This plugin provides cases management in Kibana
- Cases API
- Cases Client API
- Cases UI
- Case Action Type feature in development, disabled by default
- Add
CasesUiStartto Kibana pluginStartServicesdependencies:
cases: CasesUiStart;- From the UI component, get the component from the
useKibanahook start services
const { cases } = useKibana().services;
// call in the return as you would any component
cases.getCases({
basePath: '/investigate/cases',
userCanCrud: true,
owner: ['securitySolution'],
features: { alerts: { sync: false }, metrics: ['alerts.count', 'lifespan'] }
timelineIntegration: {
plugins: {
parsingPlugin,
processingPluginRenderer,
uiPlugin,
},
hooks: {
useInsertTimeline,
},
},
});Arguments:
| Property | Description |
|---|---|
| userCanCrud | boolean; user permissions to crud |
| owner | string[]; owner ids of the cases |
| basePath | string; path to mount the Cases router on top of |
| useFetchAlertData | (alertIds: string[]) => [boolean, Record<string, unknown>]; fetch alerts |
| disableAlerts? | boolean (default: false) flag to not show alerts information |
| actionsNavigation? | CasesNavigation<string, 'configurable'> |
| ruleDetailsNavigation? | CasesNavigation<string | null | undefined, 'configurable'> |
| onComponentInitialized? | () => void; callback when component has initialized |
| showAlertDetails? | (alertId: string, index: string) => void; callback to show alert details |
| features? | CasesFeatures object defining the features to enable/disable |
| features?.alerts.sync | boolean (default: true) defines wether the alert sync action should be enabled/disabled |
| features?.metrics | string[] (default: []) defines the metrics to show in the Case Detail View. Allowed metrics: "alerts.count", "alerts.users", "alerts.hosts", "connectors", "lifespan". |
| timelineIntegration?.editor_plugins | Plugins needed for integrating timeline into markdown editor. |
| timelineIntegration?.editor_plugins.parsingPlugin | Plugin; |
| timelineIntegration?.editor_plugins.processingPluginRenderer | React.FC<TimelineProcessingPluginRendererProps & { position: EuiMarkdownAstNodePosition }> |
| timelineIntegration?.editor_plugins.uiPlugin? | EuiMarkdownEditorUiPlugin |
| timelineIntegration?.hooks.useInsertTimeline | (value: string, onChange: (newValue: string) => void): UseInsertTimelineReturn |
| timelineIntegration?.ui?.renderInvestigateInTimelineActionComponent? | (alertIds: string[]) => JSX.Element; space to render InvestigateInTimelineActionComponent |
| timelineIntegration?.ui?renderTimelineDetailsPanel? | () => JSX.Element; space to render TimelineDetailsPanel |
UI component:
Arguments:
| Property | Description |
|---|---|
| userCanCrud | boolean; user permissions to crud |
| owner | string[]; owner ids of the cases |
| alertData? | Omit<CommentRequestAlertType, 'type'>; alert data to post to case |
| hiddenStatuses? | CaseStatuses[]; array of hidden statuses |
| onRowClick | (theCase?: Case) => void; callback for row click, passing case in row |
| updateCase? | (theCase: Case) => void; callback after case has been updated |
| onClose? | () => void called when the modal is closed without selecting a case |
UI component:
Arguments:
| Property | Description |
|---|---|
| userCanCrud | boolean; user permissions to crud |
| owner | string[]; owner ids of the cases |
| onClose | () => void; callback when create case is canceled |
| onSuccess | (theCase: Case) => Promise<void>; callback passing newly created case after pushCaseToExternalService is called |
| afterCaseCreated? | (theCase: Case) => Promise<void>; callback passing newly created case before pushCaseToExternalService is called |
| disableAlerts? | boolean (default: false) flag to not show alerts information |
UI component:
Arguments:
| Property | Description |
|---|---|
| userCanCrud | boolean; user permissions to crud |
| owner | string[]; owner ids of the cases |
| maxCasesToShow | number; number of cases to show in widget |
UI component:
