Create Cases with Elastic Security Rule Alerts

Is there a way to create cases automatically when specific Security Rules trigger? I see lots of integrations for third-party case management tools, but I do not see any way to integrate security rules with Elastic Cases.

Has anyone integrated Elastic Security Rules and Cases in any form? Is this possible?

Also, if you have any good experiences with third-party case management tools, I would be interested in hearing which works best for you. I see options like Torq and Tines that look interesting and specifically designed for a security use.

Hello, thank you for your question. Yes, when you add a rule action you will see a 'Cases' connector. This will automatically open a case when the rule fires. You can read about it here: Cases connector and action | Kibana Guide [8.17] | Elastic

Quick note. This feature was introduced in 8.16 in Elastic Security in 'Technical Preview'. The documentation page shows it is still in Technical Preview, but it was actually fully released as of 8.17. We will update the docs.