Connector APIsedit
This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
Access
- APIKey KeyParamName:ApiKey KeyInQuery:false KeyInHeader:true
- HTTP Basic Authentication
Methods
[ Jump to Models ]Table of Contents
Connectors
post /s/{spaceId}/api/actions/connectorpost /s/{spaceId}/api/actions/connector/{connectorId}delete /s/{spaceId}/api/actions/connector/{connectorId}get /s/{spaceId}/api/actions/connector/{connectorId}get /s/{spaceId}/api/actions/connector_typesget /s/{spaceId}/api/actions/connectorspost /s/{spaceId}/api/actionsdelete /s/{spaceId}/api/actions/action/{actionId}get /s/{spaceId}/api/actions/action/{actionId}get /s/{spaceId}/api/actions/list_action_typesget /s/{spaceId}/api/actionspost /s/{spaceId}/api/actions/action/{actionId}/_executeput /s/{spaceId}/api/actions/action/{actionId}post /s/{spaceId}/api/actions/connector/{connectorId}/_executeput /s/{spaceId}/api/actions/connector/{connectorId}
Connectors
Up
post /s/{spaceId}/api/actions/connectorCreates a connector. (createConnector)
You must have
all privileges for the Actions and Connectors feature in the Management section of the Kibana feature privileges.Path parameters
spaceId (required)
Path Parameter — An identifier for the space. If
/s/ and the identifier are omitted from the path, the default space is used. default: null Consumes
This API call consumes the following media types via the Content-Type request header:application/json
Request body
Create_connector_request_body_properties Create_connector_request_body_properties (required)
Body Parameter —
Request headers
kbn-xsrf (required)
Header Parameter — Cross-site request forgery protection default: null
Return type
Example data
Content-Type: application/json
nullProduces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call. connector_response_properties401
Authorization information is missing or invalid. Unauthorized_response
Up
post /s/{spaceId}/api/actions/connector/{connectorId}Creates a connector. (createConnectorId)
You must have
all privileges for the Actions and Connectors feature in the Management section of the Kibana feature privileges.Path parameters
spaceId (required)
Path Parameter — An identifier for the space. If
/s/ and the identifier are omitted from the path, the default space is used. default: null connectorId (required)
Path Parameter — A UUID v1 or v4 identifier for the connector. If you omit this parameter, an identifier is randomly generated. default: null
Consumes
This API call consumes the following media types via the Content-Type request header:application/json
Request body
Create_connector_request_body_properties Create_connector_request_body_properties (required)
Body Parameter —
Request headers
kbn-xsrf (required)
Header Parameter — Cross-site request forgery protection default: null
Return type
Example data
Content-Type: application/json
nullProduces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call. connector_response_properties401
Authorization information is missing or invalid. Unauthorized_response
Up
delete /s/{spaceId}/api/actions/connector/{connectorId}Deletes a connector. (deleteConnector)
You must have
all privileges for the Actions and Connectors feature in the Management section of the Kibana feature privileges. WARNING: When you delete a connector, it cannot be recovered.Path parameters
connectorId (required)
Path Parameter — An identifier for the connector. default: null
spaceId (required)
Path Parameter — An identifier for the space. If
/s/ and the identifier are omitted from the path, the default space is used. default: null Request headers
kbn-xsrf (required)
Header Parameter — Cross-site request forgery protection default: null
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
204
Indicates a successful call.401
Authorization information is missing or invalid. Unauthorized_response404
Object is not found. getConnector_404_response
Up
get /s/{spaceId}/api/actions/connector/{connectorId}Retrieves a connector by ID. (getConnector)
You must have
read privileges for the Actions and Connectors feature in the Management section of the Kibana feature privileges.Path parameters
connectorId (required)
Path Parameter — An identifier for the connector. default: null
spaceId (required)
Path Parameter — An identifier for the space. If
/s/ and the identifier are omitted from the path, the default space is used. default: null Return type
Example data
Content-Type: application/json
nullProduces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call. connector_response_properties401
Authorization information is missing or invalid. Unauthorized_response404
Object is not found. getConnector_404_response
Up
get /s/{spaceId}/api/actions/connector_typesRetrieves a list of all connector types. (getConnectorTypes)
You do not need any Kibana feature privileges to run this API.
Path parameters
spaceId (required)
Path Parameter — An identifier for the space. If
/s/ and the identifier are omitted from the path, the default space is used. default: null Query parameters
feature_id (optional)
Query Parameter — A filter to limit the retrieved connector types to those that support a specific feature (such as alerting or cases). default: null
Return type
Example data
Content-Type: application/json
{
"supported_feature_ids" : [ "alerting", "uptime", "siem" ],
"name" : "Index",
"enabled_in_license" : true,
"id" : ".server-log",
"enabled_in_config" : true,
"minimum_license_required" : "basic",
"enabled" : true
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call.401
Authorization information is missing or invalid. Unauthorized_response
Up
get /s/{spaceId}/api/actions/connectorsRetrieves all connectors. (getConnectors)
You must have
read privileges for the Actions and Connectors feature in the Management section of the Kibana feature privileges.Path parameters
spaceId (required)
Path Parameter — An identifier for the space. If
/s/ and the identifier are omitted from the path, the default space is used. default: null Return type
Example data
Content-Type: application/json
{
"is_missing_secrets" : false,
"is_deprecated" : false,
"is_preconfigured" : false,
"name" : "my-connector",
"is_system_action" : false,
"referenced_by_count" : 2,
"id" : "b0766e10-d190-11ec-b04c-776c77d14fca",
"config" : {
"key" : ""
},
"connector_type_id" : ".server-log"
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call.401
Authorization information is missing or invalid. Unauthorized_response
Up
post /s/{spaceId}/api/actionsCreates a connector. (legacyCreateConnector)
Deprecated in 7.13.0. Use the create connector API instead.
Path parameters
spaceId (required)
Path Parameter — An identifier for the space. If
/s/ and the identifier are omitted from the path, the default space is used. default: null Consumes
This API call consumes the following media types via the Content-Type request header:application/json
Request body
Legacy_create_connector_request_properties Legacy_create_connector_request_properties (required)
Body Parameter —
Request headers
kbn-xsrf (required)
Header Parameter — Cross-site request forgery protection default: null
Return type
Example data
Content-Type: application/json
{
"isPreconfigured" : true,
"isDeprecated" : true,
"actionTypeId" : "actionTypeId",
"name" : "name",
"id" : "id",
"config" : "{}",
"isMissingSecrets" : true
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call. action_response_properties401
Authorization information is missing or invalid. Unauthorized_response
Up
delete /s/{spaceId}/api/actions/action/{actionId}Deletes a connector. (legacyDeleteConnector)
Deprecated in 7.13.0. Use the delete connector API instead. WARNING: When you delete a connector, it cannot be recovered.
Path parameters
actionId (required)
Path Parameter — An identifier for the action. default: null
spaceId (required)
Path Parameter — An identifier for the space. If
/s/ and the identifier are omitted from the path, the default space is used. default: null Request headers
kbn-xsrf (required)
Header Parameter — Cross-site request forgery protection default: null
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
204
Indicates a successful call.401
Authorization information is missing or invalid. Unauthorized_response
Up
get /s/{spaceId}/api/actions/action/{actionId}Retrieves a connector by ID. (legacyGetConnector)
Deprecated in 7.13.0. Use the get connector API instead.
Path parameters
actionId (required)
Path Parameter — An identifier for the action. default: null
spaceId (required)
Path Parameter — An identifier for the space. If
/s/ and the identifier are omitted from the path, the default space is used. default: null Return type
Example data
Content-Type: application/json
{
"isPreconfigured" : true,
"isDeprecated" : true,
"actionTypeId" : "actionTypeId",
"name" : "name",
"id" : "id",
"config" : "{}",
"isMissingSecrets" : true
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call. action_response_properties401
Authorization information is missing or invalid. Unauthorized_response
Up
get /s/{spaceId}/api/actions/list_action_typesRetrieves a list of all connector types. (legacyGetConnectorTypes)
Deprecated in 7.13.0. Use the get all connector types API instead.
Path parameters
spaceId (required)
Path Parameter — An identifier for the space. If
/s/ and the identifier are omitted from the path, the default space is used. default: null Return type
Example data
Content-Type: application/json
{
"enabledInConfig" : true,
"name" : "name",
"enabledInLicense" : true,
"id" : "id",
"minimumLicenseRequired" : "minimumLicenseRequired",
"enabled" : true
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call.401
Authorization information is missing or invalid. Unauthorized_response
Up
get /s/{spaceId}/api/actionsRetrieves all connectors. (legacyGetConnectors)
Deprecated in 7.13.0. Use the get all connectors API instead.
Path parameters
spaceId (required)
Path Parameter — An identifier for the space. If
/s/ and the identifier are omitted from the path, the default space is used. default: null Return type
array[action_response_properties]
Example data
Content-Type: application/json
{
"isPreconfigured" : true,
"isDeprecated" : true,
"actionTypeId" : "actionTypeId",
"name" : "name",
"id" : "id",
"config" : "{}",
"isMissingSecrets" : true
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call.401
Authorization information is missing or invalid. Unauthorized_response
Up
post /s/{spaceId}/api/actions/action/{actionId}/_executeRuns a connector. (legacyRunConnector)
Deprecated in 7.13.0. Use the run connector API instead.
Path parameters
actionId (required)
Path Parameter — An identifier for the action. default: null
spaceId (required)
Path Parameter — An identifier for the space. If
/s/ and the identifier are omitted from the path, the default space is used. default: null Consumes
This API call consumes the following media types via the Content-Type request header:application/json
Request body
Legacy_run_connector_request_body_properties Legacy_run_connector_request_body_properties (required)
Body Parameter —
Request headers
kbn-xsrf (required)
Header Parameter — Cross-site request forgery protection default: null
Return type
Example data
Content-Type: application/json
{
"actionId" : "actionId",
"status" : "status"
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call. legacyRunConnector_200_response401
Authorization information is missing or invalid. Unauthorized_response
Up
put /s/{spaceId}/api/actions/action/{actionId}Updates the attributes for a connector. (legacyUpdateConnector)
Deprecated in 7.13.0. Use the update connector API instead.
Path parameters
actionId (required)
Path Parameter — An identifier for the action. default: null
spaceId (required)
Path Parameter — An identifier for the space. If
/s/ and the identifier are omitted from the path, the default space is used. default: null Consumes
This API call consumes the following media types via the Content-Type request header:application/json
Request body
Legacy_update_connector_request_body_properties Legacy_update_connector_request_body_properties (required)
Body Parameter —
Request headers
kbn-xsrf (required)
Header Parameter — Cross-site request forgery protection default: null
Return type
Example data
Content-Type: application/json
{
"isPreconfigured" : true,
"isDeprecated" : true,
"actionTypeId" : "actionTypeId",
"name" : "name",
"id" : "id",
"config" : "{}",
"isMissingSecrets" : true
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call. action_response_properties404
Object is not found. Not_found_response
Up
post /s/{spaceId}/api/actions/connector/{connectorId}/_executeRuns a connector. (runConnector)
You can use this API to test an action that involves interaction with Kibana services or integrations with third-party systems. You must have
read privileges for the Actions and Connectors feature in the Management section of the Kibana feature privileges. If you use an index connector, you must also have all, create, index, or write indices privileges.Path parameters
connectorId (required)
Path Parameter — An identifier for the connector. default: null
spaceId (required)
Path Parameter — An identifier for the space. If
/s/ and the identifier are omitted from the path, the default space is used. default: null Consumes
This API call consumes the following media types via the Content-Type request header:application/json
Request body
Run_connector_request_body_properties Run_connector_request_body_properties (required)
Body Parameter —
Request headers
kbn-xsrf (required)
Header Parameter — Cross-site request forgery protection default: null
Return type
Example data
Content-Type: application/json
{
"connector_id" : "connector_id",
"status" : "error"
}Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call. runConnector_200_response401
Authorization information is missing or invalid. Unauthorized_response
Up
put /s/{spaceId}/api/actions/connector/{connectorId}Updates the attributes for a connector. (updateConnector)
You must have
all privileges for the Actions and Connectors feature in the Management section of the Kibana feature privileges.Path parameters
connectorId (required)
Path Parameter — An identifier for the connector. default: null
spaceId (required)
Path Parameter — An identifier for the space. If
/s/ and the identifier are omitted from the path, the default space is used. default: null Consumes
This API call consumes the following media types via the Content-Type request header:application/json
Request body
Update_connector_request_body_properties Update_connector_request_body_properties (required)
Body Parameter —
Request headers
kbn-xsrf (required)
Header Parameter — Cross-site request forgery protection default: null
Return type
Example data
Content-Type: application/json
nullProduces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.application/json
Responses
200
Indicates a successful call. connector_response_properties400
Indicates a bad request. updateConnector_400_response401
Authorization information is missing or invalid. Unauthorized_response404
Object is not found. Not_found_responseModels
[ Jump to Methods ]Table of Contents
Alert_identifier_mapping- Alert identifier mappingCase_comment_mapping- Case comment mappingCase_description_mapping- Case description mappingCase_identifier_mapping- Case identifier mappingCase_name_mapping- Case name mappingConnector_mappings_properties_for_a_Swimlane_connector- Connector mappings properties for a Swimlane connectorCreate_connector_request_body_properties- Create connector request body propertiesGet_connector_types_response_body_properties_inner-Get_connectors_response_body_properties- Get connectors response body propertiesLegacy_create_connector_request_properties- Legacy create connector request propertiesLegacy_get_connector_types_response_body_properties_inner-Legacy_run_connector_request_body_properties- Legacy run connector request body propertiesLegacy_update_connector_request_body_properties- Legacy update connector request body propertiesNot_found_response- Not found responseRule_name_mapping- Rule name mappingRun_connector_request_body_properties- Run connector request body propertiesRun_connector_request_body_properties_params-Severity_mapping- Severity mappingSubaction_parameters- Subaction parametersUnauthorized_response- Unauthorized responseUpdate_connector_request_body_properties- Update connector request body propertiesaction_response_properties- Action response propertiesconfig_properties_cases_webhook- Connector request properties for Webhook - Case Management connectorconfig_properties_genai- Connector request properties for a generative AI connectorconfig_properties_index- Connector request properties for an index connectorconfig_properties_jira- Connector request properties for a Jira connectorconfig_properties_opsgenie- Connector request properties for an Opsgenie connectorconfig_properties_pagerduty- Connector request properties for a PagerDuty connectorconfig_properties_resilient- Connector request properties for a IBM Resilient connectorconfig_properties_servicenow- Connector request properties for a ServiceNow ITSM connectorconfig_properties_servicenow_itom- Connector request properties for a ServiceNow ITSM connectorconfig_properties_swimlane- Connector request properties for a Swimlane connectorconfig_properties_webhook- Connector request properties for a Webhook connectorconnector_response_properties- Connector response propertiesconnector_response_properties_cases_webhook- Connector request properties for a Webhook - Case Management connectorconnector_response_properties_email- Connector response properties for an email connectorconnector_response_properties_index- Connector response properties for an index connectorconnector_response_properties_jira- Connector response properties for a Jira connectorconnector_response_properties_opsgenie- Connector response properties for an Opsgenie connectorconnector_response_properties_pagerduty- Connector response properties for a PagerDuty connectorconnector_response_properties_resilient- Connector response properties for a IBM Resilient connectorconnector_response_properties_serverlog- Connector response properties for a server log connectorconnector_response_properties_servicenow- Connector response properties for a ServiceNow ITSM connectorconnector_response_properties_servicenow_itom- Connector response properties for a ServiceNow ITOM connectorconnector_response_properties_servicenow_sir- Connector response properties for a ServiceNow SecOps connectorconnector_response_properties_slack_api- Connector response properties for a Slack connectorconnector_response_properties_slack_webhook- Connector response properties for a Slack connectorconnector_response_properties_swimlane- Connector response properties for a Swimlane connectorconnector_response_properties_teams- Connector response properties for a Microsoft Teams connectorconnector_response_properties_tines- Connector response properties for a Tines connectorconnector_response_properties_webhook- Connector response properties for a Webhook connectorconnector_response_properties_xmatters- Connector response properties for an xMatters connectorconnector_types- Connector typescreate_connector_request_cases_webhook- Create Webhook - Case Managment connector requestcreate_connector_request_email- Create email connector requestcreate_connector_request_genai- Create generative AI connector requestcreate_connector_request_index- Create index connector requestcreate_connector_request_jira- Create Jira connector requestcreate_connector_request_opsgenie- Create Opsgenie connector requestcreate_connector_request_pagerduty- Create PagerDuty connector requestcreate_connector_request_resilient- Create IBM Resilient connector requestcreate_connector_request_serverlog- Create server log connector requestcreate_connector_request_servicenow- Create ServiceNow ITSM connector requestcreate_connector_request_servicenow_itom- Create ServiceNow ITOM connector requestcreate_connector_request_servicenow_sir- Create ServiceNow SecOps connector requestcreate_connector_request_slack_api- Create Slack connector requestcreate_connector_request_slack_webhook- Create Slack connector requestcreate_connector_request_swimlane- Create Swimlane connector requestcreate_connector_request_teams- Create Microsoft Teams connector requestcreate_connector_request_tines- Create Tines connector requestcreate_connector_request_webhook- Create Webhook connector requestcreate_connector_request_xmatters- Create xMatters connector requestfeatures-getConnector_404_response-legacyRunConnector_200_response-runConnector_200_response-runConnector_200_response_data-run_connector_params_documents- Index connector parametersrun_connector_params_level_message- Server log connector parametersrun_connector_subaction_addevent- The addEvent subactionrun_connector_subaction_addevent_subActionParams-run_connector_subaction_closealert- The closeAlert subactionrun_connector_subaction_closealert_subActionParams-run_connector_subaction_createalert- The createAlert subactionrun_connector_subaction_createalert_subActionParams-run_connector_subaction_createalert_subActionParams_responders_inner-run_connector_subaction_createalert_subActionParams_visibleTo_inner-run_connector_subaction_fieldsbyissuetype- The fieldsByIssueType subactionrun_connector_subaction_fieldsbyissuetype_subActionParams-run_connector_subaction_getchoices- The getChoices subactionrun_connector_subaction_getchoices_subActionParams-run_connector_subaction_getfields- The getFields subactionrun_connector_subaction_getincident- The getIncident subactionrun_connector_subaction_getincident_subActionParams-run_connector_subaction_issue- The issue subactionrun_connector_subaction_issue_subActionParams-run_connector_subaction_issues- The issues subactionrun_connector_subaction_issues_subActionParams-run_connector_subaction_issuetypes- The issueTypes subactionrun_connector_subaction_pushtoservice- The pushToService subactionrun_connector_subaction_pushtoservice_subActionParams-run_connector_subaction_pushtoservice_subActionParams_comments_inner-run_connector_subaction_pushtoservice_subActionParams_incident-run_connector_subaction_pushtoservice_subActionParams_incident_dest_ip-run_connector_subaction_pushtoservice_subActionParams_incident_malware_hash-run_connector_subaction_pushtoservice_subActionParams_incident_malware_url-run_connector_subaction_pushtoservice_subActionParams_incident_source_ip-secrets_properties_cases_webhook- Connector secrets properties for Webhook - Case Management connectorsecrets_properties_genai- Connector secrets properties for a generative AI connectorsecrets_properties_jira- Connector secrets properties for a Jira connectorsecrets_properties_opsgenie- Connector secrets properties for an Opsgenie connectorsecrets_properties_pagerduty- Connector secrets properties for a PagerDuty connectorsecrets_properties_resilient- Connector secrets properties for IBM Resilient connectorsecrets_properties_servicenow- Connector secrets properties for ServiceNow ITOM, ServiceNow ITSM, and ServiceNow SecOps connectorssecrets_properties_slack_api- Connector secrets properties for a Web API Slack connectorsecrets_properties_slack_webhook- Connector secrets properties for a Webhook Slack connectorsecrets_properties_swimlane- Connector secrets properties for a Swimlane connectorsecrets_properties_webhook- Connector secrets properties for a Webhook connectorupdateConnector_400_response-update_connector_request_cases_webhook- Update Webhook - Case Managment connector requestupdate_connector_request_index- Update index connector requestupdate_connector_request_jira- Update Jira connector requestupdate_connector_request_opsgenie- Update Opsgenie connector requestupdate_connector_request_pagerduty- Update PagerDuty connector requestupdate_connector_request_resilient- Update IBM Resilient connector requestupdate_connector_request_serverlog- Update server log connector requestupdate_connector_request_servicenow- Update ServiceNow ITSM connector or ServiceNow SecOps requestupdate_connector_request_servicenow_itom- Create ServiceNow ITOM connector requestupdate_connector_request_slack_api- Update Slack connector requestupdate_connector_request_slack_webhook- Update Slack connector requestupdate_connector_request_swimlane- Update Swimlane connector request
Alert_identifier_mapping - Alert identifier mapping Up
Mapping for the alert ID.
Case_comment_mapping - Case comment mapping Up
Mapping for the case comments.
Case_description_mapping - Case description mapping Up
Mapping for the case description.
Case_identifier_mapping - Case identifier mapping Up
Mapping for the case ID.
Case_name_mapping - Case name mapping Up
Mapping for the case name.
Connector_mappings_properties_for_a_Swimlane_connector - Connector mappings properties for a Swimlane connector Up
The field mapping.
alertIdConfig (optional)
caseIdConfig (optional)
caseNameConfig (optional)
commentsConfig (optional)
descriptionConfig (optional)
ruleNameConfig (optional)
severityConfig (optional)
Create_connector_request_body_properties - Create connector request body properties Up
The properties vary depending on the connector type.
config
map[String, oas_any_type_not_mapped] Defines properties for connectors when type is
.xmatters. connector_type_id
String The type of connector.
Enum:
.xmatters
name
String The display name for the connector.
secrets
map[String, oas_any_type_not_mapped] Defines secrets for connectors when type is
.xmatters. Get_connector_types_response_body_properties_inner - Up
enabled (optional)
Boolean Indicates whether the connector type is enabled in Kibana.
enabled_in_config (optional)
Boolean Indicates whether the connector type is enabled in the Kibana
.yml file. enabled_in_license (optional)
Boolean Indicates whether the connector is enabled in the license.
id (optional)
minimum_license_required (optional)
String The license that is required to use the connector type.
name (optional)
String The name of the connector type.
supported_feature_ids (optional)
array[features] The Kibana features that are supported by the connector type.
Get_connectors_response_body_properties - Get connectors response body properties Up
The properties vary for each connector type.
connector_type_id
config (optional)
map[String, oas_any_type_not_mapped] The configuration for the connector. Configuration properties vary depending on the connector type.
id
String The identifier for the connector.
is_deprecated
Boolean Indicates whether the connector type is deprecated.
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the
config and is_missing_secrets properties are omitted from the response. is_system_action (optional)
Boolean Indicates whether the connector is used for system actions.
name
String The display name for the connector.
referenced_by_count
Integer Indicates the number of saved objects that reference the connector. If
is_preconfigured is true, this value is not calculated. Legacy_create_connector_request_properties - Legacy create connector request properties Up
actionTypeId (optional)
String The connector type identifier.
config (optional)
Object The configuration for the connector. Configuration properties vary depending on the connector type.
name (optional)
String The display name for the connector.
secrets (optional)
Object The secrets configuration for the connector. Secrets configuration properties vary depending on the connector type. NOTE: Remember these values. You must provide them each time you update the connector.
Legacy_get_connector_types_response_body_properties_inner - Up
enabled (optional)
Boolean Indicates whether the connector type is enabled in Kibana.
enabledInConfig (optional)
Boolean Indicates whether the connector type is enabled in the Kibana
.yml file. enabledInLicense (optional)
Boolean Indicates whether the connector is enabled in the license.
id (optional)
String The unique identifier for the connector type.
minimumLicenseRequired (optional)
String The license that is required to use the connector type.
name (optional)
String The name of the connector type.
Legacy_run_connector_request_body_properties - Legacy run connector request body properties Up
The properties vary depending on the connector type.
params
Object The parameters of the connector. Parameter properties vary depending on the connector type.
Legacy_update_connector_request_body_properties - Legacy update connector request body properties Up
The properties vary depending on the connector type.
config (optional)
Object The new connector configuration. Configuration properties vary depending on the connector type.
name (optional)
String The new name for the connector.
secrets (optional)
Object The updated secrets configuration for the connector. Secrets properties vary depending on the connector type.
Rule_name_mapping - Rule name mapping Up
Mapping for the name of the alert's rule.
Run_connector_request_body_properties - Run connector request body properties Up
The properties vary depending on the connector type.
Run_connector_request_body_properties_params - Up
documents
array[map[String, oas_any_type_not_mapped]] The documents in JSON format for index connectors.
level (optional)
String The log level of the message for server log connectors.
Enum:
debug
error
fatal
info
trace
warn
message
String The message for server log connectors.
subAction
String The action to test.
Enum:
pushToService
subActionParams
Severity_mapping - Severity mapping Up
Mapping for the severity.
Subaction_parameters - Subaction parameters Up
Test an action that involves a subaction.
Update_connector_request_body_properties - Update connector request body properties Up
The properties vary depending on the connector type.
action_response_properties - Action response properties Up
The properties vary depending on the action type.
actionTypeId (optional)
config (optional)
id (optional)
isDeprecated (optional)
Boolean Indicates whether the action type is deprecated.
isMissingSecrets (optional)
Boolean Indicates whether secrets are missing for the action.
isPreconfigured (optional)
Boolean Indicates whether it is a preconfigured action.
name (optional)
config_properties_cases_webhook - Connector request properties for Webhook - Case Management connector Up
Defines properties for connectors when type is
.cases-webhook.createCommentJson (optional)
String A JSON payload sent to the create comment URL to create a case comment. You can use variables to add Kibana Cases data to the payload. The required variable is
case.comment. Due to Mustache template variables (the text enclosed in triple braces, for example, {{{case.title}}}), the JSON is not validated when you create the connector. The JSON is validated once the Mustache variables have been placed when the REST method runs. Manually ensure that the JSON is valid, disregarding the Mustache variables, so the later validation will pass. createCommentMethod (optional)
String The REST API HTTP request method to create a case comment in the third-party system. Valid values are
patch, post, and put. Enum:
patch
post
put
createCommentUrl (optional)
String The REST API URL to create a case comment by ID in the third-party system. You can use a variable to add the external system ID to the URL. If you are using the
xpack.actions.allowedHosts setting, add the hostname to the allowed hosts. createIncidentJson
String A JSON payload sent to the create case URL to create a case. You can use variables to add case data to the payload. Required variables are
case.title and case.description. Due to Mustache template variables (which is the text enclosed in triple braces, for example, {{{case.title}}}), the JSON is not validated when you create the connector. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid to avoid future validation errors; disregard Mustache variables during your review. createIncidentMethod (optional)
String The REST API HTTP request method to create a case in the third-party system. Valid values are
patch, post, and put. Enum:
patch
post
put
createIncidentResponseKey
String The JSON key in the create case response that contains the external case ID.
createIncidentUrl
String The REST API URL to create a case in the third-party system. If you are using the
xpack.actions.allowedHosts setting, add the hostname to the allowed hosts. getIncidentResponseExternalTitleKey
String The JSON key in get case response that contains the external case title.
getIncidentUrl
String The REST API URL to get the case by ID from the third-party system. If you are using the
xpack.actions.allowedHosts setting, add the hostname to the allowed hosts. You can use a variable to add the external system ID to the URL. Due to Mustache template variables (the text enclosed in triple braces, for example, {{{case.title}}}), the JSON is not validated when you create the connector. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid, disregarding the Mustache variables, so the later validation will pass. hasAuth (optional)
Boolean If true, a username and password for login type authentication must be provided.
headers (optional)
String A set of key-value pairs sent as headers with the request URLs for the create case, update case, get case, and create comment methods.
updateIncidentJson
String The JSON payload sent to the update case URL to update the case. You can use variables to add Kibana Cases data to the payload. Required variables are
case.title and case.description. Due to Mustache template variables (which is the text enclosed in triple braces, for example, {{{case.title}}}), the JSON is not validated when you create the connector. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid to avoid future validation errors; disregard Mustache variables during your review. updateIncidentMethod (optional)
String The REST API HTTP request method to update the case in the third-party system. Valid values are
patch, post, and put. Enum:
patch
post
put
updateIncidentUrl
String The REST API URL to update the case by ID in the third-party system. You can use a variable to add the external system ID to the URL. If you are using the
xpack.actions.allowedHosts setting, add the hostname to the allowed hosts. viewIncidentUrl
String The URL to view the case in the external system. You can use variables to add the external system ID or external system title to the URL.
config_properties_genai - Connector request properties for a generative AI connector Up
Defines properties for connectors when type is
.gen-ai.config_properties_index - Connector request properties for an index connector Up
Defines properties for connectors when type is
.index.executionTimeField (optional)
String A field that indicates when the document was indexed.
index
String The Elasticsearch index to be written to.
refresh (optional)
Boolean The refresh policy for the write request, which affects when changes are made visible to search. Refer to the refresh setting for Elasticsearch document APIs.
config_properties_jira - Connector request properties for a Jira connector Up
Defines properties for connectors when type is
.jira.config_properties_opsgenie - Connector request properties for an Opsgenie connector Up
Defines properties for connectors when type is
.opsgenie.apiUrl
String The Opsgenie URL. For example,
https://api.opsgenie.com or https://api.eu.opsgenie.com. If you are using the xpack.actions.allowedHosts setting, add the hostname to the allowed hosts. config_properties_pagerduty - Connector request properties for a PagerDuty connector Up
Defines properties for connectors when type is
.pagerduty.apiUrl (optional)
String The PagerDuty event URL.
config_properties_resilient - Connector request properties for a IBM Resilient connector Up
Defines properties for connectors when type is
.resilient.config_properties_servicenow - Connector request properties for a ServiceNow ITSM connector Up
Defines properties for connectors when type is
.servicenow.apiUrl
String The ServiceNow instance URL.
clientId (optional)
String The client ID assigned to your OAuth application. This property is required when
isOAuth is true. isOAuth (optional)
Boolean The type of authentication to use. The default value is false, which means basic authentication is used instead of open authorization (OAuth).
jwtKeyId (optional)
String The key identifier assigned to the JWT verifier map of your OAuth application. This property is required when
isOAuth is true. userIdentifierValue (optional)
String The identifier to use for OAuth authentication. This identifier should be the user field you selected when you created an OAuth JWT API endpoint for external clients in your ServiceNow instance. For example, if the selected user field is
Email, the user identifier should be the user's email address. This property is required when isOAuth is true. usesTableApi (optional)
Boolean Determines whether the connector uses the Table API or the Import Set API. This property is supported only for ServiceNow ITSM and ServiceNow SecOps connectors. NOTE: If this property is set to
false, the Elastic application should be installed in ServiceNow. config_properties_servicenow_itom - Connector request properties for a ServiceNow ITSM connector Up
Defines properties for connectors when type is
.servicenow.apiUrl
String The ServiceNow instance URL.
clientId (optional)
String The client ID assigned to your OAuth application. This property is required when
isOAuth is true. isOAuth (optional)
Boolean The type of authentication to use. The default value is false, which means basic authentication is used instead of open authorization (OAuth).
jwtKeyId (optional)
String The key identifier assigned to the JWT verifier map of your OAuth application. This property is required when
isOAuth is true. userIdentifierValue (optional)
String The identifier to use for OAuth authentication. This identifier should be the user field you selected when you created an OAuth JWT API endpoint for external clients in your ServiceNow instance. For example, if the selected user field is
Email, the user identifier should be the user's email address. This property is required when isOAuth is true. config_properties_swimlane - Connector request properties for a Swimlane connector Up
Defines properties for connectors when type is
.swimlane.config_properties_webhook - Connector request properties for a Webhook connector Up
Defines properties for connectors when type is
.webhook.authType (optional)
String The type of authentication to use: basic, SSL, or none.
Enum:
webhook-authentication-basic
webhook-authentication-ssl
null
ca (optional)
String A base64 encoded version of the certificate authority file that the connector can trust to sign and validate certificates. This option is available for all authentication types.
certType (optional)
String If the
authType is webhook-authentication-ssl, specifies whether the certificate authentication data is in a CRT and key file format or a PFX file format. Enum:
ssl-crt-key
ssl-pfx
hasAuth (optional)
Boolean If
true, a user name and password must be provided for login type authentication. headers (optional)
Object A set of key-value pairs sent as headers with the request.
method (optional)
Enum:
post
put
url (optional)
String The request URL. If you are using the
xpack.actions.allowedHosts setting, add the hostname to the allowed hosts. verificationMode (optional)
String Controls the verification of certificates. Use
full to validate that the certificate has an issue date within the not_before and not_after dates, chains to a trusted certificate authority (CA), and has a hostname or IP address that matches the names within the certificate. Use certificate to validate the certificate and verify that it is signed by a trusted authority; this option does not check the certificate hostname. Use none to skip certificate validation. Enum:
certificate
full
none
connector_response_properties - Connector response properties Up
The properties vary depending on the connector type.
config
map[String, oas_any_type_not_mapped] Defines properties for connectors when type is
.xmatters. connector_type_id
String The type of connector.
Enum:
.xmatters
id
String The identifier for the connector.
is_deprecated
Boolean Indicates whether the connector type is deprecated.
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the
config and is_missing_secrets properties are omitted from the response. is_system_action (optional)
Boolean Indicates whether the connector is used for system actions.
name
String The display name for the connector.
connector_response_properties_cases_webhook - Connector request properties for a Webhook - Case Management connector Up
config
connector_type_id
String The type of connector.
Enum:
.cases-webhook
id
String The identifier for the connector.
is_deprecated
Boolean Indicates whether the connector type is deprecated.
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the
config and is_missing_secrets properties are omitted from the response. is_system_action (optional)
Boolean Indicates whether the connector is used for system actions.
name
String The display name for the connector.
connector_response_properties_email - Connector response properties for an email connector Up
config
map[String, oas_any_type_not_mapped] Defines properties for connectors when type is
.email. connector_type_id
String The type of connector.
Enum:
.email
id
String The identifier for the connector.
is_deprecated
Boolean Indicates whether the connector type is deprecated.
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the
config and is_missing_secrets properties are omitted from the response. is_system_action (optional)
Boolean Indicates whether the connector is used for system actions.
name
String The display name for the connector.
connector_response_properties_index - Connector response properties for an index connector Up
config
connector_type_id
String The type of connector.
Enum:
.index
id
String The identifier for the connector.
is_deprecated
Boolean Indicates whether the connector type is deprecated.
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the
config and is_missing_secrets properties are omitted from the response. is_system_action (optional)
Boolean Indicates whether the connector is used for system actions.
name
String The display name for the connector.
connector_response_properties_jira - Connector response properties for a Jira connector Up
config
connector_type_id
String The type of connector.
Enum:
.jira
id
String The identifier for the connector.
is_deprecated
Boolean Indicates whether the connector type is deprecated.
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the
config and is_missing_secrets properties are omitted from the response. is_system_action (optional)
Boolean Indicates whether the connector is used for system actions.
name
String The display name for the connector.
connector_response_properties_opsgenie - Connector response properties for an Opsgenie connector Up
config
connector_type_id
String The type of connector.
Enum:
.opsgenie
id
String The identifier for the connector.
is_deprecated
Boolean Indicates whether the connector type is deprecated.
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the
config and is_missing_secrets properties are omitted from the response. is_system_action (optional)
Boolean Indicates whether the connector is used for system actions.
name
String The display name for the connector.
connector_response_properties_pagerduty - Connector response properties for a PagerDuty connector Up
config
connector_type_id
String The type of connector.
Enum:
.pagerduty
id
String The identifier for the connector.
is_deprecated
Boolean Indicates whether the connector type is deprecated.
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the
config and is_missing_secrets properties are omitted from the response. is_system_action (optional)
Boolean Indicates whether the connector is used for system actions.
name
String The display name for the connector.
connector_response_properties_resilient - Connector response properties for a IBM Resilient connector Up
config
connector_type_id
String The type of connector.
Enum:
.resilient
id
String The identifier for the connector.
is_deprecated
Boolean Indicates whether the connector type is deprecated.
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the
config and is_missing_secrets properties are omitted from the response. is_system_action (optional)
Boolean Indicates whether the connector is used for system actions.
name
String The display name for the connector.
connector_response_properties_serverlog - Connector response properties for a server log connector Up
config
connector_type_id
String The type of connector.
Enum:
.server-log
id
String The identifier for the connector.
is_deprecated
Boolean Indicates whether the connector type is deprecated.
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the
config and is_missing_secrets properties are omitted from the response. is_system_action (optional)
Boolean Indicates whether the connector is used for system actions.
name
String The display name for the connector.
connector_response_properties_servicenow - Connector response properties for a ServiceNow ITSM connector Up
config
connector_type_id
String The type of connector.
Enum:
.servicenow
id
String The identifier for the connector.
is_deprecated
Boolean Indicates whether the connector type is deprecated.
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the
config and is_missing_secrets properties are omitted from the response. is_system_action (optional)
Boolean Indicates whether the connector is used for system actions.
name
String The display name for the connector.
connector_response_properties_servicenow_itom - Connector response properties for a ServiceNow ITOM connector Up
config
connector_type_id
String The type of connector.
Enum:
.servicenow-itom
id
String The identifier for the connector.
is_deprecated
Boolean Indicates whether the connector type is deprecated.
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the
config and is_missing_secrets properties are omitted from the response. is_system_action (optional)
Boolean Indicates whether the connector is used for system actions.
name
String The display name for the connector.
connector_response_properties_servicenow_sir - Connector response properties for a ServiceNow SecOps connector Up
config
connector_type_id
String The type of connector.
Enum:
.servicenow-sir
id
String The identifier for the connector.
is_deprecated
Boolean Indicates whether the connector type is deprecated.
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the
config and is_missing_secrets properties are omitted from the response. is_system_action (optional)
Boolean Indicates whether the connector is used for system actions.
name
String The display name for the connector.
connector_response_properties_slack_api - Connector response properties for a Slack connector Up
connector_type_id
String The type of connector.
Enum:
.slack_api
id
String The identifier for the connector.
is_deprecated
Boolean Indicates whether the connector type is deprecated.
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the
config and is_missing_secrets properties are omitted from the response. is_system_action (optional)
Boolean Indicates whether the connector is used for system actions.
name
String The display name for the connector.
connector_response_properties_slack_webhook - Connector response properties for a Slack connector Up
connector_type_id
String The type of connector.
Enum:
.slack
id
String The identifier for the connector.
is_deprecated
Boolean Indicates whether the connector type is deprecated.
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the
config and is_missing_secrets properties are omitted from the response. is_system_action (optional)
Boolean Indicates whether the connector is used for system actions.
name
String The display name for the connector.
connector_response_properties_swimlane - Connector response properties for a Swimlane connector Up
config
connector_type_id
String The type of connector.
Enum:
.swimlane
id
String The identifier for the connector.
is_deprecated
Boolean Indicates whether the connector type is deprecated.
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the
config and is_missing_secrets properties are omitted from the response. is_system_action (optional)
Boolean Indicates whether the connector is used for system actions.
name
String The display name for the connector.
connector_response_properties_teams - Connector response properties for a Microsoft Teams connector Up
connector_type_id
String The type of connector.
Enum:
.teams
id
String The identifier for the connector.
is_deprecated
Boolean Indicates whether the connector type is deprecated.
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the
config and is_missing_secrets properties are omitted from the response. is_system_action (optional)
Boolean Indicates whether the connector is used for system actions.
name
String The display name for the connector.
connector_response_properties_tines - Connector response properties for a Tines connector Up
config
map[String, oas_any_type_not_mapped] Defines properties for connectors when type is
.tines. connector_type_id
String The type of connector.
Enum:
.tines
id
String The identifier for the connector.
is_deprecated
Boolean Indicates whether the connector type is deprecated.
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the
config and is_missing_secrets properties are omitted from the response. is_system_action (optional)
Boolean Indicates whether the connector is used for system actions.
name
String The display name for the connector.
connector_response_properties_webhook - Connector response properties for a Webhook connector Up
config
connector_type_id
String The type of connector.
Enum:
.webhook
id
String The identifier for the connector.
is_deprecated
Boolean Indicates whether the connector type is deprecated.
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the
config and is_missing_secrets properties are omitted from the response. is_system_action (optional)
Boolean Indicates whether the connector is used for system actions.
name
String The display name for the connector.
connector_response_properties_xmatters - Connector response properties for an xMatters connector Up
config
map[String, oas_any_type_not_mapped] Defines properties for connectors when type is
.xmatters. connector_type_id
String The type of connector.
Enum:
.xmatters
id
String The identifier for the connector.
is_deprecated
Boolean Indicates whether the connector type is deprecated.
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the
config and is_missing_secrets properties are omitted from the response. is_system_action (optional)
Boolean Indicates whether the connector is used for system actions.
name
String The display name for the connector.
connector_types - Connector types Up
The type of connector. For example,
.email, .index, .jira, .opsgenie, or .server-log.create_connector_request_cases_webhook - Create Webhook - Case Managment connector request Up
The Webhook - Case Management connector uses axios to send POST, PUT, and GET requests to a case management RESTful API web service.
create_connector_request_email - Create email connector request Up
The email connector uses the SMTP protocol to send mail messages, using an integration of Nodemailer. An exception is Microsoft Exchange, which uses HTTP protocol for sending emails, Send mail. Email message text is sent as both plain text and html text.
config
map[String, oas_any_type_not_mapped] Defines properties for connectors when type is
.email. connector_type_id
String The type of connector.
Enum:
.email
name
String The display name for the connector.
secrets
map[String, oas_any_type_not_mapped] Defines secrets for connectors when type is
.email. create_connector_request_genai - Create generative AI connector request Up
The generative AI connector uses axios to send a POST request to either OpenAI or Azure OpenAPI.
create_connector_request_index - Create index connector request Up
The index connector indexes a document into Elasticsearch.
create_connector_request_jira - Create Jira connector request Up
The Jira connector uses the REST API v2 to create Jira issues.
create_connector_request_opsgenie - Create Opsgenie connector request Up
The Opsgenie connector uses the Opsgenie alert API.
create_connector_request_pagerduty - Create PagerDuty connector request Up
The PagerDuty connector uses the v2 Events API to trigger, acknowledge, and resolve PagerDuty alerts.
create_connector_request_resilient - Create IBM Resilient connector request Up
The IBM Resilient connector uses the RESILIENT REST v2 to create IBM Resilient incidents.
create_connector_request_serverlog - Create server log connector request Up
This connector writes an entry to the Kibana server log.
create_connector_request_servicenow - Create ServiceNow ITSM connector request Up
The ServiceNow ITSM connector uses the import set API to create ServiceNow incidents. You can use the connector for rule actions and cases.
create_connector_request_servicenow_itom - Create ServiceNow ITOM connector request Up
The ServiceNow ITOM connector uses the event API to create ServiceNow events. You can use the connector for rule actions.
create_connector_request_servicenow_sir - Create ServiceNow SecOps connector request Up
The ServiceNow SecOps connector uses the import set API to create ServiceNow security incidents. You can use the connector for rule actions and cases.
create_connector_request_slack_api - Create Slack connector request Up
The Slack connector uses Slack Incoming Webhooks.
create_connector_request_slack_webhook - Create Slack connector request Up
The Slack connector uses Slack Incoming Webhooks.
create_connector_request_swimlane - Create Swimlane connector request Up
The Swimlane connector uses the Swimlane REST API to create Swimlane records.
create_connector_request_teams - Create Microsoft Teams connector request Up
The Microsoft Teams connector uses Incoming Webhooks.
connector_type_id
String The type of connector.
Enum:
.teams
name
String The display name for the connector.
secrets
map[String, oas_any_type_not_mapped] Defines secrets for connectors when type is
.teams. create_connector_request_tines - Create Tines connector request Up
The Tines connector uses Tines Webhook actions to send events via POST request.
config
map[String, oas_any_type_not_mapped] Defines properties for connectors when type is
.tines. connector_type_id
String The type of connector.
Enum:
.tines
name
String The display name for the connector.
secrets
map[String, oas_any_type_not_mapped] Defines secrets for connectors when type is
.tines. create_connector_request_webhook - Create Webhook connector request Up
The Webhook connector uses axios to send a POST or PUT request to a web service.
create_connector_request_xmatters - Create xMatters connector request Up
The xMatters connector uses the xMatters Workflow for Elastic to send actionable alerts to on-call xMatters resources.
config
map[String, oas_any_type_not_mapped] Defines properties for connectors when type is
.xmatters. connector_type_id
String The type of connector.
Enum:
.xmatters
name
String The display name for the connector.
secrets
map[String, oas_any_type_not_mapped] Defines secrets for connectors when type is
.xmatters. features - Up
The feature that uses the connector. Valid values are
alerting, cases, uptime, and siem.legacyRunConnector_200_response - Up
runConnector_200_response - Up
run_connector_params_documents - Index connector parameters Up
Test an action that indexes a document into Elasticsearch.
documents
array[map[String, oas_any_type_not_mapped]] The documents in JSON format for index connectors.
run_connector_params_level_message - Server log connector parameters Up
Test an action that writes an entry to the Kibana server log.
run_connector_subaction_addevent - The addEvent subaction Up
The
addEvent subaction for ServiceNow ITOM connectors.run_connector_subaction_addevent_subActionParams - Up
The set of configuration properties for the action.
additional_info (optional)
String Additional information about the event.
description (optional)
String The details about the event.
event_class (optional)
String A specific instance of the source.
message_key (optional)
String All actions sharing this key are associated with the same ServiceNow alert. The default value is
<rule ID>:<alert instance ID>. metric_name (optional)
String The name of the metric.
node (optional)
String The host that the event was triggered for.
resource (optional)
String The name of the resource.
severity (optional)
String The severity of the event.
source (optional)
String The name of the event source type.
time_of_event (optional)
String The time of the event.
type (optional)
String The type of event.
run_connector_subaction_closealert - The closeAlert subaction Up
The
closeAlert subaction for Opsgenie connectors.run_connector_subaction_closealert_subActionParams - Up
alias
String The unique identifier used for alert deduplication in Opsgenie. The alias must match the value used when creating the alert.
note (optional)
String Additional information for the alert.
source (optional)
String The display name for the source of the alert.
user (optional)
String The display name for the owner.
run_connector_subaction_createalert - The createAlert subaction Up
The
createAlert subaction for Opsgenie connectors.run_connector_subaction_createalert_subActionParams - Up
actions (optional)
array[String] The custom actions available to the alert.
alias (optional)
String The unique identifier used for alert deduplication in Opsgenie.
description (optional)
String A description that provides detailed information about the alert.
details (optional)
map[String, oas_any_type_not_mapped] The custom properties of the alert.
entity (optional)
String The domain of the alert. For example, the application or server name.
message
String The alert message.
note (optional)
String Additional information for the alert.
priority (optional)
String The priority level for the alert.
Enum:
P1
P2
P3
P4
P5
responders (optional)
array[run_connector_subaction_createalert_subActionParams_responders_inner] The entities to receive notifications about the alert. If
type is user, either id or username is required. If type is team, either id or name is required. source (optional)
String The display name for the source of the alert.
tags (optional)
array[String] The tags for the alert.
user (optional)
String The display name for the owner.
visibleTo (optional)
array[run_connector_subaction_createalert_subActionParams_visibleTo_inner] The teams and users that the alert will be visible to without sending a notification. Only one of
id, name, or username is required. run_connector_subaction_fieldsbyissuetype - The fieldsByIssueType subaction Up
The
fieldsByIssueType subaction for Jira connectors.run_connector_subaction_fieldsbyissuetype_subActionParams - Up
id
String The Jira issue type identifier.
run_connector_subaction_getchoices - The getChoices subaction Up
The
getChoices subaction for ServiceNow ITOM, ServiceNow ITSM, and ServiceNow SecOps connectors.run_connector_subaction_getchoices_subActionParams - Up
The set of configuration properties for the action.
fields
array[String] An array of fields.
run_connector_subaction_getfields - The getFields subaction Up
The
getFields subaction for Jira, ServiceNow ITSM, and ServiceNow SecOps connectors.run_connector_subaction_getincident - The getIncident subaction Up
The
getIncident subaction for Jira, ServiceNow ITSM, and ServiceNow SecOps connectors.run_connector_subaction_getincident_subActionParams - Up
externalId
String The Jira, ServiceNow ITSM, or ServiceNow SecOps issue identifier.
run_connector_subaction_issue - The issue subaction Up
The
issue subaction for Jira connectors.run_connector_subaction_issue_subActionParams - Up
id
String The Jira issue identifier.
run_connector_subaction_issues - The issues subaction Up
The
issues subaction for Jira connectors.run_connector_subaction_issues_subActionParams - Up
title
String The title of the Jira issue.
run_connector_subaction_issuetypes - The issueTypes subaction Up
The
issueTypes subaction for Jira connectors.run_connector_subaction_pushtoservice - The pushToService subaction Up
The
pushToService subaction for Jira, ServiceNow ITSM, ServiceNow SecOps, and Swimlane connectors.run_connector_subaction_pushtoservice_subActionParams - Up
The set of configuration properties for the action.
comments (optional)
array[run_connector_subaction_pushtoservice_subActionParams_comments_inner] Additional information that is sent to Jira, ServiceNow ITSM, ServiceNow SecOps, or Swimlane.
incident (optional)
run_connector_subaction_pushtoservice_subActionParams_incident - Up
Information necessary to create or update a Jira, ServiceNow ITSM, ServiveNow SecOps, or Swimlane incident.
alertId (optional)
String The alert identifier for Swimlane connectors.
caseId (optional)
String The case identifier for the incident for Swimlane connectors.
caseName (optional)
String The case name for the incident for Swimlane connectors.
category (optional)
String The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.
correlation_display (optional)
String A descriptive label of the alert for correlation purposes for ServiceNow ITSM and ServiceNow SecOps connectors.
correlation_id (optional)
String The correlation identifier for the security incident for ServiceNow ITSM and ServiveNow SecOps connectors. Connectors using the same correlation ID are associated with the same ServiceNow incident. This value determines whether a new ServiceNow incident is created or an existing one is updated. Modifying this value is optional; if not modified, the rule ID and alert ID are combined as
{{ruleID}}:{{alert ID}} to form the correlation ID value in ServiceNow. The maximum character length for this value is 100 characters. NOTE: Using the default configuration of {{ruleID}}:{{alert ID}} ensures that ServiceNow creates a separate incident record for every generated alert that uses a unique alert ID. If the rule generates multiple alerts that use the same alert IDs, ServiceNow creates and continually updates a single incident record for the alert. description (optional)
String The description of the incident for Jira, ServiceNow ITSM, ServiceNow SecOps, and Swimlane connectors.
dest_ip (optional)
externalId (optional)
String The Jira, ServiceNow ITSM, or ServiceNow SecOps issue identifier. If present, the incident is updated. Otherwise, a new incident is created.
impact (optional)
String The impact of the incident for ServiceNow ITSM connectors.
issueType (optional)
Integer The type of incident for Jira connectors. For example, 10006. To obtain the list of valid values, set
subAction to issueTypes. labels (optional)
array[String] The labels for the incident for Jira connectors. NOTE: Labels cannot contain spaces.
malware_hash (optional)
malware_url (optional)
parent (optional)
String The ID or key of the parent issue for Jira connectors. Applies only to
Sub-task types of issues. priority (optional)
String The priority of the incident in Jira and ServiceNow SecOps connectors.
ruleName (optional)
String The rule name for Swimlane connectors.
severity (optional)
String The severity of the incident for ServiceNow ITSM and Swimlane connectors.
short_description (optional)
String A short description of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. It is used for searching the contents of the knowledge base.
source_ip (optional)
subcategory (optional)
String The subcategory of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.
summary (optional)
String A summary of the incident for Jira connectors.
title (optional)
String A title for the incident for Jira connectors. It is used for searching the contents of the knowledge base.
urgency (optional)
String The urgency of the incident for ServiceNow ITSM connectors.
run_connector_subaction_pushtoservice_subActionParams_incident_dest_ip - Up
A list of destination IP addresses related to the security incident for ServiceNow SecOps connectors. The IPs are added as observables to the security incident.
run_connector_subaction_pushtoservice_subActionParams_incident_malware_hash - Up
A list of malware hashes related to the security incident for ServiceNow SecOps connectors. The hashes are added as observables to the security incident.
run_connector_subaction_pushtoservice_subActionParams_incident_malware_url - Up
A list of malware URLs related to the security incident for ServiceNow SecOps connectors. The URLs are added as observables to the security incident.
run_connector_subaction_pushtoservice_subActionParams_incident_source_ip - Up
A list of source IP addresses related to the security incident for ServiceNow SecOps connectors. The IPs are added as observables to the security incident.
secrets_properties_cases_webhook - Connector secrets properties for Webhook - Case Management connector Up
secrets_properties_genai - Connector secrets properties for a generative AI connector Up
Defines secrets for connectors when type is
.gen-ai.apiKey (optional)
String The OpenAI API key.
secrets_properties_jira - Connector secrets properties for a Jira connector Up
Defines secrets for connectors when type is
.jira.secrets_properties_opsgenie - Connector secrets properties for an Opsgenie connector Up
Defines secrets for connectors when type is
.opsgenie.apiKey
String The Opsgenie API authentication key for HTTP Basic authentication.
secrets_properties_pagerduty - Connector secrets properties for a PagerDuty connector Up
Defines secrets for connectors when type is
.pagerduty.routingKey
String A 32 character PagerDuty Integration Key for an integration on a service.
secrets_properties_resilient - Connector secrets properties for IBM Resilient connector Up
Defines secrets for connectors when type is
.resilient.secrets_properties_servicenow - Connector secrets properties for ServiceNow ITOM, ServiceNow ITSM, and ServiceNow SecOps connectors Up
Defines secrets for connectors when type is
.servicenow, .servicenow-sir, or .servicenow-itom.clientSecret (optional)
String The client secret assigned to your OAuth application. This property is required when
isOAuth is true. password (optional)
privateKey (optional)
String The RSA private key that you created for use in ServiceNow. This property is required when
isOAuth is true. privateKeyPassword (optional)
String The password for the RSA private key. This property is required when
isOAuth is true and you set a password on your private key. username (optional)
secrets_properties_slack_api - Connector secrets properties for a Web API Slack connector Up
Defines secrets for connectors when type is
.slack.token
String Slack bot user OAuth token.
secrets_properties_slack_webhook - Connector secrets properties for a Webhook Slack connector Up
Defines secrets for connectors when type is
.slack.webhookUrl
String Slack webhook url.
secrets_properties_swimlane - Connector secrets properties for a Swimlane connector Up
Defines secrets for connectors when type is
.swimlane.apiToken (optional)
String Swimlane API authentication token.
secrets_properties_webhook - Connector secrets properties for a Webhook connector Up
Defines secrets for connectors when type is
.webhook.crt (optional)
String If
authType is webhook-authentication-ssl and certType is ssl-crt-key, it is a base64 encoded version of the CRT or CERT file. key (optional)
String If
authType is webhook-authentication-ssl and certType is ssl-crt-key, it is a base64 encoded version of the KEY file. pfx (optional)
String If
authType is webhook-authentication-ssl and certType is ssl-pfx, it is a base64 encoded version of the PFX or P12 file. password (optional)
String The password for HTTP basic authentication or the passphrase for the SSL certificate files. If
hasAuth is set to true and authType is webhook-authentication-basic, this property is required. user (optional)
String The username for HTTP basic authentication. If
hasAuth is set to true and authType is webhook-authentication-basic, this property is required. update_connector_request_cases_webhook - Update Webhook - Case Managment connector request Up
update_connector_request_jira - Update Jira connector request Up
update_connector_request_opsgenie - Update Opsgenie connector request Up
update_connector_request_pagerduty - Update PagerDuty connector request Up
update_connector_request_resilient - Update IBM Resilient connector request Up
update_connector_request_serverlog - Update server log connector request Up
name
String The display name for the connector.