I'm on the way to implementing the automation solution for our Elastic Security Cases. While working on some automation scripts, I got a problem with the response to Cases.
For example, when the Case is created, Elastic sends the data about it to our SOAR. SOAR does some stuff then I'd like to create a script that will respond to the Case that triggered the script with some data.
I found good REST API documentation and discovered that I can use the comments section and store there some data I want.
But to create a comment in a Case I need to provide a particular case ID. And the problem is - I can not provide the Case ID in the webhook configuration as a variable, cause it is not available there (only the title, description, tags, and the incident id of the third-party system).
And my question is: how can I share a Case ID using the Case Management webhook? If it is not possible at this time, maybe it is an awesome feature request for further Kibana updates.