From 6b6bf12098dbcffac3a261303ba487b19bb8df33 Mon Sep 17 00:00:00 2001 From: lcawl Date: Thu, 19 Jan 2023 18:11:49 -0800 Subject: [PATCH 01/11] [DOCS] Add open API specification for run connector --- .../plugins/actions/docs/openapi/bundled.json | 317 +++++++++++++----- .../plugins/actions/docs/openapi/bundled.yaml | 216 ++++++++---- .../examples/run_index_connector_request.yaml | 7 + .../run_index_connector_response.yaml | 20 ++ .../run_server_log_connector_request.yaml | 5 + .../run_server_log_connector_response.yaml | 3 + .../components/schemas/401_response.yaml | 15 + .../components/schemas/404_response.yaml | 15 + .../schemas/run_connector_request_index.yaml | 13 + .../run_connector_request_serverlog.yaml | 20 ++ .../actions/docs/openapi/entrypoint.yaml | 9 +- .../s@{spaceid}@api@actions@connector.yaml | 13 +- ...}@api@actions@connector@{connectorid}.yaml | 49 +-- ...ions@connector@{connectorid}@_execute.yaml | 87 +++++ ...{spaceid}@api@actions@connector_types.yaml | 11 +- .../s@{spaceid}@api@actions@connectors.yaml | 11 +- 16 files changed, 573 insertions(+), 238 deletions(-) create mode 100644 x-pack/plugins/actions/docs/openapi/components/examples/run_index_connector_request.yaml create mode 100644 x-pack/plugins/actions/docs/openapi/components/examples/run_index_connector_response.yaml create mode 100644 x-pack/plugins/actions/docs/openapi/components/examples/run_server_log_connector_request.yaml create mode 100644 x-pack/plugins/actions/docs/openapi/components/examples/run_server_log_connector_response.yaml create mode 100644 x-pack/plugins/actions/docs/openapi/components/schemas/401_response.yaml create mode 100644 x-pack/plugins/actions/docs/openapi/components/schemas/404_response.yaml create mode 100644 x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_index.yaml create mode 100644 x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_serverlog.yaml create mode 100644 x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}@_execute.yaml diff --git a/x-pack/plugins/actions/docs/openapi/bundled.json b/x-pack/plugins/actions/docs/openapi/bundled.json index 0919fea40668b..f7fd4c0207a04 100644 --- a/x-pack/plugins/actions/docs/openapi/bundled.json +++ b/x-pack/plugins/actions/docs/openapi/bundled.json @@ -134,20 +134,7 @@ "content": { "application/json": { "schema": { - "type": "object", - "properties": { - "error": { - "type": "string", - "example": "Unauthorized" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "integer", - "example": 401 - } - } + "$ref": "#/components/schemas/401_response" } } } @@ -202,20 +189,7 @@ "content": { "application/json": { "schema": { - "type": "object", - "properties": { - "error": { - "type": "string", - "example": "Unauthorized" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "integer", - "example": 401 - } - } + "$ref": "#/components/schemas/401_response" } } } @@ -278,20 +252,7 @@ "content": { "application/json": { "schema": { - "type": "object", - "properties": { - "error": { - "type": "string", - "example": "Unauthorized" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "integer", - "example": 401 - } - } + "$ref": "#/components/schemas/401_response" } } } @@ -430,20 +391,7 @@ "content": { "application/json": { "schema": { - "type": "object", - "properties": { - "error": { - "type": "string", - "example": "Unauthorized" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "integer", - "example": 401 - } - } + "$ref": "#/components/schemas/401_response" } } } @@ -453,21 +401,7 @@ "content": { "application/json": { "schema": { - "type": "object", - "properties": { - "error": { - "type": "string", - "example": "Not Found" - }, - "message": { - "type": "string", - "example": "Saved object [action/baf33fc0-920c-11ed-b36a-874bd1548a00] not found" - }, - "statusCode": { - "type": "integer", - "example": 404 - } - } + "$ref": "#/components/schemas/404_response" } } } @@ -568,20 +502,7 @@ "content": { "application/json": { "schema": { - "type": "object", - "properties": { - "error": { - "type": "string", - "example": "Unauthorized" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "integer", - "example": 401 - } - } + "$ref": "#/components/schemas/401_response" } } } @@ -685,26 +606,124 @@ }, "401": { "description": "Authorization information is missing or invalid.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/401_response" + } + } + } + } + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "servers": [ + { + "url": "https://localhost:5601" + } + ] + }, + "/s/{spaceId}/api/actions/connector/{connectorId}/_execute": { + "post": { + "summary": "Runs a connector.", + "operationId": "runConnector", + "description": "You can use this API to test an action that involves interaction with Kibana services or integrations with third-party systems. You must have `read` privileges for the **Actions and Connectors** feature in the **Management** section of the Kibana feature privileges. If you use an index connector, you must also have `all`, `create`, `index`, or `write` indices privileges.\n", + "tags": [ + "connectors" + ], + "parameters": [ + { + "$ref": "#/components/parameters/kbn_xsrf" + }, + { + "$ref": "#/components/parameters/connector_id" + }, + { + "$ref": "#/components/parameters/space_id" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "title": "Run connector request body properties", + "description": "The properties vary depending on the connector type.", + "type": "object", + "required": [ + "params" + ], + "properties": { + "params": { + "oneOf": [ + { + "$ref": "#/components/schemas/run_connector_request_index" + }, + { + "$ref": "#/components/schemas/run_connector_request_serverlog" + } + ] + } + } + }, + "examples": { + "runIndexConnectorRequest": { + "$ref": "#/components/examples/run_index_connector_request" + }, + "runServerLogConnectorRequest": { + "$ref": "#/components/examples/run_server_log_connector_request" + } + } + } + } + }, + "responses": { + "200": { + "description": "Indicates a successful call.", "content": { "application/json": { "schema": { "type": "object", + "required": [ + "connector_id", + "status" + ], "properties": { - "error": { + "connector_id": { "type": "string", - "example": "Unauthorized" + "description": "The identifier for the connector." }, - "message": { - "type": "string" + "data": { + "type": "object", + "description": "Information returned from the action.", + "additionalProperties": true }, - "statusCode": { - "type": "integer", - "example": 401 + "status": { + "type": "string", + "description": "The status of the action.", + "enum": [ + "error", + "ok" + ] } } } } } + }, + "401": { + "description": "Authorization information is missing or invalid.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/401_response" + } + } + } } }, "servers": [ @@ -2741,6 +2760,29 @@ "propertyName": "connector_type_id" } }, + "401_response": { + "type": "object", + "title": "Unsuccessful rule API response", + "properties": { + "error": { + "type": "string", + "example": "Unauthorized", + "enum": [ + "Unauthorized" + ] + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "integer", + "example": 401, + "enum": [ + 401 + ] + } + } + }, "update_connector_request_cases_webhook": { "title": "Update Webhook - Case Managment connector request", "type": "object", @@ -2919,6 +2961,29 @@ } } }, + "404_response": { + "type": "object", + "properties": { + "error": { + "type": "string", + "example": "Not Found", + "enum": [ + "Not Found" + ] + }, + "message": { + "type": "string", + "example": "Saved object [action/baf33fc0-920c-11ed-b36a-874bd1548a00] not found" + }, + "statusCode": { + "type": "integer", + "example": 404, + "enum": [ + 404 + ] + } + } + }, "connector_types": { "title": "Connector types", "type": "string", @@ -2953,6 +3018,51 @@ "uptime", "siem" ] + }, + "run_connector_request_index": { + "title": "Run index connector parameters", + "description": "Test an action that indexes a document into Elasticsearch.", + "type": "object", + "required": [ + "documents" + ], + "properties": { + "documents": { + "type": "array", + "description": "The documents to index in JSON format.", + "items": { + "type": "object", + "additionalProperties": true + } + } + } + }, + "run_connector_request_serverlog": { + "title": "Run server log connector parameters", + "description": "Test an action that writes an entry to the Kibana server log.", + "type": "object", + "required": [ + "message" + ], + "properties": { + "level": { + "type": "string", + "description": "The log level of the message.", + "enum": [ + "debug", + "error", + "fatal", + "info", + "trace", + "warn" + ], + "default": "info" + }, + "message": { + "type": "string", + "description": "The message to log." + } + } } }, "examples": { @@ -3072,6 +3182,29 @@ ] } ] + }, + "run_index_connector_request": { + "summary": "Run an index connector.", + "value": { + "params": { + "documents": [ + { + "id": "my_doc_id", + "name": "my_doc_name", + "message": "hello, world" + } + ] + } + } + }, + "run_server_log_connector_request": { + "summary": "Run a server log connector.", + "value": { + "params": { + "level": "warn", + "message": "Test warning message." + } + } } } }, diff --git a/x-pack/plugins/actions/docs/openapi/bundled.yaml b/x-pack/plugins/actions/docs/openapi/bundled.yaml index 1ffc0dc5da1eb..7ae87fe617377 100644 --- a/x-pack/plugins/actions/docs/openapi/bundled.yaml +++ b/x-pack/plugins/actions/docs/openapi/bundled.yaml @@ -71,16 +71,7 @@ paths: content: application/json: schema: - type: object - properties: - error: - type: string - example: Unauthorized - message: - type: string - statusCode: - type: integer - example: 401 + $ref: '#/components/schemas/401_response' servers: - url: https://localhost:5601 servers: @@ -111,16 +102,7 @@ paths: content: application/json: schema: - type: object - properties: - error: - type: string - example: Unauthorized - message: - type: string - statusCode: - type: integer - example: 401 + $ref: '#/components/schemas/401_response' '404': description: Object is not found. content: @@ -158,16 +140,7 @@ paths: content: application/json: schema: - type: object - properties: - error: - type: string - example: Unauthorized - message: - type: string - statusCode: - type: integer - example: 401 + $ref: '#/components/schemas/401_response' '404': description: Object is not found. content: @@ -245,32 +218,13 @@ paths: content: application/json: schema: - type: object - properties: - error: - type: string - example: Unauthorized - message: - type: string - statusCode: - type: integer - example: 401 + $ref: '#/components/schemas/401_response' '404': description: Object is not found. content: application/json: schema: - type: object - properties: - error: - type: string - example: Not Found - message: - type: string - example: Saved object [action/baf33fc0-920c-11ed-b36a-874bd1548a00] not found - statusCode: - type: integer - example: 404 + $ref: '#/components/schemas/404_response' servers: - url: https://localhost:5601 servers: @@ -338,16 +292,7 @@ paths: content: application/json: schema: - type: object - properties: - error: - type: string - example: Unauthorized - message: - type: string - statusCode: - type: integer - example: 401 + $ref: '#/components/schemas/401_response' servers: - url: https://localhost:5601 servers: @@ -415,19 +360,76 @@ paths: $ref: '#/components/examples/get_connector_types_response' '401': description: Authorization information is missing or invalid. + content: + application/json: + schema: + $ref: '#/components/schemas/401_response' + servers: + - url: https://localhost:5601 + servers: + - url: https://localhost:5601 + /s/{spaceId}/api/actions/connector/{connectorId}/_execute: + post: + summary: Runs a connector. + operationId: runConnector + description: | + You can use this API to test an action that involves interaction with Kibana services or integrations with third-party systems. You must have `read` privileges for the **Actions and Connectors** feature in the **Management** section of the Kibana feature privileges. If you use an index connector, you must also have `all`, `create`, `index`, or `write` indices privileges. + tags: + - connectors + parameters: + - $ref: '#/components/parameters/kbn_xsrf' + - $ref: '#/components/parameters/connector_id' + - $ref: '#/components/parameters/space_id' + requestBody: + required: true + content: + application/json: + schema: + title: Run connector request body properties + description: The properties vary depending on the connector type. + type: object + required: + - params + properties: + params: + oneOf: + - $ref: '#/components/schemas/run_connector_request_index' + - $ref: '#/components/schemas/run_connector_request_serverlog' + examples: + runIndexConnectorRequest: + $ref: '#/components/examples/run_index_connector_request' + runServerLogConnectorRequest: + $ref: '#/components/examples/run_server_log_connector_request' + responses: + '200': + description: Indicates a successful call. content: application/json: schema: type: object + required: + - connector_id + - status properties: - error: + connector_id: type: string - example: Unauthorized - message: + description: The identifier for the connector. + data: + type: object + description: Information returned from the action. + additionalProperties: true + status: type: string - statusCode: - type: integer - example: 401 + description: The status of the action. + enum: + - error + - ok + '401': + description: Authorization information is missing or invalid. + content: + application/json: + schema: + $ref: '#/components/schemas/401_response' servers: - url: https://localhost:5601 servers: @@ -1951,6 +1953,22 @@ components: - $ref: '#/components/schemas/connector_response_properties_xmatters' discriminator: propertyName: connector_type_id + 401_response: + type: object + title: Unsuccessful rule API response + properties: + error: + type: string + example: Unauthorized + enum: + - Unauthorized + message: + type: string + statusCode: + type: integer + example: 401 + enum: + - 401 update_connector_request_cases_webhook: title: Update Webhook - Case Managment connector request type: object @@ -2078,6 +2096,22 @@ components: example: my-connector secrets: $ref: '#/components/schemas/secrets_properties_swimlane' + 404_response: + type: object + properties: + error: + type: string + example: Not Found + enum: + - Not Found + message: + type: string + example: Saved object [action/baf33fc0-920c-11ed-b36a-874bd1548a00] not found + statusCode: + type: integer + example: 404 + enum: + - 404 connector_types: title: Connector types type: string @@ -2110,6 +2144,40 @@ components: - cases - uptime - siem + run_connector_request_index: + title: Run index connector parameters + description: Test an action that indexes a document into Elasticsearch. + type: object + required: + - documents + properties: + documents: + type: array + description: The documents to index in JSON format. + items: + type: object + additionalProperties: true + run_connector_request_serverlog: + title: Run server log connector parameters + description: Test an action that writes an entry to the Kibana server log. + type: object + required: + - message + properties: + level: + type: string + description: The log level of the message. + enum: + - debug + - error + - fatal + - info + - trace + - warn + default: info + message: + type: string + description: The message to log. examples: create_index_connector_request: summary: Create an index connector. @@ -2199,6 +2267,20 @@ components: supported_feature_ids: - alerting - uptime + run_index_connector_request: + summary: Run an index connector. + value: + params: + documents: + - id: my_doc_id + name: my_doc_name + message: hello, world + run_server_log_connector_request: + summary: Run a server log connector. + value: + params: + level: warn + message: Test warning message. security: - basicAuth: [] - apiKeyAuth: [] diff --git a/x-pack/plugins/actions/docs/openapi/components/examples/run_index_connector_request.yaml b/x-pack/plugins/actions/docs/openapi/components/examples/run_index_connector_request.yaml new file mode 100644 index 0000000000000..21bb1c9c3f618 --- /dev/null +++ b/x-pack/plugins/actions/docs/openapi/components/examples/run_index_connector_request.yaml @@ -0,0 +1,7 @@ +summary: Run an index connector. +value: + params: + documents: + - id: my_doc_id + name: my_doc_name + message: hello, world \ No newline at end of file diff --git a/x-pack/plugins/actions/docs/openapi/components/examples/run_index_connector_response.yaml b/x-pack/plugins/actions/docs/openapi/components/examples/run_index_connector_response.yaml new file mode 100644 index 0000000000000..018efc1cf839a --- /dev/null +++ b/x-pack/plugins/actions/docs/openapi/components/examples/run_index_connector_response.yaml @@ -0,0 +1,20 @@ +title: Response from running an index connector. +value: + connector_id: fd38c600-96a5-11ed-bb79-353b74189cba + data: + errors: false + items: + - create: + _id: 4JtvwYUBrcyxt2NnfW3y + _index: my-index + _primary_term: 1 + _seq_no: 0 + _shards: + failed: 0 + successful: 1 + total: 2 + _version: 1 + result: created + status: 201 + took: 135 + status: ok \ No newline at end of file diff --git a/x-pack/plugins/actions/docs/openapi/components/examples/run_server_log_connector_request.yaml b/x-pack/plugins/actions/docs/openapi/components/examples/run_server_log_connector_request.yaml new file mode 100644 index 0000000000000..0a5bf4568dba0 --- /dev/null +++ b/x-pack/plugins/actions/docs/openapi/components/examples/run_server_log_connector_request.yaml @@ -0,0 +1,5 @@ +summary: Run a server log connector. +value: + params: + level: warn + message: Test warning message. \ No newline at end of file diff --git a/x-pack/plugins/actions/docs/openapi/components/examples/run_server_log_connector_response.yaml b/x-pack/plugins/actions/docs/openapi/components/examples/run_server_log_connector_response.yaml new file mode 100644 index 0000000000000..10e4381cb2f88 --- /dev/null +++ b/x-pack/plugins/actions/docs/openapi/components/examples/run_server_log_connector_response.yaml @@ -0,0 +1,3 @@ +title: Response from running a server log connector. +value: + {} \ No newline at end of file diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/401_response.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/401_response.yaml new file mode 100644 index 0000000000000..c6044998f8649 --- /dev/null +++ b/x-pack/plugins/actions/docs/openapi/components/schemas/401_response.yaml @@ -0,0 +1,15 @@ +type: object +title: Unsuccessful rule API response +properties: + error: + type: string + example: Unauthorized + enum: + - Unauthorized + message: + type: string + statusCode: + type: integer + example: 401 + enum: + - 401 \ No newline at end of file diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/404_response.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/404_response.yaml new file mode 100644 index 0000000000000..298c50f418a67 --- /dev/null +++ b/x-pack/plugins/actions/docs/openapi/components/schemas/404_response.yaml @@ -0,0 +1,15 @@ +type: object +properties: + error: + type: string + example: Not Found + enum: + - Not Found + message: + type: string + example: "Saved object [action/baf33fc0-920c-11ed-b36a-874bd1548a00] not found" + statusCode: + type: integer + example: 404 + enum: + - 404 \ No newline at end of file diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_index.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_index.yaml new file mode 100644 index 0000000000000..00ecb2739dd21 --- /dev/null +++ b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_index.yaml @@ -0,0 +1,13 @@ +title: Run index connector parameters +description: Test an action that indexes a document into Elasticsearch. +type: object +required: + - documents +properties: + documents: + type: array + description: The documents to index in JSON format. + items: + type: object + additionalProperties: true + diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_serverlog.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_serverlog.yaml new file mode 100644 index 0000000000000..a6acce6314545 --- /dev/null +++ b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_serverlog.yaml @@ -0,0 +1,20 @@ +title: Run server log connector parameters +description: Test an action that writes an entry to the Kibana server log. +type: object +required: + - message +properties: + level: + type: string + description: The log level of the message. + enum: + - debug + - error + - fatal + - info + - trace + - warn + default: info + message: + type: string + description: The message to log. diff --git a/x-pack/plugins/actions/docs/openapi/entrypoint.yaml b/x-pack/plugins/actions/docs/openapi/entrypoint.yaml index 98a50c7304d58..579845aa9f6d8 100644 --- a/x-pack/plugins/actions/docs/openapi/entrypoint.yaml +++ b/x-pack/plugins/actions/docs/openapi/entrypoint.yaml @@ -23,18 +23,17 @@ paths: $ref: paths/s@{spaceid}@api@actions@connectors.yaml '/s/{spaceId}/api/actions/connector_types': $ref: paths/s@{spaceid}@api@actions@connector_types.yaml -# '/s/{spaceId}/api/actions/connector/{connectorId}/_execute': -# $ref: paths/s@{spaceid}@api@actions@connector@{connectorid}@_execute.yaml + '/s/{spaceId}/api/actions/connector/{connectorId}/_execute': + $ref: paths/s@{spaceid}@api@actions@connector@{connectorid}@_execute.yaml +# Deprecated endpoints: # '/s/{spaceId}/api/actions/action/{actionId}': # $ref: 'paths/s@{spaceid}@api@actions@action@{actionid}.yaml' # '/s/{spaceId}/api/actions': # $ref: 'paths/s@{spaceid}@api@actions.yaml' -# '/s/{spaceId}/api/actions/list_action_types': +# '/s/{spaceId}/api/actions/list_action_types': # $ref: 'paths/s@{spaceid}@api@actions@list_action_types.yaml' # '/s/{spaceId}/api/actions/action': # $ref: 'paths/s@{spaceid}@api@actions@action.yaml' -# '/s/{spaceId}/api/actions/action/{actionId}': -# $ref: 'paths/s@{spaceid}@api@actions@action@{actionid}.yaml' # '/s/{spaceId}/api/actions/action/{actionId}/_execute': # $ref: 'paths/s@{spaceid}@api@actions@action@{actionid}@_execute.yaml' components: diff --git a/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector.yaml b/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector.yaml index 110f35c650e91..fafabb5ce3065 100644 --- a/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector.yaml +++ b/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector.yaml @@ -6,7 +6,7 @@ post: tags: - connectors parameters: - - $ref: ../components/headers/kbn_xsrf.yaml + - $ref: '../components/headers/kbn_xsrf.yaml' - $ref: '../components/parameters/space_id.yaml' requestBody: required: true @@ -53,16 +53,7 @@ post: content: application/json: schema: - type: object - properties: - error: - type: string - example: Unauthorized - message: - type: string - statusCode: - type: integer - example: 401 + $ref: '../components/schemas/401_response.yaml' servers: - url: https://localhost:5601 servers: diff --git a/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}.yaml b/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}.yaml index c1cb7df5aa0f1..5633dd7b9dcb6 100644 --- a/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}.yaml +++ b/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}.yaml @@ -23,16 +23,7 @@ get: content: application/json: schema: - type: object - properties: - error: - type: string - example: Unauthorized - message: - type: string - statusCode: - type: integer - example: 401 + $ref: '../components/schemas/401_response.yaml' '404': description: Object is not found. content: @@ -61,7 +52,7 @@ delete: tags: - connectors parameters: - - $ref: ../components/headers/kbn_xsrf.yaml + - $ref: '../components/headers/kbn_xsrf.yaml' - $ref: '../components/parameters/connector_id.yaml' - $ref: '../components/parameters/space_id.yaml' responses: @@ -72,16 +63,7 @@ delete: content: application/json: schema: - type: object - properties: - error: - type: string - example: Unauthorized - message: - type: string - statusCode: - type: integer - example: 401 + $ref: '../components/schemas/401_response.yaml' '404': description: Object is not found. content: @@ -109,7 +91,7 @@ put: tags: - connectors parameters: - - $ref: ../components/headers/kbn_xsrf.yaml + - $ref: '../components/headers/kbn_xsrf.yaml' - $ref: '../components/parameters/connector_id.yaml' - $ref: '../components/parameters/space_id.yaml' requestBody: @@ -167,32 +149,13 @@ put: content: application/json: schema: - type: object - properties: - error: - type: string - example: Unauthorized - message: - type: string - statusCode: - type: integer - example: 401 + $ref: '../components/schemas/401_response.yaml' '404': description: Object is not found. content: application/json: schema: - type: object - properties: - error: - type: string - example: Not Found - message: - type: string - example: "Saved object [action/baf33fc0-920c-11ed-b36a-874bd1548a00] not found" - statusCode: - type: integer - example: 404 + $ref: '../components/schemas/404_response.yaml' servers: - url: https://localhost:5601 servers: diff --git a/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}@_execute.yaml b/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}@_execute.yaml new file mode 100644 index 0000000000000..803eaa3e88ddc --- /dev/null +++ b/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}@_execute.yaml @@ -0,0 +1,87 @@ +post: + summary: Runs a connector. + operationId: runConnector + description: > + You can use this API to test an action that involves interaction with Kibana services or integrations with third-party systems. + You must have `read` privileges for the **Actions and Connectors** feature in the **Management** section of the Kibana feature privileges. + If you use an index connector, you must also have `all`, `create`, `index`, or `write` indices privileges. + tags: + - connectors + parameters: + - $ref: '../components/headers/kbn_xsrf.yaml' + - $ref: '../components/parameters/connector_id.yaml' + - $ref: '../components/parameters/space_id.yaml' + requestBody: + required: true + content: + application/json: + schema: + title: Run connector request body properties + description: The properties vary depending on the connector type. + type: object + required: + - params + properties: + params: + oneOf: +# - $ref: '../components/schemas/run_connector_request_cases_webhook.yaml' +# - $ref: '../components/schemas/run_connector_request_email.yaml' + - $ref: '../components/schemas/run_connector_request_index.yaml' +# - $ref: '../components/schemas/run_connector_request_jira.yaml' +# - $ref: '../components/schemas/run_connector_request_opsgenie.yaml' +# - $ref: '../components/schemas/run_connector_request_pagerduty.yaml' +# - $ref: '../components/schemas/run_connector_request_resilient.yaml' + - $ref: '../components/schemas/run_connector_request_serverlog.yaml' +# - $ref: '../components/schemas/run_connector_request_servicenow.yaml' +# - $ref: '../components/schemas/run_connector_request_servicenow_itom.yaml' +# - $ref: '../components/schemas/run_connector_request_servicenow_sir.yaml' +# - $ref: '../components/schemas/run_connector_request_slack.yaml' +# - $ref: '../components/schemas/run_connector_request_swimlane.yaml' +# - $ref: '../components/schemas/run_connector_request_teams.yaml' +# - $ref: '../components/schemas/run_connector_request_tines.yaml' +# - $ref: '../components/schemas/run_connector_request_webhook.yaml' +# - $ref: '../components/schemas/run_connector_request_xmatters.yaml' + examples: + runIndexConnectorRequest: + $ref: '../components/examples/run_index_connector_request.yaml' + runServerLogConnectorRequest: + $ref: '../components/examples/run_server_log_connector_request.yaml' + responses: + '200': + description: Indicates a successful call. + content: + application/json: + schema: + type: object + required: + - connector_id + - status + properties: + connector_id: + type: string + description: The identifier for the connector. + data: + type: object + description: Information returned from the action. + additionalProperties: true + status: + type: string + description: The status of the action. + enum: + - error + - ok +# examples: +# runIndexConnectorResponse: +# $ref: '../components/examples/run_index_connector_response.yaml' +# runServerLogConnectorResponse: +# $ref: '../components/examples/run_server_log_connector_response.yaml' + '401': + description: Authorization information is missing or invalid. + content: + application/json: + schema: + $ref: '../components/schemas/401_response.yaml' + servers: + - url: https://localhost:5601 +servers: + - url: https://localhost:5601 diff --git a/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector_types.yaml b/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector_types.yaml index 001da54c13c14..72dcd25660533 100644 --- a/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector_types.yaml +++ b/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector_types.yaml @@ -63,16 +63,7 @@ get: content: application/json: schema: - type: object - properties: - error: - type: string - example: Unauthorized - message: - type: string - statusCode: - type: integer - example: 401 + $ref: '../components/schemas/401_response.yaml' servers: - url: https://localhost:5601 servers: diff --git a/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connectors.yaml b/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connectors.yaml index 2a0a075703f8a..afa2c05abdb62 100644 --- a/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connectors.yaml +++ b/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connectors.yaml @@ -60,16 +60,7 @@ get: content: application/json: schema: - type: object - properties: - error: - type: string - example: Unauthorized - message: - type: string - statusCode: - type: integer - example: 401 + $ref: '../components/schemas/401_response.yaml' servers: - url: https://localhost:5601 servers: From eae45cd5dc3c122849d192a1d2ca506af07e8c61 Mon Sep 17 00:00:00 2001 From: lcawl Date: Thu, 19 Jan 2023 19:37:22 -0800 Subject: [PATCH 02/11] [DOCS] Add Jira and OpenAPI connectors --- .../plugins/actions/docs/openapi/bundled.json | 462 ++++++++++++++++++ .../plugins/actions/docs/openapi/bundled.yaml | 317 ++++++++++++ .../examples/run_jira_connector_request.yaml | 4 + .../examples/run_jira_connector_response.yaml | 17 + .../schemas/run_connector_request_jira.yaml | 163 ++++++ .../run_connector_request_opsgenie.yaml | 143 ++++++ ...ions@connector@{connectorid}@_execute.yaml | 6 +- 7 files changed, 1110 insertions(+), 2 deletions(-) create mode 100644 x-pack/plugins/actions/docs/openapi/components/examples/run_jira_connector_request.yaml create mode 100644 x-pack/plugins/actions/docs/openapi/components/examples/run_jira_connector_response.yaml create mode 100644 x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_jira.yaml create mode 100644 x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_opsgenie.yaml diff --git a/x-pack/plugins/actions/docs/openapi/bundled.json b/x-pack/plugins/actions/docs/openapi/bundled.json index f7fd4c0207a04..b1629e1f6e9e8 100644 --- a/x-pack/plugins/actions/docs/openapi/bundled.json +++ b/x-pack/plugins/actions/docs/openapi/bundled.json @@ -663,6 +663,12 @@ { "$ref": "#/components/schemas/run_connector_request_index" }, + { + "$ref": "#/components/schemas/run_connector_request_jira" + }, + { + "$ref": "#/components/schemas/run_connector_request_opsgenie" + }, { "$ref": "#/components/schemas/run_connector_request_serverlog" } @@ -674,6 +680,9 @@ "runIndexConnectorRequest": { "$ref": "#/components/examples/run_index_connector_request" }, + "runJiraConnectorRequest": { + "$ref": "#/components/examples/run_jira_connector_request" + }, "runServerLogConnectorRequest": { "$ref": "#/components/examples/run_server_log_connector_request" } @@ -3037,6 +3046,451 @@ } } }, + "run_connector_request_jira": { + "title": "Run Jira connector parameters", + "description": "Test an action related to Jira issues.", + "oneOf": [ + { + "type": "object", + "required": [ + "subAction", + "subActionParams" + ], + "description": "Jira connector properties when `subAction` is `fieldsByIssueType`.", + "properties": { + "subAction": { + "type": "string", + "description": "The action to test.", + "enum": [ + "fieldsByIssueType" + ] + }, + "subActionParams": { + "type": "object", + "required": [ + "id" + ], + "properties": { + "id": { + "type": "string", + "description": "The Jira issue type identifier.", + "example": 10024 + } + } + } + } + }, + { + "type": "object", + "required": [ + "subAction" + ], + "description": "Jira connector properties when `subAction` is `getFields`.", + "properties": { + "subAction": { + "type": "string", + "description": "The action to test.", + "enum": [ + "getFields" + ] + } + } + }, + { + "type": "object", + "description": "Jira connector properties when `subAction` is `getIncident`.", + "required": [ + "subAction", + "subActionParams" + ], + "properties": { + "subAction": { + "type": "string", + "description": "The action to test.", + "enum": [ + "getIncident" + ] + }, + "subActionParams": { + "type": "object", + "required": [ + "externalId" + ], + "properties": { + "externalId": { + "type": "string", + "description": "The Jira issue identifier.", + "example": 71778 + } + } + } + } + }, + { + "type": "object", + "required": [ + "subAction" + ], + "description": "Jira connector properties when `subAction` is `issue`.", + "properties": { + "subAction": { + "type": "string", + "description": "The action to test.", + "enum": [ + "issue" + ] + }, + "subActionParams": { + "type": "object", + "required": [ + "id" + ], + "properties": { + "id": { + "type": "string", + "description": "The Jira issue identifier.", + "example": 71778 + } + } + } + } + }, + { + "type": "object", + "required": [ + "subAction", + "subActionParams" + ], + "description": "Jira connector properties when `subAction` is `issues`.", + "properties": { + "subAction": { + "type": "string", + "description": "The action to test.", + "enum": [ + "issues" + ] + }, + "subActionParams": { + "type": "object", + "required": [ + "title" + ], + "properties": { + "title": { + "type": "string", + "description": "The title of the Jira issue." + } + } + } + } + }, + { + "type": "object", + "required": [ + "subAction" + ], + "description": "Jira connector properties when `subAction` is `issueTypes`.", + "properties": { + "subAction": { + "type": "string", + "description": "The action to test.", + "enum": [ + "issueTypes" + ] + } + } + }, + { + "type": "object", + "required": [ + "subAction", + "subActionParams" + ], + "description": "Jira connector properties when `subAction` is `pushToService`.", + "properties": { + "subAction": { + "type": "string", + "description": "The action to test.", + "enum": [ + "pushToService" + ] + }, + "subActionParams": { + "type": "object", + "required": [ + "incident" + ], + "properties": { + "comments": { + "type": "array", + "description": "Additional information that is sent to Jira.", + "items": { + "type": "object", + "properties": { + "comment": { + "type": "string", + "description": "A comment related to the incident. For example, describe how to troubleshoot the issue." + }, + "commentId": { + "type": "integer", + "description": "A unique identifier for the comment." + } + } + } + }, + "incident": { + "type": "object", + "required": [ + "summary" + ], + "description": "Information necessary to create or update a Jira incident.", + "properties": { + "description": { + "type": "string", + "description": "The details about the incident." + }, + "externalId": { + "type": "string", + "description": "The Jira issue identifier. If present, the incident is updated. Otherwise, a new incident is created." + }, + "labels": { + "type": "array", + "description": "The labels for the incident. For example, `[\"LABEL1\"]`. NOTE: Labels cannot contain spaces.", + "items": { + "type": "string" + } + }, + "issueType": { + "type": "integer", + "description": "The type of incident. For example, `10006`. To obtain the list of valid values, set `subAction` to `issueTypes`." + }, + "parent": { + "type": "string", + "description": "The ID or key of the parent issue. Applies only to `Sub-task` types of issues." + }, + "priority": { + "type": "string", + "description": "The incident priority level. For example, `Lowest`." + }, + "summary": { + "type": "string", + "description": "A summary of the incident." + }, + "title": { + "type": "string", + "description": "A title for the incident, used for searching the contents of the knowledge base." + } + } + } + } + } + } + } + ], + "discriminator": { + "propertyName": "subAction" + } + }, + "run_connector_request_opsgenie": { + "title": "Run Opsgenie connector parameters", + "description": "Test an Opsgenie action.", + "oneOf": [ + { + "type": "object", + "required": [ + "subAction", + "subActionParams" + ], + "description": "Opsgenie connector properties when `subAction` is `closeAlert`.", + "properties": { + "subAction": { + "type": "string", + "description": "The action to test.", + "enum": [ + "closeAlert" + ] + }, + "subActionParams": { + "type": "object", + "required": [ + "alias" + ], + "properties": { + "alias": { + "type": "string", + "description": "The unique identifier used for alert deduplication in Opsgenie. The alias must match the value used when creating the alert." + }, + "note": { + "type": "string", + "description": "Additional information for the alert." + }, + "source": { + "type": "string", + "description": "The display name for the source of the alert." + }, + "user": { + "type": "string", + "description": "The display name for the owner." + } + } + } + } + }, + { + "type": "object", + "required": [ + "subAction", + "subActionParams" + ], + "description": "Opsgenie connector properties when `subAction` is `createAlert`.", + "properties": { + "subAction": { + "type": "string", + "description": "The action to test.", + "enum": [ + "createAlert" + ] + }, + "subActionParams": { + "type": "object", + "required": [ + "message" + ], + "properties": { + "actions": { + "type": "array", + "description": "The custom actions available to the alert.", + "items": { + "type": "string" + } + }, + "alias": { + "type": "string", + "description": "The unique identifier used for alert deduplication in Opsgenie." + }, + "description": { + "type": "string", + "description": "A description that provides detailed information about the alert." + }, + "details": { + "type": "object", + "description": "The custom properties of the alert.", + "additionalProperties": true, + "example": { + "key1": "value1", + "key2": "value2" + } + }, + "entity": { + "type": "string", + "description": "The domain of the alert. For example, the application or server name." + }, + "message": { + "type": "string", + "description": "The alert message." + }, + "note": { + "type": "string", + "description": "Additional information for the alert." + }, + "priority": { + "type": "string", + "description": "The priority level for the alert.", + "enum": [ + "P1", + "P2", + "P3", + "P4", + "P5" + ] + }, + "responders": { + "type": "array", + "description": "The entities to receive notifications about the alert. If `type` is `user`, either `id` or `username` is required. If `type` is `team`, either `id` or `name` is required.\n", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The identifier for the entity." + }, + "name": { + "type": "string", + "description": "The name of the entity." + }, + "type": { + "type": "string", + "description": "The type of responders, in this case `escalation`.", + "enum": [ + "escalation", + "schedule", + "team", + "user" + ] + }, + "username": { + "type": "string", + "description": "A valid email address for the user." + } + } + } + }, + "source": { + "type": "string", + "description": "The display name for the source of the alert." + }, + "tags": { + "type": "array", + "description": "The tags for the alert.", + "items": { + "type": "string" + } + }, + "user": { + "type": "string", + "description": "The display name for the owner." + }, + "visibleTo": { + "type": "array", + "description": "The teams and users that the alert will be visible to without sending a notification. Only one of `id`, `name`, or `username` is required.", + "items": { + "type": "object", + "required": [ + "type" + ], + "properties": { + "id": { + "type": "string", + "description": "The identifier for the entity." + }, + "name": { + "type": "string", + "description": "The name of the entity." + }, + "type": { + "type": "string", + "description": "Valid values are `team` and `user`.", + "enum": [ + "team", + "user" + ] + }, + "username": { + "type": "string", + "description": "The user name. This property is required only when the `type` is `user`." + } + } + } + } + } + } + } + } + ], + "discriminator": { + "propertyName": "subAction" + } + }, "run_connector_request_serverlog": { "title": "Run server log connector parameters", "description": "Test an action that writes an entry to the Kibana server log.", @@ -3197,6 +3651,14 @@ } } }, + "run_jira_connector_request": { + "summary": "Run a Jira connector to retrieve the list of issue types.", + "value": { + "params": { + "subAction": "issueTypes" + } + } + }, "run_server_log_connector_request": { "summary": "Run a server log connector.", "value": { diff --git a/x-pack/plugins/actions/docs/openapi/bundled.yaml b/x-pack/plugins/actions/docs/openapi/bundled.yaml index 7ae87fe617377..5b5722e181847 100644 --- a/x-pack/plugins/actions/docs/openapi/bundled.yaml +++ b/x-pack/plugins/actions/docs/openapi/bundled.yaml @@ -394,10 +394,14 @@ paths: params: oneOf: - $ref: '#/components/schemas/run_connector_request_index' + - $ref: '#/components/schemas/run_connector_request_jira' + - $ref: '#/components/schemas/run_connector_request_opsgenie' - $ref: '#/components/schemas/run_connector_request_serverlog' examples: runIndexConnectorRequest: $ref: '#/components/examples/run_index_connector_request' + runJiraConnectorRequest: + $ref: '#/components/examples/run_jira_connector_request' runServerLogConnectorRequest: $ref: '#/components/examples/run_server_log_connector_request' responses: @@ -2157,6 +2161,314 @@ components: items: type: object additionalProperties: true + run_connector_request_jira: + title: Run Jira connector parameters + description: Test an action related to Jira issues. + oneOf: + - type: object + required: + - subAction + - subActionParams + description: Jira connector properties when `subAction` is `fieldsByIssueType`. + properties: + subAction: + type: string + description: The action to test. + enum: + - fieldsByIssueType + subActionParams: + type: object + required: + - id + properties: + id: + type: string + description: The Jira issue type identifier. + example: 10024 + - type: object + required: + - subAction + description: Jira connector properties when `subAction` is `getFields`. + properties: + subAction: + type: string + description: The action to test. + enum: + - getFields + - type: object + description: Jira connector properties when `subAction` is `getIncident`. + required: + - subAction + - subActionParams + properties: + subAction: + type: string + description: The action to test. + enum: + - getIncident + subActionParams: + type: object + required: + - externalId + properties: + externalId: + type: string + description: The Jira issue identifier. + example: 71778 + - type: object + required: + - subAction + description: Jira connector properties when `subAction` is `issue`. + properties: + subAction: + type: string + description: The action to test. + enum: + - issue + subActionParams: + type: object + required: + - id + properties: + id: + type: string + description: The Jira issue identifier. + example: 71778 + - type: object + required: + - subAction + - subActionParams + description: Jira connector properties when `subAction` is `issues`. + properties: + subAction: + type: string + description: The action to test. + enum: + - issues + subActionParams: + type: object + required: + - title + properties: + title: + type: string + description: The title of the Jira issue. + - type: object + required: + - subAction + description: Jira connector properties when `subAction` is `issueTypes`. + properties: + subAction: + type: string + description: The action to test. + enum: + - issueTypes + - type: object + required: + - subAction + - subActionParams + description: Jira connector properties when `subAction` is `pushToService`. + properties: + subAction: + type: string + description: The action to test. + enum: + - pushToService + subActionParams: + type: object + required: + - incident + properties: + comments: + type: array + description: Additional information that is sent to Jira. + items: + type: object + properties: + comment: + type: string + description: A comment related to the incident. For example, describe how to troubleshoot the issue. + commentId: + type: integer + description: A unique identifier for the comment. + incident: + type: object + required: + - summary + description: Information necessary to create or update a Jira incident. + properties: + description: + type: string + description: The details about the incident. + externalId: + type: string + description: The Jira issue identifier. If present, the incident is updated. Otherwise, a new incident is created. + labels: + type: array + description: 'The labels for the incident. For example, `["LABEL1"]`. NOTE: Labels cannot contain spaces.' + items: + type: string + issueType: + type: integer + description: The type of incident. For example, `10006`. To obtain the list of valid values, set `subAction` to `issueTypes`. + parent: + type: string + description: The ID or key of the parent issue. Applies only to `Sub-task` types of issues. + priority: + type: string + description: The incident priority level. For example, `Lowest`. + summary: + type: string + description: A summary of the incident. + title: + type: string + description: A title for the incident, used for searching the contents of the knowledge base. + discriminator: + propertyName: subAction + run_connector_request_opsgenie: + title: Run Opsgenie connector parameters + description: Test an Opsgenie action. + oneOf: + - type: object + required: + - subAction + - subActionParams + description: Opsgenie connector properties when `subAction` is `closeAlert`. + properties: + subAction: + type: string + description: The action to test. + enum: + - closeAlert + subActionParams: + type: object + required: + - alias + properties: + alias: + type: string + description: The unique identifier used for alert deduplication in Opsgenie. The alias must match the value used when creating the alert. + note: + type: string + description: Additional information for the alert. + source: + type: string + description: The display name for the source of the alert. + user: + type: string + description: The display name for the owner. + - type: object + required: + - subAction + - subActionParams + description: Opsgenie connector properties when `subAction` is `createAlert`. + properties: + subAction: + type: string + description: The action to test. + enum: + - createAlert + subActionParams: + type: object + required: + - message + properties: + actions: + type: array + description: The custom actions available to the alert. + items: + type: string + alias: + type: string + description: The unique identifier used for alert deduplication in Opsgenie. + description: + type: string + description: A description that provides detailed information about the alert. + details: + type: object + description: The custom properties of the alert. + additionalProperties: true + example: + key1: value1 + key2: value2 + entity: + type: string + description: The domain of the alert. For example, the application or server name. + message: + type: string + description: The alert message. + note: + type: string + description: Additional information for the alert. + priority: + type: string + description: The priority level for the alert. + enum: + - P1 + - P2 + - P3 + - P4 + - P5 + responders: + type: array + description: | + The entities to receive notifications about the alert. If `type` is `user`, either `id` or `username` is required. If `type` is `team`, either `id` or `name` is required. + items: + type: object + properties: + id: + type: string + description: The identifier for the entity. + name: + type: string + description: The name of the entity. + type: + type: string + description: The type of responders, in this case `escalation`. + enum: + - escalation + - schedule + - team + - user + username: + type: string + description: A valid email address for the user. + source: + type: string + description: The display name for the source of the alert. + tags: + type: array + description: The tags for the alert. + items: + type: string + user: + type: string + description: The display name for the owner. + visibleTo: + type: array + description: The teams and users that the alert will be visible to without sending a notification. Only one of `id`, `name`, or `username` is required. + items: + type: object + required: + - type + properties: + id: + type: string + description: The identifier for the entity. + name: + type: string + description: The name of the entity. + type: + type: string + description: Valid values are `team` and `user`. + enum: + - team + - user + username: + type: string + description: The user name. This property is required only when the `type` is `user`. + discriminator: + propertyName: subAction run_connector_request_serverlog: title: Run server log connector parameters description: Test an action that writes an entry to the Kibana server log. @@ -2275,6 +2587,11 @@ components: - id: my_doc_id name: my_doc_name message: hello, world + run_jira_connector_request: + summary: Run a Jira connector to retrieve the list of issue types. + value: + params: + subAction: issueTypes run_server_log_connector_request: summary: Run a server log connector. value: diff --git a/x-pack/plugins/actions/docs/openapi/components/examples/run_jira_connector_request.yaml b/x-pack/plugins/actions/docs/openapi/components/examples/run_jira_connector_request.yaml new file mode 100644 index 0000000000000..6dce9b9bbc153 --- /dev/null +++ b/x-pack/plugins/actions/docs/openapi/components/examples/run_jira_connector_request.yaml @@ -0,0 +1,4 @@ +summary: Run a Jira connector to retrieve the list of issue types. +value: + params: + subAction: issueTypes \ No newline at end of file diff --git a/x-pack/plugins/actions/docs/openapi/components/examples/run_jira_connector_response.yaml b/x-pack/plugins/actions/docs/openapi/components/examples/run_jira_connector_response.yaml new file mode 100644 index 0000000000000..2c482ef7d9ae8 --- /dev/null +++ b/x-pack/plugins/actions/docs/openapi/components/examples/run_jira_connector_response.yaml @@ -0,0 +1,17 @@ +title: Response from retrieving the list of issue types for a Jira connector. +value: + connector_id: b3aad810-edbe-11ec-82d1-11348ecbf4a6 + data: + - id: 10024 + name: Improvement + - id: 10006 + name: Task + - id: 10007 + name: Sub-task + - id: 10025 + name: New Feature + - id: 10023 + name: Bug + - id: 10000 + name: Epic + status: ok \ No newline at end of file diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_jira.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_jira.yaml new file mode 100644 index 0000000000000..0817b89e7a5a8 --- /dev/null +++ b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_jira.yaml @@ -0,0 +1,163 @@ +title: Run Jira connector parameters +description: Test an action related to Jira issues. +oneOf: + - type: object + required: + - subAction + - subActionParams + description: Jira connector properties when `subAction` is `fieldsByIssueType`. + properties: + subAction: + type: string + description: The action to test. + enum: + - fieldsByIssueType + subActionParams: + type: object + required: + - id + properties: + id: + type: string + description: The Jira issue type identifier. + example: 10024 + - type: object + required: + - subAction + description: Jira connector properties when `subAction` is `getFields`. + properties: + subAction: + type: string + description: The action to test. + enum: + - getFields + - type: object + description: Jira connector properties when `subAction` is `getIncident`. + required: + - subAction + - subActionParams + properties: + subAction: + type: string + description: The action to test. + enum: + - getIncident + subActionParams: + type: object + required: + - externalId + properties: + externalId: + type: string + description: The Jira issue identifier. + example: 71778 + - type: object + required: + - subAction + description: Jira connector properties when `subAction` is `issue`. + properties: + subAction: + type: string + description: The action to test. + enum: + - issue + subActionParams: + type: object + required: + - id + properties: + id: + type: string + description: The Jira issue identifier. + example: 71778 + - type: object + required: + - subAction + - subActionParams + description: Jira connector properties when `subAction` is `issues`. + properties: + subAction: + type: string + description: The action to test. + enum: + - issues + subActionParams: + type: object + required: + - title + properties: + title: + type: string + description: The title of the Jira issue. + - type: object + required: + - subAction + description: Jira connector properties when `subAction` is `issueTypes`. + properties: + subAction: + type: string + description: The action to test. + enum: + - issueTypes + - type: object + required: + - subAction + - subActionParams + description: Jira connector properties when `subAction` is `pushToService`. + properties: + subAction: + type: string + description: The action to test. + enum: + - pushToService + subActionParams: + type: object + required: + - incident + properties: + comments: + type: array + description: Additional information that is sent to Jira. + items: + type: object + properties: + comment: + type: string + description: A comment related to the incident. For example, describe how to troubleshoot the issue. + commentId: + type: integer + description: A unique identifier for the comment. + incident: + type: object + required: + - summary + description: Information necessary to create or update a Jira incident. + properties: + description: + type: string + description: The details about the incident. + externalId: + type: string + description: The Jira issue identifier. If present, the incident is updated. Otherwise, a new incident is created. + labels: + type: array + description: "The labels for the incident. For example, `[\"LABEL1\"]`. NOTE: Labels cannot contain spaces." + items: + type: string + issueType: + type: integer + description: The type of incident. For example, `10006`. To obtain the list of valid values, set `subAction` to `issueTypes`. + parent: + type: string + description: The ID or key of the parent issue. Applies only to `Sub-task` types of issues. + priority: + type: string + description: The incident priority level. For example, `Lowest`. + summary: + type: string + description: A summary of the incident. + title: + type: string + description: A title for the incident, used for searching the contents of the knowledge base. +discriminator: + propertyName: subAction diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_opsgenie.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_opsgenie.yaml new file mode 100644 index 0000000000000..0077e2304e766 --- /dev/null +++ b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_opsgenie.yaml @@ -0,0 +1,143 @@ +title: Run Opsgenie connector parameters +description: Test an Opsgenie action. +oneOf: + - type: object + required: + - subAction + - subActionParams + description: Opsgenie connector properties when `subAction` is `closeAlert`. + properties: + subAction: + type: string + description: The action to test. + enum: + - closeAlert + subActionParams: + type: object + required: + - alias + properties: + alias: + type: string + description: The unique identifier used for alert deduplication in Opsgenie. The alias must match the value used when creating the alert. + note: + type: string + description: Additional information for the alert. + source: + type: string + description: The display name for the source of the alert. + user: + type: string + description: The display name for the owner. + - type: object + required: + - subAction + - subActionParams + description: Opsgenie connector properties when `subAction` is `createAlert`. + properties: + subAction: + type: string + description: The action to test. + enum: + - createAlert + subActionParams: + type: object + required: + - message + properties: + actions: + type: array + description: The custom actions available to the alert. + items: + type: string + alias: + type: string + description: The unique identifier used for alert deduplication in Opsgenie. + description: + type: string + description: A description that provides detailed information about the alert. + details: + type: object + description: The custom properties of the alert. + additionalProperties: true + example: {"key1":"value1","key2":"value2"} + entity: + type: string + description: The domain of the alert. For example, the application or server name. + message: + type: string + description: The alert message. + note: + type: string + description: Additional information for the alert. + priority: + type: string + description: The priority level for the alert. + enum: + - P1 + - P2 + - P3 + - P4 + - P5 + responders: + type: array + description: > + The entities to receive notifications about the alert. + If `type` is `user`, either `id` or `username` is required. + If `type` is `team`, either `id` or `name` is required. + items: + type: object + properties: + id: + type: string + description: The identifier for the entity. + name: + type: string + description: The name of the entity. + type: + type: string + description: The type of responders, in this case `escalation`. + enum: + - escalation + - schedule + - team + - user + username: + type: string + description: A valid email address for the user. + source: + type: string + description: The display name for the source of the alert. + tags: + type: array + description: The tags for the alert. + items: + type: string + user: + type: string + description: The display name for the owner. + visibleTo: + type: array + description: The teams and users that the alert will be visible to without sending a notification. Only one of `id`, `name`, or `username` is required. + items: + type: object + required: + - type + properties: + id: + type: string + description: The identifier for the entity. + name: + type: string + description: The name of the entity. + type: + type: string + description: Valid values are `team` and `user`. + enum: + - team + - user + username: + type: string + description: The user name. This property is required only when the `type` is `user`. +discriminator: + propertyName: subAction diff --git a/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}@_execute.yaml b/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}@_execute.yaml index 803eaa3e88ddc..a617defcaf7be 100644 --- a/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}@_execute.yaml +++ b/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}@_execute.yaml @@ -27,8 +27,8 @@ post: # - $ref: '../components/schemas/run_connector_request_cases_webhook.yaml' # - $ref: '../components/schemas/run_connector_request_email.yaml' - $ref: '../components/schemas/run_connector_request_index.yaml' -# - $ref: '../components/schemas/run_connector_request_jira.yaml' -# - $ref: '../components/schemas/run_connector_request_opsgenie.yaml' + - $ref: '../components/schemas/run_connector_request_jira.yaml' + - $ref: '../components/schemas/run_connector_request_opsgenie.yaml' # - $ref: '../components/schemas/run_connector_request_pagerduty.yaml' # - $ref: '../components/schemas/run_connector_request_resilient.yaml' - $ref: '../components/schemas/run_connector_request_serverlog.yaml' @@ -44,6 +44,8 @@ post: examples: runIndexConnectorRequest: $ref: '../components/examples/run_index_connector_request.yaml' + runJiraConnectorRequest: + $ref: '../components/examples/run_jira_connector_request.yaml' runServerLogConnectorRequest: $ref: '../components/examples/run_server_log_connector_request.yaml' responses: From 45eddb5a16b7c0aa20f27dbc7cb4297635dcb4b1 Mon Sep 17 00:00:00 2001 From: lcawl Date: Mon, 23 Jan 2023 17:33:01 -0800 Subject: [PATCH 03/11] [DOCS] Add examples for index, server log, and Jira connectors --- .../plugins/actions/docs/openapi/bundled.json | 97 ++++++++++++++++++- .../plugins/actions/docs/openapi/bundled.yaml | 62 +++++++++++- .../run_index_connector_response.yaml | 2 +- .../examples/run_jira_connector_response.yaml | 2 +- .../run_server_log_connector_response.yaml | 5 +- ...ions@connector@{connectorid}@_execute.yaml | 23 +++-- 6 files changed, 173 insertions(+), 18 deletions(-) diff --git a/x-pack/plugins/actions/docs/openapi/bundled.json b/x-pack/plugins/actions/docs/openapi/bundled.json index b1629e1f6e9e8..2af656a0c3228 100644 --- a/x-pack/plugins/actions/docs/openapi/bundled.json +++ b/x-pack/plugins/actions/docs/openapi/bundled.json @@ -707,9 +707,20 @@ "description": "The identifier for the connector." }, "data": { - "type": "object", - "description": "Information returned from the action.", - "additionalProperties": true + "oneOf": [ + { + "type": "object", + "description": "Information returned from the action.", + "additionalProperties": true + }, + { + "type": "array", + "description": "An array of information returned from the action.", + "items": { + "type": "object" + } + } + ] }, "status": { "type": "string", @@ -720,6 +731,17 @@ ] } } + }, + "examples": { + "runIndexConnectorResponse": { + "$ref": "#/components/examples/run_index_connector_response" + }, + "runJiraConnectorResponse": { + "$ref": "#/components/examples/run_jira_connector_response" + }, + "runServerLogConnectorResponse": { + "$ref": "#/components/examples/run_server_log_connector_response" + } } } } @@ -3667,6 +3689,75 @@ "message": "Test warning message." } } + }, + "run_index_connector_response": { + "summary": "Response from running an index connector.", + "value": { + "connector_id": "fd38c600-96a5-11ed-bb79-353b74189cba", + "data": { + "errors": false, + "items": [ + { + "create": { + "_id": "4JtvwYUBrcyxt2NnfW3y", + "_index": "my-index", + "_primary_term": 1, + "_seq_no": 0, + "_shards": { + "failed": 0, + "successful": 1, + "total": 2 + }, + "_version": 1, + "result": "created", + "status": 201 + } + } + ], + "took": 135 + }, + "status": "ok" + } + }, + "run_jira_connector_response": { + "summary": "Response from retrieving the list of issue types for a Jira connector.", + "value": { + "connector_id": "b3aad810-edbe-11ec-82d1-11348ecbf4a6", + "data": [ + { + "id": 10024, + "name": "Improvement" + }, + { + "id": 10006, + "name": "Task" + }, + { + "id": 10007, + "name": "Sub-task" + }, + { + "id": 10025, + "name": "New Feature" + }, + { + "id": 10023, + "name": "Bug" + }, + { + "id": 10000, + "name": "Epic" + } + ], + "status": "ok" + } + }, + "run_server_log_connector_response": { + "summary": "Response from running a server log connector.", + "value": { + "connector_id": "7fc7b9a0-ecc9-11ec-8736-e7d63118c907", + "status": "ok" + } } } }, diff --git a/x-pack/plugins/actions/docs/openapi/bundled.yaml b/x-pack/plugins/actions/docs/openapi/bundled.yaml index 5b5722e181847..b8359cbc87d2e 100644 --- a/x-pack/plugins/actions/docs/openapi/bundled.yaml +++ b/x-pack/plugins/actions/docs/openapi/bundled.yaml @@ -419,15 +419,27 @@ paths: type: string description: The identifier for the connector. data: - type: object - description: Information returned from the action. - additionalProperties: true + oneOf: + - type: object + description: Information returned from the action. + additionalProperties: true + - type: array + description: An array of information returned from the action. + items: + type: object status: type: string description: The status of the action. enum: - error - ok + examples: + runIndexConnectorResponse: + $ref: '#/components/examples/run_index_connector_response' + runJiraConnectorResponse: + $ref: '#/components/examples/run_jira_connector_response' + runServerLogConnectorResponse: + $ref: '#/components/examples/run_server_log_connector_response' '401': description: Authorization information is missing or invalid. content: @@ -2598,6 +2610,50 @@ components: params: level: warn message: Test warning message. + run_index_connector_response: + summary: Response from running an index connector. + value: + connector_id: fd38c600-96a5-11ed-bb79-353b74189cba + data: + errors: false + items: + - create: + _id: 4JtvwYUBrcyxt2NnfW3y + _index: my-index + _primary_term: 1 + _seq_no: 0 + _shards: + failed: 0 + successful: 1 + total: 2 + _version: 1 + result: created + status: 201 + took: 135 + status: ok + run_jira_connector_response: + summary: Response from retrieving the list of issue types for a Jira connector. + value: + connector_id: b3aad810-edbe-11ec-82d1-11348ecbf4a6 + data: + - id: 10024 + name: Improvement + - id: 10006 + name: Task + - id: 10007 + name: Sub-task + - id: 10025 + name: New Feature + - id: 10023 + name: Bug + - id: 10000 + name: Epic + status: ok + run_server_log_connector_response: + summary: Response from running a server log connector. + value: + connector_id: 7fc7b9a0-ecc9-11ec-8736-e7d63118c907 + status: ok security: - basicAuth: [] - apiKeyAuth: [] diff --git a/x-pack/plugins/actions/docs/openapi/components/examples/run_index_connector_response.yaml b/x-pack/plugins/actions/docs/openapi/components/examples/run_index_connector_response.yaml index 018efc1cf839a..0da76e1e1d1b4 100644 --- a/x-pack/plugins/actions/docs/openapi/components/examples/run_index_connector_response.yaml +++ b/x-pack/plugins/actions/docs/openapi/components/examples/run_index_connector_response.yaml @@ -1,4 +1,4 @@ -title: Response from running an index connector. +summary: Response from running an index connector. value: connector_id: fd38c600-96a5-11ed-bb79-353b74189cba data: diff --git a/x-pack/plugins/actions/docs/openapi/components/examples/run_jira_connector_response.yaml b/x-pack/plugins/actions/docs/openapi/components/examples/run_jira_connector_response.yaml index 2c482ef7d9ae8..ef3b1be138c63 100644 --- a/x-pack/plugins/actions/docs/openapi/components/examples/run_jira_connector_response.yaml +++ b/x-pack/plugins/actions/docs/openapi/components/examples/run_jira_connector_response.yaml @@ -1,4 +1,4 @@ -title: Response from retrieving the list of issue types for a Jira connector. +summary: Response from retrieving the list of issue types for a Jira connector. value: connector_id: b3aad810-edbe-11ec-82d1-11348ecbf4a6 data: diff --git a/x-pack/plugins/actions/docs/openapi/components/examples/run_server_log_connector_response.yaml b/x-pack/plugins/actions/docs/openapi/components/examples/run_server_log_connector_response.yaml index 10e4381cb2f88..604a32b1abd2d 100644 --- a/x-pack/plugins/actions/docs/openapi/components/examples/run_server_log_connector_response.yaml +++ b/x-pack/plugins/actions/docs/openapi/components/examples/run_server_log_connector_response.yaml @@ -1,3 +1,4 @@ -title: Response from running a server log connector. +summary: Response from running a server log connector. value: - {} \ No newline at end of file + connector_id: 7fc7b9a0-ecc9-11ec-8736-e7d63118c907 + status: ok diff --git a/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}@_execute.yaml b/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}@_execute.yaml index a617defcaf7be..b310db5c77af5 100644 --- a/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}@_execute.yaml +++ b/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}@_execute.yaml @@ -63,20 +63,27 @@ post: type: string description: The identifier for the connector. data: - type: object - description: Information returned from the action. - additionalProperties: true + oneOf: + - type: object + description: Information returned from the action. + additionalProperties: true + - type: array + description: An array of information returned from the action. + items: + type: object status: type: string description: The status of the action. enum: - error - ok -# examples: -# runIndexConnectorResponse: -# $ref: '../components/examples/run_index_connector_response.yaml' -# runServerLogConnectorResponse: -# $ref: '../components/examples/run_server_log_connector_response.yaml' + examples: + runIndexConnectorResponse: + $ref: '../components/examples/run_index_connector_response.yaml' + runJiraConnectorResponse: + $ref: '../components/examples/run_jira_connector_response.yaml' + runServerLogConnectorResponse: + $ref: '../components/examples/run_server_log_connector_response.yaml' '401': description: Authorization information is missing or invalid. content: From 427684eb2fa29f307c27c6c8adef33b460b73658 Mon Sep 17 00:00:00 2001 From: lcawl Date: Tue, 24 Jan 2023 16:49:55 -0800 Subject: [PATCH 04/11] [DOCS] Add ServiceNow ITOM connector details --- .../plugins/actions/docs/openapi/bundled.json | 194 ++++++++++++++++++ .../plugins/actions/docs/openapi/bundled.yaml | 131 ++++++++++++ ...run_servicenow_itom_connector_request.yaml | 8 + ...un_servicenow_itom_connector_response.yaml | 41 ++++ ...run_connector_request_servicenow_itom.yaml | 74 +++++++ ...ions@connector@{connectorid}@_execute.yaml | 6 +- 6 files changed, 453 insertions(+), 1 deletion(-) create mode 100644 x-pack/plugins/actions/docs/openapi/components/examples/run_servicenow_itom_connector_request.yaml create mode 100644 x-pack/plugins/actions/docs/openapi/components/examples/run_servicenow_itom_connector_response.yaml create mode 100644 x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_servicenow_itom.yaml diff --git a/x-pack/plugins/actions/docs/openapi/bundled.json b/x-pack/plugins/actions/docs/openapi/bundled.json index 2af656a0c3228..32d433fda67ae 100644 --- a/x-pack/plugins/actions/docs/openapi/bundled.json +++ b/x-pack/plugins/actions/docs/openapi/bundled.json @@ -671,6 +671,9 @@ }, { "$ref": "#/components/schemas/run_connector_request_serverlog" + }, + { + "$ref": "#/components/schemas/run_connector_request_servicenow_itom" } ] } @@ -685,6 +688,9 @@ }, "runServerLogConnectorRequest": { "$ref": "#/components/examples/run_server_log_connector_request" + }, + "runServiceNowITOMRequest": { + "$ref": "#/components/examples/run_servicenow_itom_connector_request" } } } @@ -741,6 +747,9 @@ }, "runServerLogConnectorResponse": { "$ref": "#/components/examples/run_server_log_connector_response" + }, + "runServiceNowITOMConnectorResponse": { + "$ref": "#/components/examples/run_servicenow_itom_connector_response" } } } @@ -3539,6 +3548,114 @@ "description": "The message to log." } } + }, + "run_connector_request_servicenow_itom": { + "title": "Run ServiceNow ITOM connector parameters", + "description": "Test a ServiceNow action.", + "oneOf": [ + { + "type": "object", + "required": [ + "subAction" + ], + "description": "ServiceNow ITOM connector properties when `subAction` is `addEvent`.", + "properties": { + "subAction": { + "type": "string", + "description": "The action to test.", + "enum": [ + "addEvent" + ] + }, + "subActionParams": { + "type": "object", + "description": "The set of configuration properties for the action.", + "properties": { + "additional_info": { + "type": "string", + "description": "Additional information about the event." + }, + "description": { + "type": "string", + "description": "The details about the event." + }, + "event_class": { + "type": "string", + "description": "A specific instance of the source." + }, + "message_key": { + "type": "string", + "description": "All actions sharing this key are associated with the same ServiceNow alert. The default value is `:`." + }, + "metric_name": { + "type": "string", + "description": "The name of the metric." + }, + "node": { + "type": "string", + "description": "The host that the event was triggered for." + }, + "resource": { + "type": "string", + "description": "The name of the resource." + }, + "severity": { + "type": "string", + "description": "The severity of the event." + }, + "source": { + "type": "string", + "description": "The name of the event source type." + }, + "time_of_event": { + "type": "string", + "description": "The time of the event." + }, + "type": { + "type": "string", + "description": "The type of event." + } + } + } + } + }, + { + "type": "object", + "required": [ + "subAction", + "subActionParams" + ], + "description": "ServiceNow ITOM connector properties when `subAction` is `getChoices`.", + "properties": { + "subAction": { + "type": "string", + "description": "The action to test.", + "enum": [ + "getChoices" + ] + }, + "subActionParams": { + "type": "object", + "description": "The set of configuration properties for the action.", + "required": [ + "fields" + ], + "properties": { + "fields": { + "type": "array", + "description": "An array of fields.", + "items": { + "type": "string" + } + } + } + } + } + } + ], + "discriminator": { + "propertyName": "subAction" + } } }, "examples": { @@ -3690,6 +3807,20 @@ } } }, + "run_servicenow_itom_connector_request": { + "summary": "Run a ServiceNow ITOM connector to retrieve the list of choices.", + "value": { + "params": { + "subAction": "getChoices", + "subActionParams": { + "fields": [ + "severity", + "urgency" + ] + } + } + } + }, "run_index_connector_response": { "summary": "Response from running an index connector.", "value": { @@ -3758,6 +3889,69 @@ "connector_id": "7fc7b9a0-ecc9-11ec-8736-e7d63118c907", "status": "ok" } + }, + "run_servicenow_itom_connector_response": { + "summary": "Response from retrieving the list of choices for a ServiceNow ITOM connector.", + "value": { + "connector_id": "9d9be270-2fd2-11ed-b0e0-87533c532698", + "data": [ + { + "dependent_value": "", + "element": "severity", + "label": "Critical", + "value": 1 + }, + { + "dependent_value": "", + "element": "severity", + "label": "Major", + "value": 2 + }, + { + "dependent_value": "", + "element": "severity", + "label": "Minor", + "value": 3 + }, + { + "dependent_value": "", + "element": "severity", + "label": "Warning", + "value": 4 + }, + { + "dependent_value": "", + "element": "severity", + "label": "OK", + "value": 5 + }, + { + "dependent_value": "", + "element": "severity", + "label": "Clear", + "value": 0 + }, + { + "dependent_value": "", + "element": "urgency", + "label": "1 - High", + "value": 1 + }, + { + "dependent_value": "", + "element": "urgency", + "label": "2 - Medium", + "value": 2 + }, + { + "dependent_value": "", + "element": "urgency", + "label": "3 - Low", + "value": 3 + } + ], + "status": "ok" + } } } }, diff --git a/x-pack/plugins/actions/docs/openapi/bundled.yaml b/x-pack/plugins/actions/docs/openapi/bundled.yaml index b8359cbc87d2e..358f7316f8875 100644 --- a/x-pack/plugins/actions/docs/openapi/bundled.yaml +++ b/x-pack/plugins/actions/docs/openapi/bundled.yaml @@ -397,6 +397,7 @@ paths: - $ref: '#/components/schemas/run_connector_request_jira' - $ref: '#/components/schemas/run_connector_request_opsgenie' - $ref: '#/components/schemas/run_connector_request_serverlog' + - $ref: '#/components/schemas/run_connector_request_servicenow_itom' examples: runIndexConnectorRequest: $ref: '#/components/examples/run_index_connector_request' @@ -404,6 +405,8 @@ paths: $ref: '#/components/examples/run_jira_connector_request' runServerLogConnectorRequest: $ref: '#/components/examples/run_server_log_connector_request' + runServiceNowITOMRequest: + $ref: '#/components/examples/run_servicenow_itom_connector_request' responses: '200': description: Indicates a successful call. @@ -440,6 +443,8 @@ paths: $ref: '#/components/examples/run_jira_connector_response' runServerLogConnectorResponse: $ref: '#/components/examples/run_server_log_connector_response' + runServiceNowITOMConnectorResponse: + $ref: '#/components/examples/run_servicenow_itom_connector_response' '401': description: Authorization information is missing or invalid. content: @@ -2502,6 +2507,81 @@ components: message: type: string description: The message to log. + run_connector_request_servicenow_itom: + title: Run ServiceNow ITOM connector parameters + description: Test a ServiceNow action. + oneOf: + - type: object + required: + - subAction + description: ServiceNow ITOM connector properties when `subAction` is `addEvent`. + properties: + subAction: + type: string + description: The action to test. + enum: + - addEvent + subActionParams: + type: object + description: The set of configuration properties for the action. + properties: + additional_info: + type: string + description: Additional information about the event. + description: + type: string + description: The details about the event. + event_class: + type: string + description: A specific instance of the source. + message_key: + type: string + description: All actions sharing this key are associated with the same ServiceNow alert. The default value is `:`. + metric_name: + type: string + description: The name of the metric. + node: + type: string + description: The host that the event was triggered for. + resource: + type: string + description: The name of the resource. + severity: + type: string + description: The severity of the event. + source: + type: string + description: The name of the event source type. + time_of_event: + type: string + description: The time of the event. + type: + type: string + description: The type of event. + - type: object + required: + - subAction + - subActionParams + description: ServiceNow ITOM connector properties when `subAction` is `getChoices`. + properties: + subAction: + type: string + description: The action to test. + enum: + - getChoices + subActionParams: + type: object + description: The set of configuration properties for the action. + required: + - fields + properties: + fields: + type: array + description: An array of fields. + items: + type: string + discriminator: + propertyName: subAction examples: create_index_connector_request: summary: Create an index connector. @@ -2610,6 +2690,15 @@ components: params: level: warn message: Test warning message. + run_servicenow_itom_connector_request: + summary: Run a ServiceNow ITOM connector to retrieve the list of choices. + value: + params: + subAction: getChoices + subActionParams: + fields: + - severity + - urgency run_index_connector_response: summary: Response from running an index connector. value: @@ -2654,6 +2743,48 @@ components: value: connector_id: 7fc7b9a0-ecc9-11ec-8736-e7d63118c907 status: ok + run_servicenow_itom_connector_response: + summary: Response from retrieving the list of choices for a ServiceNow ITOM connector. + value: + connector_id: 9d9be270-2fd2-11ed-b0e0-87533c532698 + data: + - dependent_value: '' + element: severity + label: Critical + value: 1 + - dependent_value: '' + element: severity + label: Major + value: 2 + - dependent_value: '' + element: severity + label: Minor + value: 3 + - dependent_value: '' + element: severity + label: Warning + value: 4 + - dependent_value: '' + element: severity + label: OK + value: 5 + - dependent_value: '' + element: severity + label: Clear + value: 0 + - dependent_value: '' + element: urgency + label: 1 - High + value: 1 + - dependent_value: '' + element: urgency + label: 2 - Medium + value: 2 + - dependent_value: '' + element: urgency + label: 3 - Low + value: 3 + status: ok security: - basicAuth: [] - apiKeyAuth: [] diff --git a/x-pack/plugins/actions/docs/openapi/components/examples/run_servicenow_itom_connector_request.yaml b/x-pack/plugins/actions/docs/openapi/components/examples/run_servicenow_itom_connector_request.yaml new file mode 100644 index 0000000000000..fb811c96fa101 --- /dev/null +++ b/x-pack/plugins/actions/docs/openapi/components/examples/run_servicenow_itom_connector_request.yaml @@ -0,0 +1,8 @@ +summary: Run a ServiceNow ITOM connector to retrieve the list of choices. +value: + params: + subAction: getChoices + subActionParams: + fields: + - severity + - urgency diff --git a/x-pack/plugins/actions/docs/openapi/components/examples/run_servicenow_itom_connector_response.yaml b/x-pack/plugins/actions/docs/openapi/components/examples/run_servicenow_itom_connector_response.yaml new file mode 100644 index 0000000000000..5bec5b810c90d --- /dev/null +++ b/x-pack/plugins/actions/docs/openapi/components/examples/run_servicenow_itom_connector_response.yaml @@ -0,0 +1,41 @@ +summary: Response from retrieving the list of choices for a ServiceNow ITOM connector. +value: + connector_id: 9d9be270-2fd2-11ed-b0e0-87533c532698 + data: + - dependent_value: "" + element: severity + label: Critical + value: 1 + - dependent_value: "" + element: severity + label: Major + value: 2 + - dependent_value: "" + element: severity + label: Minor + value: 3 + - dependent_value: "" + element: severity + label: Warning + value: 4 + - dependent_value: "" + element: severity + label: OK + value: 5 + - dependent_value: "" + element: severity + label: Clear + value: 0 + - dependent_value: "" + element: urgency + label: 1 - High + value: 1 + - dependent_value: "" + element: urgency + label: 2 - Medium + value: 2 + - dependent_value: "" + element: urgency + label: 3 - Low + value: 3 + status: ok diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_servicenow_itom.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_servicenow_itom.yaml new file mode 100644 index 0000000000000..7254eab7ac23e --- /dev/null +++ b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_servicenow_itom.yaml @@ -0,0 +1,74 @@ +title: Run ServiceNow ITOM connector parameters +description: Test a ServiceNow action. +oneOf: + - type: object + required: + - subAction + description: ServiceNow ITOM connector properties when `subAction` is `addEvent`. + properties: + subAction: + type: string + description: The action to test. + enum: + - addEvent + subActionParams: + type: object + description: The set of configuration properties for the action. + properties: + additional_info: + type: string + description: Additional information about the event. + description: + type: string + description: The details about the event. + event_class: + type: string + description: A specific instance of the source. + message_key: + type: string + description: All actions sharing this key are associated with the same ServiceNow alert. The default value is `:`. + metric_name: + type: string + description: The name of the metric. + node: + type: string + description: The host that the event was triggered for. + resource: + type: string + description: The name of the resource. + severity: + type: string + description: The severity of the event. + source: + type: string + description: The name of the event source type. + time_of_event: + type: string + description: The time of the event. + type: + type: string + description: The type of event. + - type: object + required: + - subAction + - subActionParams + description: ServiceNow ITOM connector properties when `subAction` is `getChoices`. + properties: + subAction: + type: string + description: The action to test. + enum: + - getChoices + subActionParams: + type: object + description: The set of configuration properties for the action. + required: + - fields + properties: + fields: + type: array + description: An array of fields. + items: + type: string +discriminator: + propertyName: subAction diff --git a/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}@_execute.yaml b/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}@_execute.yaml index b310db5c77af5..6be17037306b8 100644 --- a/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}@_execute.yaml +++ b/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}@_execute.yaml @@ -33,7 +33,7 @@ post: # - $ref: '../components/schemas/run_connector_request_resilient.yaml' - $ref: '../components/schemas/run_connector_request_serverlog.yaml' # - $ref: '../components/schemas/run_connector_request_servicenow.yaml' -# - $ref: '../components/schemas/run_connector_request_servicenow_itom.yaml' + - $ref: '../components/schemas/run_connector_request_servicenow_itom.yaml' # - $ref: '../components/schemas/run_connector_request_servicenow_sir.yaml' # - $ref: '../components/schemas/run_connector_request_slack.yaml' # - $ref: '../components/schemas/run_connector_request_swimlane.yaml' @@ -48,6 +48,8 @@ post: $ref: '../components/examples/run_jira_connector_request.yaml' runServerLogConnectorRequest: $ref: '../components/examples/run_server_log_connector_request.yaml' + runServiceNowITOMRequest: + $ref: '../components/examples/run_servicenow_itom_connector_request.yaml' responses: '200': description: Indicates a successful call. @@ -84,6 +86,8 @@ post: $ref: '../components/examples/run_jira_connector_response.yaml' runServerLogConnectorResponse: $ref: '../components/examples/run_server_log_connector_response.yaml' + runServiceNowITOMConnectorResponse: + $ref: '../components/examples/run_servicenow_itom_connector_response.yaml' '401': description: Authorization information is missing or invalid. content: From f1fe70d475ce5e8420452f745b70777a43487d99 Mon Sep 17 00:00:00 2001 From: lcawl Date: Tue, 24 Jan 2023 18:44:06 -0800 Subject: [PATCH 05/11] [DOCS] Add Swimlane connector details --- .../actions-and-connectors/execute.asciidoc | 8 +- .../plugins/actions/docs/openapi/bundled.json | 536 +++++++++++++++++- .../plugins/actions/docs/openapi/bundled.yaml | 357 +++++++++++- .../run_swimlane_connector_request.yaml | 12 + .../run_swimlane_connector_response.yaml | 12 + .../run_connector_request_servicenow.yaml | 124 ++++ ...run_connector_request_servicenow_itom.yaml | 4 +- .../run_connector_request_servicenow_sir.yaml | 147 +++++ .../run_connector_request_swimlane.yaml | 50 ++ ...ions@connector@{connectorid}@_execute.yaml | 12 +- 10 files changed, 1249 insertions(+), 13 deletions(-) create mode 100644 x-pack/plugins/actions/docs/openapi/components/examples/run_swimlane_connector_request.yaml create mode 100644 x-pack/plugins/actions/docs/openapi/components/examples/run_swimlane_connector_response.yaml create mode 100644 x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_servicenow.yaml create mode 100644 x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_servicenow_sir.yaml create mode 100644 x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_swimlane.yaml diff --git a/docs/api/actions-and-connectors/execute.asciidoc b/docs/api/actions-and-connectors/execute.asciidoc index 7fbaae439094e..1a1675f6b2df5 100644 --- a/docs/api/actions-and-connectors/execute.asciidoc +++ b/docs/api/actions-and-connectors/execute.asciidoc @@ -362,7 +362,7 @@ on the `subAction` value. This object is not required when `subAction` is [%collapsible%open] ====== `comments`::: -(Optional, array of objects) Additional information that is sent to {sn-sir}. +(Optional, array of objects) Additional information that is sent to {sn-itsm}. + .Properties of `comments` [%collapsible%open] @@ -381,7 +381,7 @@ version:::: ======= `incident`::: -(Required, object) Information necessary to create or update a {sn-sir} incident. +(Required, object) Information necessary to create or update a {sn-itsm} incident. + .Properties of `incident` [%collapsible%open] @@ -520,6 +520,10 @@ to the security incident. The IPs are added as observables to the security incid updated. Otherwise, a new incident is created. `malware_hash`:::: +(Optional, string or array of strings) A list of malware hashes related to the +security incident. The hashes are added as observables to the security incident. + +`malware_url`:::: (Optional, string or array of strings) A list of malware URLs related to the security incident. The URLs are added as observables to the security incident. diff --git a/x-pack/plugins/actions/docs/openapi/bundled.json b/x-pack/plugins/actions/docs/openapi/bundled.json index 32d433fda67ae..ed6dd4f8f74ab 100644 --- a/x-pack/plugins/actions/docs/openapi/bundled.json +++ b/x-pack/plugins/actions/docs/openapi/bundled.json @@ -672,8 +672,17 @@ { "$ref": "#/components/schemas/run_connector_request_serverlog" }, + { + "$ref": "#/components/schemas/run_connector_request_servicenow" + }, { "$ref": "#/components/schemas/run_connector_request_servicenow_itom" + }, + { + "$ref": "#/components/schemas/run_connector_request_servicenow_sir" + }, + { + "$ref": "#/components/schemas/run_connector_request_swimlane" } ] } @@ -689,8 +698,11 @@ "runServerLogConnectorRequest": { "$ref": "#/components/examples/run_server_log_connector_request" }, - "runServiceNowITOMRequest": { + "runServiceNowITOMConnectorRequest": { "$ref": "#/components/examples/run_servicenow_itom_connector_request" + }, + "runSwimlaneConnectorRequest": { + "$ref": "#/components/examples/run_swimlane_connector_request" } } } @@ -750,6 +762,9 @@ }, "runServiceNowITOMConnectorResponse": { "$ref": "#/components/examples/run_servicenow_itom_connector_response" + }, + "runSwimlaneConnectorResponse": { + "$ref": "#/components/examples/run_swimlane_connector_response" } } } @@ -3549,9 +3564,189 @@ } } }, + "run_connector_request_servicenow": { + "title": "Run ServiceNow ITSM connector parameters", + "description": "Test ServiceNow incidents.", + "oneOf": [ + { + "type": "object", + "required": [ + "subAction", + "subActionParams" + ], + "description": "ServiceNow ITSM connector properties when `subAction` is `getChoices`.", + "properties": { + "subAction": { + "type": "string", + "description": "The action to test.", + "enum": [ + "getChoices" + ] + }, + "subActionParams": { + "type": "object", + "description": "The set of configuration properties for the action.", + "required": [ + "fields" + ], + "properties": { + "fields": { + "type": "array", + "description": "An array of fields.", + "items": { + "type": "string" + } + } + } + } + } + }, + { + "type": "object", + "required": [ + "subAction" + ], + "description": "ServiceNow ITSM connector properties when `subAction` is `getFields`.", + "properties": { + "subAction": { + "type": "string", + "description": "The action to test.", + "enum": [ + "getFields" + ] + } + } + }, + { + "type": "object", + "required": [ + "subAction", + "subActionParams" + ], + "description": "ServiceNow ITSM connector properties when `subAction` is `getIncident`.", + "properties": { + "subAction": { + "type": "string", + "description": "The action to test.", + "enum": [ + "getIncident" + ] + }, + "subActionParams": { + "type": "object", + "description": "The set of configuration properties for the action.", + "required": [ + "externalId" + ], + "properties": { + "externalId": { + "type": "string", + "description": "The ServiceNow ITSM issue identifier." + } + } + } + } + }, + { + "type": "object", + "required": [ + "subAction", + "subActionParams" + ], + "description": "ServiceNow ITSM connector properties when `subAction` is `pushToService`.", + "properties": { + "subAction": { + "type": "string", + "description": "The action to test.", + "enum": [ + "pushToService" + ] + }, + "subActionParams": { + "type": "object", + "description": "The set of configuration properties for the action.", + "required": [ + "incident" + ], + "properties": { + "comments": { + "type": "array", + "description": "Additional information that is sent to ServiceNow ITSM.", + "items": { + "type": "object", + "properties": { + "comment": { + "type": "string", + "description": "A comment related to the incident. For example, describe how to troubleshoot the issue." + }, + "commentId": { + "type": "integer", + "description": "A unique identifier for the comment." + } + } + } + }, + "incident": { + "type": "object", + "required": [ + "short_description" + ], + "description": "Information necessary to create or update a ServiceNow ITSM incident.", + "properties": { + "category": { + "type": "string", + "description": "The category of the incident." + }, + "correlation_display": { + "type": "string", + "description": "A descriptive label of the alert for correlation purposes in ServiceNow." + }, + "correlation_id": { + "type": "string", + "description": "The correlation identifier for the security incident. Connectors using the same correlation ID are associated with the same ServiceNow incident. This value determines whether a new ServiceNow incident is created or an existing one is updated. Modifying this value is optional; if not modified, the rule ID and alert ID are combined as `{{ruleID}}:{{alert ID}}` to form the correlation ID value in ServiceNow. The maximum character length for this value is 100 characters. NOTE: Using the default configuration of `{{ruleID}}:{{alert ID}}` ensures that ServiceNow creates a separate incident record for every generated alert that uses a unique alert ID. If the rule generates multiple alerts that use the same alert IDs, ServiceNow creates and continually updates a single incident record for the alert.\n" + }, + "description": { + "type": "string", + "description": "The details about the incident." + }, + "externalId": { + "type": "string", + "description": "The ServiceNow ITSM issue identifier. If present, the incident is updated. Otherwise, a new incident is created." + }, + "impact": { + "type": "string", + "description": "The impact in ServiceNow ITSM." + }, + "severity": { + "type": "string", + "description": "The severity of the incident." + }, + "short_description": { + "type": "string", + "description": "A short description for the incident, used for searching the contents of the knowledge base." + }, + "subcategory": { + "type": "string", + "description": "The subcategory in ServiceNow ITSM." + }, + "urgency": { + "type": "string", + "description": "The urgency in ServiceNow ITSM." + } + } + } + } + } + } + } + ], + "discriminator": { + "propertyName": "subAction" + } + }, "run_connector_request_servicenow_itom": { "title": "Run ServiceNow ITOM connector parameters", - "description": "Test a ServiceNow action.", + "description": "Test ServiceNow events.", "oneOf": [ { "type": "object", @@ -3652,10 +3847,307 @@ } } } + ] + }, + "run_connector_request_servicenow_sir": { + "title": "Run ServiceNow SecOps connector parameters", + "description": "Test ServiceNow security incidents.", + "oneOf": [ + { + "type": "object", + "required": [ + "subAction", + "subActionParams" + ], + "description": "ServiceNow SecOps connector properties when `subAction` is `getChoices`.", + "properties": { + "subAction": { + "type": "string", + "description": "The action to test.", + "enum": [ + "getChoices" + ] + }, + "subActionParams": { + "type": "object", + "description": "The set of configuration properties for the action.", + "required": [ + "fields" + ], + "properties": { + "fields": { + "type": "array", + "description": "An array of fields.", + "items": { + "type": "string" + } + } + } + } + } + }, + { + "type": "object", + "required": [ + "subAction" + ], + "description": "ServiceNow SecOps connector properties when `subAction` is `getFields`.", + "properties": { + "subAction": { + "type": "string", + "description": "The action to test.", + "enum": [ + "getFields" + ] + } + } + }, + { + "type": "object", + "required": [ + "subAction", + "subActionParams" + ], + "description": "ServiceNow SecOps connector properties when `subAction` is `getIncident`.", + "properties": { + "subAction": { + "type": "string", + "description": "The action to test.", + "enum": [ + "getIncident" + ] + }, + "subActionParams": { + "type": "object", + "description": "The set of configuration properties for the action.", + "required": [ + "externalId" + ], + "properties": { + "externalId": { + "type": "string", + "description": "The ServiceNow SecOps issue identifier." + } + } + } + } + }, + { + "type": "object", + "required": [ + "subAction", + "subActionParams" + ], + "description": "ServiceNow SecOps connector properties when `subAction` is `pushToService`.", + "properties": { + "subAction": { + "type": "string", + "description": "The action to test.", + "enum": [ + "pushToService" + ] + }, + "subActionParams": { + "type": "object", + "description": "The set of configuration properties for the action.", + "required": [ + "incident" + ], + "properties": { + "comments": { + "type": "array", + "description": "Additional information that is sent to ServiceNow SecOps.", + "items": { + "type": "object", + "properties": { + "comment": { + "type": "string", + "description": "A comment related to the incident. For example, describe how to troubleshoot the issue." + }, + "commentId": { + "type": "integer", + "description": "A unique identifier for the comment." + } + } + } + }, + "incident": { + "type": "object", + "required": [ + "short_description" + ], + "description": "Information necessary to create or update a ServiceNow SecOps incident.", + "properties": { + "category": { + "type": "string", + "description": "The category of the incident." + }, + "correlation_display": { + "type": "string", + "description": "A descriptive label of the alert for correlation purposes in ServiceNow." + }, + "correlation_id": { + "type": "string", + "description": "The correlation identifier for the security incident. Connectors using the same correlation ID are associated with the same ServiceNow incident. This value determines whether a new ServiceNow incident is created or an existing one is updated. Modifying this value is optional; if not modified, the rule ID and alert ID are combined as `{{ruleID}}:{{alert ID}}` to form the correlation ID value in ServiceNow. The maximum character length for this value is 100 characters. NOTE: Using the default configuration of `{{ruleID}}:{{alert ID}}` ensures that ServiceNow creates a separate incident record for every generated alert that uses a unique alert ID. If the rule generates multiple alerts that use the same alert IDs, ServiceNow creates and continually updates a single incident record for the alert.\n" + }, + "description": { + "type": "string", + "description": "The details about the incident." + }, + "dest_ip": { + "description": "A list of destination IP addresses related to the security incident. The IPs are added as observables to the security incident.", + "oneOf": [ + { + "type": "string" + }, + { + "type": "array", + "items": { + "type": "string" + } + } + ] + }, + "externalId": { + "type": "string", + "description": "The ServiceNow SecOps issue identifier. If present, the incident is updated. Otherwise, a new incident is created." + }, + "malware_hash": { + "description": "A list of malware hashes related to the security incident. The hashes are added as observables to the security incident.", + "oneOf": [ + { + "type": "string" + }, + { + "type": "array", + "items": { + "type": "string" + } + } + ] + }, + "malware_url": { + "type": "string", + "description": "A list of malware URLs related to the security incident. The URLs are added as observables to the security incident.", + "oneOf": [ + { + "type": "string" + }, + { + "type": "array", + "items": { + "type": "string" + } + } + ] + }, + "priority": { + "type": "string", + "description": "The priority in ServiceNow." + }, + "short_description": { + "type": "string", + "description": "A short description for the incident, used for searching the contents of the knowledge base." + }, + "source_ip": { + "description": "A list of source IP addresses related to the security incident. The IPs are added as observables to the security incident.", + "oneOf": [ + { + "type": "string" + }, + { + "type": "array", + "items": { + "type": "string" + } + } + ] + }, + "subcategory": { + "type": "string", + "description": "The subcategory of the incident." + } + } + } + } + } + } + } ], "discriminator": { "propertyName": "subAction" } + }, + "run_connector_request_swimlane": { + "title": "Run Swimlane connector parameters", + "description": "Test actions involving Swimlane records.", + "type": "object", + "required": [ + "subAction", + "subActionParams" + ], + "properties": { + "subAction": { + "type": "string", + "description": "The action to test.", + "enum": [ + "pushToService" + ] + }, + "subActionParams": { + "type": "object", + "description": "The set of configuration properties for the action.", + "properties": { + "comments": { + "type": "array", + "description": "Additional information that is setnt to Swimlane", + "items": { + "type": "object", + "properties": { + "comment": { + "type": "string", + "description": "A comment related to the incident. For example, describe how to troubleshoot the issue." + }, + "commentId": { + "type": "integer", + "description": "A unique identifier for the comment." + } + } + } + }, + "incident": { + "type": "object", + "description": "Information necessary to create or update a Swimlane incident.", + "properties": { + "alertId": { + "type": "string", + "description": "The alert identifier." + }, + "caseId": { + "type": "string", + "description": "The case identifier for the incident." + }, + "caseName": { + "type": "string", + "description": "The case name for the incident." + }, + "description": { + "type": "string", + "description": "The description of the incident." + }, + "ruleName": { + "type": "string", + "description": "The rule name." + }, + "severity": { + "type": "string", + "description": "The severity of the incident." + } + } + } + } + } + } } }, "examples": { @@ -3821,6 +4313,27 @@ } } }, + "run_swimlane_connector_request": { + "summary": "Run a Swimlane connector to create an incident.", + "value": { + "params": { + "subAction": "pushToService", + "subActionParams": { + "comments": [ + { + "commentId": 1, + "comment": "A comment about the incident." + } + ], + "incident": { + "caseId": 1000, + "caseName": "Case name", + "description": "Description of the incident." + } + } + } + } + }, "run_index_connector_response": { "summary": "Response from running an index connector.", "value": { @@ -3952,6 +4465,25 @@ ], "status": "ok" } + }, + "run_swimlane_connector_response": { + "summary": "Response from creating a Swimlane incident.", + "value": { + "connector_id": "a4746470-2f94-11ed-b0e0-87533c532698", + "data": { + "id": "aKPmBHWzmdRQtx6Mx", + "title": "TEST-457", + "url": "https://elastic.swimlane.url.us/record/aNcL2xniGHGpa2AHb/aKPmBHWzmdRQtx6Mx", + "pushedDate": "2022-09-08T16:52:27.866Z", + "comments": [ + { + "commentId": 1, + "pushedDate": "2022-09-08T16:52:27.865Z" + } + ] + }, + "status": "ok" + } } } }, diff --git a/x-pack/plugins/actions/docs/openapi/bundled.yaml b/x-pack/plugins/actions/docs/openapi/bundled.yaml index 358f7316f8875..97eb1e0efcafe 100644 --- a/x-pack/plugins/actions/docs/openapi/bundled.yaml +++ b/x-pack/plugins/actions/docs/openapi/bundled.yaml @@ -397,7 +397,10 @@ paths: - $ref: '#/components/schemas/run_connector_request_jira' - $ref: '#/components/schemas/run_connector_request_opsgenie' - $ref: '#/components/schemas/run_connector_request_serverlog' + - $ref: '#/components/schemas/run_connector_request_servicenow' - $ref: '#/components/schemas/run_connector_request_servicenow_itom' + - $ref: '#/components/schemas/run_connector_request_servicenow_sir' + - $ref: '#/components/schemas/run_connector_request_swimlane' examples: runIndexConnectorRequest: $ref: '#/components/examples/run_index_connector_request' @@ -405,8 +408,10 @@ paths: $ref: '#/components/examples/run_jira_connector_request' runServerLogConnectorRequest: $ref: '#/components/examples/run_server_log_connector_request' - runServiceNowITOMRequest: + runServiceNowITOMConnectorRequest: $ref: '#/components/examples/run_servicenow_itom_connector_request' + runSwimlaneConnectorRequest: + $ref: '#/components/examples/run_swimlane_connector_request' responses: '200': description: Indicates a successful call. @@ -445,6 +450,8 @@ paths: $ref: '#/components/examples/run_server_log_connector_response' runServiceNowITOMConnectorResponse: $ref: '#/components/examples/run_servicenow_itom_connector_response' + runSwimlaneConnectorResponse: + $ref: '#/components/examples/run_swimlane_connector_response' '401': description: Authorization information is missing or invalid. content: @@ -2507,9 +2514,133 @@ components: message: type: string description: The message to log. + run_connector_request_servicenow: + title: Run ServiceNow ITSM connector parameters + description: Test ServiceNow incidents. + oneOf: + - type: object + required: + - subAction + - subActionParams + description: ServiceNow ITSM connector properties when `subAction` is `getChoices`. + properties: + subAction: + type: string + description: The action to test. + enum: + - getChoices + subActionParams: + type: object + description: The set of configuration properties for the action. + required: + - fields + properties: + fields: + type: array + description: An array of fields. + items: + type: string + - type: object + required: + - subAction + description: ServiceNow ITSM connector properties when `subAction` is `getFields`. + properties: + subAction: + type: string + description: The action to test. + enum: + - getFields + - type: object + required: + - subAction + - subActionParams + description: ServiceNow ITSM connector properties when `subAction` is `getIncident`. + properties: + subAction: + type: string + description: The action to test. + enum: + - getIncident + subActionParams: + type: object + description: The set of configuration properties for the action. + required: + - externalId + properties: + externalId: + type: string + description: The ServiceNow ITSM issue identifier. + - type: object + required: + - subAction + - subActionParams + description: ServiceNow ITSM connector properties when `subAction` is `pushToService`. + properties: + subAction: + type: string + description: The action to test. + enum: + - pushToService + subActionParams: + type: object + description: The set of configuration properties for the action. + required: + - incident + properties: + comments: + type: array + description: Additional information that is sent to ServiceNow ITSM. + items: + type: object + properties: + comment: + type: string + description: A comment related to the incident. For example, describe how to troubleshoot the issue. + commentId: + type: integer + description: A unique identifier for the comment. + incident: + type: object + required: + - short_description + description: Information necessary to create or update a ServiceNow ITSM incident. + properties: + category: + type: string + description: The category of the incident. + correlation_display: + type: string + description: A descriptive label of the alert for correlation purposes in ServiceNow. + correlation_id: + type: string + description: | + The correlation identifier for the security incident. Connectors using the same correlation ID are associated with the same ServiceNow incident. This value determines whether a new ServiceNow incident is created or an existing one is updated. Modifying this value is optional; if not modified, the rule ID and alert ID are combined as `{{ruleID}}:{{alert ID}}` to form the correlation ID value in ServiceNow. The maximum character length for this value is 100 characters. NOTE: Using the default configuration of `{{ruleID}}:{{alert ID}}` ensures that ServiceNow creates a separate incident record for every generated alert that uses a unique alert ID. If the rule generates multiple alerts that use the same alert IDs, ServiceNow creates and continually updates a single incident record for the alert. + description: + type: string + description: The details about the incident. + externalId: + type: string + description: The ServiceNow ITSM issue identifier. If present, the incident is updated. Otherwise, a new incident is created. + impact: + type: string + description: The impact in ServiceNow ITSM. + severity: + type: string + description: The severity of the incident. + short_description: + type: string + description: A short description for the incident, used for searching the contents of the knowledge base. + subcategory: + type: string + description: The subcategory in ServiceNow ITSM. + urgency: + type: string + description: The urgency in ServiceNow ITSM. + discriminator: + propertyName: subAction run_connector_request_servicenow_itom: title: Run ServiceNow ITOM connector parameters - description: Test a ServiceNow action. + description: Test ServiceNow events. oneOf: - type: object required: @@ -2580,8 +2711,204 @@ components: description: An array of fields. items: type: string + run_connector_request_servicenow_sir: + title: Run ServiceNow SecOps connector parameters + description: Test ServiceNow security incidents. + oneOf: + - type: object + required: + - subAction + - subActionParams + description: ServiceNow SecOps connector properties when `subAction` is `getChoices`. + properties: + subAction: + type: string + description: The action to test. + enum: + - getChoices + subActionParams: + type: object + description: The set of configuration properties for the action. + required: + - fields + properties: + fields: + type: array + description: An array of fields. + items: + type: string + - type: object + required: + - subAction + description: ServiceNow SecOps connector properties when `subAction` is `getFields`. + properties: + subAction: + type: string + description: The action to test. + enum: + - getFields + - type: object + required: + - subAction + - subActionParams + description: ServiceNow SecOps connector properties when `subAction` is `getIncident`. + properties: + subAction: + type: string + description: The action to test. + enum: + - getIncident + subActionParams: + type: object + description: The set of configuration properties for the action. + required: + - externalId + properties: + externalId: + type: string + description: The ServiceNow SecOps issue identifier. + - type: object + required: + - subAction + - subActionParams + description: ServiceNow SecOps connector properties when `subAction` is `pushToService`. + properties: + subAction: + type: string + description: The action to test. + enum: + - pushToService + subActionParams: + type: object + description: The set of configuration properties for the action. + required: + - incident + properties: + comments: + type: array + description: Additional information that is sent to ServiceNow SecOps. + items: + type: object + properties: + comment: + type: string + description: A comment related to the incident. For example, describe how to troubleshoot the issue. + commentId: + type: integer + description: A unique identifier for the comment. + incident: + type: object + required: + - short_description + description: Information necessary to create or update a ServiceNow SecOps incident. + properties: + category: + type: string + description: The category of the incident. + correlation_display: + type: string + description: A descriptive label of the alert for correlation purposes in ServiceNow. + correlation_id: + type: string + description: | + The correlation identifier for the security incident. Connectors using the same correlation ID are associated with the same ServiceNow incident. This value determines whether a new ServiceNow incident is created or an existing one is updated. Modifying this value is optional; if not modified, the rule ID and alert ID are combined as `{{ruleID}}:{{alert ID}}` to form the correlation ID value in ServiceNow. The maximum character length for this value is 100 characters. NOTE: Using the default configuration of `{{ruleID}}:{{alert ID}}` ensures that ServiceNow creates a separate incident record for every generated alert that uses a unique alert ID. If the rule generates multiple alerts that use the same alert IDs, ServiceNow creates and continually updates a single incident record for the alert. + description: + type: string + description: The details about the incident. + dest_ip: + description: A list of destination IP addresses related to the security incident. The IPs are added as observables to the security incident. + oneOf: + - type: string + - type: array + items: + type: string + externalId: + type: string + description: The ServiceNow SecOps issue identifier. If present, the incident is updated. Otherwise, a new incident is created. + malware_hash: + description: A list of malware hashes related to the security incident. The hashes are added as observables to the security incident. + oneOf: + - type: string + - type: array + items: + type: string + malware_url: + type: string + description: A list of malware URLs related to the security incident. The URLs are added as observables to the security incident. + oneOf: + - type: string + - type: array + items: + type: string + priority: + type: string + description: The priority in ServiceNow. + short_description: + type: string + description: A short description for the incident, used for searching the contents of the knowledge base. + source_ip: + description: A list of source IP addresses related to the security incident. The IPs are added as observables to the security incident. + oneOf: + - type: string + - type: array + items: + type: string + subcategory: + type: string + description: The subcategory of the incident. discriminator: propertyName: subAction + run_connector_request_swimlane: + title: Run Swimlane connector parameters + description: Test actions involving Swimlane records. + type: object + required: + - subAction + - subActionParams + properties: + subAction: + type: string + description: The action to test. + enum: + - pushToService + subActionParams: + type: object + description: The set of configuration properties for the action. + properties: + comments: + type: array + description: Additional information that is setnt to Swimlane + items: + type: object + properties: + comment: + type: string + description: A comment related to the incident. For example, describe how to troubleshoot the issue. + commentId: + type: integer + description: A unique identifier for the comment. + incident: + type: object + description: Information necessary to create or update a Swimlane incident. + properties: + alertId: + type: string + description: The alert identifier. + caseId: + type: string + description: The case identifier for the incident. + caseName: + type: string + description: The case name for the incident. + description: + type: string + description: The description of the incident. + ruleName: + type: string + description: The rule name. + severity: + type: string + description: The severity of the incident. examples: create_index_connector_request: summary: Create an index connector. @@ -2699,6 +3026,19 @@ components: fields: - severity - urgency + run_swimlane_connector_request: + summary: Run a Swimlane connector to create an incident. + value: + params: + subAction: pushToService + subActionParams: + comments: + - commentId: 1 + comment: A comment about the incident. + incident: + caseId: 1000 + caseName: Case name + description: Description of the incident. run_index_connector_response: summary: Response from running an index connector. value: @@ -2785,6 +3125,19 @@ components: label: 3 - Low value: 3 status: ok + run_swimlane_connector_response: + summary: Response from creating a Swimlane incident. + value: + connector_id: a4746470-2f94-11ed-b0e0-87533c532698 + data: + id: aKPmBHWzmdRQtx6Mx + title: TEST-457 + url: https://elastic.swimlane.url.us/record/aNcL2xniGHGpa2AHb/aKPmBHWzmdRQtx6Mx + pushedDate: '2022-09-08T16:52:27.866Z' + comments: + - commentId: 1 + pushedDate: '2022-09-08T16:52:27.865Z' + status: ok security: - basicAuth: [] - apiKeyAuth: [] diff --git a/x-pack/plugins/actions/docs/openapi/components/examples/run_swimlane_connector_request.yaml b/x-pack/plugins/actions/docs/openapi/components/examples/run_swimlane_connector_request.yaml new file mode 100644 index 0000000000000..c959692caead1 --- /dev/null +++ b/x-pack/plugins/actions/docs/openapi/components/examples/run_swimlane_connector_request.yaml @@ -0,0 +1,12 @@ +summary: Run a Swimlane connector to create an incident. +value: + params: + subAction: pushToService + subActionParams: + comments: + - commentId: 1 + comment: A comment about the incident. + incident: + caseId: 1000 + caseName: Case name + description: Description of the incident. \ No newline at end of file diff --git a/x-pack/plugins/actions/docs/openapi/components/examples/run_swimlane_connector_response.yaml b/x-pack/plugins/actions/docs/openapi/components/examples/run_swimlane_connector_response.yaml new file mode 100644 index 0000000000000..8ab131212020d --- /dev/null +++ b/x-pack/plugins/actions/docs/openapi/components/examples/run_swimlane_connector_response.yaml @@ -0,0 +1,12 @@ +summary: Response from creating a Swimlane incident. +value: + connector_id: a4746470-2f94-11ed-b0e0-87533c532698 + data: + id: aKPmBHWzmdRQtx6Mx + title: TEST-457 + url: https://elastic.swimlane.url.us/record/aNcL2xniGHGpa2AHb/aKPmBHWzmdRQtx6Mx + pushedDate: 2022-09-08T16:52:27.866Z + comments: + - commentId: 1 + pushedDate: 2022-09-08T16:52:27.865Z + status: ok diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_servicenow.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_servicenow.yaml new file mode 100644 index 0000000000000..287cddd8732d1 --- /dev/null +++ b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_servicenow.yaml @@ -0,0 +1,124 @@ +title: Run ServiceNow ITSM connector parameters +description: Test ServiceNow incidents. +oneOf: + - type: object + required: + - subAction + - subActionParams + description: ServiceNow ITSM connector properties when `subAction` is `getChoices`. + properties: + subAction: + type: string + description: The action to test. + enum: + - getChoices + subActionParams: + type: object + description: The set of configuration properties for the action. + required: + - fields + properties: + fields: + type: array + description: An array of fields. + items: + type: string + - type: object + required: + - subAction + description: ServiceNow ITSM connector properties when `subAction` is `getFields`. + properties: + subAction: + type: string + description: The action to test. + enum: + - getFields + - type: object + required: + - subAction + - subActionParams + description: ServiceNow ITSM connector properties when `subAction` is `getIncident`. + properties: + subAction: + type: string + description: The action to test. + enum: + - getIncident + subActionParams: + type: object + description: The set of configuration properties for the action. + required: + - externalId + properties: + externalId: + type: string + description: The ServiceNow ITSM issue identifier. + - type: object + required: + - subAction + - subActionParams + description: ServiceNow ITSM connector properties when `subAction` is `pushToService`. + properties: + subAction: + type: string + description: The action to test. + enum: + - pushToService + subActionParams: + type: object + description: The set of configuration properties for the action. + required: + - incident + properties: + comments: + type: array + description: Additional information that is sent to ServiceNow ITSM. + items: + type: object + properties: + comment: + type: string + description: A comment related to the incident. For example, describe how to troubleshoot the issue. + commentId: + type: integer + description: A unique identifier for the comment. + incident: + type: object + required: + - short_description + description: Information necessary to create or update a ServiceNow ITSM incident. + properties: + category: + type: string + description: The category of the incident. + correlation_display: + type: string + description: A descriptive label of the alert for correlation purposes in ServiceNow. + correlation_id: + type: string + description: > + The correlation identifier for the security incident. Connectors using the same correlation ID are associated with the same ServiceNow incident. This value determines whether a new ServiceNow incident is created or an existing one is updated. Modifying this value is optional; if not modified, the rule ID and alert ID are combined as `{{ruleID}}:{{alert ID}}` to form the correlation ID value in ServiceNow. The maximum character length for this value is 100 characters. + NOTE: Using the default configuration of `{{ruleID}}:{{alert ID}}` ensures that ServiceNow creates a separate incident record for every generated alert that uses a unique alert ID. If the rule generates multiple alerts that use the same alert IDs, ServiceNow creates and continually updates a single incident record for the alert. + description: + type: string + description: The details about the incident. + externalId: + type: string + description: The ServiceNow ITSM issue identifier. If present, the incident is updated. Otherwise, a new incident is created. + impact: + type: string + description: The impact in ServiceNow ITSM. + severity: + type: string + description: The severity of the incident. + short_description: + type: string + description: A short description for the incident, used for searching the contents of the knowledge base. + subcategory: + type: string + description: The subcategory in ServiceNow ITSM. + urgency: + type: string + description: The urgency in ServiceNow ITSM. +discriminator: + propertyName: subAction diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_servicenow_itom.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_servicenow_itom.yaml index 7254eab7ac23e..dec0fcda2c4b9 100644 --- a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_servicenow_itom.yaml +++ b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_servicenow_itom.yaml @@ -1,5 +1,5 @@ title: Run ServiceNow ITOM connector parameters -description: Test a ServiceNow action. +description: Test ServiceNow events. oneOf: - type: object required: @@ -70,5 +70,3 @@ oneOf: description: An array of fields. items: type: string -discriminator: - propertyName: subAction diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_servicenow_sir.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_servicenow_sir.yaml new file mode 100644 index 0000000000000..754cdc5e922a7 --- /dev/null +++ b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_servicenow_sir.yaml @@ -0,0 +1,147 @@ +title: Run ServiceNow SecOps connector parameters +description: Test ServiceNow security incidents. +oneOf: + - type: object + required: + - subAction + - subActionParams + description: ServiceNow SecOps connector properties when `subAction` is `getChoices`. + properties: + subAction: + type: string + description: The action to test. + enum: + - getChoices + subActionParams: + type: object + description: The set of configuration properties for the action. + required: + - fields + properties: + fields: + type: array + description: An array of fields. + items: + type: string + - type: object + required: + - subAction + description: ServiceNow SecOps connector properties when `subAction` is `getFields`. + properties: + subAction: + type: string + description: The action to test. + enum: + - getFields + - type: object + required: + - subAction + - subActionParams + description: ServiceNow SecOps connector properties when `subAction` is `getIncident`. + properties: + subAction: + type: string + description: The action to test. + enum: + - getIncident + subActionParams: + type: object + description: The set of configuration properties for the action. + required: + - externalId + properties: + externalId: + type: string + description: The ServiceNow SecOps issue identifier. + - type: object + required: + - subAction + - subActionParams + description: ServiceNow SecOps connector properties when `subAction` is `pushToService`. + properties: + subAction: + type: string + description: The action to test. + enum: + - pushToService + subActionParams: + type: object + description: The set of configuration properties for the action. + required: + - incident + properties: + comments: + type: array + description: Additional information that is sent to ServiceNow SecOps. + items: + type: object + properties: + comment: + type: string + description: A comment related to the incident. For example, describe how to troubleshoot the issue. + commentId: + type: integer + description: A unique identifier for the comment. + incident: + type: object + required: + - short_description + description: Information necessary to create or update a ServiceNow SecOps incident. + properties: + category: + type: string + description: The category of the incident. + correlation_display: + type: string + description: A descriptive label of the alert for correlation purposes in ServiceNow. + correlation_id: + type: string + description: > + The correlation identifier for the security incident. Connectors using the same correlation ID are associated with the same ServiceNow incident. This value determines whether a new ServiceNow incident is created or an existing one is updated. Modifying this value is optional; if not modified, the rule ID and alert ID are combined as `{{ruleID}}:{{alert ID}}` to form the correlation ID value in ServiceNow. The maximum character length for this value is 100 characters. + NOTE: Using the default configuration of `{{ruleID}}:{{alert ID}}` ensures that ServiceNow creates a separate incident record for every generated alert that uses a unique alert ID. If the rule generates multiple alerts that use the same alert IDs, ServiceNow creates and continually updates a single incident record for the alert. + description: + type: string + description: The details about the incident. + dest_ip: + description: A list of destination IP addresses related to the security incident. The IPs are added as observables to the security incident. + oneOf: + - type: string + - type: array + items: + type: string + externalId: + type: string + description: The ServiceNow SecOps issue identifier. If present, the incident is updated. Otherwise, a new incident is created. + malware_hash: + description: A list of malware hashes related to the security incident. The hashes are added as observables to the security incident. + oneOf: + - type: string + - type: array + items: + type: string + malware_url: + type: string + description: A list of malware URLs related to the security incident. The URLs are added as observables to the security incident. + oneOf: + - type: string + - type: array + items: + type: string + priority: + type: string + description: The priority in ServiceNow. + short_description: + type: string + description: A short description for the incident, used for searching the contents of the knowledge base. + source_ip: + description: A list of source IP addresses related to the security incident. The IPs are added as observables to the security incident. + oneOf: + - type: string + - type: array + items: + type: string + subcategory: + type: string + description: The subcategory of the incident. +discriminator: + propertyName: subAction diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_swimlane.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_swimlane.yaml new file mode 100644 index 0000000000000..bc76fa77654e6 --- /dev/null +++ b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_swimlane.yaml @@ -0,0 +1,50 @@ +title: Run Swimlane connector parameters +description: Test actions involving Swimlane records. +type: object +required: + - subAction + - subActionParams +properties: + subAction: + type: string + description: The action to test. + enum: + - pushToService + subActionParams: + type: object + description: The set of configuration properties for the action. + properties: + comments: + type: array + description: Additional information that is setnt to Swimlane + items: + type: object + properties: + comment: + type: string + description: A comment related to the incident. For example, describe how to troubleshoot the issue. + commentId: + type: integer + description: A unique identifier for the comment. + incident: + type: object + description: Information necessary to create or update a Swimlane incident. + properties: + alertId: + type: string + description: The alert identifier. + caseId: + type: string + description: The case identifier for the incident. + caseName: + type: string + description: The case name for the incident. + description: + type: string + description: The description of the incident. + ruleName: + type: string + description: The rule name. + severity: + type: string + description: The severity of the incident. \ No newline at end of file diff --git a/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}@_execute.yaml b/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}@_execute.yaml index 6be17037306b8..859610a13c50a 100644 --- a/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}@_execute.yaml +++ b/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}@_execute.yaml @@ -32,11 +32,11 @@ post: # - $ref: '../components/schemas/run_connector_request_pagerduty.yaml' # - $ref: '../components/schemas/run_connector_request_resilient.yaml' - $ref: '../components/schemas/run_connector_request_serverlog.yaml' -# - $ref: '../components/schemas/run_connector_request_servicenow.yaml' + - $ref: '../components/schemas/run_connector_request_servicenow.yaml' - $ref: '../components/schemas/run_connector_request_servicenow_itom.yaml' -# - $ref: '../components/schemas/run_connector_request_servicenow_sir.yaml' + - $ref: '../components/schemas/run_connector_request_servicenow_sir.yaml' # - $ref: '../components/schemas/run_connector_request_slack.yaml' -# - $ref: '../components/schemas/run_connector_request_swimlane.yaml' + - $ref: '../components/schemas/run_connector_request_swimlane.yaml' # - $ref: '../components/schemas/run_connector_request_teams.yaml' # - $ref: '../components/schemas/run_connector_request_tines.yaml' # - $ref: '../components/schemas/run_connector_request_webhook.yaml' @@ -48,8 +48,10 @@ post: $ref: '../components/examples/run_jira_connector_request.yaml' runServerLogConnectorRequest: $ref: '../components/examples/run_server_log_connector_request.yaml' - runServiceNowITOMRequest: + runServiceNowITOMConnectorRequest: $ref: '../components/examples/run_servicenow_itom_connector_request.yaml' + runSwimlaneConnectorRequest: + $ref: '../components/examples/run_swimlane_connector_request.yaml' responses: '200': description: Indicates a successful call. @@ -88,6 +90,8 @@ post: $ref: '../components/examples/run_server_log_connector_response.yaml' runServiceNowITOMConnectorResponse: $ref: '../components/examples/run_servicenow_itom_connector_response.yaml' + runSwimlaneConnectorResponse: + $ref: '../components/examples/run_swimlane_connector_response.yaml' '401': description: Authorization information is missing or invalid. content: From adba86bc76a9a1f8ece1a3f98361478bc3bf6600 Mon Sep 17 00:00:00 2001 From: lcawl Date: Tue, 24 Jan 2023 18:52:29 -0800 Subject: [PATCH 06/11] [DOCS] Change oneOf to anyOf --- x-pack/plugins/actions/docs/openapi/bundled.json | 4 ++-- x-pack/plugins/actions/docs/openapi/bundled.yaml | 4 ++-- .../components/examples/run_swimlane_connector_request.yaml | 2 +- ...spaceid}@api@actions@connector@{connectorid}@_execute.yaml | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/x-pack/plugins/actions/docs/openapi/bundled.json b/x-pack/plugins/actions/docs/openapi/bundled.json index ed6dd4f8f74ab..484e22a913cd9 100644 --- a/x-pack/plugins/actions/docs/openapi/bundled.json +++ b/x-pack/plugins/actions/docs/openapi/bundled.json @@ -659,7 +659,7 @@ ], "properties": { "params": { - "oneOf": [ + "anyOf": [ { "$ref": "#/components/schemas/run_connector_request_index" }, @@ -4326,7 +4326,7 @@ } ], "incident": { - "caseId": 1000, + "caseId": "1000", "caseName": "Case name", "description": "Description of the incident." } diff --git a/x-pack/plugins/actions/docs/openapi/bundled.yaml b/x-pack/plugins/actions/docs/openapi/bundled.yaml index 97eb1e0efcafe..bea9857e3b224 100644 --- a/x-pack/plugins/actions/docs/openapi/bundled.yaml +++ b/x-pack/plugins/actions/docs/openapi/bundled.yaml @@ -392,7 +392,7 @@ paths: - params properties: params: - oneOf: + anyOf: - $ref: '#/components/schemas/run_connector_request_index' - $ref: '#/components/schemas/run_connector_request_jira' - $ref: '#/components/schemas/run_connector_request_opsgenie' @@ -3036,7 +3036,7 @@ components: - commentId: 1 comment: A comment about the incident. incident: - caseId: 1000 + caseId: '1000' caseName: Case name description: Description of the incident. run_index_connector_response: diff --git a/x-pack/plugins/actions/docs/openapi/components/examples/run_swimlane_connector_request.yaml b/x-pack/plugins/actions/docs/openapi/components/examples/run_swimlane_connector_request.yaml index c959692caead1..7fc1dd27b2131 100644 --- a/x-pack/plugins/actions/docs/openapi/components/examples/run_swimlane_connector_request.yaml +++ b/x-pack/plugins/actions/docs/openapi/components/examples/run_swimlane_connector_request.yaml @@ -7,6 +7,6 @@ value: - commentId: 1 comment: A comment about the incident. incident: - caseId: 1000 + caseId: "1000" caseName: Case name description: Description of the incident. \ No newline at end of file diff --git a/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}@_execute.yaml b/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}@_execute.yaml index 859610a13c50a..38a7534538611 100644 --- a/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}@_execute.yaml +++ b/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}@_execute.yaml @@ -23,7 +23,7 @@ post: - params properties: params: - oneOf: + anyOf: # - $ref: '../components/schemas/run_connector_request_cases_webhook.yaml' # - $ref: '../components/schemas/run_connector_request_email.yaml' - $ref: '../components/schemas/run_connector_request_index.yaml' From 1363ef19e69f3f37809fbcf4bf73329a9a8fd484 Mon Sep 17 00:00:00 2001 From: lcawl Date: Tue, 24 Jan 2023 19:00:38 -0800 Subject: [PATCH 07/11] [DOCS] Generate API docs preview --- .../connector-apis-passthru.asciidoc | 699 +++++++++++++++++- .../actions-and-connectors/execute.asciidoc | 6 + 2 files changed, 688 insertions(+), 17 deletions(-) diff --git a/docs/api-generated/connectors/connector-apis-passthru.asciidoc b/docs/api-generated/connectors/connector-apis-passthru.asciidoc index ac2c18b4f2c29..425e66fd83192 100644 --- a/docs/api-generated/connectors/connector-apis-passthru.asciidoc +++ b/docs/api-generated/connectors/connector-apis-passthru.asciidoc @@ -23,6 +23,7 @@ Any modifications made to this file will be overwritten.
  • get /s/{spaceId}/api/actions/connector/{connectorId}
  • get /s/{spaceId}/api/actions/connector_types
  • get /s/{spaceId}/api/actions/connectors
    • +
  • post /s/{spaceId}/api/actions/connector/{connectorId}/_execute
  • put /s/{spaceId}/api/actions/connector/{connectorId}
    • @@ -90,7 +91,7 @@ Any modifications made to this file will be overwritten. connector_response_properties

    401

    Authorization information is missing or invalid. - createConnector_401_response + 401_response
    @@ -138,7 +139,7 @@ Any modifications made to this file will be overwritten.

    401

    Authorization information is missing or invalid. - createConnector_401_response + 401_response

    404

    Object is not found. getConnector_404_response @@ -190,7 +191,7 @@ Any modifications made to this file will be overwritten. connector_response_properties

    401

    Authorization information is missing or invalid. - createConnector_401_response + 401_response

    404

    Object is not found. getConnector_404_response @@ -254,7 +255,7 @@ Any modifications made to this file will be overwritten.

    401

    Authorization information is missing or invalid. - createConnector_401_response + 401_response
    @@ -312,7 +313,78 @@ Any modifications made to this file will be overwritten.

    401

    Authorization information is missing or invalid. -     createConnector_401_response + 401_response +
    +
    +
    +
    + Up + 
    post /s/{spaceId}/api/actions/connector/{connectorId}/_execute
    +
    Runs a connector. (runConnector)
    +
    You can use this API to test an action that involves interaction with Kibana services or integrations with third-party systems. You must have read privileges for the Actions and Connectors feature in the Management section of the Kibana feature privileges. If you use an index connector, you must also have all, create, index, or write indices privileges.
    + +

    Path parameters

    +
    +
    connectorId (required)
    + +
    Path Parameter — An identifier for the connector. default: null
    spaceId (required)
    + +
    Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
    +
    + +

    Consumes

    + This API call consumes the following media types via the Content-Type request header: +
      +
    • application/json
      • +
    + +

    Request body

    +
    +
    Run_connector_request_body_properties Run_connector_request_body_properties (required)
    + +
    Body Parameter
    + +
    + +

    Request headers

    +
    +
    kbn-xsrf (required)
    + +
    Header Parameter — default: null
    + +
    + + + +

    Return type

    +
    + runConnector_200_response + +
    + + + +

    Example data

    +
    Content-Type: application/json
    + 
    {
+  "connector_id" : "connector_id",
+  "status" : "error"
+}
    + +

    Produces

    + This API call produces the following media types according to the Accept request header; + the media type will be conveyed by the Content-Type response header. +
      +
    • application/json
      • +
    + +

    Responses

    +

    200

    + Indicates a successful call. + runConnector_200_response +

    401

    + Authorization information is missing or invalid. + 401_response
    @@ -383,10 +455,10 @@ Any modifications made to this file will be overwritten. updateConnector_400_response

    401

    Authorization information is missing or invalid. - createConnector_401_response + 401_response

    404

    Object is not found. - getConnector_404_response + 404_response
    @@ -395,6 +467,8 @@ Any modifications made to this file will be overwritten.

    Table of Contents

      +
    1. 401_response - Unsuccessful rule API response
      2. +
    2. 404_response -
    3. Alert_identifier_mapping - Alert identifier mapping
    4. Case_comment_mapping - Case comment mapping
    5. Case_description_mapping - Case description mapping
      6. @@ -405,6 +479,8 @@ Any modifications made to this file will be overwritten.
    6. Get_connector_types_response_body_properties_inner -
    7. Get_connectors_response_body_properties - Get connectors response body properties
    8. Rule_name_mapping - Rule name mapping
      9. +
    9. Run_connector_request_body_properties - Run connector request body properties
      10. +
    10. Run_connector_request_body_properties_params -
    11. Severity_mapping - Severity mapping
    12. Update_connector_request_body_properties - Update connector request body properties
    13. config_properties_cases_webhook - Connector request properties for Webhook - Case Management connector
      14. @@ -434,7 +510,6 @@ Any modifications made to this file will be overwritten.
    14. connector_response_properties_webhook - Connector response properties for a Webhook connector
    15. connector_response_properties_xmatters - Connector response properties for an xMatters connector
    16. connector_types - Connector types
      17. -
    17. createConnector_401_response -
    18. create_connector_request_cases_webhook - Create Webhook - Case Managment connector request
    19. create_connector_request_email - Create email connector request
    20. create_connector_request_index - Create index connector request
      21. @@ -454,6 +529,56 @@ Any modifications made to this file will be overwritten.
    21. create_connector_request_xmatters - Create xMatters connector request
    22. features -
    23. getConnector_404_response -
      24. +
    24. runConnector_200_response -
      25. +
    25. runConnector_200_response_data -
      26. +
    26. run_connector_request_index - Run index connector parameters
      27. +
    27. run_connector_request_jira - Run Jira connector parameters
      28. +
    28. run_connector_request_jira_oneOf -
      29. +
    29. run_connector_request_jira_oneOf_1 -
      30. +
    30. run_connector_request_jira_oneOf_2 -
      31. +
    31. run_connector_request_jira_oneOf_2_subActionParams -
      32. +
    32. run_connector_request_jira_oneOf_3 -
      33. +
    33. run_connector_request_jira_oneOf_3_subActionParams -
      34. +
    34. run_connector_request_jira_oneOf_4 -
      35. +
    35. run_connector_request_jira_oneOf_4_subActionParams -
      36. +
    36. run_connector_request_jira_oneOf_5 -
      37. +
    37. run_connector_request_jira_oneOf_6 -
      38. +
    38. run_connector_request_jira_oneOf_6_subActionParams -
      39. +
    39. run_connector_request_jira_oneOf_6_subActionParams_comments -
      40. +
    40. run_connector_request_jira_oneOf_6_subActionParams_incident -
      41. +
    41. run_connector_request_jira_oneOf_subActionParams -
      42. +
    42. run_connector_request_opsgenie - Run Opsgenie connector parameters
      43. +
    43. run_connector_request_opsgenie_oneOf -
      44. +
    44. run_connector_request_opsgenie_oneOf_1 -
      45. +
    45. run_connector_request_opsgenie_oneOf_1_subActionParams -
      46. +
    46. run_connector_request_opsgenie_oneOf_1_subActionParams_responders -
      47. +
    47. run_connector_request_opsgenie_oneOf_1_subActionParams_visibleTo -
      48. +
    48. run_connector_request_opsgenie_oneOf_subActionParams -
      49. +
    49. run_connector_request_serverlog - Run server log connector parameters
      50. +
    50. run_connector_request_servicenow - Run ServiceNow ITSM connector parameters
      51. +
    51. run_connector_request_servicenow_itom - Run ServiceNow ITOM connector parameters
      52. +
    52. run_connector_request_servicenow_itom_oneOf -
      53. +
    53. run_connector_request_servicenow_itom_oneOf_1 -
      54. +
    54. run_connector_request_servicenow_itom_oneOf_subActionParams -
      55. +
    55. run_connector_request_servicenow_oneOf -
      56. +
    56. run_connector_request_servicenow_oneOf_1 -
      57. +
    57. run_connector_request_servicenow_oneOf_2 -
      58. +
    58. run_connector_request_servicenow_oneOf_2_subActionParams -
      59. +
    59. run_connector_request_servicenow_oneOf_3 -
      60. +
    60. run_connector_request_servicenow_oneOf_3_subActionParams -
      61. +
    61. run_connector_request_servicenow_oneOf_3_subActionParams_incident -
      62. +
    62. run_connector_request_servicenow_oneOf_subActionParams -
      63. +
    63. run_connector_request_servicenow_sir - Run ServiceNow SecOps connector parameters
      64. +
    64. run_connector_request_servicenow_sir_oneOf -
      65. +
    65. run_connector_request_servicenow_sir_oneOf_1 -
      66. +
    66. run_connector_request_servicenow_sir_oneOf_2 -
      67. +
    67. run_connector_request_servicenow_sir_oneOf_2_subActionParams -
      68. +
    68. run_connector_request_servicenow_sir_oneOf_3 -
      69. +
    69. run_connector_request_servicenow_sir_oneOf_3_subActionParams -
      70. +
    70. run_connector_request_servicenow_sir_oneOf_3_subActionParams_incident -
      71. +
    71. run_connector_request_swimlane - Run Swimlane connector parameters
      72. +
    72. run_connector_request_swimlane_subActionParams -
      73. +
    73. run_connector_request_swimlane_subActionParams_incident -
    74. secrets_properties_cases_webhook - Connector secrets properties for Webhook - Case Management connector
    75. secrets_properties_jira - Connector secrets properties for a Jira connector
    76. secrets_properties_opsgenie - Connector secrets properties for an Opsgenie connector
      77. @@ -472,6 +597,32 @@ Any modifications made to this file will be overwritten.
    77. update_connector_request_swimlane - Update Swimlane connector request
    +
    +

    401_response - Unsuccessful rule API response Up

    +
    +
    +
    error (optional)
    String
    +
    Enum:
    +
    Unauthorized
    +
    message (optional)
    String
    +
    statusCode (optional)
    Integer
    +
    Enum:
    +
    401
    +
    +
    +
    +

    404_response - Up

    +
    +
    +
    error (optional)
    String
    +
    Enum:
    +
    Not Found
    +
    message (optional)
    String
    +
    statusCode (optional)
    Integer
    +
    Enum:
    +
    404
    +
    +

    Alert_identifier_mapping - Alert identifier mapping Up

    Mapping for the alert ID.
    @@ -584,6 +735,28 @@ Any modifications made to this file will be overwritten.
    name
    String The name of the field in Swimlane.
    +
    +

    Run_connector_request_body_properties - Run connector request body properties Up

    +
    The properties vary depending on the connector type.
    +
    +
    params
    Run_connector_request_body_properties_params
    +
    +
    +
    +

    Run_connector_request_body_properties_params - Up

    +
    +
    +
    documents
    array[map[String, oas_any_type_not_mapped]] The documents to index in JSON format.
    +
    subAction
    String The action to test.
    +
    Enum:
    +
    pushToService
    +
    subActionParams
    run_connector_request_swimlane_subActionParams
    +
    level (optional)
    String The log level of the message.
    +
    Enum:
    +
    debug
    error
    fatal
    info
    trace
    warn
    +
    message
    String The message to log.
    +
    +

    Severity_mapping - Severity mapping Up

    Mapping for the severity.
    @@ -971,15 +1144,6 @@ Any modifications made to this file will be overwritten.
    -
    -

    createConnector_401_response - Up

    -
    -
    -
    error (optional)
    String
    -
    message (optional)
    String
    -
    statusCode (optional)
    Integer
    -
    -

    create_connector_request_cases_webhook - Create Webhook - Case Managment connector request Up

    The Webhook - Case Management connector uses axios to send POST, PUT, and GET requests to a case management RESTful API web service.
    @@ -1194,6 +1358,507 @@ Any modifications made to this file will be overwritten.
    statusCode (optional)
    Integer
    +
    +

    runConnector_200_response - Up

    +
    +
    +
    connector_id
    String The identifier for the connector.
    +
    data (optional)
    runConnector_200_response_data
    +
    status
    String The status of the action.
    +
    Enum:
    +
    error
    ok
    +
    +
    +
    +

    runConnector_200_response_data - Up

    +
    +
    +
    +
    +
    +

    run_connector_request_index - Run index connector parameters Up

    +
    Test an action that indexes a document into Elasticsearch.
    +
    +
    documents
    array[map[String, oas_any_type_not_mapped]] The documents to index in JSON format.
    +
    +
    +
    +

    run_connector_request_jira - Run Jira connector parameters Up

    +
    Test an action related to Jira issues.
    +
    +
    subAction
    String The action to test.
    +
    Enum:
    +
    pushToService
    +
    subActionParams
    run_connector_request_jira_oneOf_6_subActionParams
    +
    +
    +
    +

    run_connector_request_jira_oneOf - Up

    +
    Jira connector properties when subAction is fieldsByIssueType.
    +
    +
    subAction
    String The action to test.
    +
    Enum:
    +
    fieldsByIssueType
    +
    subActionParams
    run_connector_request_jira_oneOf_subActionParams
    +
    +
    +
    +

    run_connector_request_jira_oneOf_1 - Up

    +
    Jira connector properties when subAction is getFields.
    +
    +
    subAction
    String The action to test.
    +
    Enum:
    +
    getFields
    +
    +
    +
    +

    run_connector_request_jira_oneOf_2 - Up

    +
    Jira connector properties when subAction is getIncident.
    +
    +
    subAction
    String The action to test.
    +
    Enum:
    +
    getIncident
    +
    subActionParams
    run_connector_request_jira_oneOf_2_subActionParams
    +
    +
    +
    +

    run_connector_request_jira_oneOf_2_subActionParams - Up

    +
    +
    +
    externalId
    String The Jira issue identifier.
    +
    +
    +
    +

    run_connector_request_jira_oneOf_3 - Up

    +
    Jira connector properties when subAction is issue.
    +
    +
    subAction
    String The action to test.
    +
    Enum:
    +
    issue
    +
    subActionParams (optional)
    run_connector_request_jira_oneOf_3_subActionParams
    +
    +
    +
    +

    run_connector_request_jira_oneOf_3_subActionParams - Up

    +
    +
    +
    id
    String The Jira issue identifier.
    +
    +
    +
    +

    run_connector_request_jira_oneOf_4 - Up

    +
    Jira connector properties when subAction is issues.
    +
    +
    subAction
    String The action to test.
    +
    Enum:
    +
    issues
    +
    subActionParams
    run_connector_request_jira_oneOf_4_subActionParams
    +
    +
    +
    +

    run_connector_request_jira_oneOf_4_subActionParams - Up

    +
    +
    +
    title
    String The title of the Jira issue.
    +
    +
    +
    +

    run_connector_request_jira_oneOf_5 - Up

    +
    Jira connector properties when subAction is issueTypes.
    +
    +
    subAction
    String The action to test.
    +
    Enum:
    +
    issueTypes
    +
    +
    +
    +

    run_connector_request_jira_oneOf_6 - Up

    +
    Jira connector properties when subAction is pushToService.
    +
    +
    subAction
    String The action to test.
    +
    Enum:
    +
    pushToService
    +
    subActionParams
    run_connector_request_jira_oneOf_6_subActionParams
    +
    +
    +
    +

    run_connector_request_jira_oneOf_6_subActionParams - Up

    +
    +
    +
    comments (optional)
    array[run_connector_request_jira_oneOf_6_subActionParams_comments] Additional information that is sent to Jira.
    +
    incident
    run_connector_request_jira_oneOf_6_subActionParams_incident
    +
    +
    +
    +

    run_connector_request_jira_oneOf_6_subActionParams_comments - Up

    +
    +
    +
    comment (optional)
    String A comment related to the incident. For example, describe how to troubleshoot the issue.
    +
    commentId (optional)
    Integer A unique identifier for the comment.
    +
    +
    +
    +

    run_connector_request_jira_oneOf_6_subActionParams_incident - Up

    +
    Information necessary to create or update a Jira incident.
    +
    +
    description (optional)
    String The details about the incident.
    +
    externalId (optional)
    String The Jira issue identifier. If present, the incident is updated. Otherwise, a new incident is created.
    +
    labels (optional)
    array[String] The labels for the incident. For example, ["LABEL1"]. NOTE: Labels cannot contain spaces.
    +
    issueType (optional)
    Integer The type of incident. For example, 10006. To obtain the list of valid values, set subAction to issueTypes.
    +
    parent (optional)
    String The ID or key of the parent issue. Applies only to Sub-task types of issues.
    +
    priority (optional)
    String The incident priority level. For example, Lowest.
    +
    summary
    String A summary of the incident.
    +
    title (optional)
    String A title for the incident, used for searching the contents of the knowledge base.
    +
    +
    +
    +

    run_connector_request_jira_oneOf_subActionParams - Up

    +
    +
    +
    id
    String The Jira issue type identifier.
    +
    +
    +
    +

    run_connector_request_opsgenie - Run Opsgenie connector parameters Up

    +
    Test an Opsgenie action.
    +
    +
    subAction
    String The action to test.
    +
    Enum:
    +
    createAlert
    +
    subActionParams
    run_connector_request_opsgenie_oneOf_1_subActionParams
    +
    +
    +
    +

    run_connector_request_opsgenie_oneOf - Up

    +
    Opsgenie connector properties when subAction is closeAlert.
    +
    +
    subAction
    String The action to test.
    +
    Enum:
    +
    closeAlert
    +
    subActionParams
    run_connector_request_opsgenie_oneOf_subActionParams
    +
    +
    +
    +

    run_connector_request_opsgenie_oneOf_1 - Up

    +
    Opsgenie connector properties when subAction is createAlert.
    +
    +
    subAction
    String The action to test.
    +
    Enum:
    +
    createAlert
    +
    subActionParams
    run_connector_request_opsgenie_oneOf_1_subActionParams
    +
    +
    +
    +

    run_connector_request_opsgenie_oneOf_1_subActionParams - Up

    +
    +
    +
    actions (optional)
    array[String] The custom actions available to the alert.
    +
    alias (optional)
    String The unique identifier used for alert deduplication in Opsgenie.
    +
    description (optional)
    String A description that provides detailed information about the alert.
    +
    details (optional)
    map[String, oas_any_type_not_mapped] The custom properties of the alert.
    +
    entity (optional)
    String The domain of the alert. For example, the application or server name.
    +
    message
    String The alert message.
    +
    note (optional)
    String Additional information for the alert.
    +
    priority (optional)
    String The priority level for the alert.
    +
    Enum:
    +
    P1
    P2
    P3
    P4
    P5
    +
    responders (optional)
    array[run_connector_request_opsgenie_oneOf_1_subActionParams_responders] The entities to receive notifications about the alert. If type is user, either id or username is required. If type is team, either id or name is required.
    +
    source (optional)
    String The display name for the source of the alert.
    +
    tags (optional)
    array[String] The tags for the alert.
    +
    user (optional)
    String The display name for the owner.
    +
    visibleTo (optional)
    array[run_connector_request_opsgenie_oneOf_1_subActionParams_visibleTo] The teams and users that the alert will be visible to without sending a notification. Only one of id, name, or username is required.
    +
    +
    +
    +

    run_connector_request_opsgenie_oneOf_1_subActionParams_responders - Up

    +
    +
    +
    id (optional)
    String The identifier for the entity.
    +
    name (optional)
    String The name of the entity.
    +
    type (optional)
    String The type of responders, in this case escalation.
    +
    Enum:
    +
    escalation
    schedule
    team
    user
    +
    username (optional)
    String A valid email address for the user.
    +
    +
    +
    +

    run_connector_request_opsgenie_oneOf_1_subActionParams_visibleTo - Up

    +
    +
    +
    id (optional)
    String The identifier for the entity.
    +
    name (optional)
    String The name of the entity.
    +
    type
    String Valid values are team and user.
    +
    Enum:
    +
    team
    user
    +
    username (optional)
    String The user name. This property is required only when the type is user.
    +
    +
    +
    +

    run_connector_request_opsgenie_oneOf_subActionParams - Up

    +
    +
    +
    alias
    String The unique identifier used for alert deduplication in Opsgenie. The alias must match the value used when creating the alert.
    +
    note (optional)
    String Additional information for the alert.
    +
    source (optional)
    String The display name for the source of the alert.
    +
    user (optional)
    String The display name for the owner.
    +
    +
    +
    +

    run_connector_request_serverlog - Run server log connector parameters Up

    +
    Test an action that writes an entry to the Kibana server log.
    +
    +
    level (optional)
    String The log level of the message.
    +
    Enum:
    +
    debug
    error
    fatal
    info
    trace
    warn
    +
    message
    String The message to log.
    +
    +
    +
    +

    run_connector_request_servicenow - Run ServiceNow ITSM connector parameters Up

    +
    Test ServiceNow incidents.
    +
    +
    subAction
    String The action to test.
    +
    Enum:
    +
    pushToService
    +
    subActionParams
    run_connector_request_servicenow_oneOf_3_subActionParams
    +
    +
    +
    +

    run_connector_request_servicenow_itom - Run ServiceNow ITOM connector parameters Up

    +
    Test ServiceNow events.
    +
    +
    subAction
    String The action to test.
    +
    Enum:
    +
    getChoices
    +
    subActionParams
    run_connector_request_servicenow_oneOf_subActionParams
    +
    +
    +
    +

    run_connector_request_servicenow_itom_oneOf - Up

    +
    ServiceNow ITOM connector properties when subAction is addEvent.
    +
    +
    subAction
    String The action to test.
    +
    Enum:
    +
    addEvent
    +
    subActionParams (optional)
    run_connector_request_servicenow_itom_oneOf_subActionParams
    +
    +
    +
    +

    run_connector_request_servicenow_itom_oneOf_1 - Up

    +
    ServiceNow ITOM connector properties when subAction is getChoices.
    +
    +
    subAction
    String The action to test.
    +
    Enum:
    +
    getChoices
    +
    subActionParams
    run_connector_request_servicenow_oneOf_subActionParams
    +
    +
    +
    +

    run_connector_request_servicenow_itom_oneOf_subActionParams - Up

    +
    The set of configuration properties for the action.
    +
    +
    additional_info (optional)
    String Additional information about the event.
    +
    description (optional)
    String The details about the event.
    +
    event_class (optional)
    String A specific instance of the source.
    +
    message_key (optional)
    String All actions sharing this key are associated with the same ServiceNow alert. The default value is <rule ID>:<alert instance ID>.
    +
    metric_name (optional)
    String The name of the metric.
    +
    node (optional)
    String The host that the event was triggered for.
    +
    resource (optional)
    String The name of the resource.
    +
    severity (optional)
    String The severity of the event.
    +
    source (optional)
    String The name of the event source type.
    +
    time_of_event (optional)
    String The time of the event.
    +
    type (optional)
    String The type of event.
    +
    +
    +
    +

    run_connector_request_servicenow_oneOf - Up

    +
    ServiceNow ITSM connector properties when subAction is getChoices.
    +
    +
    subAction
    String The action to test.
    +
    Enum:
    +
    getChoices
    +
    subActionParams
    run_connector_request_servicenow_oneOf_subActionParams
    +
    +
    +
    +

    run_connector_request_servicenow_oneOf_1 - Up

    +
    ServiceNow ITSM connector properties when subAction is getFields.
    +
    +
    subAction
    String The action to test.
    +
    Enum:
    +
    getFields
    +
    +
    +
    +

    run_connector_request_servicenow_oneOf_2 - Up

    +
    ServiceNow ITSM connector properties when subAction is getIncident.
    +
    +
    subAction
    String The action to test.
    +
    Enum:
    +
    getIncident
    +
    subActionParams
    run_connector_request_servicenow_oneOf_2_subActionParams
    +
    +
    +
    +

    run_connector_request_servicenow_oneOf_2_subActionParams - Up

    +
    The set of configuration properties for the action.
    +
    +
    externalId
    String The ServiceNow ITSM issue identifier.
    +
    +
    +
    +

    run_connector_request_servicenow_oneOf_3 - Up

    +
    ServiceNow ITSM connector properties when subAction is pushToService.
    +
    +
    subAction
    String The action to test.
    +
    Enum:
    +
    pushToService
    +
    subActionParams
    run_connector_request_servicenow_oneOf_3_subActionParams
    +
    +
    +
    +

    run_connector_request_servicenow_oneOf_3_subActionParams - Up

    +
    The set of configuration properties for the action.
    +
    +
    comments (optional)
    array[run_connector_request_jira_oneOf_6_subActionParams_comments] Additional information that is sent to ServiceNow ITSM.
    +
    incident
    run_connector_request_servicenow_oneOf_3_subActionParams_incident
    +
    +
    +
    +

    run_connector_request_servicenow_oneOf_3_subActionParams_incident - Up

    +
    Information necessary to create or update a ServiceNow ITSM incident.
    +
    +
    category (optional)
    String The category of the incident.
    +
    correlation_display (optional)
    String A descriptive label of the alert for correlation purposes in ServiceNow.
    +
    correlation_id (optional)
    String The correlation identifier for the security incident. Connectors using the same correlation ID are associated with the same ServiceNow incident. This value determines whether a new ServiceNow incident is created or an existing one is updated. Modifying this value is optional; if not modified, the rule ID and alert ID are combined as {{ruleID}}:{{alert ID}} to form the correlation ID value in ServiceNow. The maximum character length for this value is 100 characters. NOTE: Using the default configuration of {{ruleID}}:{{alert ID}} ensures that ServiceNow creates a separate incident record for every generated alert that uses a unique alert ID. If the rule generates multiple alerts that use the same alert IDs, ServiceNow creates and continually updates a single incident record for the alert.
    +
    description (optional)
    String The details about the incident.
    +
    externalId (optional)
    String The ServiceNow ITSM issue identifier. If present, the incident is updated. Otherwise, a new incident is created.
    +
    impact (optional)
    String The impact in ServiceNow ITSM.
    +
    severity (optional)
    String The severity of the incident.
    +
    short_description
    String A short description for the incident, used for searching the contents of the knowledge base.
    +
    subcategory (optional)
    String The subcategory in ServiceNow ITSM.
    +
    urgency (optional)
    String The urgency in ServiceNow ITSM.
    +
    +
    +
    +

    run_connector_request_servicenow_oneOf_subActionParams - Up

    +
    The set of configuration properties for the action.
    +
    +
    fields
    array[String] An array of fields.
    +
    +
    +
    +

    run_connector_request_servicenow_sir - Run ServiceNow SecOps connector parameters Up

    +
    Test ServiceNow security incidents.
    +
    +
    subAction
    String The action to test.
    +
    Enum:
    +
    pushToService
    +
    subActionParams
    run_connector_request_servicenow_sir_oneOf_3_subActionParams
    +
    +
    +
    +

    run_connector_request_servicenow_sir_oneOf - Up

    +
    ServiceNow SecOps connector properties when subAction is getChoices.
    +
    +
    subAction
    String The action to test.
    +
    Enum:
    +
    getChoices
    +
    subActionParams
    run_connector_request_servicenow_oneOf_subActionParams
    +
    +
    +
    +

    run_connector_request_servicenow_sir_oneOf_1 - Up

    +
    ServiceNow SecOps connector properties when subAction is getFields.
    +
    +
    subAction
    String The action to test.
    +
    Enum:
    +
    getFields
    +
    +
    +
    +

    run_connector_request_servicenow_sir_oneOf_2 - Up

    +
    ServiceNow SecOps connector properties when subAction is getIncident.
    +
    +
    subAction
    String The action to test.
    +
    Enum:
    +
    getIncident
    +
    subActionParams
    run_connector_request_servicenow_sir_oneOf_2_subActionParams
    +
    +
    +
    +

    run_connector_request_servicenow_sir_oneOf_2_subActionParams - Up

    +
    The set of configuration properties for the action.
    +
    +
    externalId
    String The ServiceNow SecOps issue identifier.
    +
    +
    +
    +

    run_connector_request_servicenow_sir_oneOf_3 - Up

    +
    ServiceNow SecOps connector properties when subAction is pushToService.
    +
    +
    subAction
    String The action to test.
    +
    Enum:
    +
    pushToService
    +
    subActionParams
    run_connector_request_servicenow_sir_oneOf_3_subActionParams
    +
    +
    +
    +

    run_connector_request_servicenow_sir_oneOf_3_subActionParams - Up

    +
    The set of configuration properties for the action.
    +
    +
    comments (optional)
    array[run_connector_request_jira_oneOf_6_subActionParams_comments] Additional information that is sent to ServiceNow SecOps.
    +
    incident
    run_connector_request_servicenow_sir_oneOf_3_subActionParams_incident
    +
    +
    +
    +

    run_connector_request_servicenow_sir_oneOf_3_subActionParams_incident - Up

    +
    Information necessary to create or update a ServiceNow SecOps incident.
    +
    +
    category (optional)
    String The category of the incident.
    +
    correlation_display (optional)
    String A descriptive label of the alert for correlation purposes in ServiceNow.
    +
    correlation_id (optional)
    String The correlation identifier for the security incident. Connectors using the same correlation ID are associated with the same ServiceNow incident. This value determines whether a new ServiceNow incident is created or an existing one is updated. Modifying this value is optional; if not modified, the rule ID and alert ID are combined as {{ruleID}}:{{alert ID}} to form the correlation ID value in ServiceNow. The maximum character length for this value is 100 characters. NOTE: Using the default configuration of {{ruleID}}:{{alert ID}} ensures that ServiceNow creates a separate incident record for every generated alert that uses a unique alert ID. If the rule generates multiple alerts that use the same alert IDs, ServiceNow creates and continually updates a single incident record for the alert.
    +
    description (optional)
    String The details about the incident.
    +
    dest_ip (optional)
    oneOf A list of destination IP addresses related to the security incident. The IPs are added as observables to the security incident.
    +
    externalId (optional)
    String The ServiceNow SecOps issue identifier. If present, the incident is updated. Otherwise, a new incident is created.
    +
    malware_hash (optional)
    oneOf A list of malware hashes related to the security incident. The hashes are added as observables to the security incident.
    +
    malware_url (optional)
    oneOf A list of malware URLs related to the security incident. The URLs are added as observables to the security incident.
    +
    priority (optional)
    String The priority in ServiceNow.
    +
    short_description
    String A short description for the incident, used for searching the contents of the knowledge base.
    +
    source_ip (optional)
    oneOf A list of source IP addresses related to the security incident. The IPs are added as observables to the security incident.
    +
    subcategory (optional)
    String The subcategory of the incident.
    +
    +
    +
    +

    run_connector_request_swimlane - Run Swimlane connector parameters Up

    +
    Test actions involving Swimlane records.
    +
    +
    subAction
    String The action to test.
    +
    Enum:
    +
    pushToService
    +
    subActionParams
    run_connector_request_swimlane_subActionParams
    +
    +
    +
    +

    run_connector_request_swimlane_subActionParams - Up

    +
    The set of configuration properties for the action.
    +
    +
    comments (optional)
    array[run_connector_request_jira_oneOf_6_subActionParams_comments] Additional information that is setnt to Swimlane
    +
    incident (optional)
    run_connector_request_swimlane_subActionParams_incident
    +
    +
    +
    +

    run_connector_request_swimlane_subActionParams_incident - Up

    +
    Information necessary to create or update a Swimlane incident.
    +
    +
    alertId (optional)
    String The alert identifier.
    +
    caseId (optional)
    String The case identifier for the incident.
    +
    caseName (optional)
    String The case name for the incident.
    +
    description (optional)
    String The description of the incident.
    +
    ruleName (optional)
    String The rule name.
    +
    severity (optional)
    String The severity of the incident.
    +
    +

    secrets_properties_cases_webhook - Connector secrets properties for Webhook - Case Management connector Up

    diff --git a/docs/api/actions-and-connectors/execute.asciidoc b/docs/api/actions-and-connectors/execute.asciidoc index 1a1675f6b2df5..6d94c61f6232b 100644 --- a/docs/api/actions-and-connectors/execute.asciidoc +++ b/docs/api/actions-and-connectors/execute.asciidoc @@ -6,6 +6,12 @@ Runs a connector by ID. +[NOTE] +==== +For the most up-to-date API details, refer to the +{kib-repo}/tree/{branch}/x-pack/plugins/actions/docs/openapi[open API specification]. For a preview, check out <>. +==== + [[execute-connector-api-request]] === {api-request-title} From 6f558db0086147fd7e3777bae0349f4c46ae368a Mon Sep 17 00:00:00 2001 From: lcawl Date: Tue, 24 Jan 2023 19:19:15 -0800 Subject: [PATCH 08/11] [DOCS] Add discriminator for ServiceNow ITOM --- x-pack/plugins/actions/docs/openapi/bundled.json | 5 ++++- x-pack/plugins/actions/docs/openapi/bundled.yaml | 2 ++ .../schemas/run_connector_request_servicenow_itom.yaml | 2 ++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/x-pack/plugins/actions/docs/openapi/bundled.json b/x-pack/plugins/actions/docs/openapi/bundled.json index 484e22a913cd9..0c9ae97567d81 100644 --- a/x-pack/plugins/actions/docs/openapi/bundled.json +++ b/x-pack/plugins/actions/docs/openapi/bundled.json @@ -3847,7 +3847,10 @@ } } } - ] + ], + "discriminator": { + "propertyName": "subAction" + } }, "run_connector_request_servicenow_sir": { "title": "Run ServiceNow SecOps connector parameters", diff --git a/x-pack/plugins/actions/docs/openapi/bundled.yaml b/x-pack/plugins/actions/docs/openapi/bundled.yaml index bea9857e3b224..89a014793463b 100644 --- a/x-pack/plugins/actions/docs/openapi/bundled.yaml +++ b/x-pack/plugins/actions/docs/openapi/bundled.yaml @@ -2711,6 +2711,8 @@ components: description: An array of fields. items: type: string + discriminator: + propertyName: subAction run_connector_request_servicenow_sir: title: Run ServiceNow SecOps connector parameters description: Test ServiceNow security incidents. diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_servicenow_itom.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_servicenow_itom.yaml index dec0fcda2c4b9..3fa18160a8d66 100644 --- a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_servicenow_itom.yaml +++ b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_servicenow_itom.yaml @@ -70,3 +70,5 @@ oneOf: description: An array of fields. items: type: string +discriminator: + propertyName: subAction From ae0d8bf7f1748a8dd04b7ff42403b990c4e2fb70 Mon Sep 17 00:00:00 2001 From: lcawl Date: Tue, 24 Jan 2023 19:43:32 -0800 Subject: [PATCH 09/11] [DOCS] Remove connector-specific schemas --- .../connector-apis-passthru.asciidoc | 546 +------ .../plugins/actions/docs/openapi/bundled.json | 1435 ++--------------- .../plugins/actions/docs/openapi/bundled.yaml | 839 +--------- ...ions@connector@{connectorid}@_execute.yaml | 79 +- 4 files changed, 253 insertions(+), 2646 deletions(-) diff --git a/docs/api-generated/connectors/connector-apis-passthru.asciidoc b/docs/api-generated/connectors/connector-apis-passthru.asciidoc index 425e66fd83192..ed2072d6da078 100644 --- a/docs/api-generated/connectors/connector-apis-passthru.asciidoc +++ b/docs/api-generated/connectors/connector-apis-passthru.asciidoc @@ -531,54 +531,6 @@ Any modifications made to this file will be overwritten.
  • getConnector_404_response -
  • runConnector_200_response -
  • runConnector_200_response_data -
    • -
  • run_connector_request_index - Run index connector parameters
    • -
  • run_connector_request_jira - Run Jira connector parameters
    • -
  • run_connector_request_jira_oneOf -
    • -
  • run_connector_request_jira_oneOf_1 -
    • -
  • run_connector_request_jira_oneOf_2 -
    • -
  • run_connector_request_jira_oneOf_2_subActionParams -
    • -
  • run_connector_request_jira_oneOf_3 -
    • -
  • run_connector_request_jira_oneOf_3_subActionParams -
    • -
  • run_connector_request_jira_oneOf_4 -
    • -
  • run_connector_request_jira_oneOf_4_subActionParams -
    • -
  • run_connector_request_jira_oneOf_5 -
    • -
  • run_connector_request_jira_oneOf_6 -
    • -
  • run_connector_request_jira_oneOf_6_subActionParams -
    • -
  • run_connector_request_jira_oneOf_6_subActionParams_comments -
    • -
  • run_connector_request_jira_oneOf_6_subActionParams_incident -
    • -
  • run_connector_request_jira_oneOf_subActionParams -
    • -
  • run_connector_request_opsgenie - Run Opsgenie connector parameters
    • -
  • run_connector_request_opsgenie_oneOf -
    • -
  • run_connector_request_opsgenie_oneOf_1 -
    • -
  • run_connector_request_opsgenie_oneOf_1_subActionParams -
    • -
  • run_connector_request_opsgenie_oneOf_1_subActionParams_responders -
    • -
  • run_connector_request_opsgenie_oneOf_1_subActionParams_visibleTo -
    • -
  • run_connector_request_opsgenie_oneOf_subActionParams -
    • -
  • run_connector_request_serverlog - Run server log connector parameters
    • -
  • run_connector_request_servicenow - Run ServiceNow ITSM connector parameters
    • -
  • run_connector_request_servicenow_itom - Run ServiceNow ITOM connector parameters
    • -
  • run_connector_request_servicenow_itom_oneOf -
    • -
  • run_connector_request_servicenow_itom_oneOf_1 -
    • -
  • run_connector_request_servicenow_itom_oneOf_subActionParams -
    • -
  • run_connector_request_servicenow_oneOf -
    • -
  • run_connector_request_servicenow_oneOf_1 -
    • -
  • run_connector_request_servicenow_oneOf_2 -
    • -
  • run_connector_request_servicenow_oneOf_2_subActionParams -
    • -
  • run_connector_request_servicenow_oneOf_3 -
    • -
  • run_connector_request_servicenow_oneOf_3_subActionParams -
    • -
  • run_connector_request_servicenow_oneOf_3_subActionParams_incident -
    • -
  • run_connector_request_servicenow_oneOf_subActionParams -
    • -
  • run_connector_request_servicenow_sir - Run ServiceNow SecOps connector parameters
    • -
  • run_connector_request_servicenow_sir_oneOf -
    • -
  • run_connector_request_servicenow_sir_oneOf_1 -
    • -
  • run_connector_request_servicenow_sir_oneOf_2 -
    • -
  • run_connector_request_servicenow_sir_oneOf_2_subActionParams -
    • -
  • run_connector_request_servicenow_sir_oneOf_3 -
    • -
  • run_connector_request_servicenow_sir_oneOf_3_subActionParams -
    • -
  • run_connector_request_servicenow_sir_oneOf_3_subActionParams_incident -
    • -
  • run_connector_request_swimlane - Run Swimlane connector parameters
    • -
  • run_connector_request_swimlane_subActionParams -
    • -
  • run_connector_request_swimlane_subActionParams_incident -
  • secrets_properties_cases_webhook - Connector secrets properties for Webhook - Case Management connector
  • secrets_properties_jira - Connector secrets properties for a Jira connector
  • secrets_properties_opsgenie - Connector secrets properties for an Opsgenie connector
    • @@ -746,15 +698,15 @@ Any modifications made to this file will be overwritten.

    Run_connector_request_body_properties_params - Up

    -
    documents
    array[map[String, oas_any_type_not_mapped]] The documents to index in JSON format.
    -
    subAction
    String The action to test.
    -
    Enum:
    -
    pushToService
    -
    subActionParams
    run_connector_request_swimlane_subActionParams
    -
    level (optional)
    String The log level of the message.
    +
    documents (optional)
    array[map[String, oas_any_type_not_mapped]] The documents to index in JSON format. This property is required only for index connectors.
    +
    level (optional)
    String The log level of the message. This property is applicable only to server log connectors.
    Enum:
    debug
    error
    fatal
    info
    trace
    warn
    -
    message
    String The message to log.
    +
    message (optional)
    String The message to log. This property is required only for server log connectors.
    +
    subAction (optional)
    String The action to test.
    +
    Enum:
    +
    addEvent
    createAlert
    closeAlert
    fieldsByIssueType
    getChoices
    getFields
    getIncident
    issue
    issues
    issueTypes
    pushToService
    +
    subActionParams (optional)
    map[String, oas_any_type_not_mapped]
    @@ -1375,490 +1327,6 @@ Any modifications made to this file will be overwritten.
    -
    -

    run_connector_request_index - Run index connector parameters Up

    -
    Test an action that indexes a document into Elasticsearch.
    -
    -
    documents
    array[map[String, oas_any_type_not_mapped]] The documents to index in JSON format.
    -
    -
    -
    -

    run_connector_request_jira - Run Jira connector parameters Up

    -
    Test an action related to Jira issues.
    -
    -
    subAction
    String The action to test.
    -
    Enum:
    -
    pushToService
    -
    subActionParams
    run_connector_request_jira_oneOf_6_subActionParams
    -
    -
    -
    -

    run_connector_request_jira_oneOf - Up

    -
    Jira connector properties when subAction is fieldsByIssueType.
    -
    -
    subAction
    String The action to test.
    -
    Enum:
    -
    fieldsByIssueType
    -
    subActionParams
    run_connector_request_jira_oneOf_subActionParams
    -
    -
    -
    -

    run_connector_request_jira_oneOf_1 - Up

    -
    Jira connector properties when subAction is getFields.
    -
    -
    subAction
    String The action to test.
    -
    Enum:
    -
    getFields
    -
    -
    -
    -

    run_connector_request_jira_oneOf_2 - Up

    -
    Jira connector properties when subAction is getIncident.
    -
    -
    subAction
    String The action to test.
    -
    Enum:
    -
    getIncident
    -
    subActionParams
    run_connector_request_jira_oneOf_2_subActionParams
    -
    -
    -
    -

    run_connector_request_jira_oneOf_2_subActionParams - Up

    -
    -
    -
    externalId
    String The Jira issue identifier.
    -
    -
    -
    -

    run_connector_request_jira_oneOf_3 - Up

    -
    Jira connector properties when subAction is issue.
    -
    -
    subAction
    String The action to test.
    -
    Enum:
    -
    issue
    -
    subActionParams (optional)
    run_connector_request_jira_oneOf_3_subActionParams
    -
    -
    -
    -

    run_connector_request_jira_oneOf_3_subActionParams - Up

    -
    -
    -
    id
    String The Jira issue identifier.
    -
    -
    -
    -

    run_connector_request_jira_oneOf_4 - Up

    -
    Jira connector properties when subAction is issues.
    -
    -
    subAction
    String The action to test.
    -
    Enum:
    -
    issues
    -
    subActionParams
    run_connector_request_jira_oneOf_4_subActionParams
    -
    -
    -
    -

    run_connector_request_jira_oneOf_4_subActionParams - Up

    -
    -
    -
    title
    String The title of the Jira issue.
    -
    -
    -
    -

    run_connector_request_jira_oneOf_5 - Up

    -
    Jira connector properties when subAction is issueTypes.
    -
    -
    subAction
    String The action to test.
    -
    Enum:
    -
    issueTypes
    -
    -
    -
    -

    run_connector_request_jira_oneOf_6 - Up

    -
    Jira connector properties when subAction is pushToService.
    -
    -
    subAction
    String The action to test.
    -
    Enum:
    -
    pushToService
    -
    subActionParams
    run_connector_request_jira_oneOf_6_subActionParams
    -
    -
    -
    -

    run_connector_request_jira_oneOf_6_subActionParams - Up

    -
    -
    -
    comments (optional)
    array[run_connector_request_jira_oneOf_6_subActionParams_comments] Additional information that is sent to Jira.
    -
    incident
    run_connector_request_jira_oneOf_6_subActionParams_incident
    -
    -
    -
    -

    run_connector_request_jira_oneOf_6_subActionParams_comments - Up

    -
    -
    -
    comment (optional)
    String A comment related to the incident. For example, describe how to troubleshoot the issue.
    -
    commentId (optional)
    Integer A unique identifier for the comment.
    -
    -
    -
    -

    run_connector_request_jira_oneOf_6_subActionParams_incident - Up

    -
    Information necessary to create or update a Jira incident.
    -
    -
    description (optional)
    String The details about the incident.
    -
    externalId (optional)
    String The Jira issue identifier. If present, the incident is updated. Otherwise, a new incident is created.
    -
    labels (optional)
    array[String] The labels for the incident. For example, ["LABEL1"]. NOTE: Labels cannot contain spaces.
    -
    issueType (optional)
    Integer The type of incident. For example, 10006. To obtain the list of valid values, set subAction to issueTypes.
    -
    parent (optional)
    String The ID or key of the parent issue. Applies only to Sub-task types of issues.
    -
    priority (optional)
    String The incident priority level. For example, Lowest.
    -
    summary
    String A summary of the incident.
    -
    title (optional)
    String A title for the incident, used for searching the contents of the knowledge base.
    -
    -
    -
    -

    run_connector_request_jira_oneOf_subActionParams - Up

    -
    -
    -
    id
    String The Jira issue type identifier.
    -
    -
    -
    -

    run_connector_request_opsgenie - Run Opsgenie connector parameters Up

    -
    Test an Opsgenie action.
    -
    -
    subAction
    String The action to test.
    -
    Enum:
    -
    createAlert
    -
    subActionParams
    run_connector_request_opsgenie_oneOf_1_subActionParams
    -
    -
    -
    -

    run_connector_request_opsgenie_oneOf - Up

    -
    Opsgenie connector properties when subAction is closeAlert.
    -
    -
    subAction
    String The action to test.
    -
    Enum:
    -
    closeAlert
    -
    subActionParams
    run_connector_request_opsgenie_oneOf_subActionParams
    -
    -
    -
    -

    run_connector_request_opsgenie_oneOf_1 - Up

    -
    Opsgenie connector properties when subAction is createAlert.
    -
    -
    subAction
    String The action to test.
    -
    Enum:
    -
    createAlert
    -
    subActionParams
    run_connector_request_opsgenie_oneOf_1_subActionParams
    -
    -
    -
    -

    run_connector_request_opsgenie_oneOf_1_subActionParams - Up

    -
    -
    -
    actions (optional)
    array[String] The custom actions available to the alert.
    -
    alias (optional)
    String The unique identifier used for alert deduplication in Opsgenie.
    -
    description (optional)
    String A description that provides detailed information about the alert.
    -
    details (optional)
    map[String, oas_any_type_not_mapped] The custom properties of the alert.
    -
    entity (optional)
    String The domain of the alert. For example, the application or server name.
    -
    message
    String The alert message.
    -
    note (optional)
    String Additional information for the alert.
    -
    priority (optional)
    String The priority level for the alert.
    -
    Enum:
    -
    P1
    P2
    P3
    P4
    P5
    -
    responders (optional)
    array[run_connector_request_opsgenie_oneOf_1_subActionParams_responders] The entities to receive notifications about the alert. If type is user, either id or username is required. If type is team, either id or name is required.
    -
    source (optional)
    String The display name for the source of the alert.
    -
    tags (optional)
    array[String] The tags for the alert.
    -
    user (optional)
    String The display name for the owner.
    -
    visibleTo (optional)
    array[run_connector_request_opsgenie_oneOf_1_subActionParams_visibleTo] The teams and users that the alert will be visible to without sending a notification. Only one of id, name, or username is required.
    -
    -
    -
    -

    run_connector_request_opsgenie_oneOf_1_subActionParams_responders - Up

    -
    -
    -
    id (optional)
    String The identifier for the entity.
    -
    name (optional)
    String The name of the entity.
    -
    type (optional)
    String The type of responders, in this case escalation.
    -
    Enum:
    -
    escalation
    schedule
    team
    user
    -
    username (optional)
    String A valid email address for the user.
    -
    -
    -
    -

    run_connector_request_opsgenie_oneOf_1_subActionParams_visibleTo - Up

    -
    -
    -
    id (optional)
    String The identifier for the entity.
    -
    name (optional)
    String The name of the entity.
    -
    type
    String Valid values are team and user.
    -
    Enum:
    -
    team
    user
    -
    username (optional)
    String The user name. This property is required only when the type is user.
    -
    -
    -
    -

    run_connector_request_opsgenie_oneOf_subActionParams - Up

    -
    -
    -
    alias
    String The unique identifier used for alert deduplication in Opsgenie. The alias must match the value used when creating the alert.
    -
    note (optional)
    String Additional information for the alert.
    -
    source (optional)
    String The display name for the source of the alert.
    -
    user (optional)
    String The display name for the owner.
    -
    -
    -
    -

    run_connector_request_serverlog - Run server log connector parameters Up

    -
    Test an action that writes an entry to the Kibana server log.
    -
    -
    level (optional)
    String The log level of the message.
    -
    Enum:
    -
    debug
    error
    fatal
    info
    trace
    warn
    -
    message
    String The message to log.
    -
    -
    -
    -

    run_connector_request_servicenow - Run ServiceNow ITSM connector parameters Up

    -
    Test ServiceNow incidents.
    -
    -
    subAction
    String The action to test.
    -
    Enum:
    -
    pushToService
    -
    subActionParams
    run_connector_request_servicenow_oneOf_3_subActionParams
    -
    -
    -
    -

    run_connector_request_servicenow_itom - Run ServiceNow ITOM connector parameters Up

    -
    Test ServiceNow events.
    -
    -
    subAction
    String The action to test.
    -
    Enum:
    -
    getChoices
    -
    subActionParams
    run_connector_request_servicenow_oneOf_subActionParams
    -
    -
    -
    -

    run_connector_request_servicenow_itom_oneOf - Up

    -
    ServiceNow ITOM connector properties when subAction is addEvent.
    -
    -
    subAction
    String The action to test.
    -
    Enum:
    -
    addEvent
    -
    subActionParams (optional)
    run_connector_request_servicenow_itom_oneOf_subActionParams
    -
    -
    -
    -

    run_connector_request_servicenow_itom_oneOf_1 - Up

    -
    ServiceNow ITOM connector properties when subAction is getChoices.
    -
    -
    subAction
    String The action to test.
    -
    Enum:
    -
    getChoices
    -
    subActionParams
    run_connector_request_servicenow_oneOf_subActionParams
    -
    -
    -
    -

    run_connector_request_servicenow_itom_oneOf_subActionParams - Up

    -
    The set of configuration properties for the action.
    -
    -
    additional_info (optional)
    String Additional information about the event.
    -
    description (optional)
    String The details about the event.
    -
    event_class (optional)
    String A specific instance of the source.
    -
    message_key (optional)
    String All actions sharing this key are associated with the same ServiceNow alert. The default value is <rule ID>:<alert instance ID>.
    -
    metric_name (optional)
    String The name of the metric.
    -
    node (optional)
    String The host that the event was triggered for.
    -
    resource (optional)
    String The name of the resource.
    -
    severity (optional)
    String The severity of the event.
    -
    source (optional)
    String The name of the event source type.
    -
    time_of_event (optional)
    String The time of the event.
    -
    type (optional)
    String The type of event.
    -
    -
    -
    -

    run_connector_request_servicenow_oneOf - Up

    -
    ServiceNow ITSM connector properties when subAction is getChoices.
    -
    -
    subAction
    String The action to test.
    -
    Enum:
    -
    getChoices
    -
    subActionParams
    run_connector_request_servicenow_oneOf_subActionParams
    -
    -
    -
    -

    run_connector_request_servicenow_oneOf_1 - Up

    -
    ServiceNow ITSM connector properties when subAction is getFields.
    -
    -
    subAction
    String The action to test.
    -
    Enum:
    -
    getFields
    -
    -
    -
    -

    run_connector_request_servicenow_oneOf_2 - Up

    -
    ServiceNow ITSM connector properties when subAction is getIncident.
    -
    -
    subAction
    String The action to test.
    -
    Enum:
    -
    getIncident
    -
    subActionParams
    run_connector_request_servicenow_oneOf_2_subActionParams
    -
    -
    -
    -

    run_connector_request_servicenow_oneOf_2_subActionParams - Up

    -
    The set of configuration properties for the action.
    -
    -
    externalId
    String The ServiceNow ITSM issue identifier.
    -
    -
    -
    -

    run_connector_request_servicenow_oneOf_3 - Up

    -
    ServiceNow ITSM connector properties when subAction is pushToService.
    -
    -
    subAction
    String The action to test.
    -
    Enum:
    -
    pushToService
    -
    subActionParams
    run_connector_request_servicenow_oneOf_3_subActionParams
    -
    -
    -
    -

    run_connector_request_servicenow_oneOf_3_subActionParams - Up

    -
    The set of configuration properties for the action.
    -
    -
    comments (optional)
    array[run_connector_request_jira_oneOf_6_subActionParams_comments] Additional information that is sent to ServiceNow ITSM.
    -
    incident
    run_connector_request_servicenow_oneOf_3_subActionParams_incident
    -
    -
    -
    -

    run_connector_request_servicenow_oneOf_3_subActionParams_incident - Up

    -
    Information necessary to create or update a ServiceNow ITSM incident.
    -
    -
    category (optional)
    String The category of the incident.
    -
    correlation_display (optional)
    String A descriptive label of the alert for correlation purposes in ServiceNow.
    -
    correlation_id (optional)
    String The correlation identifier for the security incident. Connectors using the same correlation ID are associated with the same ServiceNow incident. This value determines whether a new ServiceNow incident is created or an existing one is updated. Modifying this value is optional; if not modified, the rule ID and alert ID are combined as {{ruleID}}:{{alert ID}} to form the correlation ID value in ServiceNow. The maximum character length for this value is 100 characters. NOTE: Using the default configuration of {{ruleID}}:{{alert ID}} ensures that ServiceNow creates a separate incident record for every generated alert that uses a unique alert ID. If the rule generates multiple alerts that use the same alert IDs, ServiceNow creates and continually updates a single incident record for the alert.
    -
    description (optional)
    String The details about the incident.
    -
    externalId (optional)
    String The ServiceNow ITSM issue identifier. If present, the incident is updated. Otherwise, a new incident is created.
    -
    impact (optional)
    String The impact in ServiceNow ITSM.
    -
    severity (optional)
    String The severity of the incident.
    -
    short_description
    String A short description for the incident, used for searching the contents of the knowledge base.
    -
    subcategory (optional)
    String The subcategory in ServiceNow ITSM.
    -
    urgency (optional)
    String The urgency in ServiceNow ITSM.
    -
    -
    -
    -

    run_connector_request_servicenow_oneOf_subActionParams - Up

    -
    The set of configuration properties for the action.
    -
    -
    fields
    array[String] An array of fields.
    -
    -
    -
    -

    run_connector_request_servicenow_sir - Run ServiceNow SecOps connector parameters Up

    -
    Test ServiceNow security incidents.
    -
    -
    subAction
    String The action to test.
    -
    Enum:
    -
    pushToService
    -
    subActionParams
    run_connector_request_servicenow_sir_oneOf_3_subActionParams
    -
    -
    -
    -

    run_connector_request_servicenow_sir_oneOf - Up

    -
    ServiceNow SecOps connector properties when subAction is getChoices.
    -
    -
    subAction
    String The action to test.
    -
    Enum:
    -
    getChoices
    -
    subActionParams
    run_connector_request_servicenow_oneOf_subActionParams
    -
    -
    -
    -

    run_connector_request_servicenow_sir_oneOf_1 - Up

    -
    ServiceNow SecOps connector properties when subAction is getFields.
    -
    -
    subAction
    String The action to test.
    -
    Enum:
    -
    getFields
    -
    -
    -
    -

    run_connector_request_servicenow_sir_oneOf_2 - Up

    -
    ServiceNow SecOps connector properties when subAction is getIncident.
    -
    -
    subAction
    String The action to test.
    -
    Enum:
    -
    getIncident
    -
    subActionParams
    run_connector_request_servicenow_sir_oneOf_2_subActionParams
    -
    -
    -
    -

    run_connector_request_servicenow_sir_oneOf_2_subActionParams - Up

    -
    The set of configuration properties for the action.
    -
    -
    externalId
    String The ServiceNow SecOps issue identifier.
    -
    -
    -
    -

    run_connector_request_servicenow_sir_oneOf_3 - Up

    -
    ServiceNow SecOps connector properties when subAction is pushToService.
    -
    -
    subAction
    String The action to test.
    -
    Enum:
    -
    pushToService
    -
    subActionParams
    run_connector_request_servicenow_sir_oneOf_3_subActionParams
    -
    -
    -
    -

    run_connector_request_servicenow_sir_oneOf_3_subActionParams - Up

    -
    The set of configuration properties for the action.
    -
    -
    comments (optional)
    array[run_connector_request_jira_oneOf_6_subActionParams_comments] Additional information that is sent to ServiceNow SecOps.
    -
    incident
    run_connector_request_servicenow_sir_oneOf_3_subActionParams_incident
    -
    -
    -
    -

    run_connector_request_servicenow_sir_oneOf_3_subActionParams_incident - Up

    -
    Information necessary to create or update a ServiceNow SecOps incident.
    -
    -
    category (optional)
    String The category of the incident.
    -
    correlation_display (optional)
    String A descriptive label of the alert for correlation purposes in ServiceNow.
    -
    correlation_id (optional)
    String The correlation identifier for the security incident. Connectors using the same correlation ID are associated with the same ServiceNow incident. This value determines whether a new ServiceNow incident is created or an existing one is updated. Modifying this value is optional; if not modified, the rule ID and alert ID are combined as {{ruleID}}:{{alert ID}} to form the correlation ID value in ServiceNow. The maximum character length for this value is 100 characters. NOTE: Using the default configuration of {{ruleID}}:{{alert ID}} ensures that ServiceNow creates a separate incident record for every generated alert that uses a unique alert ID. If the rule generates multiple alerts that use the same alert IDs, ServiceNow creates and continually updates a single incident record for the alert.
    -
    description (optional)
    String The details about the incident.
    -
    dest_ip (optional)
    oneOf A list of destination IP addresses related to the security incident. The IPs are added as observables to the security incident.
    -
    externalId (optional)
    String The ServiceNow SecOps issue identifier. If present, the incident is updated. Otherwise, a new incident is created.
    -
    malware_hash (optional)
    oneOf A list of malware hashes related to the security incident. The hashes are added as observables to the security incident.
    -
    malware_url (optional)
    oneOf A list of malware URLs related to the security incident. The URLs are added as observables to the security incident.
    -
    priority (optional)
    String The priority in ServiceNow.
    -
    short_description
    String A short description for the incident, used for searching the contents of the knowledge base.
    -
    source_ip (optional)
    oneOf A list of source IP addresses related to the security incident. The IPs are added as observables to the security incident.
    -
    subcategory (optional)
    String The subcategory of the incident.
    -
    -
    -
    -

    run_connector_request_swimlane - Run Swimlane connector parameters Up

    -
    Test actions involving Swimlane records.
    -
    -
    subAction
    String The action to test.
    -
    Enum:
    -
    pushToService
    -
    subActionParams
    run_connector_request_swimlane_subActionParams
    -
    -
    -
    -

    run_connector_request_swimlane_subActionParams - Up

    -
    The set of configuration properties for the action.
    -
    -
    comments (optional)
    array[run_connector_request_jira_oneOf_6_subActionParams_comments] Additional information that is setnt to Swimlane
    -
    incident (optional)
    run_connector_request_swimlane_subActionParams_incident
    -
    -
    -
    -

    run_connector_request_swimlane_subActionParams_incident - Up

    -
    Information necessary to create or update a Swimlane incident.
    -
    -
    alertId (optional)
    String The alert identifier.
    -
    caseId (optional)
    String The case identifier for the incident.
    -
    caseName (optional)
    String The case name for the incident.
    -
    description (optional)
    String The description of the incident.
    -
    ruleName (optional)
    String The rule name.
    -
    severity (optional)
    String The severity of the incident.
    -
    -

    secrets_properties_cases_webhook - Connector secrets properties for Webhook - Case Management connector Up

    diff --git a/x-pack/plugins/actions/docs/openapi/bundled.json b/x-pack/plugins/actions/docs/openapi/bundled.json index 0c9ae97567d81..c68d2e0a8c471 100644 --- a/x-pack/plugins/actions/docs/openapi/bundled.json +++ b/x-pack/plugins/actions/docs/openapi/bundled.json @@ -659,51 +659,56 @@ ], "properties": { "params": { - "anyOf": [ - { - "$ref": "#/components/schemas/run_connector_request_index" - }, - { - "$ref": "#/components/schemas/run_connector_request_jira" - }, - { - "$ref": "#/components/schemas/run_connector_request_opsgenie" - }, - { - "$ref": "#/components/schemas/run_connector_request_serverlog" + "type": "object", + "properties": { + "documents": { + "type": "array", + "description": "The documents to index in JSON format. This property is required only for index connectors.", + "items": { + "type": "object", + "additionalProperties": true + } }, - { - "$ref": "#/components/schemas/run_connector_request_servicenow" + "level": { + "type": "string", + "description": "The log level of the message. This property is applicable only to server log connectors.", + "enum": [ + "debug", + "error", + "fatal", + "info", + "trace", + "warn" + ] }, - { - "$ref": "#/components/schemas/run_connector_request_servicenow_itom" + "message": { + "type": "string", + "description": "The message to log. This property is required only for server log connectors." }, - { - "$ref": "#/components/schemas/run_connector_request_servicenow_sir" + "subAction": { + "type": "string", + "description": "The action to test.", + "enum": [ + "addEvent", + "createAlert", + "closeAlert", + "fieldsByIssueType", + "getChoices", + "getFields", + "getIncident", + "issue", + "issues", + "issueTypes", + "pushToService" + ] }, - { - "$ref": "#/components/schemas/run_connector_request_swimlane" + "subActionParams": { + "type": "object", + "additionalProperties": true } - ] + } } } - }, - "examples": { - "runIndexConnectorRequest": { - "$ref": "#/components/examples/run_index_connector_request" - }, - "runJiraConnectorRequest": { - "$ref": "#/components/examples/run_jira_connector_request" - }, - "runServerLogConnectorRequest": { - "$ref": "#/components/examples/run_server_log_connector_request" - }, - "runServiceNowITOMConnectorRequest": { - "$ref": "#/components/examples/run_servicenow_itom_connector_request" - }, - "runSwimlaneConnectorRequest": { - "$ref": "#/components/examples/run_swimlane_connector_request" - } } } } @@ -3073,1270 +3078,126 @@ "uptime", "siem" ] - }, - "run_connector_request_index": { - "title": "Run index connector parameters", - "description": "Test an action that indexes a document into Elasticsearch.", - "type": "object", - "required": [ - "documents" - ], - "properties": { - "documents": { - "type": "array", - "description": "The documents to index in JSON format.", - "items": { - "type": "object", - "additionalProperties": true - } + } + }, + "examples": { + "create_index_connector_request": { + "summary": "Create an index connector.", + "value": { + "name": "my-connector", + "connector_type_id": ".index", + "config": { + "index": "test-index" } } }, - "run_connector_request_jira": { - "title": "Run Jira connector parameters", - "description": "Test an action related to Jira issues.", - "oneOf": [ - { - "type": "object", - "required": [ - "subAction", - "subActionParams" - ], - "description": "Jira connector properties when `subAction` is `fieldsByIssueType`.", - "properties": { - "subAction": { - "type": "string", - "description": "The action to test.", - "enum": [ - "fieldsByIssueType" - ] - }, - "subActionParams": { - "type": "object", - "required": [ - "id" - ], - "properties": { - "id": { - "type": "string", - "description": "The Jira issue type identifier.", - "example": 10024 - } - } - } - } - }, - { - "type": "object", - "required": [ - "subAction" - ], - "description": "Jira connector properties when `subAction` is `getFields`.", - "properties": { - "subAction": { - "type": "string", - "description": "The action to test.", - "enum": [ - "getFields" - ] - } - } + "create_index_connector_response": { + "summary": "A new index connector.", + "value": { + "id": "c55b6eb0-6bad-11eb-9f3b-611eebc6c3ad", + "connector_type_id": ".index", + "name": "my-connector", + "config": { + "index": "test-index", + "refresh": false, + "executionTimeField": null }, + "is_preconfigured": false, + "is_deprecated": false, + "is_missing_secrets": false + } + }, + "get_connector_response": { + "summary": "A list of connector types", + "value": { + "id": "df770e30-8b8b-11ed-a780-3b746c987a81", + "name": "my_server_log_connector", + "config": {}, + "connector_type_id": ".server-log", + "is_preconfigured": false, + "is_deprecated": false, + "is_missing_secrets": false + } + }, + "update_index_connector_request": { + "summary": "Update an index connector.", + "value": { + "name": "updated-connector", + "config": { + "index": "updated-index" + } + } + }, + "get_connectors_response": { + "summary": "A list of connectors", + "value": [ { - "type": "object", - "description": "Jira connector properties when `subAction` is `getIncident`.", - "required": [ - "subAction", - "subActionParams" - ], - "properties": { - "subAction": { - "type": "string", - "description": "The action to test.", - "enum": [ - "getIncident" - ] - }, - "subActionParams": { - "type": "object", - "required": [ - "externalId" - ], - "properties": { - "externalId": { - "type": "string", - "description": "The Jira issue identifier.", - "example": 71778 - } - } - } - } + "id": "preconfigured-email-connector", + "name": "my-preconfigured-email-notification", + "connector_type_id": ".email", + "is_preconfigured": true, + "is_deprecated": false, + "referenced_by_count": 0 }, { - "type": "object", - "required": [ - "subAction" - ], - "description": "Jira connector properties when `subAction` is `issue`.", - "properties": { - "subAction": { - "type": "string", - "description": "The action to test.", - "enum": [ - "issue" - ] - }, - "subActionParams": { - "type": "object", - "required": [ - "id" - ], - "properties": { - "id": { - "type": "string", - "description": "The Jira issue identifier.", - "example": 71778 - } - } - } - } - }, + "id": "e07d0c80-8b8b-11ed-a780-3b746c987a81", + "name": "my-index-connector", + "config": { + "index": "test-index", + "refresh": false, + "executionTimeField": null + }, + "connector_type_id": ".index", + "is_preconfigured": false, + "is_deprecated": false, + "referenced_by_count": 2, + "is_missing_secrets": false + } + ] + }, + "get_connector_types_response": { + "summary": "A list of connector types", + "value": [ { - "type": "object", - "required": [ - "subAction", - "subActionParams" - ], - "description": "Jira connector properties when `subAction` is `issues`.", - "properties": { - "subAction": { - "type": "string", - "description": "The action to test.", - "enum": [ - "issues" - ] - }, - "subActionParams": { - "type": "object", - "required": [ - "title" - ], - "properties": { - "title": { - "type": "string", - "description": "The title of the Jira issue." - } - } - } - } + "id": ".swimlane", + "name": "Swimlane", + "enabled": true, + "enabled_in_config": true, + "enabled_in_license": true, + "minimum_license_required": "gold", + "supported_feature_ids": [ + "alerting", + "cases", + "siem" + ] }, { - "type": "object", - "required": [ - "subAction" - ], - "description": "Jira connector properties when `subAction` is `issueTypes`.", - "properties": { - "subAction": { - "type": "string", - "description": "The action to test.", - "enum": [ - "issueTypes" - ] - } - } + "id": ".index", + "name": "Index", + "enabled": true, + "enabled_in_config": true, + "enabled_in_license": true, + "minimum_license_required": "basic", + "supported_feature_ids": [ + "alerting", + "uptime", + "siem" + ] }, { - "type": "object", - "required": [ - "subAction", - "subActionParams" - ], - "description": "Jira connector properties when `subAction` is `pushToService`.", - "properties": { - "subAction": { - "type": "string", - "description": "The action to test.", - "enum": [ - "pushToService" - ] - }, - "subActionParams": { - "type": "object", - "required": [ - "incident" - ], - "properties": { - "comments": { - "type": "array", - "description": "Additional information that is sent to Jira.", - "items": { - "type": "object", - "properties": { - "comment": { - "type": "string", - "description": "A comment related to the incident. For example, describe how to troubleshoot the issue." - }, - "commentId": { - "type": "integer", - "description": "A unique identifier for the comment." - } - } - } - }, - "incident": { - "type": "object", - "required": [ - "summary" - ], - "description": "Information necessary to create or update a Jira incident.", - "properties": { - "description": { - "type": "string", - "description": "The details about the incident." - }, - "externalId": { - "type": "string", - "description": "The Jira issue identifier. If present, the incident is updated. Otherwise, a new incident is created." - }, - "labels": { - "type": "array", - "description": "The labels for the incident. For example, `[\"LABEL1\"]`. NOTE: Labels cannot contain spaces.", - "items": { - "type": "string" - } - }, - "issueType": { - "type": "integer", - "description": "The type of incident. For example, `10006`. To obtain the list of valid values, set `subAction` to `issueTypes`." - }, - "parent": { - "type": "string", - "description": "The ID or key of the parent issue. Applies only to `Sub-task` types of issues." - }, - "priority": { - "type": "string", - "description": "The incident priority level. For example, `Lowest`." - }, - "summary": { - "type": "string", - "description": "A summary of the incident." - }, - "title": { - "type": "string", - "description": "A title for the incident, used for searching the contents of the knowledge base." - } - } - } - } - } - } - } - ], - "discriminator": { - "propertyName": "subAction" - } - }, - "run_connector_request_opsgenie": { - "title": "Run Opsgenie connector parameters", - "description": "Test an Opsgenie action.", - "oneOf": [ - { - "type": "object", - "required": [ - "subAction", - "subActionParams" - ], - "description": "Opsgenie connector properties when `subAction` is `closeAlert`.", - "properties": { - "subAction": { - "type": "string", - "description": "The action to test.", - "enum": [ - "closeAlert" - ] - }, - "subActionParams": { - "type": "object", - "required": [ - "alias" - ], - "properties": { - "alias": { - "type": "string", - "description": "The unique identifier used for alert deduplication in Opsgenie. The alias must match the value used when creating the alert." - }, - "note": { - "type": "string", - "description": "Additional information for the alert." - }, - "source": { - "type": "string", - "description": "The display name for the source of the alert." - }, - "user": { - "type": "string", - "description": "The display name for the owner." - } - } - } - } - }, - { - "type": "object", - "required": [ - "subAction", - "subActionParams" - ], - "description": "Opsgenie connector properties when `subAction` is `createAlert`.", - "properties": { - "subAction": { - "type": "string", - "description": "The action to test.", - "enum": [ - "createAlert" - ] - }, - "subActionParams": { - "type": "object", - "required": [ - "message" - ], - "properties": { - "actions": { - "type": "array", - "description": "The custom actions available to the alert.", - "items": { - "type": "string" - } - }, - "alias": { - "type": "string", - "description": "The unique identifier used for alert deduplication in Opsgenie." - }, - "description": { - "type": "string", - "description": "A description that provides detailed information about the alert." - }, - "details": { - "type": "object", - "description": "The custom properties of the alert.", - "additionalProperties": true, - "example": { - "key1": "value1", - "key2": "value2" - } - }, - "entity": { - "type": "string", - "description": "The domain of the alert. For example, the application or server name." - }, - "message": { - "type": "string", - "description": "The alert message." - }, - "note": { - "type": "string", - "description": "Additional information for the alert." - }, - "priority": { - "type": "string", - "description": "The priority level for the alert.", - "enum": [ - "P1", - "P2", - "P3", - "P4", - "P5" - ] - }, - "responders": { - "type": "array", - "description": "The entities to receive notifications about the alert. If `type` is `user`, either `id` or `username` is required. If `type` is `team`, either `id` or `name` is required.\n", - "items": { - "type": "object", - "properties": { - "id": { - "type": "string", - "description": "The identifier for the entity." - }, - "name": { - "type": "string", - "description": "The name of the entity." - }, - "type": { - "type": "string", - "description": "The type of responders, in this case `escalation`.", - "enum": [ - "escalation", - "schedule", - "team", - "user" - ] - }, - "username": { - "type": "string", - "description": "A valid email address for the user." - } - } - } - }, - "source": { - "type": "string", - "description": "The display name for the source of the alert." - }, - "tags": { - "type": "array", - "description": "The tags for the alert.", - "items": { - "type": "string" - } - }, - "user": { - "type": "string", - "description": "The display name for the owner." - }, - "visibleTo": { - "type": "array", - "description": "The teams and users that the alert will be visible to without sending a notification. Only one of `id`, `name`, or `username` is required.", - "items": { - "type": "object", - "required": [ - "type" - ], - "properties": { - "id": { - "type": "string", - "description": "The identifier for the entity." - }, - "name": { - "type": "string", - "description": "The name of the entity." - }, - "type": { - "type": "string", - "description": "Valid values are `team` and `user`.", - "enum": [ - "team", - "user" - ] - }, - "username": { - "type": "string", - "description": "The user name. This property is required only when the `type` is `user`." - } - } - } - } - } - } - } - } - ], - "discriminator": { - "propertyName": "subAction" - } - }, - "run_connector_request_serverlog": { - "title": "Run server log connector parameters", - "description": "Test an action that writes an entry to the Kibana server log.", - "type": "object", - "required": [ - "message" - ], - "properties": { - "level": { - "type": "string", - "description": "The log level of the message.", - "enum": [ - "debug", - "error", - "fatal", - "info", - "trace", - "warn" - ], - "default": "info" - }, - "message": { - "type": "string", - "description": "The message to log." - } - } - }, - "run_connector_request_servicenow": { - "title": "Run ServiceNow ITSM connector parameters", - "description": "Test ServiceNow incidents.", - "oneOf": [ - { - "type": "object", - "required": [ - "subAction", - "subActionParams" - ], - "description": "ServiceNow ITSM connector properties when `subAction` is `getChoices`.", - "properties": { - "subAction": { - "type": "string", - "description": "The action to test.", - "enum": [ - "getChoices" - ] - }, - "subActionParams": { - "type": "object", - "description": "The set of configuration properties for the action.", - "required": [ - "fields" - ], - "properties": { - "fields": { - "type": "array", - "description": "An array of fields.", - "items": { - "type": "string" - } - } - } - } - } - }, - { - "type": "object", - "required": [ - "subAction" - ], - "description": "ServiceNow ITSM connector properties when `subAction` is `getFields`.", - "properties": { - "subAction": { - "type": "string", - "description": "The action to test.", - "enum": [ - "getFields" - ] - } - } - }, - { - "type": "object", - "required": [ - "subAction", - "subActionParams" - ], - "description": "ServiceNow ITSM connector properties when `subAction` is `getIncident`.", - "properties": { - "subAction": { - "type": "string", - "description": "The action to test.", - "enum": [ - "getIncident" - ] - }, - "subActionParams": { - "type": "object", - "description": "The set of configuration properties for the action.", - "required": [ - "externalId" - ], - "properties": { - "externalId": { - "type": "string", - "description": "The ServiceNow ITSM issue identifier." - } - } - } - } - }, - { - "type": "object", - "required": [ - "subAction", - "subActionParams" - ], - "description": "ServiceNow ITSM connector properties when `subAction` is `pushToService`.", - "properties": { - "subAction": { - "type": "string", - "description": "The action to test.", - "enum": [ - "pushToService" - ] - }, - "subActionParams": { - "type": "object", - "description": "The set of configuration properties for the action.", - "required": [ - "incident" - ], - "properties": { - "comments": { - "type": "array", - "description": "Additional information that is sent to ServiceNow ITSM.", - "items": { - "type": "object", - "properties": { - "comment": { - "type": "string", - "description": "A comment related to the incident. For example, describe how to troubleshoot the issue." - }, - "commentId": { - "type": "integer", - "description": "A unique identifier for the comment." - } - } - } - }, - "incident": { - "type": "object", - "required": [ - "short_description" - ], - "description": "Information necessary to create or update a ServiceNow ITSM incident.", - "properties": { - "category": { - "type": "string", - "description": "The category of the incident." - }, - "correlation_display": { - "type": "string", - "description": "A descriptive label of the alert for correlation purposes in ServiceNow." - }, - "correlation_id": { - "type": "string", - "description": "The correlation identifier for the security incident. Connectors using the same correlation ID are associated with the same ServiceNow incident. This value determines whether a new ServiceNow incident is created or an existing one is updated. Modifying this value is optional; if not modified, the rule ID and alert ID are combined as `{{ruleID}}:{{alert ID}}` to form the correlation ID value in ServiceNow. The maximum character length for this value is 100 characters. NOTE: Using the default configuration of `{{ruleID}}:{{alert ID}}` ensures that ServiceNow creates a separate incident record for every generated alert that uses a unique alert ID. If the rule generates multiple alerts that use the same alert IDs, ServiceNow creates and continually updates a single incident record for the alert.\n" - }, - "description": { - "type": "string", - "description": "The details about the incident." - }, - "externalId": { - "type": "string", - "description": "The ServiceNow ITSM issue identifier. If present, the incident is updated. Otherwise, a new incident is created." - }, - "impact": { - "type": "string", - "description": "The impact in ServiceNow ITSM." - }, - "severity": { - "type": "string", - "description": "The severity of the incident." - }, - "short_description": { - "type": "string", - "description": "A short description for the incident, used for searching the contents of the knowledge base." - }, - "subcategory": { - "type": "string", - "description": "The subcategory in ServiceNow ITSM." - }, - "urgency": { - "type": "string", - "description": "The urgency in ServiceNow ITSM." - } - } - } - } - } - } - } - ], - "discriminator": { - "propertyName": "subAction" - } - }, - "run_connector_request_servicenow_itom": { - "title": "Run ServiceNow ITOM connector parameters", - "description": "Test ServiceNow events.", - "oneOf": [ - { - "type": "object", - "required": [ - "subAction" - ], - "description": "ServiceNow ITOM connector properties when `subAction` is `addEvent`.", - "properties": { - "subAction": { - "type": "string", - "description": "The action to test.", - "enum": [ - "addEvent" - ] - }, - "subActionParams": { - "type": "object", - "description": "The set of configuration properties for the action.", - "properties": { - "additional_info": { - "type": "string", - "description": "Additional information about the event." - }, - "description": { - "type": "string", - "description": "The details about the event." - }, - "event_class": { - "type": "string", - "description": "A specific instance of the source." - }, - "message_key": { - "type": "string", - "description": "All actions sharing this key are associated with the same ServiceNow alert. The default value is `:`." - }, - "metric_name": { - "type": "string", - "description": "The name of the metric." - }, - "node": { - "type": "string", - "description": "The host that the event was triggered for." - }, - "resource": { - "type": "string", - "description": "The name of the resource." - }, - "severity": { - "type": "string", - "description": "The severity of the event." - }, - "source": { - "type": "string", - "description": "The name of the event source type." - }, - "time_of_event": { - "type": "string", - "description": "The time of the event." - }, - "type": { - "type": "string", - "description": "The type of event." - } - } - } - } - }, - { - "type": "object", - "required": [ - "subAction", - "subActionParams" - ], - "description": "ServiceNow ITOM connector properties when `subAction` is `getChoices`.", - "properties": { - "subAction": { - "type": "string", - "description": "The action to test.", - "enum": [ - "getChoices" - ] - }, - "subActionParams": { - "type": "object", - "description": "The set of configuration properties for the action.", - "required": [ - "fields" - ], - "properties": { - "fields": { - "type": "array", - "description": "An array of fields.", - "items": { - "type": "string" - } - } - } - } - } - } - ], - "discriminator": { - "propertyName": "subAction" - } - }, - "run_connector_request_servicenow_sir": { - "title": "Run ServiceNow SecOps connector parameters", - "description": "Test ServiceNow security incidents.", - "oneOf": [ - { - "type": "object", - "required": [ - "subAction", - "subActionParams" - ], - "description": "ServiceNow SecOps connector properties when `subAction` is `getChoices`.", - "properties": { - "subAction": { - "type": "string", - "description": "The action to test.", - "enum": [ - "getChoices" - ] - }, - "subActionParams": { - "type": "object", - "description": "The set of configuration properties for the action.", - "required": [ - "fields" - ], - "properties": { - "fields": { - "type": "array", - "description": "An array of fields.", - "items": { - "type": "string" - } - } - } - } - } - }, - { - "type": "object", - "required": [ - "subAction" - ], - "description": "ServiceNow SecOps connector properties when `subAction` is `getFields`.", - "properties": { - "subAction": { - "type": "string", - "description": "The action to test.", - "enum": [ - "getFields" - ] - } - } - }, - { - "type": "object", - "required": [ - "subAction", - "subActionParams" - ], - "description": "ServiceNow SecOps connector properties when `subAction` is `getIncident`.", - "properties": { - "subAction": { - "type": "string", - "description": "The action to test.", - "enum": [ - "getIncident" - ] - }, - "subActionParams": { - "type": "object", - "description": "The set of configuration properties for the action.", - "required": [ - "externalId" - ], - "properties": { - "externalId": { - "type": "string", - "description": "The ServiceNow SecOps issue identifier." - } - } - } - } - }, - { - "type": "object", - "required": [ - "subAction", - "subActionParams" - ], - "description": "ServiceNow SecOps connector properties when `subAction` is `pushToService`.", - "properties": { - "subAction": { - "type": "string", - "description": "The action to test.", - "enum": [ - "pushToService" - ] - }, - "subActionParams": { - "type": "object", - "description": "The set of configuration properties for the action.", - "required": [ - "incident" - ], - "properties": { - "comments": { - "type": "array", - "description": "Additional information that is sent to ServiceNow SecOps.", - "items": { - "type": "object", - "properties": { - "comment": { - "type": "string", - "description": "A comment related to the incident. For example, describe how to troubleshoot the issue." - }, - "commentId": { - "type": "integer", - "description": "A unique identifier for the comment." - } - } - } - }, - "incident": { - "type": "object", - "required": [ - "short_description" - ], - "description": "Information necessary to create or update a ServiceNow SecOps incident.", - "properties": { - "category": { - "type": "string", - "description": "The category of the incident." - }, - "correlation_display": { - "type": "string", - "description": "A descriptive label of the alert for correlation purposes in ServiceNow." - }, - "correlation_id": { - "type": "string", - "description": "The correlation identifier for the security incident. Connectors using the same correlation ID are associated with the same ServiceNow incident. This value determines whether a new ServiceNow incident is created or an existing one is updated. Modifying this value is optional; if not modified, the rule ID and alert ID are combined as `{{ruleID}}:{{alert ID}}` to form the correlation ID value in ServiceNow. The maximum character length for this value is 100 characters. NOTE: Using the default configuration of `{{ruleID}}:{{alert ID}}` ensures that ServiceNow creates a separate incident record for every generated alert that uses a unique alert ID. If the rule generates multiple alerts that use the same alert IDs, ServiceNow creates and continually updates a single incident record for the alert.\n" - }, - "description": { - "type": "string", - "description": "The details about the incident." - }, - "dest_ip": { - "description": "A list of destination IP addresses related to the security incident. The IPs are added as observables to the security incident.", - "oneOf": [ - { - "type": "string" - }, - { - "type": "array", - "items": { - "type": "string" - } - } - ] - }, - "externalId": { - "type": "string", - "description": "The ServiceNow SecOps issue identifier. If present, the incident is updated. Otherwise, a new incident is created." - }, - "malware_hash": { - "description": "A list of malware hashes related to the security incident. The hashes are added as observables to the security incident.", - "oneOf": [ - { - "type": "string" - }, - { - "type": "array", - "items": { - "type": "string" - } - } - ] - }, - "malware_url": { - "type": "string", - "description": "A list of malware URLs related to the security incident. The URLs are added as observables to the security incident.", - "oneOf": [ - { - "type": "string" - }, - { - "type": "array", - "items": { - "type": "string" - } - } - ] - }, - "priority": { - "type": "string", - "description": "The priority in ServiceNow." - }, - "short_description": { - "type": "string", - "description": "A short description for the incident, used for searching the contents of the knowledge base." - }, - "source_ip": { - "description": "A list of source IP addresses related to the security incident. The IPs are added as observables to the security incident.", - "oneOf": [ - { - "type": "string" - }, - { - "type": "array", - "items": { - "type": "string" - } - } - ] - }, - "subcategory": { - "type": "string", - "description": "The subcategory of the incident." - } - } - } - } - } - } - } - ], - "discriminator": { - "propertyName": "subAction" - } - }, - "run_connector_request_swimlane": { - "title": "Run Swimlane connector parameters", - "description": "Test actions involving Swimlane records.", - "type": "object", - "required": [ - "subAction", - "subActionParams" - ], - "properties": { - "subAction": { - "type": "string", - "description": "The action to test.", - "enum": [ - "pushToService" - ] - }, - "subActionParams": { - "type": "object", - "description": "The set of configuration properties for the action.", - "properties": { - "comments": { - "type": "array", - "description": "Additional information that is setnt to Swimlane", - "items": { - "type": "object", - "properties": { - "comment": { - "type": "string", - "description": "A comment related to the incident. For example, describe how to troubleshoot the issue." - }, - "commentId": { - "type": "integer", - "description": "A unique identifier for the comment." - } - } - } - }, - "incident": { - "type": "object", - "description": "Information necessary to create or update a Swimlane incident.", - "properties": { - "alertId": { - "type": "string", - "description": "The alert identifier." - }, - "caseId": { - "type": "string", - "description": "The case identifier for the incident." - }, - "caseName": { - "type": "string", - "description": "The case name for the incident." - }, - "description": { - "type": "string", - "description": "The description of the incident." - }, - "ruleName": { - "type": "string", - "description": "The rule name." - }, - "severity": { - "type": "string", - "description": "The severity of the incident." - } - } - } - } - } - } - } - }, - "examples": { - "create_index_connector_request": { - "summary": "Create an index connector.", - "value": { - "name": "my-connector", - "connector_type_id": ".index", - "config": { - "index": "test-index" - } - } - }, - "create_index_connector_response": { - "summary": "A new index connector.", - "value": { - "id": "c55b6eb0-6bad-11eb-9f3b-611eebc6c3ad", - "connector_type_id": ".index", - "name": "my-connector", - "config": { - "index": "test-index", - "refresh": false, - "executionTimeField": null - }, - "is_preconfigured": false, - "is_deprecated": false, - "is_missing_secrets": false - } - }, - "get_connector_response": { - "summary": "A list of connector types", - "value": { - "id": "df770e30-8b8b-11ed-a780-3b746c987a81", - "name": "my_server_log_connector", - "config": {}, - "connector_type_id": ".server-log", - "is_preconfigured": false, - "is_deprecated": false, - "is_missing_secrets": false - } - }, - "update_index_connector_request": { - "summary": "Update an index connector.", - "value": { - "name": "updated-connector", - "config": { - "index": "updated-index" - } - } - }, - "get_connectors_response": { - "summary": "A list of connectors", - "value": [ - { - "id": "preconfigured-email-connector", - "name": "my-preconfigured-email-notification", - "connector_type_id": ".email", - "is_preconfigured": true, - "is_deprecated": false, - "referenced_by_count": 0 - }, - { - "id": "e07d0c80-8b8b-11ed-a780-3b746c987a81", - "name": "my-index-connector", - "config": { - "index": "test-index", - "refresh": false, - "executionTimeField": null - }, - "connector_type_id": ".index", - "is_preconfigured": false, - "is_deprecated": false, - "referenced_by_count": 2, - "is_missing_secrets": false - } - ] - }, - "get_connector_types_response": { - "summary": "A list of connector types", - "value": [ - { - "id": ".swimlane", - "name": "Swimlane", - "enabled": true, - "enabled_in_config": true, - "enabled_in_license": true, - "minimum_license_required": "gold", - "supported_feature_ids": [ - "alerting", - "cases", - "siem" - ] - }, - { - "id": ".index", - "name": "Index", - "enabled": true, - "enabled_in_config": true, - "enabled_in_license": true, - "minimum_license_required": "basic", - "supported_feature_ids": [ - "alerting", - "uptime", - "siem" - ] - }, - { - "id": ".server-log", - "name": "Server log", - "enabled": true, - "enabled_in_config": true, - "enabled_in_license": true, - "minimum_license_required": "basic", - "supported_feature_ids": [ - "alerting", - "uptime" - ] + "id": ".server-log", + "name": "Server log", + "enabled": true, + "enabled_in_config": true, + "enabled_in_license": true, + "minimum_license_required": "basic", + "supported_feature_ids": [ + "alerting", + "uptime" + ] } ] }, - "run_index_connector_request": { - "summary": "Run an index connector.", - "value": { - "params": { - "documents": [ - { - "id": "my_doc_id", - "name": "my_doc_name", - "message": "hello, world" - } - ] - } - } - }, - "run_jira_connector_request": { - "summary": "Run a Jira connector to retrieve the list of issue types.", - "value": { - "params": { - "subAction": "issueTypes" - } - } - }, - "run_server_log_connector_request": { - "summary": "Run a server log connector.", - "value": { - "params": { - "level": "warn", - "message": "Test warning message." - } - } - }, - "run_servicenow_itom_connector_request": { - "summary": "Run a ServiceNow ITOM connector to retrieve the list of choices.", - "value": { - "params": { - "subAction": "getChoices", - "subActionParams": { - "fields": [ - "severity", - "urgency" - ] - } - } - } - }, - "run_swimlane_connector_request": { - "summary": "Run a Swimlane connector to create an incident.", - "value": { - "params": { - "subAction": "pushToService", - "subActionParams": { - "comments": [ - { - "commentId": 1, - "comment": "A comment about the incident." - } - ], - "incident": { - "caseId": "1000", - "caseName": "Case name", - "description": "Description of the incident." - } - } - } - } - }, "run_index_connector_response": { "summary": "Response from running an index connector.", "value": { diff --git a/x-pack/plugins/actions/docs/openapi/bundled.yaml b/x-pack/plugins/actions/docs/openapi/bundled.yaml index 89a014793463b..28f548ddd04e4 100644 --- a/x-pack/plugins/actions/docs/openapi/bundled.yaml +++ b/x-pack/plugins/actions/docs/openapi/bundled.yaml @@ -392,26 +392,45 @@ paths: - params properties: params: - anyOf: - - $ref: '#/components/schemas/run_connector_request_index' - - $ref: '#/components/schemas/run_connector_request_jira' - - $ref: '#/components/schemas/run_connector_request_opsgenie' - - $ref: '#/components/schemas/run_connector_request_serverlog' - - $ref: '#/components/schemas/run_connector_request_servicenow' - - $ref: '#/components/schemas/run_connector_request_servicenow_itom' - - $ref: '#/components/schemas/run_connector_request_servicenow_sir' - - $ref: '#/components/schemas/run_connector_request_swimlane' - examples: - runIndexConnectorRequest: - $ref: '#/components/examples/run_index_connector_request' - runJiraConnectorRequest: - $ref: '#/components/examples/run_jira_connector_request' - runServerLogConnectorRequest: - $ref: '#/components/examples/run_server_log_connector_request' - runServiceNowITOMConnectorRequest: - $ref: '#/components/examples/run_servicenow_itom_connector_request' - runSwimlaneConnectorRequest: - $ref: '#/components/examples/run_swimlane_connector_request' + type: object + properties: + documents: + type: array + description: The documents to index in JSON format. This property is required only for index connectors. + items: + type: object + additionalProperties: true + level: + type: string + description: The log level of the message. This property is applicable only to server log connectors. + enum: + - debug + - error + - fatal + - info + - trace + - warn + message: + type: string + description: The message to log. This property is required only for server log connectors. + subAction: + type: string + description: The action to test. + enum: + - addEvent + - createAlert + - closeAlert + - fieldsByIssueType + - getChoices + - getFields + - getIncident + - issue + - issues + - issueTypes + - pushToService + subActionParams: + type: object + additionalProperties: true responses: '200': description: Indicates a successful call. @@ -2172,745 +2191,6 @@ components: - cases - uptime - siem - run_connector_request_index: - title: Run index connector parameters - description: Test an action that indexes a document into Elasticsearch. - type: object - required: - - documents - properties: - documents: - type: array - description: The documents to index in JSON format. - items: - type: object - additionalProperties: true - run_connector_request_jira: - title: Run Jira connector parameters - description: Test an action related to Jira issues. - oneOf: - - type: object - required: - - subAction - - subActionParams - description: Jira connector properties when `subAction` is `fieldsByIssueType`. - properties: - subAction: - type: string - description: The action to test. - enum: - - fieldsByIssueType - subActionParams: - type: object - required: - - id - properties: - id: - type: string - description: The Jira issue type identifier. - example: 10024 - - type: object - required: - - subAction - description: Jira connector properties when `subAction` is `getFields`. - properties: - subAction: - type: string - description: The action to test. - enum: - - getFields - - type: object - description: Jira connector properties when `subAction` is `getIncident`. - required: - - subAction - - subActionParams - properties: - subAction: - type: string - description: The action to test. - enum: - - getIncident - subActionParams: - type: object - required: - - externalId - properties: - externalId: - type: string - description: The Jira issue identifier. - example: 71778 - - type: object - required: - - subAction - description: Jira connector properties when `subAction` is `issue`. - properties: - subAction: - type: string - description: The action to test. - enum: - - issue - subActionParams: - type: object - required: - - id - properties: - id: - type: string - description: The Jira issue identifier. - example: 71778 - - type: object - required: - - subAction - - subActionParams - description: Jira connector properties when `subAction` is `issues`. - properties: - subAction: - type: string - description: The action to test. - enum: - - issues - subActionParams: - type: object - required: - - title - properties: - title: - type: string - description: The title of the Jira issue. - - type: object - required: - - subAction - description: Jira connector properties when `subAction` is `issueTypes`. - properties: - subAction: - type: string - description: The action to test. - enum: - - issueTypes - - type: object - required: - - subAction - - subActionParams - description: Jira connector properties when `subAction` is `pushToService`. - properties: - subAction: - type: string - description: The action to test. - enum: - - pushToService - subActionParams: - type: object - required: - - incident - properties: - comments: - type: array - description: Additional information that is sent to Jira. - items: - type: object - properties: - comment: - type: string - description: A comment related to the incident. For example, describe how to troubleshoot the issue. - commentId: - type: integer - description: A unique identifier for the comment. - incident: - type: object - required: - - summary - description: Information necessary to create or update a Jira incident. - properties: - description: - type: string - description: The details about the incident. - externalId: - type: string - description: The Jira issue identifier. If present, the incident is updated. Otherwise, a new incident is created. - labels: - type: array - description: 'The labels for the incident. For example, `["LABEL1"]`. NOTE: Labels cannot contain spaces.' - items: - type: string - issueType: - type: integer - description: The type of incident. For example, `10006`. To obtain the list of valid values, set `subAction` to `issueTypes`. - parent: - type: string - description: The ID or key of the parent issue. Applies only to `Sub-task` types of issues. - priority: - type: string - description: The incident priority level. For example, `Lowest`. - summary: - type: string - description: A summary of the incident. - title: - type: string - description: A title for the incident, used for searching the contents of the knowledge base. - discriminator: - propertyName: subAction - run_connector_request_opsgenie: - title: Run Opsgenie connector parameters - description: Test an Opsgenie action. - oneOf: - - type: object - required: - - subAction - - subActionParams - description: Opsgenie connector properties when `subAction` is `closeAlert`. - properties: - subAction: - type: string - description: The action to test. - enum: - - closeAlert - subActionParams: - type: object - required: - - alias - properties: - alias: - type: string - description: The unique identifier used for alert deduplication in Opsgenie. The alias must match the value used when creating the alert. - note: - type: string - description: Additional information for the alert. - source: - type: string - description: The display name for the source of the alert. - user: - type: string - description: The display name for the owner. - - type: object - required: - - subAction - - subActionParams - description: Opsgenie connector properties when `subAction` is `createAlert`. - properties: - subAction: - type: string - description: The action to test. - enum: - - createAlert - subActionParams: - type: object - required: - - message - properties: - actions: - type: array - description: The custom actions available to the alert. - items: - type: string - alias: - type: string - description: The unique identifier used for alert deduplication in Opsgenie. - description: - type: string - description: A description that provides detailed information about the alert. - details: - type: object - description: The custom properties of the alert. - additionalProperties: true - example: - key1: value1 - key2: value2 - entity: - type: string - description: The domain of the alert. For example, the application or server name. - message: - type: string - description: The alert message. - note: - type: string - description: Additional information for the alert. - priority: - type: string - description: The priority level for the alert. - enum: - - P1 - - P2 - - P3 - - P4 - - P5 - responders: - type: array - description: | - The entities to receive notifications about the alert. If `type` is `user`, either `id` or `username` is required. If `type` is `team`, either `id` or `name` is required. - items: - type: object - properties: - id: - type: string - description: The identifier for the entity. - name: - type: string - description: The name of the entity. - type: - type: string - description: The type of responders, in this case `escalation`. - enum: - - escalation - - schedule - - team - - user - username: - type: string - description: A valid email address for the user. - source: - type: string - description: The display name for the source of the alert. - tags: - type: array - description: The tags for the alert. - items: - type: string - user: - type: string - description: The display name for the owner. - visibleTo: - type: array - description: The teams and users that the alert will be visible to without sending a notification. Only one of `id`, `name`, or `username` is required. - items: - type: object - required: - - type - properties: - id: - type: string - description: The identifier for the entity. - name: - type: string - description: The name of the entity. - type: - type: string - description: Valid values are `team` and `user`. - enum: - - team - - user - username: - type: string - description: The user name. This property is required only when the `type` is `user`. - discriminator: - propertyName: subAction - run_connector_request_serverlog: - title: Run server log connector parameters - description: Test an action that writes an entry to the Kibana server log. - type: object - required: - - message - properties: - level: - type: string - description: The log level of the message. - enum: - - debug - - error - - fatal - - info - - trace - - warn - default: info - message: - type: string - description: The message to log. - run_connector_request_servicenow: - title: Run ServiceNow ITSM connector parameters - description: Test ServiceNow incidents. - oneOf: - - type: object - required: - - subAction - - subActionParams - description: ServiceNow ITSM connector properties when `subAction` is `getChoices`. - properties: - subAction: - type: string - description: The action to test. - enum: - - getChoices - subActionParams: - type: object - description: The set of configuration properties for the action. - required: - - fields - properties: - fields: - type: array - description: An array of fields. - items: - type: string - - type: object - required: - - subAction - description: ServiceNow ITSM connector properties when `subAction` is `getFields`. - properties: - subAction: - type: string - description: The action to test. - enum: - - getFields - - type: object - required: - - subAction - - subActionParams - description: ServiceNow ITSM connector properties when `subAction` is `getIncident`. - properties: - subAction: - type: string - description: The action to test. - enum: - - getIncident - subActionParams: - type: object - description: The set of configuration properties for the action. - required: - - externalId - properties: - externalId: - type: string - description: The ServiceNow ITSM issue identifier. - - type: object - required: - - subAction - - subActionParams - description: ServiceNow ITSM connector properties when `subAction` is `pushToService`. - properties: - subAction: - type: string - description: The action to test. - enum: - - pushToService - subActionParams: - type: object - description: The set of configuration properties for the action. - required: - - incident - properties: - comments: - type: array - description: Additional information that is sent to ServiceNow ITSM. - items: - type: object - properties: - comment: - type: string - description: A comment related to the incident. For example, describe how to troubleshoot the issue. - commentId: - type: integer - description: A unique identifier for the comment. - incident: - type: object - required: - - short_description - description: Information necessary to create or update a ServiceNow ITSM incident. - properties: - category: - type: string - description: The category of the incident. - correlation_display: - type: string - description: A descriptive label of the alert for correlation purposes in ServiceNow. - correlation_id: - type: string - description: | - The correlation identifier for the security incident. Connectors using the same correlation ID are associated with the same ServiceNow incident. This value determines whether a new ServiceNow incident is created or an existing one is updated. Modifying this value is optional; if not modified, the rule ID and alert ID are combined as `{{ruleID}}:{{alert ID}}` to form the correlation ID value in ServiceNow. The maximum character length for this value is 100 characters. NOTE: Using the default configuration of `{{ruleID}}:{{alert ID}}` ensures that ServiceNow creates a separate incident record for every generated alert that uses a unique alert ID. If the rule generates multiple alerts that use the same alert IDs, ServiceNow creates and continually updates a single incident record for the alert. - description: - type: string - description: The details about the incident. - externalId: - type: string - description: The ServiceNow ITSM issue identifier. If present, the incident is updated. Otherwise, a new incident is created. - impact: - type: string - description: The impact in ServiceNow ITSM. - severity: - type: string - description: The severity of the incident. - short_description: - type: string - description: A short description for the incident, used for searching the contents of the knowledge base. - subcategory: - type: string - description: The subcategory in ServiceNow ITSM. - urgency: - type: string - description: The urgency in ServiceNow ITSM. - discriminator: - propertyName: subAction - run_connector_request_servicenow_itom: - title: Run ServiceNow ITOM connector parameters - description: Test ServiceNow events. - oneOf: - - type: object - required: - - subAction - description: ServiceNow ITOM connector properties when `subAction` is `addEvent`. - properties: - subAction: - type: string - description: The action to test. - enum: - - addEvent - subActionParams: - type: object - description: The set of configuration properties for the action. - properties: - additional_info: - type: string - description: Additional information about the event. - description: - type: string - description: The details about the event. - event_class: - type: string - description: A specific instance of the source. - message_key: - type: string - description: All actions sharing this key are associated with the same ServiceNow alert. The default value is `:`. - metric_name: - type: string - description: The name of the metric. - node: - type: string - description: The host that the event was triggered for. - resource: - type: string - description: The name of the resource. - severity: - type: string - description: The severity of the event. - source: - type: string - description: The name of the event source type. - time_of_event: - type: string - description: The time of the event. - type: - type: string - description: The type of event. - - type: object - required: - - subAction - - subActionParams - description: ServiceNow ITOM connector properties when `subAction` is `getChoices`. - properties: - subAction: - type: string - description: The action to test. - enum: - - getChoices - subActionParams: - type: object - description: The set of configuration properties for the action. - required: - - fields - properties: - fields: - type: array - description: An array of fields. - items: - type: string - discriminator: - propertyName: subAction - run_connector_request_servicenow_sir: - title: Run ServiceNow SecOps connector parameters - description: Test ServiceNow security incidents. - oneOf: - - type: object - required: - - subAction - - subActionParams - description: ServiceNow SecOps connector properties when `subAction` is `getChoices`. - properties: - subAction: - type: string - description: The action to test. - enum: - - getChoices - subActionParams: - type: object - description: The set of configuration properties for the action. - required: - - fields - properties: - fields: - type: array - description: An array of fields. - items: - type: string - - type: object - required: - - subAction - description: ServiceNow SecOps connector properties when `subAction` is `getFields`. - properties: - subAction: - type: string - description: The action to test. - enum: - - getFields - - type: object - required: - - subAction - - subActionParams - description: ServiceNow SecOps connector properties when `subAction` is `getIncident`. - properties: - subAction: - type: string - description: The action to test. - enum: - - getIncident - subActionParams: - type: object - description: The set of configuration properties for the action. - required: - - externalId - properties: - externalId: - type: string - description: The ServiceNow SecOps issue identifier. - - type: object - required: - - subAction - - subActionParams - description: ServiceNow SecOps connector properties when `subAction` is `pushToService`. - properties: - subAction: - type: string - description: The action to test. - enum: - - pushToService - subActionParams: - type: object - description: The set of configuration properties for the action. - required: - - incident - properties: - comments: - type: array - description: Additional information that is sent to ServiceNow SecOps. - items: - type: object - properties: - comment: - type: string - description: A comment related to the incident. For example, describe how to troubleshoot the issue. - commentId: - type: integer - description: A unique identifier for the comment. - incident: - type: object - required: - - short_description - description: Information necessary to create or update a ServiceNow SecOps incident. - properties: - category: - type: string - description: The category of the incident. - correlation_display: - type: string - description: A descriptive label of the alert for correlation purposes in ServiceNow. - correlation_id: - type: string - description: | - The correlation identifier for the security incident. Connectors using the same correlation ID are associated with the same ServiceNow incident. This value determines whether a new ServiceNow incident is created or an existing one is updated. Modifying this value is optional; if not modified, the rule ID and alert ID are combined as `{{ruleID}}:{{alert ID}}` to form the correlation ID value in ServiceNow. The maximum character length for this value is 100 characters. NOTE: Using the default configuration of `{{ruleID}}:{{alert ID}}` ensures that ServiceNow creates a separate incident record for every generated alert that uses a unique alert ID. If the rule generates multiple alerts that use the same alert IDs, ServiceNow creates and continually updates a single incident record for the alert. - description: - type: string - description: The details about the incident. - dest_ip: - description: A list of destination IP addresses related to the security incident. The IPs are added as observables to the security incident. - oneOf: - - type: string - - type: array - items: - type: string - externalId: - type: string - description: The ServiceNow SecOps issue identifier. If present, the incident is updated. Otherwise, a new incident is created. - malware_hash: - description: A list of malware hashes related to the security incident. The hashes are added as observables to the security incident. - oneOf: - - type: string - - type: array - items: - type: string - malware_url: - type: string - description: A list of malware URLs related to the security incident. The URLs are added as observables to the security incident. - oneOf: - - type: string - - type: array - items: - type: string - priority: - type: string - description: The priority in ServiceNow. - short_description: - type: string - description: A short description for the incident, used for searching the contents of the knowledge base. - source_ip: - description: A list of source IP addresses related to the security incident. The IPs are added as observables to the security incident. - oneOf: - - type: string - - type: array - items: - type: string - subcategory: - type: string - description: The subcategory of the incident. - discriminator: - propertyName: subAction - run_connector_request_swimlane: - title: Run Swimlane connector parameters - description: Test actions involving Swimlane records. - type: object - required: - - subAction - - subActionParams - properties: - subAction: - type: string - description: The action to test. - enum: - - pushToService - subActionParams: - type: object - description: The set of configuration properties for the action. - properties: - comments: - type: array - description: Additional information that is setnt to Swimlane - items: - type: object - properties: - comment: - type: string - description: A comment related to the incident. For example, describe how to troubleshoot the issue. - commentId: - type: integer - description: A unique identifier for the comment. - incident: - type: object - description: Information necessary to create or update a Swimlane incident. - properties: - alertId: - type: string - description: The alert identifier. - caseId: - type: string - description: The case identifier for the incident. - caseName: - type: string - description: The case name for the incident. - description: - type: string - description: The description of the incident. - ruleName: - type: string - description: The rule name. - severity: - type: string - description: The severity of the incident. examples: create_index_connector_request: summary: Create an index connector. @@ -3000,47 +2280,6 @@ components: supported_feature_ids: - alerting - uptime - run_index_connector_request: - summary: Run an index connector. - value: - params: - documents: - - id: my_doc_id - name: my_doc_name - message: hello, world - run_jira_connector_request: - summary: Run a Jira connector to retrieve the list of issue types. - value: - params: - subAction: issueTypes - run_server_log_connector_request: - summary: Run a server log connector. - value: - params: - level: warn - message: Test warning message. - run_servicenow_itom_connector_request: - summary: Run a ServiceNow ITOM connector to retrieve the list of choices. - value: - params: - subAction: getChoices - subActionParams: - fields: - - severity - - urgency - run_swimlane_connector_request: - summary: Run a Swimlane connector to create an incident. - value: - params: - subAction: pushToService - subActionParams: - comments: - - commentId: 1 - comment: A comment about the incident. - incident: - caseId: '1000' - caseName: Case name - description: Description of the incident. run_index_connector_response: summary: Response from running an index connector. value: diff --git a/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}@_execute.yaml b/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}@_execute.yaml index 38a7534538611..730210bc6619e 100644 --- a/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}@_execute.yaml +++ b/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}@_execute.yaml @@ -23,35 +23,74 @@ post: - params properties: params: - anyOf: + type: object + properties: + documents: + type: array + description: The documents to index in JSON format. This property is required only for index connectors. + items: + type: object + additionalProperties: true + level: + type: string + description: The log level of the message. This property is applicable only to server log connectors. + enum: + - debug + - error + - fatal + - info + - trace + - warn + message: + type: string + description: The message to log. This property is required only for server log connectors. + subAction: + type: string + description: The action to test. + enum: + - addEvent + - createAlert + - closeAlert + - fieldsByIssueType + - getChoices + - getFields + - getIncident + - issue + - issues + - issueTypes + - pushToService + subActionParams: + type: object + additionalProperties: true +# anyOf: # - $ref: '../components/schemas/run_connector_request_cases_webhook.yaml' # - $ref: '../components/schemas/run_connector_request_email.yaml' - - $ref: '../components/schemas/run_connector_request_index.yaml' - - $ref: '../components/schemas/run_connector_request_jira.yaml' - - $ref: '../components/schemas/run_connector_request_opsgenie.yaml' +# - $ref: '../components/schemas/run_connector_request_index.yaml' +# - $ref: '../components/schemas/run_connector_request_jira.yaml' +# - $ref: '../components/schemas/run_connector_request_opsgenie.yaml' # - $ref: '../components/schemas/run_connector_request_pagerduty.yaml' # - $ref: '../components/schemas/run_connector_request_resilient.yaml' - - $ref: '../components/schemas/run_connector_request_serverlog.yaml' - - $ref: '../components/schemas/run_connector_request_servicenow.yaml' - - $ref: '../components/schemas/run_connector_request_servicenow_itom.yaml' - - $ref: '../components/schemas/run_connector_request_servicenow_sir.yaml' +# - $ref: '../components/schemas/run_connector_request_serverlog.yaml' +# - $ref: '../components/schemas/run_connector_request_servicenow.yaml' +# - $ref: '../components/schemas/run_connector_request_servicenow_itom.yaml' +# - $ref: '../components/schemas/run_connector_request_servicenow_sir.yaml' # - $ref: '../components/schemas/run_connector_request_slack.yaml' - - $ref: '../components/schemas/run_connector_request_swimlane.yaml' +# - $ref: '../components/schemas/run_connector_request_swimlane.yaml' # - $ref: '../components/schemas/run_connector_request_teams.yaml' # - $ref: '../components/schemas/run_connector_request_tines.yaml' # - $ref: '../components/schemas/run_connector_request_webhook.yaml' # - $ref: '../components/schemas/run_connector_request_xmatters.yaml' - examples: - runIndexConnectorRequest: - $ref: '../components/examples/run_index_connector_request.yaml' - runJiraConnectorRequest: - $ref: '../components/examples/run_jira_connector_request.yaml' - runServerLogConnectorRequest: - $ref: '../components/examples/run_server_log_connector_request.yaml' - runServiceNowITOMConnectorRequest: - $ref: '../components/examples/run_servicenow_itom_connector_request.yaml' - runSwimlaneConnectorRequest: - $ref: '../components/examples/run_swimlane_connector_request.yaml' +# examples: +# runIndexConnectorRequest: +# $ref: '../components/examples/run_index_connector_request.yaml' +# runJiraConnectorRequest: +# $ref: '../components/examples/run_jira_connector_request.yaml' +# runServerLogConnectorRequest: +# $ref: '../components/examples/run_server_log_connector_request.yaml' +# runServiceNowITOMConnectorRequest: +# $ref: '../components/examples/run_servicenow_itom_connector_request.yaml' +# runSwimlaneConnectorRequest: +# $ref: '../components/examples/run_swimlane_connector_request.yaml' responses: '200': description: Indicates a successful call. From 63bbeec123910a2fd09b133ad4fc28cb7d55b533 Mon Sep 17 00:00:00 2001 From: lcawl Date: Wed, 25 Jan 2023 10:18:22 -0800 Subject: [PATCH 10/11] [DOCS] Group by params --- .../connector-apis-passthru.asciidoc | 40 +++- .../plugins/actions/docs/openapi/bundled.json | 211 ++++++++++++++---- .../plugins/actions/docs/openapi/bundled.yaml | 153 +++++++++---- .../run_connector_params_documents.yaml | 13 ++ .../run_connector_params_level_message.yaml | 20 ++ .../run_connector_params_subactions.yaml | 24 ++ ...ions@connector@{connectorid}@_execute.yaml | 65 ++---- 7 files changed, 387 insertions(+), 139 deletions(-) create mode 100644 x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_params_documents.yaml create mode 100644 x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_params_level_message.yaml create mode 100644 x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_params_subactions.yaml diff --git a/docs/api-generated/connectors/connector-apis-passthru.asciidoc b/docs/api-generated/connectors/connector-apis-passthru.asciidoc index ed2072d6da078..fcfc4b665954e 100644 --- a/docs/api-generated/connectors/connector-apis-passthru.asciidoc +++ b/docs/api-generated/connectors/connector-apis-passthru.asciidoc @@ -531,6 +531,9 @@ Any modifications made to this file will be overwritten.
  • getConnector_404_response -
  • runConnector_200_response -
  • runConnector_200_response_data -
    • +
  • run_connector_params_documents - Run index connector parameters
    • +
  • run_connector_params_level_message - Run server log connector parameters
    • +
  • run_connector_params_subactions - Run connector subactions
  • secrets_properties_cases_webhook - Connector secrets properties for Webhook - Case Management connector
  • secrets_properties_jira - Connector secrets properties for a Jira connector
  • secrets_properties_opsgenie - Connector secrets properties for an Opsgenie connector
    • @@ -698,15 +701,15 @@ Any modifications made to this file will be overwritten.

    Run_connector_request_body_properties_params - Up

    -
    documents (optional)
    array[map[String, oas_any_type_not_mapped]] The documents to index in JSON format. This property is required only for index connectors.
    -
    level (optional)
    String The log level of the message. This property is applicable only to server log connectors.
    +
    documents
    array[map[String, oas_any_type_not_mapped]] The documents to index in JSON format.
    +
    level (optional)
    String The log level of the message.
    Enum:
    debug
    error
    fatal
    info
    trace
    warn
    -
    message (optional)
    String The message to log. This property is required only for server log connectors.
    -
    subAction (optional)
    String The action to test.
    +
    message
    String The message to log.
    +
    subAction
    String The action to test.
    Enum:
    addEvent
    createAlert
    closeAlert
    fieldsByIssueType
    getChoices
    getFields
    getIncident
    issue
    issues
    issueTypes
    pushToService
    -
    subActionParams (optional)
    map[String, oas_any_type_not_mapped]
    +
    subActionParams (optional)
    Object
    @@ -1327,6 +1330,33 @@ Any modifications made to this file will be overwritten.
    +
    +

    run_connector_params_documents - Run index connector parameters Up

    +
    Test an action that indexes a document into Elasticsearch.
    +
    +
    documents
    array[map[String, oas_any_type_not_mapped]] The documents to index in JSON format.
    +
    +
    +
    +

    run_connector_params_level_message - Run server log connector parameters Up

    +
    Test an action that writes an entry to the Kibana server log.
    +
    +
    level (optional)
    String The log level of the message.
    +
    Enum:
    +
    debug
    error
    fatal
    info
    trace
    warn
    +
    message
    String The message to log.
    +
    +
    +
    +

    run_connector_params_subactions - Run connector subactions Up

    +
    Test an actions that require subactions and subaction parameters.
    +
    +
    subAction
    String The action to test.
    +
    Enum:
    +
    addEvent
    createAlert
    closeAlert
    fieldsByIssueType
    getChoices
    getFields
    getIncident
    issue
    issues
    issueTypes
    pushToService
    +
    subActionParams (optional)
    Object
    +
    +

    secrets_properties_cases_webhook - Connector secrets properties for Webhook - Case Management connector Up

    diff --git a/x-pack/plugins/actions/docs/openapi/bundled.json b/x-pack/plugins/actions/docs/openapi/bundled.json index c68d2e0a8c471..cbb4a466e29f9 100644 --- a/x-pack/plugins/actions/docs/openapi/bundled.json +++ b/x-pack/plugins/actions/docs/openapi/bundled.json @@ -659,56 +659,36 @@ ], "properties": { "params": { - "type": "object", - "properties": { - "documents": { - "type": "array", - "description": "The documents to index in JSON format. This property is required only for index connectors.", - "items": { - "type": "object", - "additionalProperties": true - } + "oneOf": [ + { + "$ref": "#/components/schemas/run_connector_params_documents" }, - "level": { - "type": "string", - "description": "The log level of the message. This property is applicable only to server log connectors.", - "enum": [ - "debug", - "error", - "fatal", - "info", - "trace", - "warn" - ] - }, - "message": { - "type": "string", - "description": "The message to log. This property is required only for server log connectors." + { + "$ref": "#/components/schemas/run_connector_params_level_message" }, - "subAction": { - "type": "string", - "description": "The action to test.", - "enum": [ - "addEvent", - "createAlert", - "closeAlert", - "fieldsByIssueType", - "getChoices", - "getFields", - "getIncident", - "issue", - "issues", - "issueTypes", - "pushToService" - ] - }, - "subActionParams": { - "type": "object", - "additionalProperties": true + { + "$ref": "#/components/schemas/run_connector_params_subactions" } - } + ] } } + }, + "examples": { + "runIndexConnectorRequest": { + "$ref": "#/components/examples/run_index_connector_request" + }, + "runJiraConnectorRequest": { + "$ref": "#/components/examples/run_jira_connector_request" + }, + "runServerLogConnectorRequest": { + "$ref": "#/components/examples/run_server_log_connector_request" + }, + "runServiceNowITOMConnectorRequest": { + "$ref": "#/components/examples/run_servicenow_itom_connector_request" + }, + "runSwimlaneConnectorRequest": { + "$ref": "#/components/examples/run_swimlane_connector_request" + } } } } @@ -3078,6 +3058,81 @@ "uptime", "siem" ] + }, + "run_connector_params_documents": { + "title": "Run index connector parameters", + "description": "Test an action that indexes a document into Elasticsearch.", + "type": "object", + "required": [ + "documents" + ], + "properties": { + "documents": { + "type": "array", + "description": "The documents to index in JSON format.", + "items": { + "type": "object", + "additionalProperties": true + } + } + } + }, + "run_connector_params_level_message": { + "title": "Run server log connector parameters", + "description": "Test an action that writes an entry to the Kibana server log.", + "type": "object", + "required": [ + "message" + ], + "properties": { + "level": { + "type": "string", + "description": "The log level of the message.", + "enum": [ + "debug", + "error", + "fatal", + "info", + "trace", + "warn" + ], + "default": "info" + }, + "message": { + "type": "string", + "description": "The message to log." + } + } + }, + "run_connector_params_subactions": { + "title": "Run connector subactions", + "description": "Test an actions that require subactions and subaction parameters.", + "type": "object", + "required": [ + "subAction" + ], + "properties": { + "subAction": { + "type": "string", + "description": "The action to test.", + "enum": [ + "addEvent", + "createAlert", + "closeAlert", + "fieldsByIssueType", + "getChoices", + "getFields", + "getIncident", + "issue", + "issues", + "issueTypes", + "pushToService" + ] + }, + "subActionParams": { + "type": "object" + } + } } }, "examples": { @@ -3198,6 +3253,72 @@ } ] }, + "run_index_connector_request": { + "summary": "Run an index connector.", + "value": { + "params": { + "documents": [ + { + "id": "my_doc_id", + "name": "my_doc_name", + "message": "hello, world" + } + ] + } + } + }, + "run_jira_connector_request": { + "summary": "Run a Jira connector to retrieve the list of issue types.", + "value": { + "params": { + "subAction": "issueTypes" + } + } + }, + "run_server_log_connector_request": { + "summary": "Run a server log connector.", + "value": { + "params": { + "level": "warn", + "message": "Test warning message." + } + } + }, + "run_servicenow_itom_connector_request": { + "summary": "Run a ServiceNow ITOM connector to retrieve the list of choices.", + "value": { + "params": { + "subAction": "getChoices", + "subActionParams": { + "fields": [ + "severity", + "urgency" + ] + } + } + } + }, + "run_swimlane_connector_request": { + "summary": "Run a Swimlane connector to create an incident.", + "value": { + "params": { + "subAction": "pushToService", + "subActionParams": { + "comments": [ + { + "commentId": 1, + "comment": "A comment about the incident." + } + ], + "incident": { + "caseId": "1000", + "caseName": "Case name", + "description": "Description of the incident." + } + } + } + } + }, "run_index_connector_response": { "summary": "Response from running an index connector.", "value": { diff --git a/x-pack/plugins/actions/docs/openapi/bundled.yaml b/x-pack/plugins/actions/docs/openapi/bundled.yaml index 28f548ddd04e4..bced81fa0a00a 100644 --- a/x-pack/plugins/actions/docs/openapi/bundled.yaml +++ b/x-pack/plugins/actions/docs/openapi/bundled.yaml @@ -392,45 +392,21 @@ paths: - params properties: params: - type: object - properties: - documents: - type: array - description: The documents to index in JSON format. This property is required only for index connectors. - items: - type: object - additionalProperties: true - level: - type: string - description: The log level of the message. This property is applicable only to server log connectors. - enum: - - debug - - error - - fatal - - info - - trace - - warn - message: - type: string - description: The message to log. This property is required only for server log connectors. - subAction: - type: string - description: The action to test. - enum: - - addEvent - - createAlert - - closeAlert - - fieldsByIssueType - - getChoices - - getFields - - getIncident - - issue - - issues - - issueTypes - - pushToService - subActionParams: - type: object - additionalProperties: true + oneOf: + - $ref: '#/components/schemas/run_connector_params_documents' + - $ref: '#/components/schemas/run_connector_params_level_message' + - $ref: '#/components/schemas/run_connector_params_subactions' + examples: + runIndexConnectorRequest: + $ref: '#/components/examples/run_index_connector_request' + runJiraConnectorRequest: + $ref: '#/components/examples/run_jira_connector_request' + runServerLogConnectorRequest: + $ref: '#/components/examples/run_server_log_connector_request' + runServiceNowITOMConnectorRequest: + $ref: '#/components/examples/run_servicenow_itom_connector_request' + runSwimlaneConnectorRequest: + $ref: '#/components/examples/run_swimlane_connector_request' responses: '200': description: Indicates a successful call. @@ -2191,6 +2167,64 @@ components: - cases - uptime - siem + run_connector_params_documents: + title: Run index connector parameters + description: Test an action that indexes a document into Elasticsearch. + type: object + required: + - documents + properties: + documents: + type: array + description: The documents to index in JSON format. + items: + type: object + additionalProperties: true + run_connector_params_level_message: + title: Run server log connector parameters + description: Test an action that writes an entry to the Kibana server log. + type: object + required: + - message + properties: + level: + type: string + description: The log level of the message. + enum: + - debug + - error + - fatal + - info + - trace + - warn + default: info + message: + type: string + description: The message to log. + run_connector_params_subactions: + title: Run connector subactions + description: Test an actions that require subactions and subaction parameters. + type: object + required: + - subAction + properties: + subAction: + type: string + description: The action to test. + enum: + - addEvent + - createAlert + - closeAlert + - fieldsByIssueType + - getChoices + - getFields + - getIncident + - issue + - issues + - issueTypes + - pushToService + subActionParams: + type: object examples: create_index_connector_request: summary: Create an index connector. @@ -2280,6 +2314,47 @@ components: supported_feature_ids: - alerting - uptime + run_index_connector_request: + summary: Run an index connector. + value: + params: + documents: + - id: my_doc_id + name: my_doc_name + message: hello, world + run_jira_connector_request: + summary: Run a Jira connector to retrieve the list of issue types. + value: + params: + subAction: issueTypes + run_server_log_connector_request: + summary: Run a server log connector. + value: + params: + level: warn + message: Test warning message. + run_servicenow_itom_connector_request: + summary: Run a ServiceNow ITOM connector to retrieve the list of choices. + value: + params: + subAction: getChoices + subActionParams: + fields: + - severity + - urgency + run_swimlane_connector_request: + summary: Run a Swimlane connector to create an incident. + value: + params: + subAction: pushToService + subActionParams: + comments: + - commentId: 1 + comment: A comment about the incident. + incident: + caseId: '1000' + caseName: Case name + description: Description of the incident. run_index_connector_response: summary: Response from running an index connector. value: diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_params_documents.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_params_documents.yaml new file mode 100644 index 0000000000000..00ecb2739dd21 --- /dev/null +++ b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_params_documents.yaml @@ -0,0 +1,13 @@ +title: Run index connector parameters +description: Test an action that indexes a document into Elasticsearch. +type: object +required: + - documents +properties: + documents: + type: array + description: The documents to index in JSON format. + items: + type: object + additionalProperties: true + diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_params_level_message.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_params_level_message.yaml new file mode 100644 index 0000000000000..a6acce6314545 --- /dev/null +++ b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_params_level_message.yaml @@ -0,0 +1,20 @@ +title: Run server log connector parameters +description: Test an action that writes an entry to the Kibana server log. +type: object +required: + - message +properties: + level: + type: string + description: The log level of the message. + enum: + - debug + - error + - fatal + - info + - trace + - warn + default: info + message: + type: string + description: The message to log. diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_params_subactions.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_params_subactions.yaml new file mode 100644 index 0000000000000..aace5964f7b1e --- /dev/null +++ b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_params_subactions.yaml @@ -0,0 +1,24 @@ +title: Run connector subactions +description: Test an actions that require subactions and subaction parameters. +type: object +required: + - subAction +properties: + subAction: + type: string + description: The action to test. + enum: + - addEvent + - createAlert + - closeAlert + - fieldsByIssueType + - getChoices + - getFields + - getIncident + - issue + - issues + - issueTypes + - pushToService + subActionParams: + type: object + diff --git a/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}@_execute.yaml b/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}@_execute.yaml index 730210bc6619e..0e43faef5ed55 100644 --- a/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}@_execute.yaml +++ b/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}@_execute.yaml @@ -23,45 +23,10 @@ post: - params properties: params: - type: object - properties: - documents: - type: array - description: The documents to index in JSON format. This property is required only for index connectors. - items: - type: object - additionalProperties: true - level: - type: string - description: The log level of the message. This property is applicable only to server log connectors. - enum: - - debug - - error - - fatal - - info - - trace - - warn - message: - type: string - description: The message to log. This property is required only for server log connectors. - subAction: - type: string - description: The action to test. - enum: - - addEvent - - createAlert - - closeAlert - - fieldsByIssueType - - getChoices - - getFields - - getIncident - - issue - - issues - - issueTypes - - pushToService - subActionParams: - type: object - additionalProperties: true + oneOf: + - $ref: '../components/schemas/run_connector_params_documents.yaml' + - $ref: '../components/schemas/run_connector_params_level_message.yaml' + - $ref: '../components/schemas/run_connector_params_subactions.yaml' # anyOf: # - $ref: '../components/schemas/run_connector_request_cases_webhook.yaml' # - $ref: '../components/schemas/run_connector_request_email.yaml' @@ -80,17 +45,17 @@ post: # - $ref: '../components/schemas/run_connector_request_tines.yaml' # - $ref: '../components/schemas/run_connector_request_webhook.yaml' # - $ref: '../components/schemas/run_connector_request_xmatters.yaml' -# examples: -# runIndexConnectorRequest: -# $ref: '../components/examples/run_index_connector_request.yaml' -# runJiraConnectorRequest: -# $ref: '../components/examples/run_jira_connector_request.yaml' -# runServerLogConnectorRequest: -# $ref: '../components/examples/run_server_log_connector_request.yaml' -# runServiceNowITOMConnectorRequest: -# $ref: '../components/examples/run_servicenow_itom_connector_request.yaml' -# runSwimlaneConnectorRequest: -# $ref: '../components/examples/run_swimlane_connector_request.yaml' + examples: + runIndexConnectorRequest: + $ref: '../components/examples/run_index_connector_request.yaml' + runJiraConnectorRequest: + $ref: '../components/examples/run_jira_connector_request.yaml' + runServerLogConnectorRequest: + $ref: '../components/examples/run_server_log_connector_request.yaml' + runServiceNowITOMConnectorRequest: + $ref: '../components/examples/run_servicenow_itom_connector_request.yaml' + runSwimlaneConnectorRequest: + $ref: '../components/examples/run_swimlane_connector_request.yaml' responses: '200': description: Indicates a successful call. From b34b99895b3265a0af59d95fec5ac723a47d75cd Mon Sep 17 00:00:00 2001 From: lcawl Date: Wed, 25 Jan 2023 16:14:50 -0800 Subject: [PATCH 11/11] [DOCS] Group by subparams --- .../connector-apis-passthru.asciidoc | 347 ++++++++- .../plugins/actions/docs/openapi/bundled.json | 686 +++++++++++++++++- .../plugins/actions/docs/openapi/bundled.yaml | 466 +++++++++++- .../run_connector_params_documents.yaml | 4 +- .../run_connector_params_level_message.yaml | 6 +- .../run_connector_params_subactions.yaml | 24 - .../schemas/run_connector_request_index.yaml | 13 - .../schemas/run_connector_request_jira.yaml | 163 ----- .../run_connector_request_opsgenie.yaml | 143 ---- .../run_connector_request_serverlog.yaml | 20 - .../run_connector_request_servicenow.yaml | 124 ---- ...run_connector_request_servicenow_itom.yaml | 74 -- .../run_connector_request_servicenow_sir.yaml | 147 ---- .../run_connector_request_swimlane.yaml | 50 -- .../run_connector_subaction_addevent.yaml | 49 ++ .../run_connector_subaction_closealert.yaml | 30 + .../run_connector_subaction_createalert.yaml | 112 +++ ...connector_subaction_fieldsbyissuetype.yaml | 22 + .../run_connector_subaction_getchoices.yaml | 23 + .../run_connector_subaction_getfields.yaml | 11 + .../run_connector_subaction_getincident.yaml | 21 + .../run_connector_subaction_issue.yaml | 20 + .../run_connector_subaction_issues.yaml | 20 + .../run_connector_subaction_issuetypes.yaml | 11 + ...run_connector_subaction_pushtoservice.yaml | 133 ++++ ...ions@connector@{connectorid}@_execute.yaml | 35 +- 26 files changed, 1925 insertions(+), 829 deletions(-) delete mode 100644 x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_params_subactions.yaml delete mode 100644 x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_index.yaml delete mode 100644 x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_jira.yaml delete mode 100644 x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_opsgenie.yaml delete mode 100644 x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_serverlog.yaml delete mode 100644 x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_servicenow.yaml delete mode 100644 x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_servicenow_itom.yaml delete mode 100644 x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_servicenow_sir.yaml delete mode 100644 x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_swimlane.yaml create mode 100644 x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_addevent.yaml create mode 100644 x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_closealert.yaml create mode 100644 x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_createalert.yaml create mode 100644 x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_fieldsbyissuetype.yaml create mode 100644 x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_getchoices.yaml create mode 100644 x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_getfields.yaml create mode 100644 x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_getincident.yaml create mode 100644 x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_issue.yaml create mode 100644 x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_issues.yaml create mode 100644 x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_issuetypes.yaml create mode 100644 x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_pushtoservice.yaml diff --git a/docs/api-generated/connectors/connector-apis-passthru.asciidoc b/docs/api-generated/connectors/connector-apis-passthru.asciidoc index fcfc4b665954e..98ef93db6e820 100644 --- a/docs/api-generated/connectors/connector-apis-passthru.asciidoc +++ b/docs/api-generated/connectors/connector-apis-passthru.asciidoc @@ -482,6 +482,7 @@ Any modifications made to this file will be overwritten.
  • Run_connector_request_body_properties - Run connector request body properties
  • Run_connector_request_body_properties_params -
  • Severity_mapping - Severity mapping
    • +
  • Subaction_parameters - Subaction parameters
  • Update_connector_request_body_properties - Update connector request body properties
  • config_properties_cases_webhook - Connector request properties for Webhook - Case Management connector
  • config_properties_index - Connector request properties for an index connector
    • @@ -531,9 +532,36 @@ Any modifications made to this file will be overwritten.
  • getConnector_404_response -
  • runConnector_200_response -
  • runConnector_200_response_data -
    • -
  • run_connector_params_documents - Run index connector parameters
    • -
  • run_connector_params_level_message - Run server log connector parameters
    • -
  • run_connector_params_subactions - Run connector subactions
    • +
  • run_connector_params_documents - Index connector parameters
    • +
  • run_connector_params_level_message - Server log connector parameters
    • +
  • run_connector_subaction_addevent - The addEvent subaction
    • +
  • run_connector_subaction_addevent_subActionParams -
    • +
  • run_connector_subaction_closealert - The closeAlert subaction
    • +
  • run_connector_subaction_closealert_subActionParams -
    • +
  • run_connector_subaction_createalert - The createAlert subaction
    • +
  • run_connector_subaction_createalert_subActionParams -
    • +
  • run_connector_subaction_createalert_subActionParams_responders_inner -
    • +
  • run_connector_subaction_createalert_subActionParams_visibleTo_inner -
    • +
  • run_connector_subaction_fieldsbyissuetype - The fieldsByIssueType subaction
    • +
  • run_connector_subaction_fieldsbyissuetype_subActionParams -
    • +
  • run_connector_subaction_getchoices - The getChoices subaction
    • +
  • run_connector_subaction_getchoices_subActionParams -
    • +
  • run_connector_subaction_getfields - The getFields subaction
    • +
  • run_connector_subaction_getincident - The getIncident subaction
    • +
  • run_connector_subaction_getincident_subActionParams -
    • +
  • run_connector_subaction_issue - The issue subaction
    • +
  • run_connector_subaction_issue_subActionParams -
    • +
  • run_connector_subaction_issues - The issues subaction
    • +
  • run_connector_subaction_issues_subActionParams -
    • +
  • run_connector_subaction_issuetypes - The issueTypes subaction
    • +
  • run_connector_subaction_pushtoservice - The pushToService subaction
    • +
  • run_connector_subaction_pushtoservice_subActionParams -
    • +
  • run_connector_subaction_pushtoservice_subActionParams_comments_inner -
    • +
  • run_connector_subaction_pushtoservice_subActionParams_incident -
    • +
  • run_connector_subaction_pushtoservice_subActionParams_incident_dest_ip -
    • +
  • run_connector_subaction_pushtoservice_subActionParams_incident_malware_hash -
    • +
  • run_connector_subaction_pushtoservice_subActionParams_incident_malware_url -
    • +
  • run_connector_subaction_pushtoservice_subActionParams_incident_source_ip -
  • secrets_properties_cases_webhook - Connector secrets properties for Webhook - Case Management connector
  • secrets_properties_jira - Connector secrets properties for a Jira connector
  • secrets_properties_opsgenie - Connector secrets properties for an Opsgenie connector
    • @@ -701,15 +729,15 @@ Any modifications made to this file will be overwritten.

    Run_connector_request_body_properties_params - Up

    -
    documents
    array[map[String, oas_any_type_not_mapped]] The documents to index in JSON format.
    -
    level (optional)
    String The log level of the message.
    +
    documents
    array[map[String, oas_any_type_not_mapped]] The documents in JSON format for index connectors.
    +
    level (optional)
    String The log level of the message for server log connectors.
    Enum:
    debug
    error
    fatal
    info
    trace
    warn
    -
    message
    String The message to log.
    +
    message
    String The message for server log connectors.
    subAction
    String The action to test.
    Enum:
    -
    addEvent
    createAlert
    closeAlert
    fieldsByIssueType
    getChoices
    getFields
    getIncident
    issue
    issues
    issueTypes
    pushToService
    -
    subActionParams (optional)
    Object
    +
    pushToService
    +
    subActionParams
    run_connector_subaction_pushtoservice_subActionParams
    @@ -722,6 +750,16 @@ Any modifications made to this file will be overwritten.
    name
    String The name of the field in Swimlane.
    +
    +

    Subaction_parameters - Subaction parameters Up

    +
    Test an action that involves a subaction.
    +
    +
    subAction
    String The action to test.
    +
    Enum:
    +
    pushToService
    +
    subActionParams
    run_connector_subaction_pushtoservice_subActionParams
    +
    +

    Update_connector_request_body_properties - Update connector request body properties Up

    The properties vary depending on the connector type.
    @@ -1331,32 +1369,307 @@ Any modifications made to this file will be overwritten.
    -

    run_connector_params_documents - Run index connector parameters Up

    +

    run_connector_params_documents - Index connector parameters Up

    Test an action that indexes a document into Elasticsearch.
    -
    documents
    array[map[String, oas_any_type_not_mapped]] The documents to index in JSON format.
    +
    documents
    array[map[String, oas_any_type_not_mapped]] The documents in JSON format for index connectors.
    -

    run_connector_params_level_message - Run server log connector parameters Up

    +

    run_connector_params_level_message - Server log connector parameters Up

    Test an action that writes an entry to the Kibana server log.
    -
    level (optional)
    String The log level of the message.
    +
    level (optional)
    String The log level of the message for server log connectors.
    Enum:
    debug
    error
    fatal
    info
    trace
    warn
    -
    message
    String The message to log.
    +
    message
    String The message for server log connectors.
    +
    +
    +
    +

    run_connector_subaction_addevent - The addEvent subaction Up

    +
    The addEvent subaction for ServiceNow ITOM connectors.
    +
    +
    subAction
    String The action to test.
    +
    Enum:
    +
    addEvent
    +
    subActionParams (optional)
    run_connector_subaction_addevent_subActionParams
    +
    +
    +
    +

    run_connector_subaction_addevent_subActionParams - Up

    +
    The set of configuration properties for the action.
    +
    +
    additional_info (optional)
    String Additional information about the event.
    +
    description (optional)
    String The details about the event.
    +
    event_class (optional)
    String A specific instance of the source.
    +
    message_key (optional)
    String All actions sharing this key are associated with the same ServiceNow alert. The default value is <rule ID>:<alert instance ID>.
    +
    metric_name (optional)
    String The name of the metric.
    +
    node (optional)
    String The host that the event was triggered for.
    +
    resource (optional)
    String The name of the resource.
    +
    severity (optional)
    String The severity of the event.
    +
    source (optional)
    String The name of the event source type.
    +
    time_of_event (optional)
    String The time of the event.
    +
    type (optional)
    String The type of event.
    +
    +
    +
    +

    run_connector_subaction_closealert - The closeAlert subaction Up

    +
    The closeAlert subaction for Opsgenie connectors.
    +
    +
    subAction
    String The action to test.
    +
    Enum:
    +
    closeAlert
    +
    subActionParams
    run_connector_subaction_closealert_subActionParams
    +
    +
    +
    +

    run_connector_subaction_closealert_subActionParams - Up

    +
    +
    +
    alias
    String The unique identifier used for alert deduplication in Opsgenie. The alias must match the value used when creating the alert.
    +
    note (optional)
    String Additional information for the alert.
    +
    source (optional)
    String The display name for the source of the alert.
    +
    user (optional)
    String The display name for the owner.
    +
    +
    +
    +

    run_connector_subaction_createalert - The createAlert subaction Up

    +
    The createAlert subaction for Opsgenie connectors.
    +
    +
    subAction
    String The action to test.
    +
    Enum:
    +
    createAlert
    +
    subActionParams
    run_connector_subaction_createalert_subActionParams
    +
    +
    +
    +

    run_connector_subaction_createalert_subActionParams - Up

    +
    +
    +
    actions (optional)
    array[String] The custom actions available to the alert.
    +
    alias (optional)
    String The unique identifier used for alert deduplication in Opsgenie.
    +
    description (optional)
    String A description that provides detailed information about the alert.
    +
    details (optional)
    map[String, oas_any_type_not_mapped] The custom properties of the alert.
    +
    entity (optional)
    String The domain of the alert. For example, the application or server name.
    +
    message
    String The alert message.
    +
    note (optional)
    String Additional information for the alert.
    +
    priority (optional)
    String The priority level for the alert.
    +
    Enum:
    +
    P1
    P2
    P3
    P4
    P5
    +
    responders (optional)
    array[run_connector_subaction_createalert_subActionParams_responders_inner] The entities to receive notifications about the alert. If type is user, either id or username is required. If type is team, either id or name is required.
    +
    source (optional)
    String The display name for the source of the alert.
    +
    tags (optional)
    array[String] The tags for the alert.
    +
    user (optional)
    String The display name for the owner.
    +
    visibleTo (optional)
    array[run_connector_subaction_createalert_subActionParams_visibleTo_inner] The teams and users that the alert will be visible to without sending a notification. Only one of id, name, or username is required.
    +
    +
    +
    +

    run_connector_subaction_createalert_subActionParams_responders_inner - Up

    +
    +
    +
    id (optional)
    String The identifier for the entity.
    +
    name (optional)
    String The name of the entity.
    +
    type (optional)
    String The type of responders, in this case escalation.
    +
    Enum:
    +
    escalation
    schedule
    team
    user
    +
    username (optional)
    String A valid email address for the user.
    +
    +
    +
    +

    run_connector_subaction_createalert_subActionParams_visibleTo_inner - Up

    +
    +
    +
    id (optional)
    String The identifier for the entity.
    +
    name (optional)
    String The name of the entity.
    +
    type
    String Valid values are team and user.
    +
    Enum:
    +
    team
    user
    +
    username (optional)
    String The user name. This property is required only when the type is user.
    +
    +
    +
    +

    run_connector_subaction_fieldsbyissuetype - The fieldsByIssueType subaction Up

    +
    The fieldsByIssueType subaction for Jira connectors.
    +
    +
    subAction
    String The action to test.
    +
    Enum:
    +
    fieldsByIssueType
    +
    subActionParams
    run_connector_subaction_fieldsbyissuetype_subActionParams
    +
    +
    +
    +

    run_connector_subaction_fieldsbyissuetype_subActionParams - Up

    +
    +
    +
    id
    String The Jira issue type identifier.
    +
    +
    +
    +

    run_connector_subaction_getchoices - The getChoices subaction Up

    +
    The getChoices subaction for ServiceNow ITOM, ServiceNow ITSM, and ServiceNow SecOps connectors.
    +
    +
    subAction
    String The action to test.
    +
    Enum:
    +
    getChoices
    +
    subActionParams
    run_connector_subaction_getchoices_subActionParams
    +
    +
    +
    +

    run_connector_subaction_getchoices_subActionParams - Up

    +
    The set of configuration properties for the action.
    +
    +
    fields
    array[String] An array of fields.
    +
    +
    +
    +

    run_connector_subaction_getfields - The getFields subaction Up

    +
    The getFields subaction for Jira, ServiceNow ITSM, and ServiceNow SecOps connectors.
    +
    +
    subAction
    String The action to test.
    +
    Enum:
    +
    getFields
    -

    run_connector_params_subactions - Run connector subactions Up

    -
    Test an actions that require subactions and subaction parameters.
    +

    run_connector_subaction_getincident - The getIncident subaction Up

    +
    The getIncident subaction for Jira, ServiceNow ITSM, and ServiceNow SecOps connectors.
    subAction
    String The action to test.
    Enum:
    -
    addEvent
    createAlert
    closeAlert
    fieldsByIssueType
    getChoices
    getFields
    getIncident
    issue
    issues
    issueTypes
    pushToService
    -
    subActionParams (optional)
    Object
    +
    getIncident
    +
    subActionParams
    run_connector_subaction_getincident_subActionParams
    +
    +
    +
    +

    run_connector_subaction_getincident_subActionParams - Up

    +
    +
    +
    externalId
    String The Jira, ServiceNow ITSM, or ServiceNow SecOps issue identifier.
    +
    +

    run_connector_subaction_issue - The issue subaction Up

    +
    The issue subaction for Jira connectors.
    +
    +
    subAction
    String The action to test.
    +
    Enum:
    +
    issue
    +
    subActionParams (optional)
    run_connector_subaction_issue_subActionParams
    +
    +
    +
    +

    run_connector_subaction_issue_subActionParams - Up

    +
    +
    +
    id
    String The Jira issue identifier.
    +
    +
    +
    +

    run_connector_subaction_issues - The issues subaction Up

    +
    The issues subaction for Jira connectors.
    +
    +
    subAction
    String The action to test.
    +
    Enum:
    +
    issues
    +
    subActionParams
    run_connector_subaction_issues_subActionParams
    +
    +
    +
    +

    run_connector_subaction_issues_subActionParams - Up

    +
    +
    +
    title
    String The title of the Jira issue.
    +
    +
    +
    +

    run_connector_subaction_issuetypes - The issueTypes subaction Up

    +
    The issueTypes subaction for Jira connectors.
    +
    +
    subAction
    String The action to test.
    +
    Enum:
    +
    issueTypes
    +
    +
    +
    +

    run_connector_subaction_pushtoservice - The pushToService subaction Up

    +
    The pushToService subaction for Jira, ServiceNow ITSM, ServiceNow SecOps, and Swimlane connectors.
    +
    +
    subAction
    String The action to test.
    +
    Enum:
    +
    pushToService
    +
    subActionParams
    run_connector_subaction_pushtoservice_subActionParams
    +
    +
    +
    +

    run_connector_subaction_pushtoservice_subActionParams - Up

    +
    The set of configuration properties for the action.
    +
    +
    comments (optional)
    array[run_connector_subaction_pushtoservice_subActionParams_comments_inner] Additional information that is sent to Jira, ServiceNow ITSM, ServiceNow SecOps, or Swimlane.
    +
    incident (optional)
    run_connector_subaction_pushtoservice_subActionParams_incident
    +
    +
    +
    +

    run_connector_subaction_pushtoservice_subActionParams_comments_inner - Up

    +
    +
    +
    comment (optional)
    String A comment related to the incident. For example, describe how to troubleshoot the issue.
    +
    commentId (optional)
    Integer A unique identifier for the comment.
    +
    +
    +
    +

    run_connector_subaction_pushtoservice_subActionParams_incident - Up

    +
    Information necessary to create or update a Jira, ServiceNow ITSM, ServiveNow SecOps, or Swimlane incident.
    +
    +
    alertId (optional)
    String The alert identifier for Swimlane connectors.
    +
    caseId (optional)
    String The case identifier for the incident for Swimlane connectors.
    +
    caseName (optional)
    String The case name for the incident for Swimlane connectors.
    +
    category (optional)
    String The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.
    +
    correlation_display (optional)
    String A descriptive label of the alert for correlation purposes for ServiceNow ITSM and ServiceNow SecOps connectors.
    +
    correlation_id (optional)
    String The correlation identifier for the security incident for ServiceNow ITSM and ServiveNow SecOps connectors. Connectors using the same correlation ID are associated with the same ServiceNow incident. This value determines whether a new ServiceNow incident is created or an existing one is updated. Modifying this value is optional; if not modified, the rule ID and alert ID are combined as {{ruleID}}:{{alert ID}} to form the correlation ID value in ServiceNow. The maximum character length for this value is 100 characters. NOTE: Using the default configuration of {{ruleID}}:{{alert ID}} ensures that ServiceNow creates a separate incident record for every generated alert that uses a unique alert ID. If the rule generates multiple alerts that use the same alert IDs, ServiceNow creates and continually updates a single incident record for the alert.
    +
    description (optional)
    String The description of the incident for Jira, ServiceNow ITSM, ServiceNow SecOps, and Swimlane connectors.
    +
    dest_ip (optional)
    run_connector_subaction_pushtoservice_subActionParams_incident_dest_ip
    +
    externalId (optional)
    String The Jira, ServiceNow ITSM, or ServiceNow SecOps issue identifier. If present, the incident is updated. Otherwise, a new incident is created.
    +
    impact (optional)
    String The impact of the incident for ServiceNow ITSM connectors.
    +
    issueType (optional)
    Integer The type of incident for Jira connectors. For example, 10006. To obtain the list of valid values, set subAction to issueTypes.
    +
    labels (optional)
    array[String] The labels for the incident for Jira connectors. NOTE: Labels cannot contain spaces.
    +
    malware_hash (optional)
    run_connector_subaction_pushtoservice_subActionParams_incident_malware_hash
    +
    malware_url (optional)
    run_connector_subaction_pushtoservice_subActionParams_incident_malware_url
    +
    parent (optional)
    String The ID or key of the parent issue for Jira connectors. Applies only to Sub-task types of issues.
    +
    priority (optional)
    String The priority of the incident in Jira and ServiceNow SecOps connectors.
    +
    ruleName (optional)
    String The rule name for Swimlane connectors.
    +
    severity (optional)
    String The severity of the incident for ServiceNow ITSM and Swimlane connectors.
    +
    short_description (optional)
    String A short description of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. It is used for searching the contents of the knowledge base.
    +
    source_ip (optional)
    run_connector_subaction_pushtoservice_subActionParams_incident_source_ip
    +
    subcategory (optional)
    String The subcategory of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.
    +
    summary (optional)
    String A summary of the incident for Jira connectors.
    +
    title (optional)
    String A title for the incident for Jira connectors. It is used for searching the contents of the knowledge base.
    +
    urgency (optional)
    String The urgency of the incident for ServiceNow ITSM connectors.
    +
    +
    +
    +

    run_connector_subaction_pushtoservice_subActionParams_incident_dest_ip - Up

    +
    A list of destination IP addresses related to the security incident for ServiceNow SecOps connectors. The IPs are added as observables to the security incident.
    +
    +
    +
    +
    +

    run_connector_subaction_pushtoservice_subActionParams_incident_malware_hash - Up

    +
    A list of malware hashes related to the security incident for ServiceNow SecOps connectors. The hashes are added as observables to the security incident.
    +
    +
    +
    +
    +

    run_connector_subaction_pushtoservice_subActionParams_incident_malware_url - Up

    +
    A list of malware URLs related to the security incident for ServiceNow SecOps connectors. The URLs are added as observables to the security incident.
    +
    +
    +
    +
    +

    run_connector_subaction_pushtoservice_subActionParams_incident_source_ip - Up

    +
    A list of source IP addresses related to the security incident for ServiceNow SecOps connectors. The IPs are added as observables to the security incident.
    +
    +
    +

    secrets_properties_cases_webhook - Connector secrets properties for Webhook - Case Management connector Up

    diff --git a/x-pack/plugins/actions/docs/openapi/bundled.json b/x-pack/plugins/actions/docs/openapi/bundled.json index cbb4a466e29f9..d887c6de5a3e4 100644 --- a/x-pack/plugins/actions/docs/openapi/bundled.json +++ b/x-pack/plugins/actions/docs/openapi/bundled.json @@ -667,7 +667,46 @@ "$ref": "#/components/schemas/run_connector_params_level_message" }, { - "$ref": "#/components/schemas/run_connector_params_subactions" + "title": "Subaction parameters", + "description": "Test an action that involves a subaction.", + "oneOf": [ + { + "$ref": "#/components/schemas/run_connector_subaction_addevent" + }, + { + "$ref": "#/components/schemas/run_connector_subaction_closealert" + }, + { + "$ref": "#/components/schemas/run_connector_subaction_createalert" + }, + { + "$ref": "#/components/schemas/run_connector_subaction_fieldsbyissuetype" + }, + { + "$ref": "#/components/schemas/run_connector_subaction_getchoices" + }, + { + "$ref": "#/components/schemas/run_connector_subaction_getfields" + }, + { + "$ref": "#/components/schemas/run_connector_subaction_getincident" + }, + { + "$ref": "#/components/schemas/run_connector_subaction_issue" + }, + { + "$ref": "#/components/schemas/run_connector_subaction_issues" + }, + { + "$ref": "#/components/schemas/run_connector_subaction_issuetypes" + }, + { + "$ref": "#/components/schemas/run_connector_subaction_pushtoservice" + } + ], + "discriminator": { + "propertyName": "subAction" + } } ] } @@ -3060,7 +3099,7 @@ ] }, "run_connector_params_documents": { - "title": "Run index connector parameters", + "title": "Index connector parameters", "description": "Test an action that indexes a document into Elasticsearch.", "type": "object", "required": [ @@ -3069,7 +3108,7 @@ "properties": { "documents": { "type": "array", - "description": "The documents to index in JSON format.", + "description": "The documents in JSON format for index connectors.", "items": { "type": "object", "additionalProperties": true @@ -3078,7 +3117,7 @@ } }, "run_connector_params_level_message": { - "title": "Run server log connector parameters", + "title": "Server log connector parameters", "description": "Test an action that writes an entry to the Kibana server log.", "type": "object", "required": [ @@ -3087,7 +3126,7 @@ "properties": { "level": { "type": "string", - "description": "The log level of the message.", + "description": "The log level of the message for server log connectors.", "enum": [ "debug", "error", @@ -3100,37 +3139,644 @@ }, "message": { "type": "string", - "description": "The message to log." + "description": "The message for server log connectors." + } + } + }, + "run_connector_subaction_addevent": { + "title": "The addEvent subaction", + "type": "object", + "required": [ + "subAction" + ], + "description": "The `addEvent` subaction for ServiceNow ITOM connectors.", + "properties": { + "subAction": { + "type": "string", + "description": "The action to test.", + "enum": [ + "addEvent" + ] + }, + "subActionParams": { + "type": "object", + "description": "The set of configuration properties for the action.", + "properties": { + "additional_info": { + "type": "string", + "description": "Additional information about the event." + }, + "description": { + "type": "string", + "description": "The details about the event." + }, + "event_class": { + "type": "string", + "description": "A specific instance of the source." + }, + "message_key": { + "type": "string", + "description": "All actions sharing this key are associated with the same ServiceNow alert. The default value is `:`." + }, + "metric_name": { + "type": "string", + "description": "The name of the metric." + }, + "node": { + "type": "string", + "description": "The host that the event was triggered for." + }, + "resource": { + "type": "string", + "description": "The name of the resource." + }, + "severity": { + "type": "string", + "description": "The severity of the event." + }, + "source": { + "type": "string", + "description": "The name of the event source type." + }, + "time_of_event": { + "type": "string", + "description": "The time of the event." + }, + "type": { + "type": "string", + "description": "The type of event." + } + } + } + } + }, + "run_connector_subaction_closealert": { + "title": "The closeAlert subaction", + "type": "object", + "required": [ + "subAction", + "subActionParams" + ], + "description": "The `closeAlert` subaction for Opsgenie connectors.", + "properties": { + "subAction": { + "type": "string", + "description": "The action to test.", + "enum": [ + "closeAlert" + ] + }, + "subActionParams": { + "type": "object", + "required": [ + "alias" + ], + "properties": { + "alias": { + "type": "string", + "description": "The unique identifier used for alert deduplication in Opsgenie. The alias must match the value used when creating the alert." + }, + "note": { + "type": "string", + "description": "Additional information for the alert." + }, + "source": { + "type": "string", + "description": "The display name for the source of the alert." + }, + "user": { + "type": "string", + "description": "The display name for the owner." + } + } + } + } + }, + "run_connector_subaction_createalert": { + "title": "The createAlert subaction", + "type": "object", + "required": [ + "subAction", + "subActionParams" + ], + "description": "The `createAlert` subaction for Opsgenie connectors.", + "properties": { + "subAction": { + "type": "string", + "description": "The action to test.", + "enum": [ + "createAlert" + ] + }, + "subActionParams": { + "type": "object", + "required": [ + "message" + ], + "properties": { + "actions": { + "type": "array", + "description": "The custom actions available to the alert.", + "items": { + "type": "string" + } + }, + "alias": { + "type": "string", + "description": "The unique identifier used for alert deduplication in Opsgenie." + }, + "description": { + "type": "string", + "description": "A description that provides detailed information about the alert." + }, + "details": { + "type": "object", + "description": "The custom properties of the alert.", + "additionalProperties": true, + "example": { + "key1": "value1", + "key2": "value2" + } + }, + "entity": { + "type": "string", + "description": "The domain of the alert. For example, the application or server name." + }, + "message": { + "type": "string", + "description": "The alert message." + }, + "note": { + "type": "string", + "description": "Additional information for the alert." + }, + "priority": { + "type": "string", + "description": "The priority level for the alert.", + "enum": [ + "P1", + "P2", + "P3", + "P4", + "P5" + ] + }, + "responders": { + "type": "array", + "description": "The entities to receive notifications about the alert. If `type` is `user`, either `id` or `username` is required. If `type` is `team`, either `id` or `name` is required.\n", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The identifier for the entity." + }, + "name": { + "type": "string", + "description": "The name of the entity." + }, + "type": { + "type": "string", + "description": "The type of responders, in this case `escalation`.", + "enum": [ + "escalation", + "schedule", + "team", + "user" + ] + }, + "username": { + "type": "string", + "description": "A valid email address for the user." + } + } + } + }, + "source": { + "type": "string", + "description": "The display name for the source of the alert." + }, + "tags": { + "type": "array", + "description": "The tags for the alert.", + "items": { + "type": "string" + } + }, + "user": { + "type": "string", + "description": "The display name for the owner." + }, + "visibleTo": { + "type": "array", + "description": "The teams and users that the alert will be visible to without sending a notification. Only one of `id`, `name`, or `username` is required.", + "items": { + "type": "object", + "required": [ + "type" + ], + "properties": { + "id": { + "type": "string", + "description": "The identifier for the entity." + }, + "name": { + "type": "string", + "description": "The name of the entity." + }, + "type": { + "type": "string", + "description": "Valid values are `team` and `user`.", + "enum": [ + "team", + "user" + ] + }, + "username": { + "type": "string", + "description": "The user name. This property is required only when the `type` is `user`." + } + } + } + } + } + } + } + }, + "run_connector_subaction_fieldsbyissuetype": { + "title": "The fieldsByIssueType subaction", + "type": "object", + "required": [ + "subAction", + "subActionParams" + ], + "description": "The `fieldsByIssueType` subaction for Jira connectors.", + "properties": { + "subAction": { + "type": "string", + "description": "The action to test.", + "enum": [ + "fieldsByIssueType" + ] + }, + "subActionParams": { + "type": "object", + "required": [ + "id" + ], + "properties": { + "id": { + "type": "string", + "description": "The Jira issue type identifier.", + "example": 10024 + } + } + } + } + }, + "run_connector_subaction_getchoices": { + "title": "The getChoices subaction", + "type": "object", + "required": [ + "subAction", + "subActionParams" + ], + "description": "The `getChoices` subaction for ServiceNow ITOM, ServiceNow ITSM, and ServiceNow SecOps connectors.", + "properties": { + "subAction": { + "type": "string", + "description": "The action to test.", + "enum": [ + "getChoices" + ] + }, + "subActionParams": { + "type": "object", + "description": "The set of configuration properties for the action.", + "required": [ + "fields" + ], + "properties": { + "fields": { + "type": "array", + "description": "An array of fields.", + "items": { + "type": "string" + } + } + } } } }, - "run_connector_params_subactions": { - "title": "Run connector subactions", - "description": "Test an actions that require subactions and subaction parameters.", + "run_connector_subaction_getfields": { + "title": "The getFields subaction", "type": "object", "required": [ "subAction" ], + "description": "The `getFields` subaction for Jira, ServiceNow ITSM, and ServiceNow SecOps connectors.", + "properties": { + "subAction": { + "type": "string", + "description": "The action to test.", + "enum": [ + "getFields" + ] + } + } + }, + "run_connector_subaction_getincident": { + "title": "The getIncident subaction", + "type": "object", + "description": "The `getIncident` subaction for Jira, ServiceNow ITSM, and ServiceNow SecOps connectors.", + "required": [ + "subAction", + "subActionParams" + ], + "properties": { + "subAction": { + "type": "string", + "description": "The action to test.", + "enum": [ + "getIncident" + ] + }, + "subActionParams": { + "type": "object", + "required": [ + "externalId" + ], + "properties": { + "externalId": { + "type": "string", + "description": "The Jira, ServiceNow ITSM, or ServiceNow SecOps issue identifier.", + "example": 71778 + } + } + } + } + }, + "run_connector_subaction_issue": { + "title": "The issue subaction", + "type": "object", + "required": [ + "subAction" + ], + "description": "The `issue` subaction for Jira connectors.", + "properties": { + "subAction": { + "type": "string", + "description": "The action to test.", + "enum": [ + "issue" + ] + }, + "subActionParams": { + "type": "object", + "required": [ + "id" + ], + "properties": { + "id": { + "type": "string", + "description": "The Jira issue identifier.", + "example": 71778 + } + } + } + } + }, + "run_connector_subaction_issues": { + "title": "The issues subaction", + "type": "object", + "required": [ + "subAction", + "subActionParams" + ], + "description": "The `issues` subaction for Jira connectors.", + "properties": { + "subAction": { + "type": "string", + "description": "The action to test.", + "enum": [ + "issues" + ] + }, + "subActionParams": { + "type": "object", + "required": [ + "title" + ], + "properties": { + "title": { + "type": "string", + "description": "The title of the Jira issue." + } + } + } + } + }, + "run_connector_subaction_issuetypes": { + "title": "The issueTypes subaction", + "type": "object", + "required": [ + "subAction" + ], + "description": "The `issueTypes` subaction for Jira connectors.", + "properties": { + "subAction": { + "type": "string", + "description": "The action to test.", + "enum": [ + "issueTypes" + ] + } + } + }, + "run_connector_subaction_pushtoservice": { + "title": "The pushToService subaction", + "type": "object", + "required": [ + "subAction", + "subActionParams" + ], + "description": "The `pushToService` subaction for Jira, ServiceNow ITSM, ServiceNow SecOps, and Swimlane connectors.", "properties": { "subAction": { "type": "string", "description": "The action to test.", "enum": [ - "addEvent", - "createAlert", - "closeAlert", - "fieldsByIssueType", - "getChoices", - "getFields", - "getIncident", - "issue", - "issues", - "issueTypes", "pushToService" ] }, "subActionParams": { - "type": "object" + "type": "object", + "description": "The set of configuration properties for the action.", + "properties": { + "comments": { + "type": "array", + "description": "Additional information that is sent to Jira, ServiceNow ITSM, ServiceNow SecOps, or Swimlane.", + "items": { + "type": "object", + "properties": { + "comment": { + "type": "string", + "description": "A comment related to the incident. For example, describe how to troubleshoot the issue." + }, + "commentId": { + "type": "integer", + "description": "A unique identifier for the comment." + } + } + } + }, + "incident": { + "type": "object", + "description": "Information necessary to create or update a Jira, ServiceNow ITSM, ServiveNow SecOps, or Swimlane incident.", + "properties": { + "alertId": { + "type": "string", + "description": "The alert identifier for Swimlane connectors." + }, + "caseId": { + "type": "string", + "description": "The case identifier for the incident for Swimlane connectors." + }, + "caseName": { + "type": "string", + "description": "The case name for the incident for Swimlane connectors." + }, + "category": { + "type": "string", + "description": "The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors." + }, + "correlation_display": { + "type": "string", + "description": "A descriptive label of the alert for correlation purposes for ServiceNow ITSM and ServiceNow SecOps connectors." + }, + "correlation_id": { + "type": "string", + "description": "The correlation identifier for the security incident for ServiceNow ITSM and ServiveNow SecOps connectors. Connectors using the same correlation ID are associated with the same ServiceNow incident. This value determines whether a new ServiceNow incident is created or an existing one is updated. Modifying this value is optional; if not modified, the rule ID and alert ID are combined as `{{ruleID}}:{{alert ID}}` to form the correlation ID value in ServiceNow. The maximum character length for this value is 100 characters. NOTE: Using the default configuration of `{{ruleID}}:{{alert ID}}` ensures that ServiceNow creates a separate incident record for every generated alert that uses a unique alert ID. If the rule generates multiple alerts that use the same alert IDs, ServiceNow creates and continually updates a single incident record for the alert.\n" + }, + "description": { + "type": "string", + "description": "The description of the incident for Jira, ServiceNow ITSM, ServiceNow SecOps, and Swimlane connectors." + }, + "dest_ip": { + "description": "A list of destination IP addresses related to the security incident for ServiceNow SecOps connectors. The IPs are added as observables to the security incident.\n", + "oneOf": [ + { + "type": "string" + }, + { + "type": "array", + "items": { + "type": "string" + } + } + ] + }, + "externalId": { + "type": "string", + "description": "The Jira, ServiceNow ITSM, or ServiceNow SecOps issue identifier. If present, the incident is updated. Otherwise, a new incident is created.\n" + }, + "impact": { + "type": "string", + "description": "The impact of the incident for ServiceNow ITSM connectors." + }, + "issueType": { + "type": "integer", + "description": "The type of incident for Jira connectors. For example, 10006. To obtain the list of valid values, set `subAction` to `issueTypes`." + }, + "labels": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The labels for the incident for Jira connectors. NOTE: Labels cannot contain spaces.\n" + }, + "malware_hash": { + "description": "A list of malware hashes related to the security incident for ServiceNow SecOps connectors. The hashes are added as observables to the security incident.", + "oneOf": [ + { + "type": "string" + }, + { + "type": "array", + "items": { + "type": "string" + } + } + ] + }, + "malware_url": { + "type": "string", + "description": "A list of malware URLs related to the security incident for ServiceNow SecOps connectors. The URLs are added as observables to the security incident.", + "oneOf": [ + { + "type": "string" + }, + { + "type": "array", + "items": { + "type": "string" + } + } + ] + }, + "parent": { + "type": "string", + "description": "The ID or key of the parent issue for Jira connectors. Applies only to `Sub-task` types of issues." + }, + "priority": { + "type": "string", + "description": "The priority of the incident in Jira and ServiceNow SecOps connectors." + }, + "ruleName": { + "type": "string", + "description": "The rule name for Swimlane connectors." + }, + "severity": { + "type": "string", + "description": "The severity of the incident for ServiceNow ITSM and Swimlane connectors." + }, + "short_description": { + "type": "string", + "description": "A short description of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. It is used for searching the contents of the knowledge base.\n" + }, + "source_ip": { + "description": "A list of source IP addresses related to the security incident for ServiceNow SecOps connectors. The IPs are added as observables to the security incident.", + "oneOf": [ + { + "type": "string" + }, + { + "type": "array", + "items": { + "type": "string" + } + } + ] + }, + "subcategory": { + "type": "string", + "description": "The subcategory of the incident for ServiceNow ITSM and ServiceNow SecOps connectors." + }, + "summary": { + "type": "string", + "description": "A summary of the incident for Jira connectors." + }, + "title": { + "type": "string", + "description": "A title for the incident for Jira connectors. It is used for searching the contents of the knowledge base.\n" + }, + "urgency": { + "type": "string", + "description": "The urgency of the incident for ServiceNow ITSM connectors." + } + } + } + } } } } diff --git a/x-pack/plugins/actions/docs/openapi/bundled.yaml b/x-pack/plugins/actions/docs/openapi/bundled.yaml index bced81fa0a00a..1652412e027e4 100644 --- a/x-pack/plugins/actions/docs/openapi/bundled.yaml +++ b/x-pack/plugins/actions/docs/openapi/bundled.yaml @@ -395,7 +395,22 @@ paths: oneOf: - $ref: '#/components/schemas/run_connector_params_documents' - $ref: '#/components/schemas/run_connector_params_level_message' - - $ref: '#/components/schemas/run_connector_params_subactions' + - title: Subaction parameters + description: Test an action that involves a subaction. + oneOf: + - $ref: '#/components/schemas/run_connector_subaction_addevent' + - $ref: '#/components/schemas/run_connector_subaction_closealert' + - $ref: '#/components/schemas/run_connector_subaction_createalert' + - $ref: '#/components/schemas/run_connector_subaction_fieldsbyissuetype' + - $ref: '#/components/schemas/run_connector_subaction_getchoices' + - $ref: '#/components/schemas/run_connector_subaction_getfields' + - $ref: '#/components/schemas/run_connector_subaction_getincident' + - $ref: '#/components/schemas/run_connector_subaction_issue' + - $ref: '#/components/schemas/run_connector_subaction_issues' + - $ref: '#/components/schemas/run_connector_subaction_issuetypes' + - $ref: '#/components/schemas/run_connector_subaction_pushtoservice' + discriminator: + propertyName: subAction examples: runIndexConnectorRequest: $ref: '#/components/examples/run_index_connector_request' @@ -2168,7 +2183,7 @@ components: - uptime - siem run_connector_params_documents: - title: Run index connector parameters + title: Index connector parameters description: Test an action that indexes a document into Elasticsearch. type: object required: @@ -2176,12 +2191,12 @@ components: properties: documents: type: array - description: The documents to index in JSON format. + description: The documents in JSON format for index connectors. items: type: object additionalProperties: true run_connector_params_level_message: - title: Run server log connector parameters + title: Server log connector parameters description: Test an action that writes an entry to the Kibana server log. type: object required: @@ -2189,7 +2204,7 @@ components: properties: level: type: string - description: The log level of the message. + description: The log level of the message for server log connectors. enum: - debug - error @@ -2200,31 +2215,462 @@ components: default: info message: type: string - description: The message to log. - run_connector_params_subactions: - title: Run connector subactions - description: Test an actions that require subactions and subaction parameters. + description: The message for server log connectors. + run_connector_subaction_addevent: + title: The addEvent subaction type: object required: - subAction + description: The `addEvent` subaction for ServiceNow ITOM connectors. properties: subAction: type: string description: The action to test. enum: - addEvent - - createAlert + subActionParams: + type: object + description: The set of configuration properties for the action. + properties: + additional_info: + type: string + description: Additional information about the event. + description: + type: string + description: The details about the event. + event_class: + type: string + description: A specific instance of the source. + message_key: + type: string + description: All actions sharing this key are associated with the same ServiceNow alert. The default value is `:`. + metric_name: + type: string + description: The name of the metric. + node: + type: string + description: The host that the event was triggered for. + resource: + type: string + description: The name of the resource. + severity: + type: string + description: The severity of the event. + source: + type: string + description: The name of the event source type. + time_of_event: + type: string + description: The time of the event. + type: + type: string + description: The type of event. + run_connector_subaction_closealert: + title: The closeAlert subaction + type: object + required: + - subAction + - subActionParams + description: The `closeAlert` subaction for Opsgenie connectors. + properties: + subAction: + type: string + description: The action to test. + enum: - closeAlert + subActionParams: + type: object + required: + - alias + properties: + alias: + type: string + description: The unique identifier used for alert deduplication in Opsgenie. The alias must match the value used when creating the alert. + note: + type: string + description: Additional information for the alert. + source: + type: string + description: The display name for the source of the alert. + user: + type: string + description: The display name for the owner. + run_connector_subaction_createalert: + title: The createAlert subaction + type: object + required: + - subAction + - subActionParams + description: The `createAlert` subaction for Opsgenie connectors. + properties: + subAction: + type: string + description: The action to test. + enum: + - createAlert + subActionParams: + type: object + required: + - message + properties: + actions: + type: array + description: The custom actions available to the alert. + items: + type: string + alias: + type: string + description: The unique identifier used for alert deduplication in Opsgenie. + description: + type: string + description: A description that provides detailed information about the alert. + details: + type: object + description: The custom properties of the alert. + additionalProperties: true + example: + key1: value1 + key2: value2 + entity: + type: string + description: The domain of the alert. For example, the application or server name. + message: + type: string + description: The alert message. + note: + type: string + description: Additional information for the alert. + priority: + type: string + description: The priority level for the alert. + enum: + - P1 + - P2 + - P3 + - P4 + - P5 + responders: + type: array + description: | + The entities to receive notifications about the alert. If `type` is `user`, either `id` or `username` is required. If `type` is `team`, either `id` or `name` is required. + items: + type: object + properties: + id: + type: string + description: The identifier for the entity. + name: + type: string + description: The name of the entity. + type: + type: string + description: The type of responders, in this case `escalation`. + enum: + - escalation + - schedule + - team + - user + username: + type: string + description: A valid email address for the user. + source: + type: string + description: The display name for the source of the alert. + tags: + type: array + description: The tags for the alert. + items: + type: string + user: + type: string + description: The display name for the owner. + visibleTo: + type: array + description: The teams and users that the alert will be visible to without sending a notification. Only one of `id`, `name`, or `username` is required. + items: + type: object + required: + - type + properties: + id: + type: string + description: The identifier for the entity. + name: + type: string + description: The name of the entity. + type: + type: string + description: Valid values are `team` and `user`. + enum: + - team + - user + username: + type: string + description: The user name. This property is required only when the `type` is `user`. + run_connector_subaction_fieldsbyissuetype: + title: The fieldsByIssueType subaction + type: object + required: + - subAction + - subActionParams + description: The `fieldsByIssueType` subaction for Jira connectors. + properties: + subAction: + type: string + description: The action to test. + enum: - fieldsByIssueType + subActionParams: + type: object + required: + - id + properties: + id: + type: string + description: The Jira issue type identifier. + example: 10024 + run_connector_subaction_getchoices: + title: The getChoices subaction + type: object + required: + - subAction + - subActionParams + description: The `getChoices` subaction for ServiceNow ITOM, ServiceNow ITSM, and ServiceNow SecOps connectors. + properties: + subAction: + type: string + description: The action to test. + enum: - getChoices + subActionParams: + type: object + description: The set of configuration properties for the action. + required: + - fields + properties: + fields: + type: array + description: An array of fields. + items: + type: string + run_connector_subaction_getfields: + title: The getFields subaction + type: object + required: + - subAction + description: The `getFields` subaction for Jira, ServiceNow ITSM, and ServiceNow SecOps connectors. + properties: + subAction: + type: string + description: The action to test. + enum: - getFields + run_connector_subaction_getincident: + title: The getIncident subaction + type: object + description: The `getIncident` subaction for Jira, ServiceNow ITSM, and ServiceNow SecOps connectors. + required: + - subAction + - subActionParams + properties: + subAction: + type: string + description: The action to test. + enum: - getIncident + subActionParams: + type: object + required: + - externalId + properties: + externalId: + type: string + description: The Jira, ServiceNow ITSM, or ServiceNow SecOps issue identifier. + example: 71778 + run_connector_subaction_issue: + title: The issue subaction + type: object + required: + - subAction + description: The `issue` subaction for Jira connectors. + properties: + subAction: + type: string + description: The action to test. + enum: - issue + subActionParams: + type: object + required: + - id + properties: + id: + type: string + description: The Jira issue identifier. + example: 71778 + run_connector_subaction_issues: + title: The issues subaction + type: object + required: + - subAction + - subActionParams + description: The `issues` subaction for Jira connectors. + properties: + subAction: + type: string + description: The action to test. + enum: - issues + subActionParams: + type: object + required: + - title + properties: + title: + type: string + description: The title of the Jira issue. + run_connector_subaction_issuetypes: + title: The issueTypes subaction + type: object + required: + - subAction + description: The `issueTypes` subaction for Jira connectors. + properties: + subAction: + type: string + description: The action to test. + enum: - issueTypes + run_connector_subaction_pushtoservice: + title: The pushToService subaction + type: object + required: + - subAction + - subActionParams + description: The `pushToService` subaction for Jira, ServiceNow ITSM, ServiceNow SecOps, and Swimlane connectors. + properties: + subAction: + type: string + description: The action to test. + enum: - pushToService subActionParams: type: object + description: The set of configuration properties for the action. + properties: + comments: + type: array + description: Additional information that is sent to Jira, ServiceNow ITSM, ServiceNow SecOps, or Swimlane. + items: + type: object + properties: + comment: + type: string + description: A comment related to the incident. For example, describe how to troubleshoot the issue. + commentId: + type: integer + description: A unique identifier for the comment. + incident: + type: object + description: Information necessary to create or update a Jira, ServiceNow ITSM, ServiveNow SecOps, or Swimlane incident. + properties: + alertId: + type: string + description: The alert identifier for Swimlane connectors. + caseId: + type: string + description: The case identifier for the incident for Swimlane connectors. + caseName: + type: string + description: The case name for the incident for Swimlane connectors. + category: + type: string + description: The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. + correlation_display: + type: string + description: A descriptive label of the alert for correlation purposes for ServiceNow ITSM and ServiceNow SecOps connectors. + correlation_id: + type: string + description: | + The correlation identifier for the security incident for ServiceNow ITSM and ServiveNow SecOps connectors. Connectors using the same correlation ID are associated with the same ServiceNow incident. This value determines whether a new ServiceNow incident is created or an existing one is updated. Modifying this value is optional; if not modified, the rule ID and alert ID are combined as `{{ruleID}}:{{alert ID}}` to form the correlation ID value in ServiceNow. The maximum character length for this value is 100 characters. NOTE: Using the default configuration of `{{ruleID}}:{{alert ID}}` ensures that ServiceNow creates a separate incident record for every generated alert that uses a unique alert ID. If the rule generates multiple alerts that use the same alert IDs, ServiceNow creates and continually updates a single incident record for the alert. + description: + type: string + description: The description of the incident for Jira, ServiceNow ITSM, ServiceNow SecOps, and Swimlane connectors. + dest_ip: + description: | + A list of destination IP addresses related to the security incident for ServiceNow SecOps connectors. The IPs are added as observables to the security incident. + oneOf: + - type: string + - type: array + items: + type: string + externalId: + type: string + description: | + The Jira, ServiceNow ITSM, or ServiceNow SecOps issue identifier. If present, the incident is updated. Otherwise, a new incident is created. + impact: + type: string + description: The impact of the incident for ServiceNow ITSM connectors. + issueType: + type: integer + description: The type of incident for Jira connectors. For example, 10006. To obtain the list of valid values, set `subAction` to `issueTypes`. + labels: + type: array + items: + type: string + description: | + The labels for the incident for Jira connectors. NOTE: Labels cannot contain spaces. + malware_hash: + description: A list of malware hashes related to the security incident for ServiceNow SecOps connectors. The hashes are added as observables to the security incident. + oneOf: + - type: string + - type: array + items: + type: string + malware_url: + type: string + description: A list of malware URLs related to the security incident for ServiceNow SecOps connectors. The URLs are added as observables to the security incident. + oneOf: + - type: string + - type: array + items: + type: string + parent: + type: string + description: The ID or key of the parent issue for Jira connectors. Applies only to `Sub-task` types of issues. + priority: + type: string + description: The priority of the incident in Jira and ServiceNow SecOps connectors. + ruleName: + type: string + description: The rule name for Swimlane connectors. + severity: + type: string + description: The severity of the incident for ServiceNow ITSM and Swimlane connectors. + short_description: + type: string + description: | + A short description of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. It is used for searching the contents of the knowledge base. + source_ip: + description: A list of source IP addresses related to the security incident for ServiceNow SecOps connectors. The IPs are added as observables to the security incident. + oneOf: + - type: string + - type: array + items: + type: string + subcategory: + type: string + description: The subcategory of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. + summary: + type: string + description: A summary of the incident for Jira connectors. + title: + type: string + description: | + A title for the incident for Jira connectors. It is used for searching the contents of the knowledge base. + urgency: + type: string + description: The urgency of the incident for ServiceNow ITSM connectors. examples: create_index_connector_request: summary: Create an index connector. diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_params_documents.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_params_documents.yaml index 00ecb2739dd21..1874c19d17cc6 100644 --- a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_params_documents.yaml +++ b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_params_documents.yaml @@ -1,4 +1,4 @@ -title: Run index connector parameters +title: Index connector parameters description: Test an action that indexes a document into Elasticsearch. type: object required: @@ -6,7 +6,7 @@ required: properties: documents: type: array - description: The documents to index in JSON format. + description: The documents in JSON format for index connectors. items: type: object additionalProperties: true diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_params_level_message.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_params_level_message.yaml index a6acce6314545..cd8db87b0df82 100644 --- a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_params_level_message.yaml +++ b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_params_level_message.yaml @@ -1,4 +1,4 @@ -title: Run server log connector parameters +title: Server log connector parameters description: Test an action that writes an entry to the Kibana server log. type: object required: @@ -6,7 +6,7 @@ required: properties: level: type: string - description: The log level of the message. + description: The log level of the message for server log connectors. enum: - debug - error @@ -17,4 +17,4 @@ properties: default: info message: type: string - description: The message to log. + description: The message for server log connectors. diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_params_subactions.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_params_subactions.yaml deleted file mode 100644 index aace5964f7b1e..0000000000000 --- a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_params_subactions.yaml +++ /dev/null @@ -1,24 +0,0 @@ -title: Run connector subactions -description: Test an actions that require subactions and subaction parameters. -type: object -required: - - subAction -properties: - subAction: - type: string - description: The action to test. - enum: - - addEvent - - createAlert - - closeAlert - - fieldsByIssueType - - getChoices - - getFields - - getIncident - - issue - - issues - - issueTypes - - pushToService - subActionParams: - type: object - diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_index.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_index.yaml deleted file mode 100644 index 00ecb2739dd21..0000000000000 --- a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_index.yaml +++ /dev/null @@ -1,13 +0,0 @@ -title: Run index connector parameters -description: Test an action that indexes a document into Elasticsearch. -type: object -required: - - documents -properties: - documents: - type: array - description: The documents to index in JSON format. - items: - type: object - additionalProperties: true - diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_jira.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_jira.yaml deleted file mode 100644 index 0817b89e7a5a8..0000000000000 --- a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_jira.yaml +++ /dev/null @@ -1,163 +0,0 @@ -title: Run Jira connector parameters -description: Test an action related to Jira issues. -oneOf: - - type: object - required: - - subAction - - subActionParams - description: Jira connector properties when `subAction` is `fieldsByIssueType`. - properties: - subAction: - type: string - description: The action to test. - enum: - - fieldsByIssueType - subActionParams: - type: object - required: - - id - properties: - id: - type: string - description: The Jira issue type identifier. - example: 10024 - - type: object - required: - - subAction - description: Jira connector properties when `subAction` is `getFields`. - properties: - subAction: - type: string - description: The action to test. - enum: - - getFields - - type: object - description: Jira connector properties when `subAction` is `getIncident`. - required: - - subAction - - subActionParams - properties: - subAction: - type: string - description: The action to test. - enum: - - getIncident - subActionParams: - type: object - required: - - externalId - properties: - externalId: - type: string - description: The Jira issue identifier. - example: 71778 - - type: object - required: - - subAction - description: Jira connector properties when `subAction` is `issue`. - properties: - subAction: - type: string - description: The action to test. - enum: - - issue - subActionParams: - type: object - required: - - id - properties: - id: - type: string - description: The Jira issue identifier. - example: 71778 - - type: object - required: - - subAction - - subActionParams - description: Jira connector properties when `subAction` is `issues`. - properties: - subAction: - type: string - description: The action to test. - enum: - - issues - subActionParams: - type: object - required: - - title - properties: - title: - type: string - description: The title of the Jira issue. - - type: object - required: - - subAction - description: Jira connector properties when `subAction` is `issueTypes`. - properties: - subAction: - type: string - description: The action to test. - enum: - - issueTypes - - type: object - required: - - subAction - - subActionParams - description: Jira connector properties when `subAction` is `pushToService`. - properties: - subAction: - type: string - description: The action to test. - enum: - - pushToService - subActionParams: - type: object - required: - - incident - properties: - comments: - type: array - description: Additional information that is sent to Jira. - items: - type: object - properties: - comment: - type: string - description: A comment related to the incident. For example, describe how to troubleshoot the issue. - commentId: - type: integer - description: A unique identifier for the comment. - incident: - type: object - required: - - summary - description: Information necessary to create or update a Jira incident. - properties: - description: - type: string - description: The details about the incident. - externalId: - type: string - description: The Jira issue identifier. If present, the incident is updated. Otherwise, a new incident is created. - labels: - type: array - description: "The labels for the incident. For example, `[\"LABEL1\"]`. NOTE: Labels cannot contain spaces." - items: - type: string - issueType: - type: integer - description: The type of incident. For example, `10006`. To obtain the list of valid values, set `subAction` to `issueTypes`. - parent: - type: string - description: The ID or key of the parent issue. Applies only to `Sub-task` types of issues. - priority: - type: string - description: The incident priority level. For example, `Lowest`. - summary: - type: string - description: A summary of the incident. - title: - type: string - description: A title for the incident, used for searching the contents of the knowledge base. -discriminator: - propertyName: subAction diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_opsgenie.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_opsgenie.yaml deleted file mode 100644 index 0077e2304e766..0000000000000 --- a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_opsgenie.yaml +++ /dev/null @@ -1,143 +0,0 @@ -title: Run Opsgenie connector parameters -description: Test an Opsgenie action. -oneOf: - - type: object - required: - - subAction - - subActionParams - description: Opsgenie connector properties when `subAction` is `closeAlert`. - properties: - subAction: - type: string - description: The action to test. - enum: - - closeAlert - subActionParams: - type: object - required: - - alias - properties: - alias: - type: string - description: The unique identifier used for alert deduplication in Opsgenie. The alias must match the value used when creating the alert. - note: - type: string - description: Additional information for the alert. - source: - type: string - description: The display name for the source of the alert. - user: - type: string - description: The display name for the owner. - - type: object - required: - - subAction - - subActionParams - description: Opsgenie connector properties when `subAction` is `createAlert`. - properties: - subAction: - type: string - description: The action to test. - enum: - - createAlert - subActionParams: - type: object - required: - - message - properties: - actions: - type: array - description: The custom actions available to the alert. - items: - type: string - alias: - type: string - description: The unique identifier used for alert deduplication in Opsgenie. - description: - type: string - description: A description that provides detailed information about the alert. - details: - type: object - description: The custom properties of the alert. - additionalProperties: true - example: {"key1":"value1","key2":"value2"} - entity: - type: string - description: The domain of the alert. For example, the application or server name. - message: - type: string - description: The alert message. - note: - type: string - description: Additional information for the alert. - priority: - type: string - description: The priority level for the alert. - enum: - - P1 - - P2 - - P3 - - P4 - - P5 - responders: - type: array - description: > - The entities to receive notifications about the alert. - If `type` is `user`, either `id` or `username` is required. - If `type` is `team`, either `id` or `name` is required. - items: - type: object - properties: - id: - type: string - description: The identifier for the entity. - name: - type: string - description: The name of the entity. - type: - type: string - description: The type of responders, in this case `escalation`. - enum: - - escalation - - schedule - - team - - user - username: - type: string - description: A valid email address for the user. - source: - type: string - description: The display name for the source of the alert. - tags: - type: array - description: The tags for the alert. - items: - type: string - user: - type: string - description: The display name for the owner. - visibleTo: - type: array - description: The teams and users that the alert will be visible to without sending a notification. Only one of `id`, `name`, or `username` is required. - items: - type: object - required: - - type - properties: - id: - type: string - description: The identifier for the entity. - name: - type: string - description: The name of the entity. - type: - type: string - description: Valid values are `team` and `user`. - enum: - - team - - user - username: - type: string - description: The user name. This property is required only when the `type` is `user`. -discriminator: - propertyName: subAction diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_serverlog.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_serverlog.yaml deleted file mode 100644 index a6acce6314545..0000000000000 --- a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_serverlog.yaml +++ /dev/null @@ -1,20 +0,0 @@ -title: Run server log connector parameters -description: Test an action that writes an entry to the Kibana server log. -type: object -required: - - message -properties: - level: - type: string - description: The log level of the message. - enum: - - debug - - error - - fatal - - info - - trace - - warn - default: info - message: - type: string - description: The message to log. diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_servicenow.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_servicenow.yaml deleted file mode 100644 index 287cddd8732d1..0000000000000 --- a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_servicenow.yaml +++ /dev/null @@ -1,124 +0,0 @@ -title: Run ServiceNow ITSM connector parameters -description: Test ServiceNow incidents. -oneOf: - - type: object - required: - - subAction - - subActionParams - description: ServiceNow ITSM connector properties when `subAction` is `getChoices`. - properties: - subAction: - type: string - description: The action to test. - enum: - - getChoices - subActionParams: - type: object - description: The set of configuration properties for the action. - required: - - fields - properties: - fields: - type: array - description: An array of fields. - items: - type: string - - type: object - required: - - subAction - description: ServiceNow ITSM connector properties when `subAction` is `getFields`. - properties: - subAction: - type: string - description: The action to test. - enum: - - getFields - - type: object - required: - - subAction - - subActionParams - description: ServiceNow ITSM connector properties when `subAction` is `getIncident`. - properties: - subAction: - type: string - description: The action to test. - enum: - - getIncident - subActionParams: - type: object - description: The set of configuration properties for the action. - required: - - externalId - properties: - externalId: - type: string - description: The ServiceNow ITSM issue identifier. - - type: object - required: - - subAction - - subActionParams - description: ServiceNow ITSM connector properties when `subAction` is `pushToService`. - properties: - subAction: - type: string - description: The action to test. - enum: - - pushToService - subActionParams: - type: object - description: The set of configuration properties for the action. - required: - - incident - properties: - comments: - type: array - description: Additional information that is sent to ServiceNow ITSM. - items: - type: object - properties: - comment: - type: string - description: A comment related to the incident. For example, describe how to troubleshoot the issue. - commentId: - type: integer - description: A unique identifier for the comment. - incident: - type: object - required: - - short_description - description: Information necessary to create or update a ServiceNow ITSM incident. - properties: - category: - type: string - description: The category of the incident. - correlation_display: - type: string - description: A descriptive label of the alert for correlation purposes in ServiceNow. - correlation_id: - type: string - description: > - The correlation identifier for the security incident. Connectors using the same correlation ID are associated with the same ServiceNow incident. This value determines whether a new ServiceNow incident is created or an existing one is updated. Modifying this value is optional; if not modified, the rule ID and alert ID are combined as `{{ruleID}}:{{alert ID}}` to form the correlation ID value in ServiceNow. The maximum character length for this value is 100 characters. - NOTE: Using the default configuration of `{{ruleID}}:{{alert ID}}` ensures that ServiceNow creates a separate incident record for every generated alert that uses a unique alert ID. If the rule generates multiple alerts that use the same alert IDs, ServiceNow creates and continually updates a single incident record for the alert. - description: - type: string - description: The details about the incident. - externalId: - type: string - description: The ServiceNow ITSM issue identifier. If present, the incident is updated. Otherwise, a new incident is created. - impact: - type: string - description: The impact in ServiceNow ITSM. - severity: - type: string - description: The severity of the incident. - short_description: - type: string - description: A short description for the incident, used for searching the contents of the knowledge base. - subcategory: - type: string - description: The subcategory in ServiceNow ITSM. - urgency: - type: string - description: The urgency in ServiceNow ITSM. -discriminator: - propertyName: subAction diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_servicenow_itom.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_servicenow_itom.yaml deleted file mode 100644 index 3fa18160a8d66..0000000000000 --- a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_servicenow_itom.yaml +++ /dev/null @@ -1,74 +0,0 @@ -title: Run ServiceNow ITOM connector parameters -description: Test ServiceNow events. -oneOf: - - type: object - required: - - subAction - description: ServiceNow ITOM connector properties when `subAction` is `addEvent`. - properties: - subAction: - type: string - description: The action to test. - enum: - - addEvent - subActionParams: - type: object - description: The set of configuration properties for the action. - properties: - additional_info: - type: string - description: Additional information about the event. - description: - type: string - description: The details about the event. - event_class: - type: string - description: A specific instance of the source. - message_key: - type: string - description: All actions sharing this key are associated with the same ServiceNow alert. The default value is `:`. - metric_name: - type: string - description: The name of the metric. - node: - type: string - description: The host that the event was triggered for. - resource: - type: string - description: The name of the resource. - severity: - type: string - description: The severity of the event. - source: - type: string - description: The name of the event source type. - time_of_event: - type: string - description: The time of the event. - type: - type: string - description: The type of event. - - type: object - required: - - subAction - - subActionParams - description: ServiceNow ITOM connector properties when `subAction` is `getChoices`. - properties: - subAction: - type: string - description: The action to test. - enum: - - getChoices - subActionParams: - type: object - description: The set of configuration properties for the action. - required: - - fields - properties: - fields: - type: array - description: An array of fields. - items: - type: string -discriminator: - propertyName: subAction diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_servicenow_sir.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_servicenow_sir.yaml deleted file mode 100644 index 754cdc5e922a7..0000000000000 --- a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_servicenow_sir.yaml +++ /dev/null @@ -1,147 +0,0 @@ -title: Run ServiceNow SecOps connector parameters -description: Test ServiceNow security incidents. -oneOf: - - type: object - required: - - subAction - - subActionParams - description: ServiceNow SecOps connector properties when `subAction` is `getChoices`. - properties: - subAction: - type: string - description: The action to test. - enum: - - getChoices - subActionParams: - type: object - description: The set of configuration properties for the action. - required: - - fields - properties: - fields: - type: array - description: An array of fields. - items: - type: string - - type: object - required: - - subAction - description: ServiceNow SecOps connector properties when `subAction` is `getFields`. - properties: - subAction: - type: string - description: The action to test. - enum: - - getFields - - type: object - required: - - subAction - - subActionParams - description: ServiceNow SecOps connector properties when `subAction` is `getIncident`. - properties: - subAction: - type: string - description: The action to test. - enum: - - getIncident - subActionParams: - type: object - description: The set of configuration properties for the action. - required: - - externalId - properties: - externalId: - type: string - description: The ServiceNow SecOps issue identifier. - - type: object - required: - - subAction - - subActionParams - description: ServiceNow SecOps connector properties when `subAction` is `pushToService`. - properties: - subAction: - type: string - description: The action to test. - enum: - - pushToService - subActionParams: - type: object - description: The set of configuration properties for the action. - required: - - incident - properties: - comments: - type: array - description: Additional information that is sent to ServiceNow SecOps. - items: - type: object - properties: - comment: - type: string - description: A comment related to the incident. For example, describe how to troubleshoot the issue. - commentId: - type: integer - description: A unique identifier for the comment. - incident: - type: object - required: - - short_description - description: Information necessary to create or update a ServiceNow SecOps incident. - properties: - category: - type: string - description: The category of the incident. - correlation_display: - type: string - description: A descriptive label of the alert for correlation purposes in ServiceNow. - correlation_id: - type: string - description: > - The correlation identifier for the security incident. Connectors using the same correlation ID are associated with the same ServiceNow incident. This value determines whether a new ServiceNow incident is created or an existing one is updated. Modifying this value is optional; if not modified, the rule ID and alert ID are combined as `{{ruleID}}:{{alert ID}}` to form the correlation ID value in ServiceNow. The maximum character length for this value is 100 characters. - NOTE: Using the default configuration of `{{ruleID}}:{{alert ID}}` ensures that ServiceNow creates a separate incident record for every generated alert that uses a unique alert ID. If the rule generates multiple alerts that use the same alert IDs, ServiceNow creates and continually updates a single incident record for the alert. - description: - type: string - description: The details about the incident. - dest_ip: - description: A list of destination IP addresses related to the security incident. The IPs are added as observables to the security incident. - oneOf: - - type: string - - type: array - items: - type: string - externalId: - type: string - description: The ServiceNow SecOps issue identifier. If present, the incident is updated. Otherwise, a new incident is created. - malware_hash: - description: A list of malware hashes related to the security incident. The hashes are added as observables to the security incident. - oneOf: - - type: string - - type: array - items: - type: string - malware_url: - type: string - description: A list of malware URLs related to the security incident. The URLs are added as observables to the security incident. - oneOf: - - type: string - - type: array - items: - type: string - priority: - type: string - description: The priority in ServiceNow. - short_description: - type: string - description: A short description for the incident, used for searching the contents of the knowledge base. - source_ip: - description: A list of source IP addresses related to the security incident. The IPs are added as observables to the security incident. - oneOf: - - type: string - - type: array - items: - type: string - subcategory: - type: string - description: The subcategory of the incident. -discriminator: - propertyName: subAction diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_swimlane.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_swimlane.yaml deleted file mode 100644 index bc76fa77654e6..0000000000000 --- a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_request_swimlane.yaml +++ /dev/null @@ -1,50 +0,0 @@ -title: Run Swimlane connector parameters -description: Test actions involving Swimlane records. -type: object -required: - - subAction - - subActionParams -properties: - subAction: - type: string - description: The action to test. - enum: - - pushToService - subActionParams: - type: object - description: The set of configuration properties for the action. - properties: - comments: - type: array - description: Additional information that is setnt to Swimlane - items: - type: object - properties: - comment: - type: string - description: A comment related to the incident. For example, describe how to troubleshoot the issue. - commentId: - type: integer - description: A unique identifier for the comment. - incident: - type: object - description: Information necessary to create or update a Swimlane incident. - properties: - alertId: - type: string - description: The alert identifier. - caseId: - type: string - description: The case identifier for the incident. - caseName: - type: string - description: The case name for the incident. - description: - type: string - description: The description of the incident. - ruleName: - type: string - description: The rule name. - severity: - type: string - description: The severity of the incident. \ No newline at end of file diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_addevent.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_addevent.yaml new file mode 100644 index 0000000000000..c0ae0d4c424f3 --- /dev/null +++ b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_addevent.yaml @@ -0,0 +1,49 @@ +title: The addEvent subaction +type: object +required: + - subAction +description: The `addEvent` subaction for ServiceNow ITOM connectors. +properties: + subAction: + type: string + description: The action to test. + enum: + - addEvent + subActionParams: + type: object + description: The set of configuration properties for the action. + properties: + additional_info: + type: string + description: Additional information about the event. + description: + type: string + description: The details about the event. + event_class: + type: string + description: A specific instance of the source. + message_key: + type: string + description: All actions sharing this key are associated with the same ServiceNow alert. The default value is `:`. + metric_name: + type: string + description: The name of the metric. + node: + type: string + description: The host that the event was triggered for. + resource: + type: string + description: The name of the resource. + severity: + type: string + description: The severity of the event. + source: + type: string + description: The name of the event source type. + time_of_event: + type: string + description: The time of the event. + type: + type: string + description: The type of event. + \ No newline at end of file diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_closealert.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_closealert.yaml new file mode 100644 index 0000000000000..43436c1564eb1 --- /dev/null +++ b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_closealert.yaml @@ -0,0 +1,30 @@ +title: The closeAlert subaction +type: object +required: + - subAction + - subActionParams +description: The `closeAlert` subaction for Opsgenie connectors. +properties: + subAction: + type: string + description: The action to test. + enum: + - closeAlert + subActionParams: + type: object + required: + - alias + properties: + alias: + type: string + description: The unique identifier used for alert deduplication in Opsgenie. The alias must match the value used when creating the alert. + note: + type: string + description: Additional information for the alert. + source: + type: string + description: The display name for the source of the alert. + user: + type: string + description: The display name for the owner. + \ No newline at end of file diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_createalert.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_createalert.yaml new file mode 100644 index 0000000000000..e739a9ed6c91d --- /dev/null +++ b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_createalert.yaml @@ -0,0 +1,112 @@ +title: The createAlert subaction +type: object +required: + - subAction + - subActionParams +description: The `createAlert` subaction for Opsgenie connectors. +properties: + subAction: + type: string + description: The action to test. + enum: + - createAlert + subActionParams: + type: object + required: + - message + properties: + actions: + type: array + description: The custom actions available to the alert. + items: + type: string + alias: + type: string + description: The unique identifier used for alert deduplication in Opsgenie. + description: + type: string + description: A description that provides detailed information about the alert. + details: + type: object + description: The custom properties of the alert. + additionalProperties: true + example: {"key1":"value1","key2":"value2"} + entity: + type: string + description: The domain of the alert. For example, the application or server name. + message: + type: string + description: The alert message. + note: + type: string + description: Additional information for the alert. + priority: + type: string + description: The priority level for the alert. + enum: + - P1 + - P2 + - P3 + - P4 + - P5 + responders: + type: array + description: > + The entities to receive notifications about the alert. + If `type` is `user`, either `id` or `username` is required. + If `type` is `team`, either `id` or `name` is required. + items: + type: object + properties: + id: + type: string + description: The identifier for the entity. + name: + type: string + description: The name of the entity. + type: + type: string + description: The type of responders, in this case `escalation`. + enum: + - escalation + - schedule + - team + - user + username: + type: string + description: A valid email address for the user. + source: + type: string + description: The display name for the source of the alert. + tags: + type: array + description: The tags for the alert. + items: + type: string + user: + type: string + description: The display name for the owner. + visibleTo: + type: array + description: The teams and users that the alert will be visible to without sending a notification. Only one of `id`, `name`, or `username` is required. + items: + type: object + required: + - type + properties: + id: + type: string + description: The identifier for the entity. + name: + type: string + description: The name of the entity. + type: + type: string + description: Valid values are `team` and `user`. + enum: + - team + - user + username: + type: string + description: The user name. This property is required only when the `type` is `user`. + \ No newline at end of file diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_fieldsbyissuetype.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_fieldsbyissuetype.yaml new file mode 100644 index 0000000000000..e8c8869e7d68b --- /dev/null +++ b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_fieldsbyissuetype.yaml @@ -0,0 +1,22 @@ +title: The fieldsByIssueType subaction +type: object +required: + - subAction + - subActionParams +description: The `fieldsByIssueType` subaction for Jira connectors. +properties: + subAction: + type: string + description: The action to test. + enum: + - fieldsByIssueType + subActionParams: + type: object + required: + - id + properties: + id: + type: string + description: The Jira issue type identifier. + example: 10024 + \ No newline at end of file diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_getchoices.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_getchoices.yaml new file mode 100644 index 0000000000000..7bcf2aca3fc71 --- /dev/null +++ b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_getchoices.yaml @@ -0,0 +1,23 @@ +title: The getChoices subaction +type: object +required: + - subAction + - subActionParams +description: The `getChoices` subaction for ServiceNow ITOM, ServiceNow ITSM, and ServiceNow SecOps connectors. +properties: + subAction: + type: string + description: The action to test. + enum: + - getChoices + subActionParams: + type: object + description: The set of configuration properties for the action. + required: + - fields + properties: + fields: + type: array + description: An array of fields. + items: + type: string diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_getfields.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_getfields.yaml new file mode 100644 index 0000000000000..62e80dc53805c --- /dev/null +++ b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_getfields.yaml @@ -0,0 +1,11 @@ +title: The getFields subaction +type: object +required: + - subAction +description: The `getFields` subaction for Jira, ServiceNow ITSM, and ServiceNow SecOps connectors. +properties: + subAction: + type: string + description: The action to test. + enum: + - getFields diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_getincident.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_getincident.yaml new file mode 100644 index 0000000000000..666c0257f68b8 --- /dev/null +++ b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_getincident.yaml @@ -0,0 +1,21 @@ +title: The getIncident subaction +type: object +description: The `getIncident` subaction for Jira, ServiceNow ITSM, and ServiceNow SecOps connectors. +required: + - subAction + - subActionParams +properties: + subAction: + type: string + description: The action to test. + enum: + - getIncident + subActionParams: + type: object + required: + - externalId + properties: + externalId: + type: string + description: The Jira, ServiceNow ITSM, or ServiceNow SecOps issue identifier. + example: 71778 diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_issue.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_issue.yaml new file mode 100644 index 0000000000000..56ee923b40063 --- /dev/null +++ b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_issue.yaml @@ -0,0 +1,20 @@ +title: The issue subaction +type: object +required: + - subAction +description: The `issue` subaction for Jira connectors. +properties: + subAction: + type: string + description: The action to test. + enum: + - issue + subActionParams: + type: object + required: + - id + properties: + id: + type: string + description: The Jira issue identifier. + example: 71778 \ No newline at end of file diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_issues.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_issues.yaml new file mode 100644 index 0000000000000..bfd5abc388a24 --- /dev/null +++ b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_issues.yaml @@ -0,0 +1,20 @@ +title: The issues subaction +type: object +required: + - subAction + - subActionParams +description: The `issues` subaction for Jira connectors. +properties: + subAction: + type: string + description: The action to test. + enum: + - issues + subActionParams: + type: object + required: + - title + properties: + title: + type: string + description: The title of the Jira issue. \ No newline at end of file diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_issuetypes.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_issuetypes.yaml new file mode 100644 index 0000000000000..0ea5104ae1890 --- /dev/null +++ b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_issuetypes.yaml @@ -0,0 +1,11 @@ +title: The issueTypes subaction +type: object +required: + - subAction +description: The `issueTypes` subaction for Jira connectors. +properties: + subAction: + type: string + description: The action to test. + enum: + - issueTypes diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_pushtoservice.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_pushtoservice.yaml new file mode 100644 index 0000000000000..7692a35b2f05f --- /dev/null +++ b/x-pack/plugins/actions/docs/openapi/components/schemas/run_connector_subaction_pushtoservice.yaml @@ -0,0 +1,133 @@ +title: The pushToService subaction +type: object +required: + - subAction + - subActionParams +description: The `pushToService` subaction for Jira, ServiceNow ITSM, ServiceNow SecOps, and Swimlane connectors. +properties: + subAction: + type: string + description: The action to test. + enum: + - pushToService + subActionParams: + type: object + description: The set of configuration properties for the action. + properties: + comments: + type: array + description: Additional information that is sent to Jira, ServiceNow ITSM, ServiceNow SecOps, or Swimlane. + items: + type: object + properties: + comment: + type: string + description: A comment related to the incident. For example, describe how to troubleshoot the issue. + commentId: + type: integer + description: A unique identifier for the comment. + incident: + type: object + description: Information necessary to create or update a Jira, ServiceNow ITSM, ServiveNow SecOps, or Swimlane incident. + properties: + alertId: + type: string + description: The alert identifier for Swimlane connectors. + caseId: + type: string + description: The case identifier for the incident for Swimlane connectors. + caseName: + type: string + description: The case name for the incident for Swimlane connectors. + category: + type: string + description: The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. + correlation_display: + type: string + description: A descriptive label of the alert for correlation purposes for ServiceNow ITSM and ServiceNow SecOps connectors. + correlation_id: + type: string + description: > + The correlation identifier for the security incident for ServiceNow ITSM and ServiveNow SecOps connectors. Connectors using the same correlation ID are associated with the same ServiceNow incident. This value determines whether a new ServiceNow incident is created or an existing one is updated. Modifying this value is optional; if not modified, the rule ID and alert ID are combined as `{{ruleID}}:{{alert ID}}` to form the correlation ID value in ServiceNow. The maximum character length for this value is 100 characters. + NOTE: Using the default configuration of `{{ruleID}}:{{alert ID}}` ensures that ServiceNow creates a separate incident record for every generated alert that uses a unique alert ID. If the rule generates multiple alerts that use the same alert IDs, ServiceNow creates and continually updates a single incident record for the alert. + description: + type: string + description: The description of the incident for Jira, ServiceNow ITSM, ServiceNow SecOps, and Swimlane connectors. + dest_ip: + description: > + A list of destination IP addresses related to the security incident for ServiceNow SecOps connectors. The IPs are added as observables to the security incident. + oneOf: + - type: string + - type: array + items: + type: string + externalId: + type: string + description: > + The Jira, ServiceNow ITSM, or ServiceNow SecOps issue identifier. + If present, the incident is updated. Otherwise, a new incident is created. + impact: + type: string + description: The impact of the incident for ServiceNow ITSM connectors. + issueType: + type: integer + description: The type of incident for Jira connectors. For example, 10006. To obtain the list of valid values, set `subAction` to `issueTypes`. + labels: + type: array + items: + type: string + description: > + The labels for the incident for Jira connectors. + NOTE: Labels cannot contain spaces. + malware_hash: + description: A list of malware hashes related to the security incident for ServiceNow SecOps connectors. The hashes are added as observables to the security incident. + oneOf: + - type: string + - type: array + items: + type: string + malware_url: + type: string + description: A list of malware URLs related to the security incident for ServiceNow SecOps connectors. The URLs are added as observables to the security incident. + oneOf: + - type: string + - type: array + items: + type: string + parent: + type: string + description: The ID or key of the parent issue for Jira connectors. Applies only to `Sub-task` types of issues. + priority: + type: string + description: The priority of the incident in Jira and ServiceNow SecOps connectors. + ruleName: + type: string + description: The rule name for Swimlane connectors. + severity: + type: string + description: The severity of the incident for ServiceNow ITSM and Swimlane connectors. + short_description: + type: string + description: > + A short description of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. It is used for searching the contents of the knowledge base. + source_ip: + description: A list of source IP addresses related to the security incident for ServiceNow SecOps connectors. The IPs are added as observables to the security incident. + oneOf: + - type: string + - type: array + items: + type: string + subcategory: + type: string + description: The subcategory of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. + summary: + type: string + description: A summary of the incident for Jira connectors. + title: + type: string + description: > + A title for the incident for Jira connectors. + It is used for searching the contents of the knowledge base. + urgency: + type: string + description: The urgency of the incident for ServiceNow ITSM connectors. diff --git a/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}@_execute.yaml b/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}@_execute.yaml index 0e43faef5ed55..713583759a017 100644 --- a/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}@_execute.yaml +++ b/x-pack/plugins/actions/docs/openapi/paths/s@{spaceid}@api@actions@connector@{connectorid}@_execute.yaml @@ -26,25 +26,22 @@ post: oneOf: - $ref: '../components/schemas/run_connector_params_documents.yaml' - $ref: '../components/schemas/run_connector_params_level_message.yaml' - - $ref: '../components/schemas/run_connector_params_subactions.yaml' -# anyOf: -# - $ref: '../components/schemas/run_connector_request_cases_webhook.yaml' -# - $ref: '../components/schemas/run_connector_request_email.yaml' -# - $ref: '../components/schemas/run_connector_request_index.yaml' -# - $ref: '../components/schemas/run_connector_request_jira.yaml' -# - $ref: '../components/schemas/run_connector_request_opsgenie.yaml' -# - $ref: '../components/schemas/run_connector_request_pagerduty.yaml' -# - $ref: '../components/schemas/run_connector_request_resilient.yaml' -# - $ref: '../components/schemas/run_connector_request_serverlog.yaml' -# - $ref: '../components/schemas/run_connector_request_servicenow.yaml' -# - $ref: '../components/schemas/run_connector_request_servicenow_itom.yaml' -# - $ref: '../components/schemas/run_connector_request_servicenow_sir.yaml' -# - $ref: '../components/schemas/run_connector_request_slack.yaml' -# - $ref: '../components/schemas/run_connector_request_swimlane.yaml' -# - $ref: '../components/schemas/run_connector_request_teams.yaml' -# - $ref: '../components/schemas/run_connector_request_tines.yaml' -# - $ref: '../components/schemas/run_connector_request_webhook.yaml' -# - $ref: '../components/schemas/run_connector_request_xmatters.yaml' + - title: Subaction parameters + description: Test an action that involves a subaction. + oneOf: + - $ref: '../components/schemas/run_connector_subaction_addevent.yaml' + - $ref: '../components/schemas/run_connector_subaction_closealert.yaml' + - $ref: '../components/schemas/run_connector_subaction_createalert.yaml' + - $ref: '../components/schemas/run_connector_subaction_fieldsbyissuetype.yaml' + - $ref: '../components/schemas/run_connector_subaction_getchoices.yaml' + - $ref: '../components/schemas/run_connector_subaction_getfields.yaml' + - $ref: '../components/schemas/run_connector_subaction_getincident.yaml' + - $ref: '../components/schemas/run_connector_subaction_issue.yaml' + - $ref: '../components/schemas/run_connector_subaction_issues.yaml' + - $ref: '../components/schemas/run_connector_subaction_issuetypes.yaml' + - $ref: '../components/schemas/run_connector_subaction_pushtoservice.yaml' + discriminator: + propertyName: subAction examples: runIndexConnectorRequest: $ref: '../components/examples/run_index_connector_request.yaml'