I have a big question for you guys. Does anybody know about the opportunity to trigger an external API from the Elastic Case?
I mean, Is there a way to implement some webhook or index in elastic that could collect and send somewhere events that occurred with Elastic Cases?
For example when the user creates a Case -> event "Case created" happens.
I'd like to automate some processes related to Elastic Security Cases using our SOAR system. At this point, we are migrating from TheHive to the full Elastic Security space and we are trying to integrate Elastic with our SOAR.
Now I have only two possible ways to do that:
send an event to the SOAR (something like webhook that collects events related to Elastic Security), or start some script manually from the Case body. But I don't know any possible ways to do it either.
Maybe someone has already been challenged with that.
You'll want to use the Webhook - Case Management connector as @vitaliidm pointed out. You can configure API actions for create case, update case, and case comment. There is also a blog post detailing an implementation in Jira that may be helpful to follow along with.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.