Actions API (for pushing cases to external systems)

edit

Actions API (for pushing cases to external systems)

edit

You can push Elastic Security cases to these third-party systems:

  • ServiceNow
  • Jira (including Jira Service Desk)
  • IBM Resilient
  • Swimlane

The Kibana Console supports only Elasticsearch APIs. Console doesn’t allow interactions with Kibana APIs. You must use curl or another HTTP tool instead. For more information, refer to Console.

To push cases, you need to create a connector using the Kibana Actions API, which stores the information required to interface with the external system.

Elastic Security uses these external APIs to send cases:

To send cases to an external system and keep the Elastic Security UI updated:

  1. Create connector: Create the connector (Actions API).
  2. Create case: Create a case with the connector from the previous step.
  3. Push case: Push the case to the external system.