Create connector
editCreate connector
editCreates a connector, which can then be used to open and update cases in external systems. Note that data from mapped case fields can be pushed to external systems but cannot be pulled in.
Request URL
editPOST <kibana host>:<port>/api/actions/connector
Request body
editA JSON object with these fields:
Name | Type | Description | Required |
---|---|---|---|
|
String |
Must be one of these:
|
Yes |
|
Object containing the action’s configuration. |
Yes |
|
|
Object |
Object containing the third-party account information used to create and update incidents. For ServiceNow ITSM and ServiceNow SecOps connectors:
For Jira connectors:
For IBM Resilient connectors:
For Swimlane connectors:
|
Yes |
|
String |
The connector’s name. |
Yes |
Name | Type | Description | Required |
---|---|---|---|
|
String |
URL of the third-party instance. |
Yes |
|
String |
Swimlane application ID. |
For Swimlane connectors, yes. or other connectors, no. |
|
String |
The type of the connector. Must be one of these:
|
For Swimlane connectors, yes. For other connectors, no. |
|
Object |
The field mapping. Must be:
The object of each attribute in the
|
For Swimlane connectors, yes. or other connectors, no. |
|
String |
Jira project key. |
For Jira connectors, yes. For other connectors, no. |
|
String |
IBM Resilient organization ID. |
For IBM Resilient connectors, yes. For other connectors, no. |
Example requests
editCreates a ServiceNow ITSM connector:
POST api/actions/connector { "connector_type_id": ".servicenow", "config": { "apiUrl": "https://dev87359.service-now.com", }, "secrets": { "username": "admin", "password": "securePassword123!" }, "name": "ServiceNow ITSM" }
Creates a ServiceNow SecOps connector:
POST api/actions/connector { "connector_type_id": ".servicenow-sir", "config": { "apiUrl": "https://dev87359.service-now.com", }, "secrets": { "username": "admin", "password": "securePassword123!" }, "name": "ServiceNow SecOps" }
Creates a Jira connector:
POST api/actions/connector { "connector_type_id": ".jira", "config": { "apiUrl": "https://hms.atlassian.net", "projectKey": "HMS" }, "secrets": { "email": "[email protected]", "apiToken": "my-api-token" }, "name": "Jira" }
Creates an IBM Resilient connector:
POST api/actions/connector { "connector_type_id": ".resilient", "config": { "apiUrl": "https://ibm-resilient.siem.estc.dev", "orgId": "201" }, "secrets": { "apiKeyId": "2ad2bbd3-7cd2-3096-9619-de13c5ab70ca", "apiKeySecret": "Hzol67ZoeATAR-8pQxSp3q_NPTDtWU6_QNBoCSCA-ic" }, "name": "IBM" }
Creates a Swimlane connector:
POST api/actions/connector { "name":"Swimlane", "config":{ "connectorType":"all", "mappings":{ "ruleNameConfig":{ "id":"b6fst", "name":"Alert Name", "key":"alert-name", "fieldType":"text" }, "alertIdConfig":{ "id":"bpvow", "name":"Alert ID", "key":"alert-id", "fieldType":"text" }, "caseIdConfig":{ "id":"be1mi", "name":"Case ID", "key":"case-id", "fieldType":"text" }, "caseNameConfig":{ "id":"bnxnr", "name":"Case Name", "key":"case-name", "fieldType":"text" }, "commentsConfig":{ "id":"bu18d", "name":"Comments", "key":"comments", "fieldType":"comments" }, "severityConfig":{ "id":"b71ik", "name":"severity", "key":"severity", "fieldType":"text" }, "descriptionConfig":{ "id":"b5zrn", "name":"Description", "key":"description", "fieldType":"text" } }, "appId":"myAppID", "apiUrl":"https://myswimlaneinstance.com" }, "secrets":{ "apiToken":"secureToken" } }
Response code
edit-
200
- Indicates a successful call.
Response payload
editA JSON object with a connector id
that is required to push cases to ServiceNow.
Example response
editServiceNow connector:
{ "id": "f07a60c7-a340-4cb1-93b8-1f5e35dc56b1", "connector_type_id": ".servicenow", "name": "SN API 2", "config": { "apiUrl": "https://dev185413.service-now.com", }, "isPreconfigured": false }