From eb59bbf95d599cbe5cfb4e7e310f21373901915a Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Wed, 31 Aug 2022 10:07:57 -0400 Subject: [PATCH 1/6] First draft --- docs/cases/cases-ui-integrations.asciidoc | 32 +++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/docs/cases/cases-ui-integrations.asciidoc b/docs/cases/cases-ui-integrations.asciidoc index 585ce0c85a..bb5da212cd 100644 --- a/docs/cases/cases-ui-integrations.asciidoc +++ b/docs/cases/cases-ui-integrations.asciidoc @@ -34,6 +34,38 @@ image::images/cases-ui-connector.png[Shows the page for creating connectors] - {kibana-ref}/swimlane-action-type.html[{swimlane} connector] - {kibana-ref}/cases-webhook-action-type.html[{webhook-cm} connector] +[float] +[[mapped-case-fields]] +=== Mapped case fields + +To represent an {es-sec} case in an external system, {es-sec} case fields are mapped to existing fields in {sn}, {jira}, {ibm-r}, and {swimlane}. Once fields are mapped, you can push updates to external systems and mapped fields are overwritten or appended. Retrieving data from external systems is not supported. + +|=== + +| *Case field* | *Mapped field* + +| Title + +a| The case `Title` field is mapped to corresponding fields in external systems. Mapped field values are overwritten when you push updates. + +* *{sn}*: Mapped to the `Short description` field. +* *{jira}*: Mapped to the `Summary` field. +* *{ibm-r}*: Mapped to the `Name` field. +* *{swimlane}*: Mapped to the `Description` field. + +| Description +| The case `Description` field is mapped to the `Description` field in {sn}, {jira}, {ibm-r}, and {swimlane}. Mapped field values are overwritten when you push updates. + +| Comments + +a| For {sn} connctors, the case `Comments` field is mapped to the `Work Notes` field in {sn}. + +For {jira}, {ibm-r}, and {swimlane} connectors, the case `Comments` field is mapped to the `Comments` field in {jira}, {ibm-r}, and {swimlane}. + +New and edited comments are added to incident records when pushed to {sn}, {jira}, or {ibm-r}. Comments pushed to {swimlane} are appended to the `Comment` field in {swimlane} and posted individually. + +|=== + [[close-connector]] [float] [[close-sent-cases]] From 04f5262a93ab0b85e3f41dfb3d0e68cf898a9a83 Mon Sep 17 00:00:00 2001 From: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Wed, 31 Aug 2022 15:20:52 -0400 Subject: [PATCH 2/6] Update docs/cases/cases-ui-integrations.asciidoc Co-authored-by: Joe Peeples --- docs/cases/cases-ui-integrations.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/cases/cases-ui-integrations.asciidoc b/docs/cases/cases-ui-integrations.asciidoc index bb5da212cd..4ff0787f0f 100644 --- a/docs/cases/cases-ui-integrations.asciidoc +++ b/docs/cases/cases-ui-integrations.asciidoc @@ -38,7 +38,7 @@ image::images/cases-ui-connector.png[Shows the page for creating connectors] [[mapped-case-fields]] === Mapped case fields -To represent an {es-sec} case in an external system, {es-sec} case fields are mapped to existing fields in {sn}, {jira}, {ibm-r}, and {swimlane}. Once fields are mapped, you can push updates to external systems and mapped fields are overwritten or appended. Retrieving data from external systems is not supported. +To represent an {elastic-sec} case in an external system, case fields are mapped to existing fields in {sn}, {jira}, {ibm-r}, and {swimlane}. Once fields are mapped, you can push updates to external systems and mapped fields are overwritten or appended. Retrieving data from external systems is not supported. |=== From 915c040f60e2d1a5e63050985934377e76a88c69 Mon Sep 17 00:00:00 2001 From: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Wed, 31 Aug 2022 15:22:20 -0400 Subject: [PATCH 3/6] Update docs/cases/cases-ui-integrations.asciidoc Co-authored-by: Joe Peeples --- docs/cases/cases-ui-integrations.asciidoc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/cases/cases-ui-integrations.asciidoc b/docs/cases/cases-ui-integrations.asciidoc index 4ff0787f0f..020484b227 100644 --- a/docs/cases/cases-ui-integrations.asciidoc +++ b/docs/cases/cases-ui-integrations.asciidoc @@ -48,10 +48,10 @@ To represent an {elastic-sec} case in an external system, case fields are mapped a| The case `Title` field is mapped to corresponding fields in external systems. Mapped field values are overwritten when you push updates. -* *{sn}*: Mapped to the `Short description` field. -* *{jira}*: Mapped to the `Summary` field. -* *{ibm-r}*: Mapped to the `Name` field. -* *{swimlane}*: Mapped to the `Description` field. +* *{sn}*: `Short description` +* *{jira}*: `Summary` +* *{ibm-r}*: `Name` +* *{swimlane}*: `Description` | Description | The case `Description` field is mapped to the `Description` field in {sn}, {jira}, {ibm-r}, and {swimlane}. Mapped field values are overwritten when you push updates. From 3a4f3bb84c3e919efdaa580fcaa4b31e4c172e82 Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Mon, 12 Sep 2022 14:24:23 -0400 Subject: [PATCH 4/6] Joe's suggestions --- docs/cases/cases-ui-integrations.asciidoc | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/docs/cases/cases-ui-integrations.asciidoc b/docs/cases/cases-ui-integrations.asciidoc index 020484b227..da109022e5 100644 --- a/docs/cases/cases-ui-integrations.asciidoc +++ b/docs/cases/cases-ui-integrations.asciidoc @@ -38,7 +38,9 @@ image::images/cases-ui-connector.png[Shows the page for creating connectors] [[mapped-case-fields]] === Mapped case fields -To represent an {elastic-sec} case in an external system, case fields are mapped to existing fields in {sn}, {jira}, {ibm-r}, and {swimlane}. Once fields are mapped, you can push updates to external systems and mapped fields are overwritten or appended. Retrieving data from external systems is not supported. +To represent an {elastic-sec} case in an external system, case fields are mapped to existing fields in {sn}, {jira}, {ibm-r}, and {swimlane}. For the {webhook-cm} connector, case fields can mapped to custom or pre-existing fields in the external system you're connecting to. + +Once fields are mapped, you can push updates to external systems and mapped fields are overwritten or appended. Retrieving data from external systems is not supported. |=== @@ -54,13 +56,16 @@ a| The case `Title` field is mapped to corresponding fields in external systems. * *{swimlane}*: `Description` | Description -| The case `Description` field is mapped to the `Description` field in {sn}, {jira}, {ibm-r}, and {swimlane}. Mapped field values are overwritten when you push updates. +| The case `Description` field is mapped to the `Description` field in all systems. Mapped field values are overwritten when you push updates. | Comments -a| For {sn} connctors, the case `Comments` field is mapped to the `Work Notes` field in {sn}. +a| The case `Comments` field is mapped to corresponding fields in external systems. -For {jira}, {ibm-r}, and {swimlane} connectors, the case `Comments` field is mapped to the `Comments` field in {jira}, {ibm-r}, and {swimlane}. +* *{sn}*: `Work Notes` +* *{jira}*: `Comments` +* *{ibm-r}*: `Comments` +* *{swimlane}*: `Comments` New and edited comments are added to incident records when pushed to {sn}, {jira}, or {ibm-r}. Comments pushed to {swimlane} are appended to the `Comment` field in {swimlane} and posted individually. From 3571ffa6630b744fadc892c514a3400000a12a00 Mon Sep 17 00:00:00 2001 From: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Mon, 12 Sep 2022 14:55:21 -0400 Subject: [PATCH 5/6] Update docs/cases/cases-ui-integrations.asciidoc Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> --- docs/cases/cases-ui-integrations.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/cases/cases-ui-integrations.asciidoc b/docs/cases/cases-ui-integrations.asciidoc index da109022e5..d9b5d8698f 100644 --- a/docs/cases/cases-ui-integrations.asciidoc +++ b/docs/cases/cases-ui-integrations.asciidoc @@ -38,7 +38,7 @@ image::images/cases-ui-connector.png[Shows the page for creating connectors] [[mapped-case-fields]] === Mapped case fields -To represent an {elastic-sec} case in an external system, case fields are mapped to existing fields in {sn}, {jira}, {ibm-r}, and {swimlane}. For the {webhook-cm} connector, case fields can mapped to custom or pre-existing fields in the external system you're connecting to. +When you export an {elastic-sec} case to an external system, case fields are mapped to existing fields in {sn}, {jira}, {ibm-r}, and {swimlane}. For the {webhook-cm} connector, case fields can be mapped to custom or pre-existing fields in the external system you're connecting to. Once fields are mapped, you can push updates to external systems and mapped fields are overwritten or appended. Retrieving data from external systems is not supported. From 5f5a24365d67918002aa60ac0f7dc775b989a1c0 Mon Sep 17 00:00:00 2001 From: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Tue, 13 Sep 2022 16:48:06 -0400 Subject: [PATCH 6/6] Update docs/cases/cases-ui-integrations.asciidoc Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com> --- docs/cases/cases-ui-integrations.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/cases/cases-ui-integrations.asciidoc b/docs/cases/cases-ui-integrations.asciidoc index d9b5d8698f..5471dceda4 100644 --- a/docs/cases/cases-ui-integrations.asciidoc +++ b/docs/cases/cases-ui-integrations.asciidoc @@ -40,7 +40,7 @@ image::images/cases-ui-connector.png[Shows the page for creating connectors] When you export an {elastic-sec} case to an external system, case fields are mapped to existing fields in {sn}, {jira}, {ibm-r}, and {swimlane}. For the {webhook-cm} connector, case fields can be mapped to custom or pre-existing fields in the external system you're connecting to. -Once fields are mapped, you can push updates to external systems and mapped fields are overwritten or appended. Retrieving data from external systems is not supported. +Once fields are mapped, you can push updates to external systems, and mapped fields are overwritten or appended. Retrieving data from external systems is not supported. |===