Tines connectoredit

The Tines connector uses Tines’s Webhook actions to send events via POST request.

Create connectors in Kibanaedit

You can create connectors in Stack Management > Connectors or as needed when you’re creating a rule. For example:

Tines connector
Connector configurationedit

Tines connectors have the following configuration properties:

URL
The Tines tenant URL. If you are using the xpack.actions.allowedHosts setting, make sure the hostname is added to the allowed hosts.
Email
The email used to sign in to Tines.
API Token
A Tines API token created by the user. For more information, refer to the Tines documentation.

Create preconfigured connectorsedit

If you are running Kibana on-prem, you can define connectors by adding xpack.actions.preconfigured settings to your kibana.yml file. For example:

xpack.actions.preconfigured:
  my-tines:
    name: preconfigured-tines-connector-type
    actionTypeId: .tines
    config:
      url: https://some-tenant-2345.tines.com
    secrets:
      email: some.address@test.com
      token: ausergeneratedapitoken

Config defines information for the connector type.

url
A Tines tenant URL string that corresponds to URL.

Secrets defines sensitive information for the connector type.

email
A string that corresponds to Email.
token
A string that corresponds to API Token.

Test connectorsedit

Tines actions have the following parameters.

Story
The Story to send the events to.
Webhook
The Webhook action from the previous story that will receive the events, it is the data entry point.

You can test connectors with the run connector API or as you’re creating or editing the connector in Kibana. For example:

Tines params test

Once the Tines connector has been configured in an alerting rule:

Tines rule alert

It will send a POST request to the Tines webhook action on every action that runs with at least one result.

Webhook URL fallbackedit

It is possible that requests to the Tines API to get the stories and webhooks for the selectors hit the 500 results limit. In this scenario, the webhook URL fallback text field will be displayed. You can still use the selectors if the story or webhook exists in the 500 options loaded. Otherwise, you can paste the webhook URL in the test input field; it can be copied from the Tines webhook configuration.

When the webhook URL is defined, the connector will use it directly when an action runs, and the story and webhook selectors will be disabled and ignored. To re-enable the story and webhook selectors, remove the webhook URL value.

Tines Webhook URL fallback

Tines story libraryedit

In order to simplify the integration with Elastic, Tines offers a set of pre-defined Elastic stories in the Story library. They can be found by searching for "Elastic" in the Tines Story library:

Tines Elastic stories

They can be imported directly into your Tines tenant.

Formatedit

Tines connector will send the data in JSON format.

The message contains fields such as alertId, date, _index, kibanaBaseUrl, along with the rule and params objects.

The number of alerts (signals) can be found at state.signals_count.

The alerts (signals) data is stored in the context.alerts array, following the ECS format.