, click **Add field**.
+
+   ![Add a custom field](../images/observability-cases-custom-fields.png)
+    {/* NOTE: This is an autogenerated screenshot. Do not edit it directly. */}
+
+1. You must provide a field label and type (text or toggle).
+   You can optionally designate it as a required field and provide a default value.
+
+When you create a custom field, it's added to all new and existing cases.
+In existing cases, new custom text fields initially have null values.
+
+You can subsequently remove or edit custom fields on the **Settings** page.
+
+## Templates
+
+<DocCallOut template="technical_preview" />
+
+You can make the case creation process faster and more consistent by adding templates.
+A template defines values for one or all of the case fields (such as severity, tags, description, and title) as well as any custom fields.
+
+To create a template:
+
+1. In the **Templates** section, click **Add template**.
+
+    ![Add a case template](../images/observability-cases-templates.png)
+    {/* NOTE: This is an autogenerated screenshot. Do not edit it directly. */}
+
+1. You must provide a template name and case severity. You can optionally add template tags and a description, values for each case field, and a case connector.
+
+When users create cases, they can optionally select a template and use its field values or override them.
+
+<DocCallOut>
+If you update or delete templates, existing cases are unaffected.
+</DocCallOut>
diff --git a/docs/en/serverless/images/observability-cases-add-connector.png b/docs/en/serverless/images/observability-cases-add-connector.png