From 58c50a160c0228d82efffd1c782383efba28070f Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Mon, 1 Dec 2025 18:23:30 -0500 Subject: [PATCH 1/5] Adds docs for IBM resil connector --- explore-analyze/alerts-cases/cases/manage-cases.md | 8 +++++++- .../incident-management/create-manage-cases.md | 10 ++++++++-- solutions/security/investigate/open-manage-cases.md | 8 +++++++- 3 files changed, 22 insertions(+), 4 deletions(-) diff --git a/explore-analyze/alerts-cases/cases/manage-cases.md b/explore-analyze/alerts-cases/cases/manage-cases.md index a079c774fc..72b4794472 100644 --- a/explore-analyze/alerts-cases/cases/manage-cases.md +++ b/explore-analyze/alerts-cases/cases/manage-cases.md @@ -31,8 +31,14 @@ Open a new case to keep track of issues and share their details with colleagues. 4. Optionally, add a category, assignees, and tags. You can add users only if they meet the necessary [prerequisites](setup-cases.md). 5. If you defined any [custom fields](manage-cases-settings.md#case-custom-fields), they appear in the **Additional fields** section. +6. (Optional) Under **External Connector Fields**, you can select a connector to send cases to an external system. If you’ve created any connectors previously, they will be listed here. If there are no connectors listed, you can create one. For more information, refer to [External incident management systems](manage-cases-settings.md#case-connectors). + + ::::{note} + :applies_to:{stack: ga 9.2} + When specifying **Additional fields** for an {{ibm-r}} connector, custom fields that are set when an incident is created or changed (for example, an incident is closed) won't display as an option. + :::: + -6. For the **External incident management system**, select a connector. For more information, refer to [External incident management systems](manage-cases-settings.md#case-connectors). 7. After you’ve completed all of the required fields, click **Create case**. {applies_to}`stack: preview` {applies_to}`serverless: preview` Alternatively, you can configure your rules to automatically create cases by using [case actions](kibana://reference/connectors-kibana/cases-action-type.md). By default, the rule adds all of the alerts within a specified time window to a single case. You can optionally choose a field to group the alerts and create separate cases for each group. You can also choose whether you want the rule to reopen cases or open new ones when the time window elapses. diff --git a/solutions/observability/incident-management/create-manage-cases.md b/solutions/observability/incident-management/create-manage-cases.md index de5d3c8adc..bc75f5d2c6 100644 --- a/solutions/observability/incident-management/create-manage-cases.md +++ b/solutions/observability/incident-management/create-manage-cases.md @@ -35,7 +35,13 @@ Open a new case to keep track of issues and share the details with colleagues. T **For Elastic Stack**, You can add users only if they meet the necessary [prerequisites](/solutions/observability/incident-management/configure-access-to-cases.md). 6. If you defined [custom fields](/solutions/observability/incident-management/configure-case-settings.md#case-custom-fields), they appear in the **Additional fields** section. -7. (Optional) Under External incident management system, you can select a connector to send cases to an external system. If you’ve created any connectors previously, they will be listed here. If there are no connectors listed, you can [create one](/solutions/observability/incident-management/configure-case-settings.md). +7. (Optional) Under **External Connector Fields**, you can select a connector to send cases to an external system. If you’ve created any connectors previously, they will be listed here. If there are no connectors listed, you can create one. For more information, refer to [External incident management systems](/solutions/observability/incident-management/configure-case-settings#cases-external-connectors). + + ::::{note} + :applies_to:{stack: ga 9.2} + When specifying **Additional fields** for an {{ibm-r}} connector, custom fields that are set when an incident is created or changed (for example, an incident is closed) won't display as an option. + :::: + 8. After you’ve completed all of the required fields, click **Create case**. ::::{tip} @@ -76,7 +82,7 @@ There is a 10 MiB size limit for images. For all other MIME types, the limit is ## Send cases to external incident management systems [observability-create-a-new-case-send-cases-to-external-incident-management-systems] -To send a case to an external system, click the ![push](/solutions/images/serverless-importAction.svg "") button in the *External incident management system* section of the individual case page. This information is not sent automatically. If you make further changes to the shared case fields, you should push the case again. +To send a case to an external system, click the ![push](/solutions/images/serverless-importAction.svg "") button in the **External incident management system** section of the individual case page. This information is not sent automatically. If you make further changes to the shared case fields, you should push the case again. For more information about configuring connections to external incident management systems, refer to [](/solutions/observability/incident-management/configure-case-settings.md). diff --git a/solutions/security/investigate/open-manage-cases.md b/solutions/security/investigate/open-manage-cases.md index aa24617edd..f9d5bedfb1 100644 --- a/solutions/security/investigate/open-manage-cases.md +++ b/solutions/security/investigate/open-manage-cases.md @@ -38,7 +38,13 @@ Open a new case to keep track of security issues and share their details with co 5. {applies_to}`stack: preview` {applies_to}`serverless: preview` If you defined [custom fields](/solutions/security/investigate/configure-case-settings.md#cases-ui-custom-fields), they appear in the **Additional fields** section. 6. Choose if you want alert statuses to sync with the case’s status after they are added to the case. This option is turned on by default, but you can turn it off after creating the case. 7. {applies_to}`stack: ga 9.2` With the appropriate [{{stack}} subscription](https://www.elastic.co/pricing) or [{{serverless-short}} project feature tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md), you can choose to automatically extract observables from alerts that you're adding to the case. This option is turned on by default. You can turn it off after creating the case by toggling **Auto-extract observables** on the case's **Observables** tab. -8. From **External incident management**, select a [connector](/solutions/security/investigate/configure-case-settings.md#cases-ui-integrations). If you’ve previously added one, that connector displays as the default selection. Otherwise, the default setting is `No connector selected`. +8. (Optional) Under **External Connector Fields**, you can select a connector to send cases to an external system. If you’ve created any connectors previously, they will be listed here. If there are no connectors listed, you can create one. For more information, refer to [External incident management systems](/solutions/security/investigate/configure-case-settings.md#cases-ui-integrations) + + ::::{note} + :applies_to:{stack: ga 9.2} + When specifying **Additional fields** for an {{ibm-r}} connector, custom fields that are set when an incident is created or changed (for example, an incident is closed) won't display as an option. + :::: + 9. Click **Create case**. ::::{note} From 5bc55ebe0e58bb605994542c216f64db7a9b1b39 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Mon, 1 Dec 2025 18:24:29 -0500 Subject: [PATCH 2/5] Update applies to ver --- explore-analyze/alerts-cases/cases/manage-cases.md | 2 +- .../observability/incident-management/create-manage-cases.md | 2 +- solutions/security/investigate/open-manage-cases.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/explore-analyze/alerts-cases/cases/manage-cases.md b/explore-analyze/alerts-cases/cases/manage-cases.md index 72b4794472..971564d3e7 100644 --- a/explore-analyze/alerts-cases/cases/manage-cases.md +++ b/explore-analyze/alerts-cases/cases/manage-cases.md @@ -34,7 +34,7 @@ Open a new case to keep track of issues and share their details with colleagues. 6. (Optional) Under **External Connector Fields**, you can select a connector to send cases to an external system. If you’ve created any connectors previously, they will be listed here. If there are no connectors listed, you can create one. For more information, refer to [External incident management systems](manage-cases-settings.md#case-connectors). ::::{note} - :applies_to:{stack: ga 9.2} + :applies_to:{stack: ga 9.3} When specifying **Additional fields** for an {{ibm-r}} connector, custom fields that are set when an incident is created or changed (for example, an incident is closed) won't display as an option. :::: diff --git a/solutions/observability/incident-management/create-manage-cases.md b/solutions/observability/incident-management/create-manage-cases.md index bc75f5d2c6..eb1ebbfcca 100644 --- a/solutions/observability/incident-management/create-manage-cases.md +++ b/solutions/observability/incident-management/create-manage-cases.md @@ -38,7 +38,7 @@ Open a new case to keep track of issues and share the details with colleagues. T 7. (Optional) Under **External Connector Fields**, you can select a connector to send cases to an external system. If you’ve created any connectors previously, they will be listed here. If there are no connectors listed, you can create one. For more information, refer to [External incident management systems](/solutions/observability/incident-management/configure-case-settings#cases-external-connectors). ::::{note} - :applies_to:{stack: ga 9.2} + :applies_to:{stack: ga 9.3} When specifying **Additional fields** for an {{ibm-r}} connector, custom fields that are set when an incident is created or changed (for example, an incident is closed) won't display as an option. :::: diff --git a/solutions/security/investigate/open-manage-cases.md b/solutions/security/investigate/open-manage-cases.md index f9d5bedfb1..1f3266ffa3 100644 --- a/solutions/security/investigate/open-manage-cases.md +++ b/solutions/security/investigate/open-manage-cases.md @@ -41,7 +41,7 @@ Open a new case to keep track of security issues and share their details with co 8. (Optional) Under **External Connector Fields**, you can select a connector to send cases to an external system. If you’ve created any connectors previously, they will be listed here. If there are no connectors listed, you can create one. For more information, refer to [External incident management systems](/solutions/security/investigate/configure-case-settings.md#cases-ui-integrations) ::::{note} - :applies_to:{stack: ga 9.2} + :applies_to:{stack: ga 9.3} When specifying **Additional fields** for an {{ibm-r}} connector, custom fields that are set when an incident is created or changed (for example, an incident is closed) won't display as an option. :::: From e6677996510fd512faf1068ccc66dd7d6124cd79 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Mon, 1 Dec 2025 18:32:46 -0500 Subject: [PATCH 3/5] fix ref --- .../observability/incident-management/create-manage-cases.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/solutions/observability/incident-management/create-manage-cases.md b/solutions/observability/incident-management/create-manage-cases.md index eb1ebbfcca..0178825911 100644 --- a/solutions/observability/incident-management/create-manage-cases.md +++ b/solutions/observability/incident-management/create-manage-cases.md @@ -35,7 +35,7 @@ Open a new case to keep track of issues and share the details with colleagues. T **For Elastic Stack**, You can add users only if they meet the necessary [prerequisites](/solutions/observability/incident-management/configure-access-to-cases.md). 6. If you defined [custom fields](/solutions/observability/incident-management/configure-case-settings.md#case-custom-fields), they appear in the **Additional fields** section. -7. (Optional) Under **External Connector Fields**, you can select a connector to send cases to an external system. If you’ve created any connectors previously, they will be listed here. If there are no connectors listed, you can create one. For more information, refer to [External incident management systems](/solutions/observability/incident-management/configure-case-settings#cases-external-connectors). +7. (Optional) Under **External Connector Fields**, you can select a connector to send cases to an external system. If you’ve created any connectors previously, they will be listed here. If there are no connectors listed, you can create one. For more information, refer to [External incident management systems](/solutions/observability/incident-management/configure-case-settings.md#cases-external-connectors). ::::{note} :applies_to:{stack: ga 9.3} From e4d2e6837ed5f4f4964567c361360e28fd15a455 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Tue, 2 Dec 2025 11:37:16 -0500 Subject: [PATCH 4/5] Update explore-analyze/alerts-cases/cases/manage-cases.md --- explore-analyze/alerts-cases/cases/manage-cases.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/explore-analyze/alerts-cases/cases/manage-cases.md b/explore-analyze/alerts-cases/cases/manage-cases.md index 971564d3e7..9f8555138a 100644 --- a/explore-analyze/alerts-cases/cases/manage-cases.md +++ b/explore-analyze/alerts-cases/cases/manage-cases.md @@ -35,7 +35,7 @@ Open a new case to keep track of issues and share their details with colleagues. ::::{note} :applies_to:{stack: ga 9.3} - When specifying **Additional fields** for an {{ibm-r}} connector, custom fields that are set when an incident is created or changed (for example, an incident is closed) won't display as an option. + When specifying **Additional fields** for an {{ibm-r}} connector, fields that are set when an incident is created or changed (for example, an incident is closed) won't display as an option. :::: From ca1afbd3690c7ce5d85ef556d4607d43e1b2c1d6 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Tue, 2 Dec 2025 11:37:59 -0500 Subject: [PATCH 5/5] removed custom --- .../observability/incident-management/create-manage-cases.md | 2 +- solutions/security/investigate/open-manage-cases.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/solutions/observability/incident-management/create-manage-cases.md b/solutions/observability/incident-management/create-manage-cases.md index 0178825911..641eb80ac5 100644 --- a/solutions/observability/incident-management/create-manage-cases.md +++ b/solutions/observability/incident-management/create-manage-cases.md @@ -39,7 +39,7 @@ Open a new case to keep track of issues and share the details with colleagues. T ::::{note} :applies_to:{stack: ga 9.3} - When specifying **Additional fields** for an {{ibm-r}} connector, custom fields that are set when an incident is created or changed (for example, an incident is closed) won't display as an option. + When specifying **Additional fields** for an {{ibm-r}} connector, fields that are set when an incident is created or changed (for example, an incident is closed) won't display as an option. :::: 8. After you’ve completed all of the required fields, click **Create case**. diff --git a/solutions/security/investigate/open-manage-cases.md b/solutions/security/investigate/open-manage-cases.md index 1f3266ffa3..ed5c7e1803 100644 --- a/solutions/security/investigate/open-manage-cases.md +++ b/solutions/security/investigate/open-manage-cases.md @@ -42,7 +42,7 @@ Open a new case to keep track of security issues and share their details with co ::::{note} :applies_to:{stack: ga 9.3} - When specifying **Additional fields** for an {{ibm-r}} connector, custom fields that are set when an incident is created or changed (for example, an incident is closed) won't display as an option. + When specifying **Additional fields** for an {{ibm-r}} connector, fields that are set when an incident is created or changed (for example, an incident is closed) won't display as an option. :::: 9. Click **Create case**.