diff --git a/docs/api-generated/connectors/connector-apis-passthru.asciidoc b/docs/api-generated/connectors/connector-apis-passthru.asciidoc
index ac2c18b4f2c295..98ef93db6e820f 100644
--- a/docs/api-generated/connectors/connector-apis-passthru.asciidoc
+++ b/docs/api-generated/connectors/connector-apis-passthru.asciidoc
@@ -23,6 +23,7 @@ Any modifications made to this file will be overwritten.
get /s/{spaceId}/api/actions/connector/{connectorId}
get /s/{spaceId}/api/actions/connector_types
get /s/{spaceId}/api/actions/connectors
+ post /s/{spaceId}/api/actions/connector/{connectorId}/_execute
put /s/{spaceId}/api/actions/connector/{connectorId}
@@ -90,7 +91,7 @@ Any modifications made to this file will be overwritten.
connector_response_properties
401
Authorization information is missing or invalid.
- createConnector_401_response
+ 401_response
+
+
+
+
Up
+
post /s/{spaceId}/api/actions/connector/{connectorId}/_execute
+
Runs a connector. (runConnector)
+
You can use this API to test an action that involves interaction with Kibana services or integrations with third-party systems. You must have read
privileges for the Actions and Connectors feature in the Management section of the Kibana feature privileges. If you use an index connector, you must also have all
, create
, index
, or write
indices privileges.
+
+
Path parameters
+
+
connectorId (required)
+
+
Path Parameter — An identifier for the connector. default: null
spaceId (required)
+
+
Path Parameter — An identifier for the space. If /s/
and the identifier are omitted from the path, the default space is used. default: null
+
+
+
Consumes
+ This API call consumes the following media types via the request header:
+
+
+
Request body
+
+
+
+
Body Parameter —
+
+
+
+
Request headers
+
+
kbn-xsrf (required)
+
+
Header Parameter — default: null
+
+
+
+
+
+
Return type
+
+
+
+
+
Example data
+
Content-Type: application/json
+
{
+ "connector_id" : "connector_id",
+ "status" : "error"
+}
+
+
Produces
+ This API call produces the following media types according to the request header;
+ the media type will be conveyed by the response header.
+
+
+
Responses
+
200
+ Indicates a successful call.
+
runConnector_200_response
+
401
+ Authorization information is missing or invalid.
+
401_response
@@ -395,6 +467,8 @@ Any modifications made to this file will be overwritten.
Table of Contents
+ 401_response
- Unsuccessful rule API response
+ 404_response
-
Alert_identifier_mapping
- Alert identifier mapping
Case_comment_mapping
- Case comment mapping
Case_description_mapping
- Case description mapping
@@ -405,7 +479,10 @@ Any modifications made to this file will be overwritten.
Get_connector_types_response_body_properties_inner
-
Get_connectors_response_body_properties
- Get connectors response body properties
Rule_name_mapping
- Rule name mapping
+ Run_connector_request_body_properties
- Run connector request body properties
+ Run_connector_request_body_properties_params
-
Severity_mapping
- Severity mapping
+ Subaction_parameters
- Subaction parameters
Update_connector_request_body_properties
- Update connector request body properties
config_properties_cases_webhook
- Connector request properties for Webhook - Case Management connector
config_properties_index
- Connector request properties for an index connector
@@ -434,7 +511,6 @@ Any modifications made to this file will be overwritten.
connector_response_properties_webhook
- Connector response properties for a Webhook connector
connector_response_properties_xmatters
- Connector response properties for an xMatters connector
connector_types
- Connector types
- createConnector_401_response
-
create_connector_request_cases_webhook
- Create Webhook - Case Managment connector request
create_connector_request_email
- Create email connector request
create_connector_request_index
- Create index connector request
@@ -454,6 +530,38 @@ Any modifications made to this file will be overwritten.
create_connector_request_xmatters
- Create xMatters connector request
features
-
getConnector_404_response
-
+ runConnector_200_response
-
+ runConnector_200_response_data
-
+ run_connector_params_documents
- Index connector parameters
+ run_connector_params_level_message
- Server log connector parameters
+ run_connector_subaction_addevent
- The addEvent subaction
+ run_connector_subaction_addevent_subActionParams
-
+ run_connector_subaction_closealert
- The closeAlert subaction
+ run_connector_subaction_closealert_subActionParams
-
+ run_connector_subaction_createalert
- The createAlert subaction
+ run_connector_subaction_createalert_subActionParams
-
+ run_connector_subaction_createalert_subActionParams_responders_inner
-
+ run_connector_subaction_createalert_subActionParams_visibleTo_inner
-
+ run_connector_subaction_fieldsbyissuetype
- The fieldsByIssueType subaction
+ run_connector_subaction_fieldsbyissuetype_subActionParams
-
+ run_connector_subaction_getchoices
- The getChoices subaction
+ run_connector_subaction_getchoices_subActionParams
-
+ run_connector_subaction_getfields
- The getFields subaction
+ run_connector_subaction_getincident
- The getIncident subaction
+ run_connector_subaction_getincident_subActionParams
-
+ run_connector_subaction_issue
- The issue subaction
+ run_connector_subaction_issue_subActionParams
-
+ run_connector_subaction_issues
- The issues subaction
+ run_connector_subaction_issues_subActionParams
-
+ run_connector_subaction_issuetypes
- The issueTypes subaction
+ run_connector_subaction_pushtoservice
- The pushToService subaction
+ run_connector_subaction_pushtoservice_subActionParams
-
+ run_connector_subaction_pushtoservice_subActionParams_comments_inner
-
+ run_connector_subaction_pushtoservice_subActionParams_incident
-
+ run_connector_subaction_pushtoservice_subActionParams_incident_dest_ip
-
+ run_connector_subaction_pushtoservice_subActionParams_incident_malware_hash
-
+ run_connector_subaction_pushtoservice_subActionParams_incident_malware_url
-
+ run_connector_subaction_pushtoservice_subActionParams_incident_source_ip
-
secrets_properties_cases_webhook
- Connector secrets properties for Webhook - Case Management connector
secrets_properties_jira
- Connector secrets properties for a Jira connector
secrets_properties_opsgenie
- Connector secrets properties for an Opsgenie connector
@@ -472,6 +580,32 @@ Any modifications made to this file will be overwritten.
update_connector_request_swimlane
- Update Swimlane connector request
+
+
+
+
+
error (optional)
+
+
Unauthorized
+
message (optional)
+
statusCode (optional)
+
+
401
+
+
+
+
+
+
+
error (optional)
+
+
Not Found
+
message (optional)
+
statusCode (optional)
+
+
404
+
+
Mapping for the alert ID.
@@ -584,6 +718,28 @@ Any modifications made to this file will be overwritten.
name
String The name of the field in Swimlane.
+
+
+
The properties vary depending on the connector type.
+
+
+
+
+
+
+
documents
+
level (optional)
String The log level of the message for server log connectors.
+
+
debug
error
fatal
info
trace
warn
+
message
String The message for server log connectors.
+
subAction
+
+
pushToService
+
subActionParams
+
+
Mapping for the severity.
@@ -594,6 +750,16 @@ Any modifications made to this file will be overwritten.
name
String The name of the field in Swimlane.
+
+
+
Test an action that involves a subaction.
+
+
subAction
+
+
pushToService
+
subActionParams
+
+
The properties vary depending on the connector type.
@@ -971,15 +1137,6 @@ Any modifications made to this file will be overwritten.
-
-
-
-
-
error (optional)
-
message (optional)
-
statusCode (optional)
-
-
The Webhook - Case Management connector uses axios to send POST, PUT, and GET requests to a case management RESTful API web service.
@@ -1194,6 +1351,325 @@ Any modifications made to this file will be overwritten.
statusCode (optional)
+
+
+
+
+
connector_id
String The identifier for the connector.
+
data (optional)
+
status
String The status of the action.
+
+
error
ok
+
+
+
+
+
+
Test an action that indexes a document into Elasticsearch.
+
+
+
+
+
Test an action that writes an entry to the Kibana server log.
+
+
level (optional)
String The log level of the message for server log connectors.
+
+
debug
error
fatal
info
trace
warn
+
message
String The message for server log connectors.
+
+
+
+
+
The addEvent
subaction for ServiceNow ITOM connectors.
+
+
subAction
+
+
addEvent
+
subActionParams (optional)
+
+
+
+
+
The set of configuration properties for the action.
+
+
additional_info (optional)
String Additional information about the event.
+
description (optional)
String The details about the event.
+
event_class (optional)
String A specific instance of the source.
+
message_key (optional)
String All actions sharing this key are associated with the same ServiceNow alert. The default value is
<rule ID>:<alert instance ID>
.
+
metric_name (optional)
String The name of the metric.
+
node (optional)
String The host that the event was triggered for.
+
resource (optional)
String The name of the resource.
+
severity (optional)
String The severity of the event.
+
source (optional)
String The name of the event source type.
+
time_of_event (optional)
+
type (optional)
+
+
+
+
+
The closeAlert
subaction for Opsgenie connectors.
+
+
subAction
+
+
closeAlert
+
subActionParams
+
+
+
+
+
+
+
alias
String The unique identifier used for alert deduplication in Opsgenie. The alias must match the value used when creating the alert.
+
note (optional)
String Additional information for the alert.
+
source (optional)
String The display name for the source of the alert.
+
user (optional)
String The display name for the owner.
+
+
+
+
+
The createAlert
subaction for Opsgenie connectors.
+
+
subAction
+
+
createAlert
+
subActionParams
+
+
+
+
+
+
+
actions (optional)
+
alias (optional)
String The unique identifier used for alert deduplication in Opsgenie.
+
description (optional)
String A description that provides detailed information about the alert.
+
details (optional)
+
entity (optional)
String The domain of the alert. For example, the application or server name.
+
message
+
note (optional)
String Additional information for the alert.
+
priority (optional)
String The priority level for the alert.
+
+
P1
P2
P3
P4
P5
+
responders (optional)
+
source (optional)
String The display name for the source of the alert.
+
tags (optional)
+
user (optional)
String The display name for the owner.
+
visibleTo (optional)
+
+
+
+
+
+
+
id (optional)
String The identifier for the entity.
+
name (optional)
String The name of the entity.
+
type (optional)
String The type of responders, in this case
escalation
.
+
+
escalation
schedule
team
user
+
username (optional)
String A valid email address for the user.
+
+
+
+
+
+
+
id (optional)
String The identifier for the entity.
+
name (optional)
String The name of the entity.
+
type
String Valid values are
team
and
user
.
+
+
team
user
+
username (optional)
String The user name. This property is required only when the
type
is
user
.
+
+
+
+
+
The fieldsByIssueType
subaction for Jira connectors.
+
+
subAction
+
+
fieldsByIssueType
+
subActionParams
+
+
+
+
+
+
+
id
String The Jira issue type identifier.
+
+
+
+
+
The getChoices
subaction for ServiceNow ITOM, ServiceNow ITSM, and ServiceNow SecOps connectors.
+
+
subAction
+
+
getChoices
+
subActionParams
+
+
+
+
+
The set of configuration properties for the action.
+
+
+
+
+
The getFields
subaction for Jira, ServiceNow ITSM, and ServiceNow SecOps connectors.
+
+
subAction
+
+
getFields
+
+
+
+
+
The getIncident
subaction for Jira, ServiceNow ITSM, and ServiceNow SecOps connectors.
+
+
subAction
+
+
getIncident
+
subActionParams
+
+
+
+
+
+
+
externalId
String The Jira, ServiceNow ITSM, or ServiceNow SecOps issue identifier.
+
+
+
+
+
The issue
subaction for Jira connectors.
+
+
subAction
+
+
issue
+
subActionParams (optional)
+
+
+
+
+
+
+
id
String The Jira issue identifier.
+
+
+
+
+
The issues
subaction for Jira connectors.
+
+
subAction
+
+
issues
+
subActionParams
+
+
+
+
+
+
+
title
String The title of the Jira issue.
+
+
+
+
+
The issueTypes
subaction for Jira connectors.
+
+
subAction
+
+
issueTypes
+
+
+
+
+
The pushToService
subaction for Jira, ServiceNow ITSM, ServiceNow SecOps, and Swimlane connectors.
+
+
subAction
+
+
pushToService
+
subActionParams
+
+
+
+
+
The set of configuration properties for the action.
+
+
comments (optional)
+
incident (optional)
+
+
+
+
+
+
+
comment (optional)
String A comment related to the incident. For example, describe how to troubleshoot the issue.
+
commentId (optional)
Integer A unique identifier for the comment.
+
+
+
+
+
Information necessary to create or update a Jira, ServiceNow ITSM, ServiveNow SecOps, or Swimlane incident.
+
+
alertId (optional)
String The alert identifier for Swimlane connectors.
+
caseId (optional)
String The case identifier for the incident for Swimlane connectors.
+
caseName (optional)
String The case name for the incident for Swimlane connectors.
+
category (optional)
String The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.
+
correlation_display (optional)
String A descriptive label of the alert for correlation purposes for ServiceNow ITSM and ServiceNow SecOps connectors.
+
correlation_id (optional)
String The correlation identifier for the security incident for ServiceNow ITSM and ServiveNow SecOps connectors. Connectors using the same correlation ID are associated with the same ServiceNow incident. This value determines whether a new ServiceNow incident is created or an existing one is updated. Modifying this value is optional; if not modified, the rule ID and alert ID are combined as
{{ruleID}}:{{alert ID}}
to form the correlation ID value in ServiceNow. The maximum character length for this value is 100 characters. NOTE: Using the default configuration of
{{ruleID}}:{{alert ID}}
ensures that ServiceNow creates a separate incident record for every generated alert that uses a unique alert ID. If the rule generates multiple alerts that use the same alert IDs, ServiceNow creates and continually updates a single incident record for the alert.
+
description (optional)
String The description of the incident for Jira, ServiceNow ITSM, ServiceNow SecOps, and Swimlane connectors.
+
dest_ip (optional)
+
externalId (optional)
String The Jira, ServiceNow ITSM, or ServiceNow SecOps issue identifier. If present, the incident is updated. Otherwise, a new incident is created.
+
impact (optional)
String The impact of the incident for ServiceNow ITSM connectors.
+
issueType (optional)
Integer The type of incident for Jira connectors. For example, 10006. To obtain the list of valid values, set
subAction
to
issueTypes
.
+
labels (optional)
array[String] The labels for the incident for Jira connectors. NOTE: Labels cannot contain spaces.
+
malware_hash (optional)
+
malware_url (optional)
+
parent (optional)
String The ID or key of the parent issue for Jira connectors. Applies only to
Sub-task
types of issues.
+
priority (optional)
String The priority of the incident in Jira and ServiceNow SecOps connectors.
+
ruleName (optional)
String The rule name for Swimlane connectors.
+
severity (optional)
String The severity of the incident for ServiceNow ITSM and Swimlane connectors.
+
short_description (optional)
String A short description of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. It is used for searching the contents of the knowledge base.
+
source_ip (optional)
+
subcategory (optional)
String The subcategory of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.
+
summary (optional)
String A summary of the incident for Jira connectors.
+
title (optional)
String A title for the incident for Jira connectors. It is used for searching the contents of the knowledge base.
+
urgency (optional)
String The urgency of the incident for ServiceNow ITSM connectors.
+
+
+
+
+
A list of destination IP addresses related to the security incident for ServiceNow SecOps connectors. The IPs are added as observables to the security incident.
+
+
+
+
+
+
A list of malware hashes related to the security incident for ServiceNow SecOps connectors. The hashes are added as observables to the security incident.
+
+
+
+
+
+
A list of malware URLs related to the security incident for ServiceNow SecOps connectors. The URLs are added as observables to the security incident.
+
+
+
+
+
+
A list of source IP addresses related to the security incident for ServiceNow SecOps connectors. The IPs are added as observables to the security incident.
+
+
+
diff --git a/docs/api/actions-and-connectors/execute.asciidoc b/docs/api/actions-and-connectors/execute.asciidoc
index 7fbaae439094e8..6d94c61f6232bf 100644
--- a/docs/api/actions-and-connectors/execute.asciidoc
+++ b/docs/api/actions-and-connectors/execute.asciidoc
@@ -6,6 +6,12 @@
Runs a connector by ID.
+[NOTE]
+====
+For the most up-to-date API details, refer to the
+{kib-repo}/tree/{branch}/x-pack/plugins/actions/docs/openapi[open API specification]. For a preview, check out <
>.
+====
+
[[execute-connector-api-request]]
=== {api-request-title}
@@ -362,7 +368,7 @@ on the `subAction` value. This object is not required when `subAction` is
[%collapsible%open]
======
`comments`:::
-(Optional, array of objects) Additional information that is sent to {sn-sir}.
+(Optional, array of objects) Additional information that is sent to {sn-itsm}.
+
.Properties of `comments`
[%collapsible%open]
@@ -381,7 +387,7 @@ version::::
=======
`incident`:::
-(Required, object) Information necessary to create or update a {sn-sir} incident.
+(Required, object) Information necessary to create or update a {sn-itsm} incident.
+
.Properties of `incident`
[%collapsible%open]
@@ -520,6 +526,10 @@ to the security incident. The IPs are added as observables to the security incid
updated. Otherwise, a new incident is created.
`malware_hash`::::
+(Optional, string or array of strings) A list of malware hashes related to the
+security incident. The hashes are added as observables to the security incident.
+
+`malware_url`::::
(Optional, string or array of strings) A list of malware URLs related to the
security incident. The URLs are added as observables to the security incident.
diff --git a/x-pack/plugins/actions/docs/openapi/bundled.json b/x-pack/plugins/actions/docs/openapi/bundled.json
index 0919fea40668ba..d887c6de5a3e43 100644
--- a/x-pack/plugins/actions/docs/openapi/bundled.json
+++ b/x-pack/plugins/actions/docs/openapi/bundled.json
@@ -134,20 +134,7 @@
"content": {
"application/json": {
"schema": {
- "type": "object",
- "properties": {
- "error": {
- "type": "string",
- "example": "Unauthorized"
- },
- "message": {
- "type": "string"
- },
- "statusCode": {
- "type": "integer",
- "example": 401
- }
- }
+ "$ref": "#/components/schemas/401_response"
}
}
}
@@ -202,20 +189,7 @@
"content": {
"application/json": {
"schema": {
- "type": "object",
- "properties": {
- "error": {
- "type": "string",
- "example": "Unauthorized"
- },
- "message": {
- "type": "string"
- },
- "statusCode": {
- "type": "integer",
- "example": 401
- }
- }
+ "$ref": "#/components/schemas/401_response"
}
}
}
@@ -278,20 +252,7 @@
"content": {
"application/json": {
"schema": {
- "type": "object",
- "properties": {
- "error": {
- "type": "string",
- "example": "Unauthorized"
- },
- "message": {
- "type": "string"
- },
- "statusCode": {
- "type": "integer",
- "example": 401
- }
- }
+ "$ref": "#/components/schemas/401_response"
}
}
}
@@ -430,20 +391,7 @@
"content": {
"application/json": {
"schema": {
- "type": "object",
- "properties": {
- "error": {
- "type": "string",
- "example": "Unauthorized"
- },
- "message": {
- "type": "string"
- },
- "statusCode": {
- "type": "integer",
- "example": 401
- }
- }
+ "$ref": "#/components/schemas/401_response"
}
}
}
@@ -453,21 +401,7 @@
"content": {
"application/json": {
"schema": {
- "type": "object",
- "properties": {
- "error": {
- "type": "string",
- "example": "Not Found"
- },
- "message": {
- "type": "string",
- "example": "Saved object [action/baf33fc0-920c-11ed-b36a-874bd1548a00] not found"
- },
- "statusCode": {
- "type": "integer",
- "example": 404
- }
- }
+ "$ref": "#/components/schemas/404_response"
}
}
}
@@ -568,20 +502,7 @@
"content": {
"application/json": {
"schema": {
- "type": "object",
- "properties": {
- "error": {
- "type": "string",
- "example": "Unauthorized"
- },
- "message": {
- "type": "string"
- },
- "statusCode": {
- "type": "integer",
- "example": 401
- }
- }
+ "$ref": "#/components/schemas/401_response"
}
}
}
@@ -685,23 +606,200 @@
},
"401": {
"description": "Authorization information is missing or invalid.",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/401_response"
+ }
+ }
+ }
+ }
+ },
+ "servers": [
+ {
+ "url": "https://localhost:5601"
+ }
+ ]
+ },
+ "servers": [
+ {
+ "url": "https://localhost:5601"
+ }
+ ]
+ },
+ "/s/{spaceId}/api/actions/connector/{connectorId}/_execute": {
+ "post": {
+ "summary": "Runs a connector.",
+ "operationId": "runConnector",
+ "description": "You can use this API to test an action that involves interaction with Kibana services or integrations with third-party systems. You must have `read` privileges for the **Actions and Connectors** feature in the **Management** section of the Kibana feature privileges. If you use an index connector, you must also have `all`, `create`, `index`, or `write` indices privileges.\n",
+ "tags": [
+ "connectors"
+ ],
+ "parameters": [
+ {
+ "$ref": "#/components/parameters/kbn_xsrf"
+ },
+ {
+ "$ref": "#/components/parameters/connector_id"
+ },
+ {
+ "$ref": "#/components/parameters/space_id"
+ }
+ ],
+ "requestBody": {
+ "required": true,
+ "content": {
+ "application/json": {
+ "schema": {
+ "title": "Run connector request body properties",
+ "description": "The properties vary depending on the connector type.",
+ "type": "object",
+ "required": [
+ "params"
+ ],
+ "properties": {
+ "params": {
+ "oneOf": [
+ {
+ "$ref": "#/components/schemas/run_connector_params_documents"
+ },
+ {
+ "$ref": "#/components/schemas/run_connector_params_level_message"
+ },
+ {
+ "title": "Subaction parameters",
+ "description": "Test an action that involves a subaction.",
+ "oneOf": [
+ {
+ "$ref": "#/components/schemas/run_connector_subaction_addevent"
+ },
+ {
+ "$ref": "#/components/schemas/run_connector_subaction_closealert"
+ },
+ {
+ "$ref": "#/components/schemas/run_connector_subaction_createalert"
+ },
+ {
+ "$ref": "#/components/schemas/run_connector_subaction_fieldsbyissuetype"
+ },
+ {
+ "$ref": "#/components/schemas/run_connector_subaction_getchoices"
+ },
+ {
+ "$ref": "#/components/schemas/run_connector_subaction_getfields"
+ },
+ {
+ "$ref": "#/components/schemas/run_connector_subaction_getincident"
+ },
+ {
+ "$ref": "#/components/schemas/run_connector_subaction_issue"
+ },
+ {
+ "$ref": "#/components/schemas/run_connector_subaction_issues"
+ },
+ {
+ "$ref": "#/components/schemas/run_connector_subaction_issuetypes"
+ },
+ {
+ "$ref": "#/components/schemas/run_connector_subaction_pushtoservice"
+ }
+ ],
+ "discriminator": {
+ "propertyName": "subAction"
+ }
+ }
+ ]
+ }
+ }
+ },
+ "examples": {
+ "runIndexConnectorRequest": {
+ "$ref": "#/components/examples/run_index_connector_request"
+ },
+ "runJiraConnectorRequest": {
+ "$ref": "#/components/examples/run_jira_connector_request"
+ },
+ "runServerLogConnectorRequest": {
+ "$ref": "#/components/examples/run_server_log_connector_request"
+ },
+ "runServiceNowITOMConnectorRequest": {
+ "$ref": "#/components/examples/run_servicenow_itom_connector_request"
+ },
+ "runSwimlaneConnectorRequest": {
+ "$ref": "#/components/examples/run_swimlane_connector_request"
+ }
+ }
+ }
+ }
+ },
+ "responses": {
+ "200": {
+ "description": "Indicates a successful call.",
"content": {
"application/json": {
"schema": {
"type": "object",
+ "required": [
+ "connector_id",
+ "status"
+ ],
"properties": {
- "error": {
+ "connector_id": {
"type": "string",
- "example": "Unauthorized"
+ "description": "The identifier for the connector."
},
- "message": {
- "type": "string"
+ "data": {
+ "oneOf": [
+ {
+ "type": "object",
+ "description": "Information returned from the action.",
+ "additionalProperties": true
+ },
+ {
+ "type": "array",
+ "description": "An array of information returned from the action.",
+ "items": {
+ "type": "object"
+ }
+ }
+ ]
},
- "statusCode": {
- "type": "integer",
- "example": 401
+ "status": {
+ "type": "string",
+ "description": "The status of the action.",
+ "enum": [
+ "error",
+ "ok"
+ ]
}
}
+ },
+ "examples": {
+ "runIndexConnectorResponse": {
+ "$ref": "#/components/examples/run_index_connector_response"
+ },
+ "runJiraConnectorResponse": {
+ "$ref": "#/components/examples/run_jira_connector_response"
+ },
+ "runServerLogConnectorResponse": {
+ "$ref": "#/components/examples/run_server_log_connector_response"
+ },
+ "runServiceNowITOMConnectorResponse": {
+ "$ref": "#/components/examples/run_servicenow_itom_connector_response"
+ },
+ "runSwimlaneConnectorResponse": {
+ "$ref": "#/components/examples/run_swimlane_connector_response"
+ }
+ }
+ }
+ }
+ },
+ "401": {
+ "description": "Authorization information is missing or invalid.",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/401_response"
}
}
}
@@ -2741,6 +2839,29 @@
"propertyName": "connector_type_id"
}
},
+ "401_response": {
+ "type": "object",
+ "title": "Unsuccessful rule API response",
+ "properties": {
+ "error": {
+ "type": "string",
+ "example": "Unauthorized",
+ "enum": [
+ "Unauthorized"
+ ]
+ },
+ "message": {
+ "type": "string"
+ },
+ "statusCode": {
+ "type": "integer",
+ "example": 401,
+ "enum": [
+ 401
+ ]
+ }
+ }
+ },
"update_connector_request_cases_webhook": {
"title": "Update Webhook - Case Managment connector request",
"type": "object",
@@ -2919,6 +3040,29 @@
}
}
},
+ "404_response": {
+ "type": "object",
+ "properties": {
+ "error": {
+ "type": "string",
+ "example": "Not Found",
+ "enum": [
+ "Not Found"
+ ]
+ },
+ "message": {
+ "type": "string",
+ "example": "Saved object [action/baf33fc0-920c-11ed-b36a-874bd1548a00] not found"
+ },
+ "statusCode": {
+ "type": "integer",
+ "example": 404,
+ "enum": [
+ 404
+ ]
+ }
+ }
+ },
"connector_types": {
"title": "Connector types",
"type": "string",
@@ -2953,67 +3097,749 @@
"uptime",
"siem"
]
- }
- },
- "examples": {
- "create_index_connector_request": {
- "summary": "Create an index connector.",
- "value": {
- "name": "my-connector",
- "connector_type_id": ".index",
- "config": {
- "index": "test-index"
+ },
+ "run_connector_params_documents": {
+ "title": "Index connector parameters",
+ "description": "Test an action that indexes a document into Elasticsearch.",
+ "type": "object",
+ "required": [
+ "documents"
+ ],
+ "properties": {
+ "documents": {
+ "type": "array",
+ "description": "The documents in JSON format for index connectors.",
+ "items": {
+ "type": "object",
+ "additionalProperties": true
+ }
}
}
},
- "create_index_connector_response": {
- "summary": "A new index connector.",
- "value": {
- "id": "c55b6eb0-6bad-11eb-9f3b-611eebc6c3ad",
- "connector_type_id": ".index",
- "name": "my-connector",
- "config": {
- "index": "test-index",
- "refresh": false,
- "executionTimeField": null
+ "run_connector_params_level_message": {
+ "title": "Server log connector parameters",
+ "description": "Test an action that writes an entry to the Kibana server log.",
+ "type": "object",
+ "required": [
+ "message"
+ ],
+ "properties": {
+ "level": {
+ "type": "string",
+ "description": "The log level of the message for server log connectors.",
+ "enum": [
+ "debug",
+ "error",
+ "fatal",
+ "info",
+ "trace",
+ "warn"
+ ],
+ "default": "info"
},
- "is_preconfigured": false,
- "is_deprecated": false,
- "is_missing_secrets": false
- }
- },
- "get_connector_response": {
- "summary": "A list of connector types",
- "value": {
- "id": "df770e30-8b8b-11ed-a780-3b746c987a81",
- "name": "my_server_log_connector",
- "config": {},
- "connector_type_id": ".server-log",
- "is_preconfigured": false,
- "is_deprecated": false,
- "is_missing_secrets": false
- }
- },
- "update_index_connector_request": {
- "summary": "Update an index connector.",
- "value": {
- "name": "updated-connector",
- "config": {
- "index": "updated-index"
+ "message": {
+ "type": "string",
+ "description": "The message for server log connectors."
}
}
},
- "get_connectors_response": {
- "summary": "A list of connectors",
- "value": [
- {
- "id": "preconfigured-email-connector",
- "name": "my-preconfigured-email-notification",
- "connector_type_id": ".email",
- "is_preconfigured": true,
- "is_deprecated": false,
- "referenced_by_count": 0
- },
+ "run_connector_subaction_addevent": {
+ "title": "The addEvent subaction",
+ "type": "object",
+ "required": [
+ "subAction"
+ ],
+ "description": "The `addEvent` subaction for ServiceNow ITOM connectors.",
+ "properties": {
+ "subAction": {
+ "type": "string",
+ "description": "The action to test.",
+ "enum": [
+ "addEvent"
+ ]
+ },
+ "subActionParams": {
+ "type": "object",
+ "description": "The set of configuration properties for the action.",
+ "properties": {
+ "additional_info": {
+ "type": "string",
+ "description": "Additional information about the event."
+ },
+ "description": {
+ "type": "string",
+ "description": "The details about the event."
+ },
+ "event_class": {
+ "type": "string",
+ "description": "A specific instance of the source."
+ },
+ "message_key": {
+ "type": "string",
+ "description": "All actions sharing this key are associated with the same ServiceNow alert. The default value is `:`."
+ },
+ "metric_name": {
+ "type": "string",
+ "description": "The name of the metric."
+ },
+ "node": {
+ "type": "string",
+ "description": "The host that the event was triggered for."
+ },
+ "resource": {
+ "type": "string",
+ "description": "The name of the resource."
+ },
+ "severity": {
+ "type": "string",
+ "description": "The severity of the event."
+ },
+ "source": {
+ "type": "string",
+ "description": "The name of the event source type."
+ },
+ "time_of_event": {
+ "type": "string",
+ "description": "The time of the event."
+ },
+ "type": {
+ "type": "string",
+ "description": "The type of event."
+ }
+ }
+ }
+ }
+ },
+ "run_connector_subaction_closealert": {
+ "title": "The closeAlert subaction",
+ "type": "object",
+ "required": [
+ "subAction",
+ "subActionParams"
+ ],
+ "description": "The `closeAlert` subaction for Opsgenie connectors.",
+ "properties": {
+ "subAction": {
+ "type": "string",
+ "description": "The action to test.",
+ "enum": [
+ "closeAlert"
+ ]
+ },
+ "subActionParams": {
+ "type": "object",
+ "required": [
+ "alias"
+ ],
+ "properties": {
+ "alias": {
+ "type": "string",
+ "description": "The unique identifier used for alert deduplication in Opsgenie. The alias must match the value used when creating the alert."
+ },
+ "note": {
+ "type": "string",
+ "description": "Additional information for the alert."
+ },
+ "source": {
+ "type": "string",
+ "description": "The display name for the source of the alert."
+ },
+ "user": {
+ "type": "string",
+ "description": "The display name for the owner."
+ }
+ }
+ }
+ }
+ },
+ "run_connector_subaction_createalert": {
+ "title": "The createAlert subaction",
+ "type": "object",
+ "required": [
+ "subAction",
+ "subActionParams"
+ ],
+ "description": "The `createAlert` subaction for Opsgenie connectors.",
+ "properties": {
+ "subAction": {
+ "type": "string",
+ "description": "The action to test.",
+ "enum": [
+ "createAlert"
+ ]
+ },
+ "subActionParams": {
+ "type": "object",
+ "required": [
+ "message"
+ ],
+ "properties": {
+ "actions": {
+ "type": "array",
+ "description": "The custom actions available to the alert.",
+ "items": {
+ "type": "string"
+ }
+ },
+ "alias": {
+ "type": "string",
+ "description": "The unique identifier used for alert deduplication in Opsgenie."
+ },
+ "description": {
+ "type": "string",
+ "description": "A description that provides detailed information about the alert."
+ },
+ "details": {
+ "type": "object",
+ "description": "The custom properties of the alert.",
+ "additionalProperties": true,
+ "example": {
+ "key1": "value1",
+ "key2": "value2"
+ }
+ },
+ "entity": {
+ "type": "string",
+ "description": "The domain of the alert. For example, the application or server name."
+ },
+ "message": {
+ "type": "string",
+ "description": "The alert message."
+ },
+ "note": {
+ "type": "string",
+ "description": "Additional information for the alert."
+ },
+ "priority": {
+ "type": "string",
+ "description": "The priority level for the alert.",
+ "enum": [
+ "P1",
+ "P2",
+ "P3",
+ "P4",
+ "P5"
+ ]
+ },
+ "responders": {
+ "type": "array",
+ "description": "The entities to receive notifications about the alert. If `type` is `user`, either `id` or `username` is required. If `type` is `team`, either `id` or `name` is required.\n",
+ "items": {
+ "type": "object",
+ "properties": {
+ "id": {
+ "type": "string",
+ "description": "The identifier for the entity."
+ },
+ "name": {
+ "type": "string",
+ "description": "The name of the entity."
+ },
+ "type": {
+ "type": "string",
+ "description": "The type of responders, in this case `escalation`.",
+ "enum": [
+ "escalation",
+ "schedule",
+ "team",
+ "user"
+ ]
+ },
+ "username": {
+ "type": "string",
+ "description": "A valid email address for the user."
+ }
+ }
+ }
+ },
+ "source": {
+ "type": "string",
+ "description": "The display name for the source of the alert."
+ },
+ "tags": {
+ "type": "array",
+ "description": "The tags for the alert.",
+ "items": {
+ "type": "string"
+ }
+ },
+ "user": {
+ "type": "string",
+ "description": "The display name for the owner."
+ },
+ "visibleTo": {
+ "type": "array",
+ "description": "The teams and users that the alert will be visible to without sending a notification. Only one of `id`, `name`, or `username` is required.",
+ "items": {
+ "type": "object",
+ "required": [
+ "type"
+ ],
+ "properties": {
+ "id": {
+ "type": "string",
+ "description": "The identifier for the entity."
+ },
+ "name": {
+ "type": "string",
+ "description": "The name of the entity."
+ },
+ "type": {
+ "type": "string",
+ "description": "Valid values are `team` and `user`.",
+ "enum": [
+ "team",
+ "user"
+ ]
+ },
+ "username": {
+ "type": "string",
+ "description": "The user name. This property is required only when the `type` is `user`."
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "run_connector_subaction_fieldsbyissuetype": {
+ "title": "The fieldsByIssueType subaction",
+ "type": "object",
+ "required": [
+ "subAction",
+ "subActionParams"
+ ],
+ "description": "The `fieldsByIssueType` subaction for Jira connectors.",
+ "properties": {
+ "subAction": {
+ "type": "string",
+ "description": "The action to test.",
+ "enum": [
+ "fieldsByIssueType"
+ ]
+ },
+ "subActionParams": {
+ "type": "object",
+ "required": [
+ "id"
+ ],
+ "properties": {
+ "id": {
+ "type": "string",
+ "description": "The Jira issue type identifier.",
+ "example": 10024
+ }
+ }
+ }
+ }
+ },
+ "run_connector_subaction_getchoices": {
+ "title": "The getChoices subaction",
+ "type": "object",
+ "required": [
+ "subAction",
+ "subActionParams"
+ ],
+ "description": "The `getChoices` subaction for ServiceNow ITOM, ServiceNow ITSM, and ServiceNow SecOps connectors.",
+ "properties": {
+ "subAction": {
+ "type": "string",
+ "description": "The action to test.",
+ "enum": [
+ "getChoices"
+ ]
+ },
+ "subActionParams": {
+ "type": "object",
+ "description": "The set of configuration properties for the action.",
+ "required": [
+ "fields"
+ ],
+ "properties": {
+ "fields": {
+ "type": "array",
+ "description": "An array of fields.",
+ "items": {
+ "type": "string"
+ }
+ }
+ }
+ }
+ }
+ },
+ "run_connector_subaction_getfields": {
+ "title": "The getFields subaction",
+ "type": "object",
+ "required": [
+ "subAction"
+ ],
+ "description": "The `getFields` subaction for Jira, ServiceNow ITSM, and ServiceNow SecOps connectors.",
+ "properties": {
+ "subAction": {
+ "type": "string",
+ "description": "The action to test.",
+ "enum": [
+ "getFields"
+ ]
+ }
+ }
+ },
+ "run_connector_subaction_getincident": {
+ "title": "The getIncident subaction",
+ "type": "object",
+ "description": "The `getIncident` subaction for Jira, ServiceNow ITSM, and ServiceNow SecOps connectors.",
+ "required": [
+ "subAction",
+ "subActionParams"
+ ],
+ "properties": {
+ "subAction": {
+ "type": "string",
+ "description": "The action to test.",
+ "enum": [
+ "getIncident"
+ ]
+ },
+ "subActionParams": {
+ "type": "object",
+ "required": [
+ "externalId"
+ ],
+ "properties": {
+ "externalId": {
+ "type": "string",
+ "description": "The Jira, ServiceNow ITSM, or ServiceNow SecOps issue identifier.",
+ "example": 71778
+ }
+ }
+ }
+ }
+ },
+ "run_connector_subaction_issue": {
+ "title": "The issue subaction",
+ "type": "object",
+ "required": [
+ "subAction"
+ ],
+ "description": "The `issue` subaction for Jira connectors.",
+ "properties": {
+ "subAction": {
+ "type": "string",
+ "description": "The action to test.",
+ "enum": [
+ "issue"
+ ]
+ },
+ "subActionParams": {
+ "type": "object",
+ "required": [
+ "id"
+ ],
+ "properties": {
+ "id": {
+ "type": "string",
+ "description": "The Jira issue identifier.",
+ "example": 71778
+ }
+ }
+ }
+ }
+ },
+ "run_connector_subaction_issues": {
+ "title": "The issues subaction",
+ "type": "object",
+ "required": [
+ "subAction",
+ "subActionParams"
+ ],
+ "description": "The `issues` subaction for Jira connectors.",
+ "properties": {
+ "subAction": {
+ "type": "string",
+ "description": "The action to test.",
+ "enum": [
+ "issues"
+ ]
+ },
+ "subActionParams": {
+ "type": "object",
+ "required": [
+ "title"
+ ],
+ "properties": {
+ "title": {
+ "type": "string",
+ "description": "The title of the Jira issue."
+ }
+ }
+ }
+ }
+ },
+ "run_connector_subaction_issuetypes": {
+ "title": "The issueTypes subaction",
+ "type": "object",
+ "required": [
+ "subAction"
+ ],
+ "description": "The `issueTypes` subaction for Jira connectors.",
+ "properties": {
+ "subAction": {
+ "type": "string",
+ "description": "The action to test.",
+ "enum": [
+ "issueTypes"
+ ]
+ }
+ }
+ },
+ "run_connector_subaction_pushtoservice": {
+ "title": "The pushToService subaction",
+ "type": "object",
+ "required": [
+ "subAction",
+ "subActionParams"
+ ],
+ "description": "The `pushToService` subaction for Jira, ServiceNow ITSM, ServiceNow SecOps, and Swimlane connectors.",
+ "properties": {
+ "subAction": {
+ "type": "string",
+ "description": "The action to test.",
+ "enum": [
+ "pushToService"
+ ]
+ },
+ "subActionParams": {
+ "type": "object",
+ "description": "The set of configuration properties for the action.",
+ "properties": {
+ "comments": {
+ "type": "array",
+ "description": "Additional information that is sent to Jira, ServiceNow ITSM, ServiceNow SecOps, or Swimlane.",
+ "items": {
+ "type": "object",
+ "properties": {
+ "comment": {
+ "type": "string",
+ "description": "A comment related to the incident. For example, describe how to troubleshoot the issue."
+ },
+ "commentId": {
+ "type": "integer",
+ "description": "A unique identifier for the comment."
+ }
+ }
+ }
+ },
+ "incident": {
+ "type": "object",
+ "description": "Information necessary to create or update a Jira, ServiceNow ITSM, ServiveNow SecOps, or Swimlane incident.",
+ "properties": {
+ "alertId": {
+ "type": "string",
+ "description": "The alert identifier for Swimlane connectors."
+ },
+ "caseId": {
+ "type": "string",
+ "description": "The case identifier for the incident for Swimlane connectors."
+ },
+ "caseName": {
+ "type": "string",
+ "description": "The case name for the incident for Swimlane connectors."
+ },
+ "category": {
+ "type": "string",
+ "description": "The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors."
+ },
+ "correlation_display": {
+ "type": "string",
+ "description": "A descriptive label of the alert for correlation purposes for ServiceNow ITSM and ServiceNow SecOps connectors."
+ },
+ "correlation_id": {
+ "type": "string",
+ "description": "The correlation identifier for the security incident for ServiceNow ITSM and ServiveNow SecOps connectors. Connectors using the same correlation ID are associated with the same ServiceNow incident. This value determines whether a new ServiceNow incident is created or an existing one is updated. Modifying this value is optional; if not modified, the rule ID and alert ID are combined as `{{ruleID}}:{{alert ID}}` to form the correlation ID value in ServiceNow. The maximum character length for this value is 100 characters. NOTE: Using the default configuration of `{{ruleID}}:{{alert ID}}` ensures that ServiceNow creates a separate incident record for every generated alert that uses a unique alert ID. If the rule generates multiple alerts that use the same alert IDs, ServiceNow creates and continually updates a single incident record for the alert.\n"
+ },
+ "description": {
+ "type": "string",
+ "description": "The description of the incident for Jira, ServiceNow ITSM, ServiceNow SecOps, and Swimlane connectors."
+ },
+ "dest_ip": {
+ "description": "A list of destination IP addresses related to the security incident for ServiceNow SecOps connectors. The IPs are added as observables to the security incident.\n",
+ "oneOf": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ }
+ ]
+ },
+ "externalId": {
+ "type": "string",
+ "description": "The Jira, ServiceNow ITSM, or ServiceNow SecOps issue identifier. If present, the incident is updated. Otherwise, a new incident is created.\n"
+ },
+ "impact": {
+ "type": "string",
+ "description": "The impact of the incident for ServiceNow ITSM connectors."
+ },
+ "issueType": {
+ "type": "integer",
+ "description": "The type of incident for Jira connectors. For example, 10006. To obtain the list of valid values, set `subAction` to `issueTypes`."
+ },
+ "labels": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ },
+ "description": "The labels for the incident for Jira connectors. NOTE: Labels cannot contain spaces.\n"
+ },
+ "malware_hash": {
+ "description": "A list of malware hashes related to the security incident for ServiceNow SecOps connectors. The hashes are added as observables to the security incident.",
+ "oneOf": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ }
+ ]
+ },
+ "malware_url": {
+ "type": "string",
+ "description": "A list of malware URLs related to the security incident for ServiceNow SecOps connectors. The URLs are added as observables to the security incident.",
+ "oneOf": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ }
+ ]
+ },
+ "parent": {
+ "type": "string",
+ "description": "The ID or key of the parent issue for Jira connectors. Applies only to `Sub-task` types of issues."
+ },
+ "priority": {
+ "type": "string",
+ "description": "The priority of the incident in Jira and ServiceNow SecOps connectors."
+ },
+ "ruleName": {
+ "type": "string",
+ "description": "The rule name for Swimlane connectors."
+ },
+ "severity": {
+ "type": "string",
+ "description": "The severity of the incident for ServiceNow ITSM and Swimlane connectors."
+ },
+ "short_description": {
+ "type": "string",
+ "description": "A short description of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. It is used for searching the contents of the knowledge base.\n"
+ },
+ "source_ip": {
+ "description": "A list of source IP addresses related to the security incident for ServiceNow SecOps connectors. The IPs are added as observables to the security incident.",
+ "oneOf": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ }
+ ]
+ },
+ "subcategory": {
+ "type": "string",
+ "description": "The subcategory of the incident for ServiceNow ITSM and ServiceNow SecOps connectors."
+ },
+ "summary": {
+ "type": "string",
+ "description": "A summary of the incident for Jira connectors."
+ },
+ "title": {
+ "type": "string",
+ "description": "A title for the incident for Jira connectors. It is used for searching the contents of the knowledge base.\n"
+ },
+ "urgency": {
+ "type": "string",
+ "description": "The urgency of the incident for ServiceNow ITSM connectors."
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "examples": {
+ "create_index_connector_request": {
+ "summary": "Create an index connector.",
+ "value": {
+ "name": "my-connector",
+ "connector_type_id": ".index",
+ "config": {
+ "index": "test-index"
+ }
+ }
+ },
+ "create_index_connector_response": {
+ "summary": "A new index connector.",
+ "value": {
+ "id": "c55b6eb0-6bad-11eb-9f3b-611eebc6c3ad",
+ "connector_type_id": ".index",
+ "name": "my-connector",
+ "config": {
+ "index": "test-index",
+ "refresh": false,
+ "executionTimeField": null
+ },
+ "is_preconfigured": false,
+ "is_deprecated": false,
+ "is_missing_secrets": false
+ }
+ },
+ "get_connector_response": {
+ "summary": "A list of connector types",
+ "value": {
+ "id": "df770e30-8b8b-11ed-a780-3b746c987a81",
+ "name": "my_server_log_connector",
+ "config": {},
+ "connector_type_id": ".server-log",
+ "is_preconfigured": false,
+ "is_deprecated": false,
+ "is_missing_secrets": false
+ }
+ },
+ "update_index_connector_request": {
+ "summary": "Update an index connector.",
+ "value": {
+ "name": "updated-connector",
+ "config": {
+ "index": "updated-index"
+ }
+ }
+ },
+ "get_connectors_response": {
+ "summary": "A list of connectors",
+ "value": [
+ {
+ "id": "preconfigured-email-connector",
+ "name": "my-preconfigured-email-notification",
+ "connector_type_id": ".email",
+ "is_preconfigured": true,
+ "is_deprecated": false,
+ "referenced_by_count": 0
+ },
{
"id": "e07d0c80-8b8b-11ed-a780-3b746c987a81",
"name": "my-index-connector",
@@ -3072,6 +3898,223 @@
]
}
]
+ },
+ "run_index_connector_request": {
+ "summary": "Run an index connector.",
+ "value": {
+ "params": {
+ "documents": [
+ {
+ "id": "my_doc_id",
+ "name": "my_doc_name",
+ "message": "hello, world"
+ }
+ ]
+ }
+ }
+ },
+ "run_jira_connector_request": {
+ "summary": "Run a Jira connector to retrieve the list of issue types.",
+ "value": {
+ "params": {
+ "subAction": "issueTypes"
+ }
+ }
+ },
+ "run_server_log_connector_request": {
+ "summary": "Run a server log connector.",
+ "value": {
+ "params": {
+ "level": "warn",
+ "message": "Test warning message."
+ }
+ }
+ },
+ "run_servicenow_itom_connector_request": {
+ "summary": "Run a ServiceNow ITOM connector to retrieve the list of choices.",
+ "value": {
+ "params": {
+ "subAction": "getChoices",
+ "subActionParams": {
+ "fields": [
+ "severity",
+ "urgency"
+ ]
+ }
+ }
+ }
+ },
+ "run_swimlane_connector_request": {
+ "summary": "Run a Swimlane connector to create an incident.",
+ "value": {
+ "params": {
+ "subAction": "pushToService",
+ "subActionParams": {
+ "comments": [
+ {
+ "commentId": 1,
+ "comment": "A comment about the incident."
+ }
+ ],
+ "incident": {
+ "caseId": "1000",
+ "caseName": "Case name",
+ "description": "Description of the incident."
+ }
+ }
+ }
+ }
+ },
+ "run_index_connector_response": {
+ "summary": "Response from running an index connector.",
+ "value": {
+ "connector_id": "fd38c600-96a5-11ed-bb79-353b74189cba",
+ "data": {
+ "errors": false,
+ "items": [
+ {
+ "create": {
+ "_id": "4JtvwYUBrcyxt2NnfW3y",
+ "_index": "my-index",
+ "_primary_term": 1,
+ "_seq_no": 0,
+ "_shards": {
+ "failed": 0,
+ "successful": 1,
+ "total": 2
+ },
+ "_version": 1,
+ "result": "created",
+ "status": 201
+ }
+ }
+ ],
+ "took": 135
+ },
+ "status": "ok"
+ }
+ },
+ "run_jira_connector_response": {
+ "summary": "Response from retrieving the list of issue types for a Jira connector.",
+ "value": {
+ "connector_id": "b3aad810-edbe-11ec-82d1-11348ecbf4a6",
+ "data": [
+ {
+ "id": 10024,
+ "name": "Improvement"
+ },
+ {
+ "id": 10006,
+ "name": "Task"
+ },
+ {
+ "id": 10007,
+ "name": "Sub-task"
+ },
+ {
+ "id": 10025,
+ "name": "New Feature"
+ },
+ {
+ "id": 10023,
+ "name": "Bug"
+ },
+ {
+ "id": 10000,
+ "name": "Epic"
+ }
+ ],
+ "status": "ok"
+ }
+ },
+ "run_server_log_connector_response": {
+ "summary": "Response from running a server log connector.",
+ "value": {
+ "connector_id": "7fc7b9a0-ecc9-11ec-8736-e7d63118c907",
+ "status": "ok"
+ }
+ },
+ "run_servicenow_itom_connector_response": {
+ "summary": "Response from retrieving the list of choices for a ServiceNow ITOM connector.",
+ "value": {
+ "connector_id": "9d9be270-2fd2-11ed-b0e0-87533c532698",
+ "data": [
+ {
+ "dependent_value": "",
+ "element": "severity",
+ "label": "Critical",
+ "value": 1
+ },
+ {
+ "dependent_value": "",
+ "element": "severity",
+ "label": "Major",
+ "value": 2
+ },
+ {
+ "dependent_value": "",
+ "element": "severity",
+ "label": "Minor",
+ "value": 3
+ },
+ {
+ "dependent_value": "",
+ "element": "severity",
+ "label": "Warning",
+ "value": 4
+ },
+ {
+ "dependent_value": "",
+ "element": "severity",
+ "label": "OK",
+ "value": 5
+ },
+ {
+ "dependent_value": "",
+ "element": "severity",
+ "label": "Clear",
+ "value": 0
+ },
+ {
+ "dependent_value": "",
+ "element": "urgency",
+ "label": "1 - High",
+ "value": 1
+ },
+ {
+ "dependent_value": "",
+ "element": "urgency",
+ "label": "2 - Medium",
+ "value": 2
+ },
+ {
+ "dependent_value": "",
+ "element": "urgency",
+ "label": "3 - Low",
+ "value": 3
+ }
+ ],
+ "status": "ok"
+ }
+ },
+ "run_swimlane_connector_response": {
+ "summary": "Response from creating a Swimlane incident.",
+ "value": {
+ "connector_id": "a4746470-2f94-11ed-b0e0-87533c532698",
+ "data": {
+ "id": "aKPmBHWzmdRQtx6Mx",
+ "title": "TEST-457",
+ "url": "https://elastic.swimlane.url.us/record/aNcL2xniGHGpa2AHb/aKPmBHWzmdRQtx6Mx",
+ "pushedDate": "2022-09-08T16:52:27.866Z",
+ "comments": [
+ {
+ "commentId": 1,
+ "pushedDate": "2022-09-08T16:52:27.865Z"
+ }
+ ]
+ },
+ "status": "ok"
+ }
}
}
},
diff --git a/x-pack/plugins/actions/docs/openapi/bundled.yaml b/x-pack/plugins/actions/docs/openapi/bundled.yaml
index 1ffc0dc5da1eba..1652412e027e45 100644
--- a/x-pack/plugins/actions/docs/openapi/bundled.yaml
+++ b/x-pack/plugins/actions/docs/openapi/bundled.yaml
@@ -71,16 +71,7 @@ paths:
content:
application/json:
schema:
- type: object
- properties:
- error:
- type: string
- example: Unauthorized
- message:
- type: string
- statusCode:
- type: integer
- example: 401
+ $ref: '#/components/schemas/401_response'
servers:
- url: https://localhost:5601
servers:
@@ -111,16 +102,7 @@ paths:
content:
application/json:
schema:
- type: object
- properties:
- error:
- type: string
- example: Unauthorized
- message:
- type: string
- statusCode:
- type: integer
- example: 401
+ $ref: '#/components/schemas/401_response'
'404':
description: Object is not found.
content:
@@ -158,16 +140,7 @@ paths:
content:
application/json:
schema:
- type: object
- properties:
- error:
- type: string
- example: Unauthorized
- message:
- type: string
- statusCode:
- type: integer
- example: 401
+ $ref: '#/components/schemas/401_response'
'404':
description: Object is not found.
content:
@@ -245,32 +218,13 @@ paths:
content:
application/json:
schema:
- type: object
- properties:
- error:
- type: string
- example: Unauthorized
- message:
- type: string
- statusCode:
- type: integer
- example: 401
+ $ref: '#/components/schemas/401_response'
'404':
description: Object is not found.
content:
application/json:
schema:
- type: object
- properties:
- error:
- type: string
- example: Not Found
- message:
- type: string
- example: Saved object [action/baf33fc0-920c-11ed-b36a-874bd1548a00] not found
- statusCode:
- type: integer
- example: 404
+ $ref: '#/components/schemas/404_response'
servers:
- url: https://localhost:5601
servers:
@@ -338,16 +292,7 @@ paths:
content:
application/json:
schema:
- type: object
- properties:
- error:
- type: string
- example: Unauthorized
- message:
- type: string
- statusCode:
- type: integer
- example: 401
+ $ref: '#/components/schemas/401_response'
servers:
- url: https://localhost:5601
servers:
@@ -415,19 +360,114 @@ paths:
$ref: '#/components/examples/get_connector_types_response'
'401':
description: Authorization information is missing or invalid.
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/401_response'
+ servers:
+ - url: https://localhost:5601
+ servers:
+ - url: https://localhost:5601
+ /s/{spaceId}/api/actions/connector/{connectorId}/_execute:
+ post:
+ summary: Runs a connector.
+ operationId: runConnector
+ description: |
+ You can use this API to test an action that involves interaction with Kibana services or integrations with third-party systems. You must have `read` privileges for the **Actions and Connectors** feature in the **Management** section of the Kibana feature privileges. If you use an index connector, you must also have `all`, `create`, `index`, or `write` indices privileges.
+ tags:
+ - connectors
+ parameters:
+ - $ref: '#/components/parameters/kbn_xsrf'
+ - $ref: '#/components/parameters/connector_id'
+ - $ref: '#/components/parameters/space_id'
+ requestBody:
+ required: true
+ content:
+ application/json:
+ schema:
+ title: Run connector request body properties
+ description: The properties vary depending on the connector type.
+ type: object
+ required:
+ - params
+ properties:
+ params:
+ oneOf:
+ - $ref: '#/components/schemas/run_connector_params_documents'
+ - $ref: '#/components/schemas/run_connector_params_level_message'
+ - title: Subaction parameters
+ description: Test an action that involves a subaction.
+ oneOf:
+ - $ref: '#/components/schemas/run_connector_subaction_addevent'
+ - $ref: '#/components/schemas/run_connector_subaction_closealert'
+ - $ref: '#/components/schemas/run_connector_subaction_createalert'
+ - $ref: '#/components/schemas/run_connector_subaction_fieldsbyissuetype'
+ - $ref: '#/components/schemas/run_connector_subaction_getchoices'
+ - $ref: '#/components/schemas/run_connector_subaction_getfields'
+ - $ref: '#/components/schemas/run_connector_subaction_getincident'
+ - $ref: '#/components/schemas/run_connector_subaction_issue'
+ - $ref: '#/components/schemas/run_connector_subaction_issues'
+ - $ref: '#/components/schemas/run_connector_subaction_issuetypes'
+ - $ref: '#/components/schemas/run_connector_subaction_pushtoservice'
+ discriminator:
+ propertyName: subAction
+ examples:
+ runIndexConnectorRequest:
+ $ref: '#/components/examples/run_index_connector_request'
+ runJiraConnectorRequest:
+ $ref: '#/components/examples/run_jira_connector_request'
+ runServerLogConnectorRequest:
+ $ref: '#/components/examples/run_server_log_connector_request'
+ runServiceNowITOMConnectorRequest:
+ $ref: '#/components/examples/run_servicenow_itom_connector_request'
+ runSwimlaneConnectorRequest:
+ $ref: '#/components/examples/run_swimlane_connector_request'
+ responses:
+ '200':
+ description: Indicates a successful call.
content:
application/json:
schema:
type: object
+ required:
+ - connector_id
+ - status
properties:
- error:
+ connector_id:
type: string
- example: Unauthorized
- message:
+ description: The identifier for the connector.
+ data:
+ oneOf:
+ - type: object
+ description: Information returned from the action.
+ additionalProperties: true
+ - type: array
+ description: An array of information returned from the action.
+ items:
+ type: object
+ status:
type: string
- statusCode:
- type: integer
- example: 401
+ description: The status of the action.
+ enum:
+ - error
+ - ok
+ examples:
+ runIndexConnectorResponse:
+ $ref: '#/components/examples/run_index_connector_response'
+ runJiraConnectorResponse:
+ $ref: '#/components/examples/run_jira_connector_response'
+ runServerLogConnectorResponse:
+ $ref: '#/components/examples/run_server_log_connector_response'
+ runServiceNowITOMConnectorResponse:
+ $ref: '#/components/examples/run_servicenow_itom_connector_response'
+ runSwimlaneConnectorResponse:
+ $ref: '#/components/examples/run_swimlane_connector_response'
+ '401':
+ description: Authorization information is missing or invalid.
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/401_response'
servers:
- url: https://localhost:5601
servers:
@@ -1951,6 +1991,22 @@ components:
- $ref: '#/components/schemas/connector_response_properties_xmatters'
discriminator:
propertyName: connector_type_id
+ 401_response:
+ type: object
+ title: Unsuccessful rule API response
+ properties:
+ error:
+ type: string
+ example: Unauthorized
+ enum:
+ - Unauthorized
+ message:
+ type: string
+ statusCode:
+ type: integer
+ example: 401
+ enum:
+ - 401
update_connector_request_cases_webhook:
title: Update Webhook - Case Managment connector request
type: object
@@ -2078,6 +2134,22 @@ components:
example: my-connector
secrets:
$ref: '#/components/schemas/secrets_properties_swimlane'
+ 404_response:
+ type: object
+ properties:
+ error:
+ type: string
+ example: Not Found
+ enum:
+ - Not Found
+ message:
+ type: string
+ example: Saved object [action/baf33fc0-920c-11ed-b36a-874bd1548a00] not found
+ statusCode:
+ type: integer
+ example: 404
+ enum:
+ - 404
connector_types:
title: Connector types
type: string
@@ -2110,6 +2182,495 @@ components:
- cases
- uptime
- siem
+ run_connector_params_documents:
+ title: Index connector parameters
+ description: Test an action that indexes a document into Elasticsearch.
+ type: object
+ required:
+ - documents
+ properties:
+ documents:
+ type: array
+ description: The documents in JSON format for index connectors.
+ items:
+ type: object
+ additionalProperties: true
+ run_connector_params_level_message:
+ title: Server log connector parameters
+ description: Test an action that writes an entry to the Kibana server log.
+ type: object
+ required:
+ - message
+ properties:
+ level:
+ type: string
+ description: The log level of the message for server log connectors.
+ enum:
+ - debug
+ - error
+ - fatal
+ - info
+ - trace
+ - warn
+ default: info
+ message:
+ type: string
+ description: The message for server log connectors.
+ run_connector_subaction_addevent:
+ title: The addEvent subaction
+ type: object
+ required:
+ - subAction
+ description: The `addEvent` subaction for ServiceNow ITOM connectors.
+ properties:
+ subAction:
+ type: string
+ description: The action to test.
+ enum:
+ - addEvent
+ subActionParams:
+ type: object
+ description: The set of configuration properties for the action.
+ properties:
+ additional_info:
+ type: string
+ description: Additional information about the event.
+ description:
+ type: string
+ description: The details about the event.
+ event_class:
+ type: string
+ description: A specific instance of the source.
+ message_key:
+ type: string
+ description: All actions sharing this key are associated with the same ServiceNow alert. The default value is `:`.
+ metric_name:
+ type: string
+ description: The name of the metric.
+ node:
+ type: string
+ description: The host that the event was triggered for.
+ resource:
+ type: string
+ description: The name of the resource.
+ severity:
+ type: string
+ description: The severity of the event.
+ source:
+ type: string
+ description: The name of the event source type.
+ time_of_event:
+ type: string
+ description: The time of the event.
+ type:
+ type: string
+ description: The type of event.
+ run_connector_subaction_closealert:
+ title: The closeAlert subaction
+ type: object
+ required:
+ - subAction
+ - subActionParams
+ description: The `closeAlert` subaction for Opsgenie connectors.
+ properties:
+ subAction:
+ type: string
+ description: The action to test.
+ enum:
+ - closeAlert
+ subActionParams:
+ type: object
+ required:
+ - alias
+ properties:
+ alias:
+ type: string
+ description: The unique identifier used for alert deduplication in Opsgenie. The alias must match the value used when creating the alert.
+ note:
+ type: string
+ description: Additional information for the alert.
+ source:
+ type: string
+ description: The display name for the source of the alert.
+ user:
+ type: string
+ description: The display name for the owner.
+ run_connector_subaction_createalert:
+ title: The createAlert subaction
+ type: object
+ required:
+ - subAction
+ - subActionParams
+ description: The `createAlert` subaction for Opsgenie connectors.
+ properties:
+ subAction:
+ type: string
+ description: The action to test.
+ enum:
+ - createAlert
+ subActionParams:
+ type: object
+ required:
+ - message
+ properties:
+ actions:
+ type: array
+ description: The custom actions available to the alert.
+ items:
+ type: string
+ alias:
+ type: string
+ description: The unique identifier used for alert deduplication in Opsgenie.
+ description:
+ type: string
+ description: A description that provides detailed information about the alert.
+ details:
+ type: object
+ description: The custom properties of the alert.
+ additionalProperties: true
+ example:
+ key1: value1
+ key2: value2
+ entity:
+ type: string
+ description: The domain of the alert. For example, the application or server name.
+ message:
+ type: string
+ description: The alert message.
+ note:
+ type: string
+ description: Additional information for the alert.
+ priority:
+ type: string
+ description: The priority level for the alert.
+ enum:
+ - P1
+ - P2
+ - P3
+ - P4
+ - P5
+ responders:
+ type: array
+ description: |
+ The entities to receive notifications about the alert. If `type` is `user`, either `id` or `username` is required. If `type` is `team`, either `id` or `name` is required.
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The identifier for the entity.
+ name:
+ type: string
+ description: The name of the entity.
+ type:
+ type: string
+ description: The type of responders, in this case `escalation`.
+ enum:
+ - escalation
+ - schedule
+ - team
+ - user
+ username:
+ type: string
+ description: A valid email address for the user.
+ source:
+ type: string
+ description: The display name for the source of the alert.
+ tags:
+ type: array
+ description: The tags for the alert.
+ items:
+ type: string
+ user:
+ type: string
+ description: The display name for the owner.
+ visibleTo:
+ type: array
+ description: The teams and users that the alert will be visible to without sending a notification. Only one of `id`, `name`, or `username` is required.
+ items:
+ type: object
+ required:
+ - type
+ properties:
+ id:
+ type: string
+ description: The identifier for the entity.
+ name:
+ type: string
+ description: The name of the entity.
+ type:
+ type: string
+ description: Valid values are `team` and `user`.
+ enum:
+ - team
+ - user
+ username:
+ type: string
+ description: The user name. This property is required only when the `type` is `user`.
+ run_connector_subaction_fieldsbyissuetype:
+ title: The fieldsByIssueType subaction
+ type: object
+ required:
+ - subAction
+ - subActionParams
+ description: The `fieldsByIssueType` subaction for Jira connectors.
+ properties:
+ subAction:
+ type: string
+ description: The action to test.
+ enum:
+ - fieldsByIssueType
+ subActionParams:
+ type: object
+ required:
+ - id
+ properties:
+ id:
+ type: string
+ description: The Jira issue type identifier.
+ example: 10024
+ run_connector_subaction_getchoices:
+ title: The getChoices subaction
+ type: object
+ required:
+ - subAction
+ - subActionParams
+ description: The `getChoices` subaction for ServiceNow ITOM, ServiceNow ITSM, and ServiceNow SecOps connectors.
+ properties:
+ subAction:
+ type: string
+ description: The action to test.
+ enum:
+ - getChoices
+ subActionParams:
+ type: object
+ description: The set of configuration properties for the action.
+ required:
+ - fields
+ properties:
+ fields:
+ type: array
+ description: An array of fields.
+ items:
+ type: string
+ run_connector_subaction_getfields:
+ title: The getFields subaction
+ type: object
+ required:
+ - subAction
+ description: The `getFields` subaction for Jira, ServiceNow ITSM, and ServiceNow SecOps connectors.
+ properties:
+ subAction:
+ type: string
+ description: The action to test.
+ enum:
+ - getFields
+ run_connector_subaction_getincident:
+ title: The getIncident subaction
+ type: object
+ description: The `getIncident` subaction for Jira, ServiceNow ITSM, and ServiceNow SecOps connectors.
+ required:
+ - subAction
+ - subActionParams
+ properties:
+ subAction:
+ type: string
+ description: The action to test.
+ enum:
+ - getIncident
+ subActionParams:
+ type: object
+ required:
+ - externalId
+ properties:
+ externalId:
+ type: string
+ description: The Jira, ServiceNow ITSM, or ServiceNow SecOps issue identifier.
+ example: 71778
+ run_connector_subaction_issue:
+ title: The issue subaction
+ type: object
+ required:
+ - subAction
+ description: The `issue` subaction for Jira connectors.
+ properties:
+ subAction:
+ type: string
+ description: The action to test.
+ enum:
+ - issue
+ subActionParams:
+ type: object
+ required:
+ - id
+ properties:
+ id:
+ type: string
+ description: The Jira issue identifier.
+ example: 71778
+ run_connector_subaction_issues:
+ title: The issues subaction
+ type: object
+ required:
+ - subAction
+ - subActionParams
+ description: The `issues` subaction for Jira connectors.
+ properties:
+ subAction:
+ type: string
+ description: The action to test.
+ enum:
+ - issues
+ subActionParams:
+ type: object
+ required:
+ - title
+ properties:
+ title:
+ type: string
+ description: The title of the Jira issue.
+ run_connector_subaction_issuetypes:
+ title: The issueTypes subaction
+ type: object
+ required:
+ - subAction
+ description: The `issueTypes` subaction for Jira connectors.
+ properties:
+ subAction:
+ type: string
+ description: The action to test.
+ enum:
+ - issueTypes
+ run_connector_subaction_pushtoservice:
+ title: The pushToService subaction
+ type: object
+ required:
+ - subAction
+ - subActionParams
+ description: The `pushToService` subaction for Jira, ServiceNow ITSM, ServiceNow SecOps, and Swimlane connectors.
+ properties:
+ subAction:
+ type: string
+ description: The action to test.
+ enum:
+ - pushToService
+ subActionParams:
+ type: object
+ description: The set of configuration properties for the action.
+ properties:
+ comments:
+ type: array
+ description: Additional information that is sent to Jira, ServiceNow ITSM, ServiceNow SecOps, or Swimlane.
+ items:
+ type: object
+ properties:
+ comment:
+ type: string
+ description: A comment related to the incident. For example, describe how to troubleshoot the issue.
+ commentId:
+ type: integer
+ description: A unique identifier for the comment.
+ incident:
+ type: object
+ description: Information necessary to create or update a Jira, ServiceNow ITSM, ServiveNow SecOps, or Swimlane incident.
+ properties:
+ alertId:
+ type: string
+ description: The alert identifier for Swimlane connectors.
+ caseId:
+ type: string
+ description: The case identifier for the incident for Swimlane connectors.
+ caseName:
+ type: string
+ description: The case name for the incident for Swimlane connectors.
+ category:
+ type: string
+ description: The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.
+ correlation_display:
+ type: string
+ description: A descriptive label of the alert for correlation purposes for ServiceNow ITSM and ServiceNow SecOps connectors.
+ correlation_id:
+ type: string
+ description: |
+ The correlation identifier for the security incident for ServiceNow ITSM and ServiveNow SecOps connectors. Connectors using the same correlation ID are associated with the same ServiceNow incident. This value determines whether a new ServiceNow incident is created or an existing one is updated. Modifying this value is optional; if not modified, the rule ID and alert ID are combined as `{{ruleID}}:{{alert ID}}` to form the correlation ID value in ServiceNow. The maximum character length for this value is 100 characters. NOTE: Using the default configuration of `{{ruleID}}:{{alert ID}}` ensures that ServiceNow creates a separate incident record for every generated alert that uses a unique alert ID. If the rule generates multiple alerts that use the same alert IDs, ServiceNow creates and continually updates a single incident record for the alert.
+ description:
+ type: string
+ description: The description of the incident for Jira, ServiceNow ITSM, ServiceNow SecOps, and Swimlane connectors.
+ dest_ip:
+ description: |
+ A list of destination IP addresses related to the security incident for ServiceNow SecOps connectors. The IPs are added as observables to the security incident.
+ oneOf:
+ - type: string
+ - type: array
+ items:
+ type: string
+ externalId:
+ type: string
+ description: |
+ The Jira, ServiceNow ITSM, or ServiceNow SecOps issue identifier. If present, the incident is updated. Otherwise, a new incident is created.
+ impact:
+ type: string
+ description: The impact of the incident for ServiceNow ITSM connectors.
+ issueType:
+ type: integer
+ description: The type of incident for Jira connectors. For example, 10006. To obtain the list of valid values, set `subAction` to `issueTypes`.
+ labels:
+ type: array
+ items:
+ type: string
+ description: |
+ The labels for the incident for Jira connectors. NOTE: Labels cannot contain spaces.
+ malware_hash:
+ description: A list of malware hashes related to the security incident for ServiceNow SecOps connectors. The hashes are added as observables to the security incident.
+ oneOf:
+ - type: string
+ - type: array
+ items:
+ type: string
+ malware_url:
+ type: string
+ description: A list of malware URLs related to the security incident for ServiceNow SecOps connectors. The URLs are added as observables to the security incident.
+ oneOf:
+ - type: string
+ - type: array
+ items:
+ type: string
+ parent:
+ type: string
+ description: The ID or key of the parent issue for Jira connectors. Applies only to `Sub-task` types of issues.
+ priority:
+ type: string
+ description: The priority of the incident in Jira and ServiceNow SecOps connectors.
+ ruleName:
+ type: string
+ description: The rule name for Swimlane connectors.
+ severity:
+ type: string
+ description: The severity of the incident for ServiceNow ITSM and Swimlane connectors.
+ short_description:
+ type: string
+ description: |
+ A short description of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. It is used for searching the contents of the knowledge base.
+ source_ip:
+ description: A list of source IP addresses related to the security incident for ServiceNow SecOps connectors. The IPs are added as observables to the security incident.
+ oneOf:
+ - type: string
+ - type: array
+ items:
+ type: string
+ subcategory:
+ type: string
+ description: The subcategory of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.
+ summary:
+ type: string
+ description: A summary of the incident for Jira connectors.
+ title:
+ type: string
+ description: |
+ A title for the incident for Jira connectors. It is used for searching the contents of the knowledge base.
+ urgency:
+ type: string
+ description: The urgency of the incident for ServiceNow ITSM connectors.
examples:
create_index_connector_request:
summary: Create an index connector.
@@ -2199,6 +2760,146 @@ components:
supported_feature_ids:
- alerting
- uptime
+ run_index_connector_request:
+ summary: Run an index connector.
+ value:
+ params:
+ documents:
+ - id: my_doc_id
+ name: my_doc_name
+ message: hello, world
+ run_jira_connector_request:
+ summary: Run a Jira connector to retrieve the list of issue types.
+ value:
+ params:
+ subAction: issueTypes
+ run_server_log_connector_request:
+ summary: Run a server log connector.
+ value:
+ params:
+ level: warn
+ message: Test warning message.
+ run_servicenow_itom_connector_request:
+ summary: Run a ServiceNow ITOM connector to retrieve the list of choices.
+ value:
+ params:
+ subAction: getChoices
+ subActionParams:
+ fields:
+ - severity
+ - urgency
+ run_swimlane_connector_request:
+ summary: Run a Swimlane connector to create an incident.
+ value:
+ params:
+ subAction: pushToService
+ subActionParams:
+ comments:
+ - commentId: 1
+ comment: A comment about the incident.
+ incident:
+ caseId: '1000'
+ caseName: Case name
+ description: Description of the incident.
+ run_index_connector_response:
+ summary: Response from running an index connector.
+ value:
+ connector_id: fd38c600-96a5-11ed-bb79-353b74189cba
+ data:
+ errors: false
+ items:
+ - create:
+ _id: 4JtvwYUBrcyxt2NnfW3y
+ _index: my-index
+ _primary_term: 1
+ _seq_no: 0
+ _shards:
+ failed: 0
+ successful: 1
+ total: 2
+ _version: 1
+ result: created
+ status: 201
+ took: 135
+ status: ok
+ run_jira_connector_response:
+ summary: Response from retrieving the list of issue types for a Jira connector.
+ value:
+ connector_id: b3aad810-edbe-11ec-82d1-11348ecbf4a6
+ data:
+ - id: 10024
+ name: Improvement
+ - id: 10006
+ name: Task
+ - id: 10007
+ name: Sub-task
+ - id: 10025
+ name: New Feature
+ - id: 10023
+ name: Bug
+ - id: 10000
+ name: Epic
+ status: ok
+ run_server_log_connector_response:
+ summary: Response from running a server log connector.
+ value:
+ connector_id: 7fc7b9a0-ecc9-11ec-8736-e7d63118c907
+ status: ok
+ run_servicenow_itom_connector_response:
+ summary: Response from retrieving the list of choices for a ServiceNow ITOM connector.
+ value:
+ connector_id: 9d9be270-2fd2-11ed-b0e0-87533c532698
+ data:
+ - dependent_value: ''
+ element: severity
+ label: Critical
+ value: 1
+ - dependent_value: ''
+ element: severity
+ label: Major
+ value: 2
+ - dependent_value: ''
+ element: severity
+ label: Minor
+ value: 3
+ - dependent_value: ''
+ element: severity
+ label: Warning
+ value: 4
+ - dependent_value: ''
+ element: severity
+ label: OK
+ value: 5
+ - dependent_value: ''
+ element: severity
+ label: Clear
+ value: 0
+ - dependent_value: ''
+ element: urgency
+ label: 1 - High
+ value: 1
+ - dependent_value: ''
+ element: urgency
+ label: 2 - Medium
+ value: 2
+ - dependent_value: ''
+ element: urgency
+ label: 3 - Low
+ value: 3
+ status: ok
+ run_swimlane_connector_response:
+ summary: Response from creating a Swimlane incident.
+ value:
+ connector_id: a4746470-2f94-11ed-b0e0-87533c532698
+ data:
+ id: aKPmBHWzmdRQtx6Mx
+ title: TEST-457
+ url: https://elastic.swimlane.url.us/record/aNcL2xniGHGpa2AHb/aKPmBHWzmdRQtx6Mx
+ pushedDate: '2022-09-08T16:52:27.866Z'
+ comments:
+ - commentId: 1
+ pushedDate: '2022-09-08T16:52:27.865Z'
+ status: ok
security:
- basicAuth: []
- apiKeyAuth: []
diff --git a/x-pack/plugins/actions/docs/openapi/components/examples/run_index_connector_request.yaml b/x-pack/plugins/actions/docs/openapi/components/examples/run_index_connector_request.yaml
new file mode 100644
index 00000000000000..21bb1c9c3f618a
--- /dev/null
+++ b/x-pack/plugins/actions/docs/openapi/components/examples/run_index_connector_request.yaml
@@ -0,0 +1,7 @@
+summary: Run an index connector.
+value:
+ params:
+ documents:
+ - id: my_doc_id
+ name: my_doc_name
+ message: hello, world
\ No newline at end of file
diff --git a/x-pack/plugins/actions/docs/openapi/components/examples/run_index_connector_response.yaml b/x-pack/plugins/actions/docs/openapi/components/examples/run_index_connector_response.yaml
new file mode 100644
index 00000000000000..0da76e1e1d1b47
--- /dev/null
+++ b/x-pack/plugins/actions/docs/openapi/components/examples/run_index_connector_response.yaml
@@ -0,0 +1,20 @@
+summary: Response from running an index connector.
+value:
+ connector_id: fd38c600-96a5-11ed-bb79-353b74189cba
+ data:
+ errors: false
+ items:
+ - create:
+ _id: 4JtvwYUBrcyxt2NnfW3y
+ _index: my-index
+ _primary_term: 1
+ _seq_no: 0
+ _shards:
+ failed: 0
+ successful: 1
+ total: 2
+ _version: 1
+ result: created
+ status: 201
+ took: 135
+ status: ok
\ No newline at end of file
diff --git a/x-pack/plugins/actions/docs/openapi/components/examples/run_jira_connector_request.yaml b/x-pack/plugins/actions/docs/openapi/components/examples/run_jira_connector_request.yaml
new file mode 100644
index 00000000000000..6dce9b9bbc153f
--- /dev/null
+++ b/x-pack/plugins/actions/docs/openapi/components/examples/run_jira_connector_request.yaml
@@ -0,0 +1,4 @@
+summary: Run a Jira connector to retrieve the list of issue types.
+value:
+ params:
+ subAction: issueTypes
\ No newline at end of file
diff --git a/x-pack/plugins/actions/docs/openapi/components/examples/run_jira_connector_response.yaml b/x-pack/plugins/actions/docs/openapi/components/examples/run_jira_connector_response.yaml
new file mode 100644
index 00000000000000..ef3b1be138c63d
--- /dev/null
+++ b/x-pack/plugins/actions/docs/openapi/components/examples/run_jira_connector_response.yaml
@@ -0,0 +1,17 @@
+summary: Response from retrieving the list of issue types for a Jira connector.
+value:
+ connector_id: b3aad810-edbe-11ec-82d1-11348ecbf4a6
+ data:
+ - id: 10024
+ name: Improvement
+ - id: 10006
+ name: Task
+ - id: 10007
+ name: Sub-task
+ - id: 10025
+ name: New Feature
+ - id: 10023
+ name: Bug
+ - id: 10000
+ name: Epic
+ status: ok
\ No newline at end of file
diff --git a/x-pack/plugins/actions/docs/openapi/components/examples/run_server_log_connector_request.yaml b/x-pack/plugins/actions/docs/openapi/components/examples/run_server_log_connector_request.yaml
new file mode 100644
index 00000000000000..0a5bf4568dba05
--- /dev/null
+++ b/x-pack/plugins/actions/docs/openapi/components/examples/run_server_log_connector_request.yaml
@@ -0,0 +1,5 @@
+summary: Run a server log connector.
+value:
+ params:
+ level: warn
+ message: Test warning message.
\ No newline at end of file
diff --git a/x-pack/plugins/actions/docs/openapi/components/examples/run_server_log_connector_response.yaml b/x-pack/plugins/actions/docs/openapi/components/examples/run_server_log_connector_response.yaml
new file mode 100644
index 00000000000000..604a32b1abd2db
--- /dev/null
+++ b/x-pack/plugins/actions/docs/openapi/components/examples/run_server_log_connector_response.yaml
@@ -0,0 +1,4 @@
+summary: Response from running a server log connector.
+value:
+ connector_id: 7fc7b9a0-ecc9-11ec-8736-e7d63118c907
+ status: ok
diff --git a/x-pack/plugins/actions/docs/openapi/components/examples/run_servicenow_itom_connector_request.yaml b/x-pack/plugins/actions/docs/openapi/components/examples/run_servicenow_itom_connector_request.yaml
new file mode 100644
index 00000000000000..fb811c96fa1019
--- /dev/null
+++ b/x-pack/plugins/actions/docs/openapi/components/examples/run_servicenow_itom_connector_request.yaml
@@ -0,0 +1,8 @@
+summary: Run a ServiceNow ITOM connector to retrieve the list of choices.
+value:
+ params:
+ subAction: getChoices
+ subActionParams:
+ fields:
+ - severity
+ - urgency
diff --git a/x-pack/plugins/actions/docs/openapi/components/examples/run_servicenow_itom_connector_response.yaml b/x-pack/plugins/actions/docs/openapi/components/examples/run_servicenow_itom_connector_response.yaml
new file mode 100644
index 00000000000000..5bec5b810c90d0
--- /dev/null
+++ b/x-pack/plugins/actions/docs/openapi/components/examples/run_servicenow_itom_connector_response.yaml
@@ -0,0 +1,41 @@
+summary: Response from retrieving the list of choices for a ServiceNow ITOM connector.
+value:
+ connector_id: 9d9be270-2fd2-11ed-b0e0-87533c532698
+ data:
+ - dependent_value: ""
+ element: severity
+ label: Critical
+ value: 1
+ - dependent_value: ""
+ element: severity
+ label: Major
+ value: 2
+ - dependent_value: ""
+ element: severity
+ label: Minor
+ value: 3
+ - dependent_value: ""
+ element: severity
+ label: Warning
+ value: 4
+ - dependent_value: ""
+ element: severity
+ label: OK
+ value: 5
+ - dependent_value: ""
+ element: severity
+ label: Clear
+ value: 0
+ - dependent_value: ""
+ element: urgency
+ label: 1 - High
+ value: 1
+ - dependent_value: ""
+ element: urgency
+ label: 2 - Medium
+ value: 2
+ - dependent_value: ""
+ element: urgency
+ label: 3 - Low
+ value: 3
+ status: ok
diff --git a/x-pack/plugins/actions/docs/openapi/components/examples/run_swimlane_connector_request.yaml b/x-pack/plugins/actions/docs/openapi/components/examples/run_swimlane_connector_request.yaml
new file mode 100644
index 00000000000000..7fc1dd27b21313
--- /dev/null
+++ b/x-pack/plugins/actions/docs/openapi/components/examples/run_swimlane_connector_request.yaml
@@ -0,0 +1,12 @@
+summary: Run a Swimlane connector to create an incident.
+value:
+ params:
+ subAction: pushToService
+ subActionParams:
+ comments:
+ - commentId: 1
+ comment: A comment about the incident.
+ incident:
+ caseId: "1000"
+ caseName: Case name
+ description: Description of the incident.
\ No newline at end of file
diff --git a/x-pack/plugins/actions/docs/openapi/components/examples/run_swimlane_connector_response.yaml b/x-pack/plugins/actions/docs/openapi/components/examples/run_swimlane_connector_response.yaml
new file mode 100644
index 00000000000000..8ab131212020da
--- /dev/null
+++ b/x-pack/plugins/actions/docs/openapi/components/examples/run_swimlane_connector_response.yaml
@@ -0,0 +1,12 @@
+summary: Response from creating a Swimlane incident.
+value:
+ connector_id: a4746470-2f94-11ed-b0e0-87533c532698
+ data:
+ id: aKPmBHWzmdRQtx6Mx
+ title: TEST-457
+ url: https://elastic.swimlane.url.us/record/aNcL2xniGHGpa2AHb/aKPmBHWzmdRQtx6Mx
+ pushedDate: 2022-09-08T16:52:27.866Z
+ comments:
+ - commentId: 1
+ pushedDate: 2022-09-08T16:52:27.865Z
+ status: ok
diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/401_response.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/401_response.yaml
new file mode 100644
index 00000000000000..c6044998f86499
--- /dev/null
+++ b/x-pack/plugins/actions/docs/openapi/components/schemas/401_response.yaml
@@ -0,0 +1,15 @@
+type: object
+title: Unsuccessful rule API response
+properties:
+ error:
+ type: string
+ example: Unauthorized
+ enum:
+ - Unauthorized
+ message:
+ type: string
+ statusCode:
+ type: integer
+ example: 401
+ enum:
+ - 401
\ No newline at end of file
diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/404_response.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/404_response.yaml
new file mode 100644
index 00000000000000..298c50f418a677
--- /dev/null
+++ b/x-pack/plugins/actions/docs/openapi/components/schemas/404_response.yaml
@@ -0,0 +1,15 @@
+type: object
+properties:
+ error:
+ type: string
+ example: Not Found
+ enum:
+ - Not Found
+ message:
+ type: string
+ example: "Saved object [action/baf33fc0-920c-11ed-b36a-874bd1548a00] not found"
+ statusCode:
+ type: integer
+ example: 404
+ enum:
+ - 404
\ No newline at end of file
diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_params_documents.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_params_documents.yaml
new file mode 100644
index 00000000000000..1874c19d17cc63
--- /dev/null
+++ b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_params_documents.yaml
@@ -0,0 +1,13 @@
+title: Index connector parameters
+description: Test an action that indexes a document into Elasticsearch.
+type: object
+required:
+ - documents
+properties:
+ documents:
+ type: array
+ description: The documents in JSON format for index connectors.
+ items:
+ type: object
+ additionalProperties: true
+
diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_params_level_message.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_params_level_message.yaml
new file mode 100644
index 00000000000000..cd8db87b0df824
--- /dev/null
+++ b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_params_level_message.yaml
@@ -0,0 +1,20 @@
+title: Server log connector parameters
+description: Test an action that writes an entry to the Kibana server log.
+type: object
+required:
+ - message
+properties:
+ level:
+ type: string
+ description: The log level of the message for server log connectors.
+ enum:
+ - debug
+ - error
+ - fatal
+ - info
+ - trace
+ - warn
+ default: info
+ message:
+ type: string
+ description: The message for server log connectors.
diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_addevent.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_addevent.yaml
new file mode 100644
index 00000000000000..c0ae0d4c424f3d
--- /dev/null
+++ b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_addevent.yaml
@@ -0,0 +1,49 @@
+title: The addEvent subaction
+type: object
+required:
+ - subAction
+description: The `addEvent` subaction for ServiceNow ITOM connectors.
+properties:
+ subAction:
+ type: string
+ description: The action to test.
+ enum:
+ - addEvent
+ subActionParams:
+ type: object
+ description: The set of configuration properties for the action.
+ properties:
+ additional_info:
+ type: string
+ description: Additional information about the event.
+ description:
+ type: string
+ description: The details about the event.
+ event_class:
+ type: string
+ description: A specific instance of the source.
+ message_key:
+ type: string
+ description: All actions sharing this key are associated with the same ServiceNow alert. The default value is `:`.
+ metric_name:
+ type: string
+ description: The name of the metric.
+ node:
+ type: string
+ description: The host that the event was triggered for.
+ resource:
+ type: string
+ description: The name of the resource.
+ severity:
+ type: string
+ description: The severity of the event.
+ source:
+ type: string
+ description: The name of the event source type.
+ time_of_event:
+ type: string
+ description: The time of the event.
+ type:
+ type: string
+ description: The type of event.
+
\ No newline at end of file
diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_closealert.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_closealert.yaml
new file mode 100644
index 00000000000000..43436c1564eb18
--- /dev/null
+++ b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_closealert.yaml
@@ -0,0 +1,30 @@
+title: The closeAlert subaction
+type: object
+required:
+ - subAction
+ - subActionParams
+description: The `closeAlert` subaction for Opsgenie connectors.
+properties:
+ subAction:
+ type: string
+ description: The action to test.
+ enum:
+ - closeAlert
+ subActionParams:
+ type: object
+ required:
+ - alias
+ properties:
+ alias:
+ type: string
+ description: The unique identifier used for alert deduplication in Opsgenie. The alias must match the value used when creating the alert.
+ note:
+ type: string
+ description: Additional information for the alert.
+ source:
+ type: string
+ description: The display name for the source of the alert.
+ user:
+ type: string
+ description: The display name for the owner.
+
\ No newline at end of file
diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_createalert.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_createalert.yaml
new file mode 100644
index 00000000000000..e739a9ed6c91d6
--- /dev/null
+++ b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_createalert.yaml
@@ -0,0 +1,112 @@
+title: The createAlert subaction
+type: object
+required:
+ - subAction
+ - subActionParams
+description: The `createAlert` subaction for Opsgenie connectors.
+properties:
+ subAction:
+ type: string
+ description: The action to test.
+ enum:
+ - createAlert
+ subActionParams:
+ type: object
+ required:
+ - message
+ properties:
+ actions:
+ type: array
+ description: The custom actions available to the alert.
+ items:
+ type: string
+ alias:
+ type: string
+ description: The unique identifier used for alert deduplication in Opsgenie.
+ description:
+ type: string
+ description: A description that provides detailed information about the alert.
+ details:
+ type: object
+ description: The custom properties of the alert.
+ additionalProperties: true
+ example: {"key1":"value1","key2":"value2"}
+ entity:
+ type: string
+ description: The domain of the alert. For example, the application or server name.
+ message:
+ type: string
+ description: The alert message.
+ note:
+ type: string
+ description: Additional information for the alert.
+ priority:
+ type: string
+ description: The priority level for the alert.
+ enum:
+ - P1
+ - P2
+ - P3
+ - P4
+ - P5
+ responders:
+ type: array
+ description: >
+ The entities to receive notifications about the alert.
+ If `type` is `user`, either `id` or `username` is required.
+ If `type` is `team`, either `id` or `name` is required.
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The identifier for the entity.
+ name:
+ type: string
+ description: The name of the entity.
+ type:
+ type: string
+ description: The type of responders, in this case `escalation`.
+ enum:
+ - escalation
+ - schedule
+ - team
+ - user
+ username:
+ type: string
+ description: A valid email address for the user.
+ source:
+ type: string
+ description: The display name for the source of the alert.
+ tags:
+ type: array
+ description: The tags for the alert.
+ items:
+ type: string
+ user:
+ type: string
+ description: The display name for the owner.
+ visibleTo:
+ type: array
+ description: The teams and users that the alert will be visible to without sending a notification. Only one of `id`, `name`, or `username` is required.
+ items:
+ type: object
+ required:
+ - type
+ properties:
+ id:
+ type: string
+ description: The identifier for the entity.
+ name:
+ type: string
+ description: The name of the entity.
+ type:
+ type: string
+ description: Valid values are `team` and `user`.
+ enum:
+ - team
+ - user
+ username:
+ type: string
+ description: The user name. This property is required only when the `type` is `user`.
+
\ No newline at end of file
diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_fieldsbyissuetype.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_fieldsbyissuetype.yaml
new file mode 100644
index 00000000000000..e8c8869e7d68b0
--- /dev/null
+++ b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_fieldsbyissuetype.yaml
@@ -0,0 +1,22 @@
+title: The fieldsByIssueType subaction
+type: object
+required:
+ - subAction
+ - subActionParams
+description: The `fieldsByIssueType` subaction for Jira connectors.
+properties:
+ subAction:
+ type: string
+ description: The action to test.
+ enum:
+ - fieldsByIssueType
+ subActionParams:
+ type: object
+ required:
+ - id
+ properties:
+ id:
+ type: string
+ description: The Jira issue type identifier.
+ example: 10024
+
\ No newline at end of file
diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_getchoices.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_getchoices.yaml
new file mode 100644
index 00000000000000..7bcf2aca3fc712
--- /dev/null
+++ b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_getchoices.yaml
@@ -0,0 +1,23 @@
+title: The getChoices subaction
+type: object
+required:
+ - subAction
+ - subActionParams
+description: The `getChoices` subaction for ServiceNow ITOM, ServiceNow ITSM, and ServiceNow SecOps connectors.
+properties:
+ subAction:
+ type: string
+ description: The action to test.
+ enum:
+ - getChoices
+ subActionParams:
+ type: object
+ description: The set of configuration properties for the action.
+ required:
+ - fields
+ properties:
+ fields:
+ type: array
+ description: An array of fields.
+ items:
+ type: string
diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_getfields.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_getfields.yaml
new file mode 100644
index 00000000000000..62e80dc53805cf
--- /dev/null
+++ b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_getfields.yaml
@@ -0,0 +1,11 @@
+title: The getFields subaction
+type: object
+required:
+ - subAction
+description: The `getFields` subaction for Jira, ServiceNow ITSM, and ServiceNow SecOps connectors.
+properties:
+ subAction:
+ type: string
+ description: The action to test.
+ enum:
+ - getFields
diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_getincident.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_getincident.yaml
new file mode 100644
index 00000000000000..666c0257f68b86
--- /dev/null
+++ b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_getincident.yaml
@@ -0,0 +1,21 @@
+title: The getIncident subaction
+type: object
+description: The `getIncident` subaction for Jira, ServiceNow ITSM, and ServiceNow SecOps connectors.
+required:
+ - subAction
+ - subActionParams
+properties:
+ subAction:
+ type: string
+ description: The action to test.
+ enum:
+ - getIncident
+ subActionParams:
+ type: object
+ required:
+ - externalId
+ properties:
+ externalId:
+ type: string
+ description: The Jira, ServiceNow ITSM, or ServiceNow SecOps issue identifier.
+ example: 71778
diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_issue.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_issue.yaml
new file mode 100644
index 00000000000000..56ee923b40063f
--- /dev/null
+++ b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_issue.yaml
@@ -0,0 +1,20 @@
+title: The issue subaction
+type: object
+required:
+ - subAction
+description: The `issue` subaction for Jira connectors.
+properties:
+ subAction:
+ type: string
+ description: The action to test.
+ enum:
+ - issue
+ subActionParams:
+ type: object
+ required:
+ - id
+ properties:
+ id:
+ type: string
+ description: The Jira issue identifier.
+ example: 71778
\ No newline at end of file
diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_issues.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_issues.yaml
new file mode 100644
index 00000000000000..bfd5abc388a24e
--- /dev/null
+++ b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_issues.yaml
@@ -0,0 +1,20 @@
+title: The issues subaction
+type: object
+required:
+ - subAction
+ - subActionParams
+description: The `issues` subaction for Jira connectors.
+properties:
+ subAction:
+ type: string
+ description: The action to test.
+ enum:
+ - issues
+ subActionParams:
+ type: object
+ required:
+ - title
+ properties:
+ title:
+ type: string
+ description: The title of the Jira issue.
\ No newline at end of file
diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_issuetypes.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_issuetypes.yaml
new file mode 100644
index 00000000000000..0ea5104ae1890d
--- /dev/null
+++ b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_issuetypes.yaml
@@ -0,0 +1,11 @@
+title: The issueTypes subaction
+type: object
+required:
+ - subAction
+description: The `issueTypes` subaction for Jira connectors.
+properties:
+ subAction:
+ type: string
+ description: The action to test.
+ enum:
+ - issueTypes
diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_pushtoservice.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_pushtoservice.yaml
new file mode 100644
index 00000000000000..7692a35b2f05fe
--- /dev/null
+++ b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_pushtoservice.yaml
@@ -0,0 +1,133 @@
+title: The pushToService subaction
+type: object
+required:
+ - subAction
+ - subActionParams
+description: The `pushToService` subaction for Jira, ServiceNow ITSM, ServiceNow SecOps, and Swimlane connectors.
+properties:
+ subAction:
+ type: string
+ description: The action to test.
+ enum:
+ - pushToService
+ subActionParams:
+ type: object
+ description: The set of configuration properties for the action.
+ properties:
+ comments:
+ type: array
+ description: Additional information that is sent to Jira, ServiceNow ITSM, ServiceNow SecOps, or Swimlane.
+ items:
+ type: object
+ properties:
+ comment:
+ type: string
+ description: A comment related to the incident. For example, describe how to troubleshoot the issue.
+ commentId:
+ type: integer
+ description: A unique identifier for the comment.
+ incident:
+ type: object
+ description: Information necessary to create or update a Jira, ServiceNow ITSM, ServiveNow SecOps, or Swimlane incident.
+ properties:
+ alertId:
+ type: string
+ description: The alert identifier for Swimlane connectors.
+ caseId:
+ type: string
+ description: The case identifier for the incident for Swimlane connectors.
+ caseName:
+ type: string
+ description: The case name for the incident for Swimlane connectors.
+ category:
+ type: string
+ description: The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.
+ correlation_display:
+ type: string
+ description: A descriptive label of the alert for correlation purposes for ServiceNow ITSM and ServiceNow SecOps connectors.
+ correlation_id:
+ type: string
+ description: >
+ The correlation identifier for the security incident for ServiceNow ITSM and ServiveNow SecOps connectors. Connectors using the same correlation ID are associated with the same ServiceNow incident. This value determines whether a new ServiceNow incident is created or an existing one is updated. Modifying this value is optional; if not modified, the rule ID and alert ID are combined as `{{ruleID}}:{{alert ID}}` to form the correlation ID value in ServiceNow. The maximum character length for this value is 100 characters.
+ NOTE: Using the default configuration of `{{ruleID}}:{{alert ID}}` ensures that ServiceNow creates a separate incident record for every generated alert that uses a unique alert ID. If the rule generates multiple alerts that use the same alert IDs, ServiceNow creates and continually updates a single incident record for the alert.
+ description:
+ type: string
+ description: The description of the incident for Jira, ServiceNow ITSM, ServiceNow SecOps, and Swimlane connectors.
+ dest_ip:
+ description: >
+ A list of destination IP addresses related to the security incident for ServiceNow SecOps connectors. The IPs are added as observables to the security incident.
+ oneOf:
+ - type: string
+ - type: array
+ items:
+ type: string
+ externalId:
+ type: string
+ description: >
+ The Jira, ServiceNow ITSM, or ServiceNow SecOps issue identifier.
+ If present, the incident is updated. Otherwise, a new incident is created.
+ impact:
+ type: string
+ description: The impact of the incident for ServiceNow ITSM connectors.
+ issueType:
+ type: integer
+ description: The type of incident for Jira connectors. For example, 10006. To obtain the list of valid values, set `subAction` to `issueTypes`.
+ labels:
+ type: array
+ items:
+ type: string
+ description: >
+ The labels for the incident for Jira connectors.
+ NOTE: Labels cannot contain spaces.
+ malware_hash:
+ description: A list of malware hashes related to the security incident for ServiceNow SecOps connectors. The hashes are added as observables to the security incident.
+ oneOf:
+ - type: string
+ - type: array
+ items:
+ type: string
+ malware_url:
+ type: string
+ description: A list of malware URLs related to the security incident for ServiceNow SecOps connectors. The URLs are added as observables to the security incident.
+ oneOf:
+ - type: string
+ - type: array
+ items:
+ type: string
+ parent:
+ type: string
+ description: The ID or key of the parent issue for Jira connectors. Applies only to `Sub-task` types of issues.
+ priority:
+ type: string
+ description: The priority of the incident in Jira and ServiceNow SecOps connectors.
+ ruleName:
+ type: string
+ description: The rule name for Swimlane connectors.
+ severity:
+ type: string
+ description: The severity of the incident for ServiceNow ITSM and Swimlane connectors.
+ short_description:
+ type: string
+ description: >
+ A short description of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. It is used for searching the contents of the knowledge base.
+ source_ip:
+ description: A list of source IP addresses related to the security incident for ServiceNow SecOps connectors. The IPs are added as observables to the security incident.
+ oneOf:
+ - type: string
+ - type: array
+ items:
+ type: string
+ subcategory:
+ type: string
+ description: The subcategory of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.
+ summary:
+ type: string
+ description: A summary of the incident for Jira connectors.
+ title:
+ type: string
+ description: >
+ A title for the incident for Jira connectors.
+ It is used for searching the contents of the knowledge base.
+ urgency:
+ type: string
+ description: The urgency of the incident for ServiceNow ITSM connectors.
diff --git a/x-pack/plugins/actions/docs/openapi/entrypoint.yaml b/x-pack/plugins/actions/docs/openapi/entrypoint.yaml
index 98a50c7304d587..579845aa9f6d81 100644
--- a/x-pack/plugins/actions/docs/openapi/entrypoint.yaml
+++ b/x-pack/plugins/actions/docs/openapi/entrypoint.yaml
@@ -23,18 +23,17 @@ paths:
$ref: paths/s@{spaceid}@api@actions@connectors.yaml
'/s/{spaceId}/api/actions/connector_types':
$ref: paths/s@{spaceid}@api@actions@connector_types.yaml
-# '/s/{spaceId}/api/actions/connector/{connectorId}/_execute':
-# $ref: paths/s@{spaceid}@api@actions@connector@{connectorid}@_execute.yaml
+ '/s/{spaceId}/api/actions/connector/{connectorId}/_execute':
+ $ref: paths/s@{spaceid}@api@actions@connector@{connectorid}@_execute.yaml
+# Deprecated endpoints:
# '/s/{spaceId}/api/actions/action/{actionId}':
# $ref: 'paths/s@{spaceid}@api@actions@action@{actionid}.yaml'
# '/s/{spaceId}/api/actions':
# $ref: 'paths/s@{spaceid}@api@actions.yaml'
-# '/s/{spaceId}/api/actions/list_action_types':
+# '/s/{spaceId}/api/actions/list_action_types':
# $ref: 'paths/s@{spaceid}@api@actions@list_action_types.yaml'
# '/s/{spaceId}/api/actions/action':
# $ref: 'paths/s@{spaceid}@api@actions@action.yaml'
-# '/s/{spaceId}/api/actions/action/{actionId}':
-# $ref: 'paths/s@{spaceid}@api@actions@action@{actionid}.yaml'
# '/s/{spaceId}/api/actions/action/{actionId}/_execute':
# $ref: 'paths/s@{spaceid}@api@actions@action@{actionid}@_execute.yaml'
components:
diff --git a/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector.yaml b/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector.yaml
index 110f35c650e91f..fafabb5ce30659 100644
--- a/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector.yaml
+++ b/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector.yaml
@@ -6,7 +6,7 @@ post:
tags:
- connectors
parameters:
- - $ref: ../components/headers/kbn_xsrf.yaml
+ - $ref: '../components/headers/kbn_xsrf.yaml'
- $ref: '../components/parameters/space_id.yaml'
requestBody:
required: true
@@ -53,16 +53,7 @@ post:
content:
application/json:
schema:
- type: object
- properties:
- error:
- type: string
- example: Unauthorized
- message:
- type: string
- statusCode:
- type: integer
- example: 401
+ $ref: '../components/schemas/401_response.yaml'
servers:
- url: https://localhost:5601
servers:
diff --git a/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}.yaml b/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}.yaml
index c1cb7df5aa0f1b..5633dd7b9dcb6f 100644
--- a/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}.yaml
+++ b/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}.yaml
@@ -23,16 +23,7 @@ get:
content:
application/json:
schema:
- type: object
- properties:
- error:
- type: string
- example: Unauthorized
- message:
- type: string
- statusCode:
- type: integer
- example: 401
+ $ref: '../components/schemas/401_response.yaml'
'404':
description: Object is not found.
content:
@@ -61,7 +52,7 @@ delete:
tags:
- connectors
parameters:
- - $ref: ../components/headers/kbn_xsrf.yaml
+ - $ref: '../components/headers/kbn_xsrf.yaml'
- $ref: '../components/parameters/connector_id.yaml'
- $ref: '../components/parameters/space_id.yaml'
responses:
@@ -72,16 +63,7 @@ delete:
content:
application/json:
schema:
- type: object
- properties:
- error:
- type: string
- example: Unauthorized
- message:
- type: string
- statusCode:
- type: integer
- example: 401
+ $ref: '../components/schemas/401_response.yaml'
'404':
description: Object is not found.
content:
@@ -109,7 +91,7 @@ put:
tags:
- connectors
parameters:
- - $ref: ../components/headers/kbn_xsrf.yaml
+ - $ref: '../components/headers/kbn_xsrf.yaml'
- $ref: '../components/parameters/connector_id.yaml'
- $ref: '../components/parameters/space_id.yaml'
requestBody:
@@ -167,32 +149,13 @@ put:
content:
application/json:
schema:
- type: object
- properties:
- error:
- type: string
- example: Unauthorized
- message:
- type: string
- statusCode:
- type: integer
- example: 401
+ $ref: '../components/schemas/401_response.yaml'
'404':
description: Object is not found.
content:
application/json:
schema:
- type: object
- properties:
- error:
- type: string
- example: Not Found
- message:
- type: string
- example: "Saved object [action/baf33fc0-920c-11ed-b36a-874bd1548a00] not found"
- statusCode:
- type: integer
- example: 404
+ $ref: '../components/schemas/404_response.yaml'
servers:
- url: https://localhost:5601
servers:
diff --git a/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}@_execute.yaml b/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}@_execute.yaml
new file mode 100644
index 00000000000000..713583759a0173
--- /dev/null
+++ b/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}@_execute.yaml
@@ -0,0 +1,105 @@
+post:
+ summary: Runs a connector.
+ operationId: runConnector
+ description: >
+ You can use this API to test an action that involves interaction with Kibana services or integrations with third-party systems.
+ You must have `read` privileges for the **Actions and Connectors** feature in the **Management** section of the Kibana feature privileges.
+ If you use an index connector, you must also have `all`, `create`, `index`, or `write` indices privileges.
+ tags:
+ - connectors
+ parameters:
+ - $ref: '../components/headers/kbn_xsrf.yaml'
+ - $ref: '../components/parameters/connector_id.yaml'
+ - $ref: '../components/parameters/space_id.yaml'
+ requestBody:
+ required: true
+ content:
+ application/json:
+ schema:
+ title: Run connector request body properties
+ description: The properties vary depending on the connector type.
+ type: object
+ required:
+ - params
+ properties:
+ params:
+ oneOf:
+ - $ref: '../components/schemas/run_connector_params_documents.yaml'
+ - $ref: '../components/schemas/run_connector_params_level_message.yaml'
+ - title: Subaction parameters
+ description: Test an action that involves a subaction.
+ oneOf:
+ - $ref: '../components/schemas/run_connector_subaction_addevent.yaml'
+ - $ref: '../components/schemas/run_connector_subaction_closealert.yaml'
+ - $ref: '../components/schemas/run_connector_subaction_createalert.yaml'
+ - $ref: '../components/schemas/run_connector_subaction_fieldsbyissuetype.yaml'
+ - $ref: '../components/schemas/run_connector_subaction_getchoices.yaml'
+ - $ref: '../components/schemas/run_connector_subaction_getfields.yaml'
+ - $ref: '../components/schemas/run_connector_subaction_getincident.yaml'
+ - $ref: '../components/schemas/run_connector_subaction_issue.yaml'
+ - $ref: '../components/schemas/run_connector_subaction_issues.yaml'
+ - $ref: '../components/schemas/run_connector_subaction_issuetypes.yaml'
+ - $ref: '../components/schemas/run_connector_subaction_pushtoservice.yaml'
+ discriminator:
+ propertyName: subAction
+ examples:
+ runIndexConnectorRequest:
+ $ref: '../components/examples/run_index_connector_request.yaml'
+ runJiraConnectorRequest:
+ $ref: '../components/examples/run_jira_connector_request.yaml'
+ runServerLogConnectorRequest:
+ $ref: '../components/examples/run_server_log_connector_request.yaml'
+ runServiceNowITOMConnectorRequest:
+ $ref: '../components/examples/run_servicenow_itom_connector_request.yaml'
+ runSwimlaneConnectorRequest:
+ $ref: '../components/examples/run_swimlane_connector_request.yaml'
+ responses:
+ '200':
+ description: Indicates a successful call.
+ content:
+ application/json:
+ schema:
+ type: object
+ required:
+ - connector_id
+ - status
+ properties:
+ connector_id:
+ type: string
+ description: The identifier for the connector.
+ data:
+ oneOf:
+ - type: object
+ description: Information returned from the action.
+ additionalProperties: true
+ - type: array
+ description: An array of information returned from the action.
+ items:
+ type: object
+ status:
+ type: string
+ description: The status of the action.
+ enum:
+ - error
+ - ok
+ examples:
+ runIndexConnectorResponse:
+ $ref: '../components/examples/run_index_connector_response.yaml'
+ runJiraConnectorResponse:
+ $ref: '../components/examples/run_jira_connector_response.yaml'
+ runServerLogConnectorResponse:
+ $ref: '../components/examples/run_server_log_connector_response.yaml'
+ runServiceNowITOMConnectorResponse:
+ $ref: '../components/examples/run_servicenow_itom_connector_response.yaml'
+ runSwimlaneConnectorResponse:
+ $ref: '../components/examples/run_swimlane_connector_response.yaml'
+ '401':
+ description: Authorization information is missing or invalid.
+ content:
+ application/json:
+ schema:
+ $ref: '../components/schemas/401_response.yaml'
+ servers:
+ - url: https://localhost:5601
+servers:
+ - url: https://localhost:5601
diff --git a/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector_types.yaml b/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector_types.yaml
index 001da54c13c14a..72dcd256605330 100644
--- a/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector_types.yaml
+++ b/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector_types.yaml
@@ -63,16 +63,7 @@ get:
content:
application/json:
schema:
- type: object
- properties:
- error:
- type: string
- example: Unauthorized
- message:
- type: string
- statusCode:
- type: integer
- example: 401
+ $ref: '../components/schemas/401_response.yaml'
servers:
- url: https://localhost:5601
servers:
diff --git a/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connectors.yaml b/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connectors.yaml
index 2a0a075703f8a8..afa2c05abdb621 100644
--- a/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connectors.yaml
+++ b/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connectors.yaml
@@ -60,16 +60,7 @@ get:
content:
application/json:
schema:
- type: object
- properties:
- error:
- type: string
- example: Unauthorized
- message:
- type: string
- statusCode:
- type: integer
- example: 401
+ $ref: '../components/schemas/401_response.yaml'
servers:
- url: https://localhost:5601
servers: