From 5e113326cbe8365f72323aa73069f49ef5a4525f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Istv=C3=A1n=20Zolt=C3=A1n=20Szab=C3=B3?= Date: Mon, 10 Feb 2025 16:27:49 +0100 Subject: [PATCH] [E&A] Refines Cases section. --- .../cases/manage-cases-settings.md | 40 ++++------- .../alerts-cases/cases/manage-cases.md | 72 ++++++++----------- .../alerts-cases/cases/setup-cases.md | 8 --- 3 files changed, 45 insertions(+), 75 deletions(-) diff --git a/explore-analyze/alerts-cases/cases/manage-cases-settings.md b/explore-analyze/alerts-cases/cases/manage-cases-settings.md index 975643e58..9e6fc93f7 100644 --- a/explore-analyze/alerts-cases/cases/manage-cases-settings.md +++ b/explore-analyze/alerts-cases/cases/manage-cases-settings.md @@ -20,24 +20,22 @@ If you close cases in your external incident management system, they will remain To change whether cases are automatically closed after they are sent to an external system, update the case closure options. - ## External incident management systems [case-connectors] You can add connectors to cases to push information to these external incident management systems: -* {ibm-r} -* {jira} -* {sn-itsm} -* {sn-sir} -* {swimlane} -* {hive} -* {webhook-cm} +* {{ibm-r}} +* {{jira}} +* {{sn-itsm}} +* {{sn-sir}} +* {{swimlane}} +* {{hive}} +* {{webhook-cm}} ::::{note} To create connectors and send cases to external systems, you must have the appropriate {{kib}} feature privileges. Refer to [Configure access to cases](setup-cases.md). :::: - You can create connectors in **{{stack-manage-app}} > {{connectors-ui}}**, as described in [*Connectors*](../../../deploy-manage/manage-connectors.md). Alternatively, you can create them in **{{stack-manage-app}} > Cases > Settings**: 1. From the **Incident management system** list, select **Add new connector**. @@ -48,7 +46,6 @@ You can subsequently choose the connector when you create cases and use it in ca To update a connector, click **Update ** and edit the connector fields as required. - ## Custom fields [case-custom-fields] You can add optional and required fields for customized case collaboration. [8.15.0] @@ -56,11 +53,10 @@ You can add optional and required fields for customized case collaboration. [8.1 To create a custom field: 1. In the **Custom fields** section, click **Add field**. - - :::{image} ../../../images/kibana-cases-custom-fields-add.png - :alt: Add a custom field in case settings - :class: screenshot - ::: + :::{image} ../../../images/kibana-cases-custom-fields-add.png + :alt: Add a custom field in case settings + :class: screenshot + ::: 2. You must provide a field label and type (text or toggle). You can optionally designate it as a required field and provide a default value. @@ -68,24 +64,21 @@ When you create a custom field, it’s added to all new and existing cases. Exis You can subsequently remove or edit custom fields on the **Settings** page. - ## Templates [case-templates] ::::{warning} This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. :::: - You can make the case creation process faster and more consistent by adding templates. A template defines values for one or all of the case fields (such as severity, tags, description, and title) as well as any custom fields. To create a template: 1. In the **Templates** section, click **Add template**. - - :::{image} ../../../images/kibana-cases-templates-add.png - :alt: Add a template in case settings - :class: screenshot - ::: + :::{image} ../../../images/kibana-cases-templates-add.png + :alt: Add a template in case settings + :class: screenshot + ::: 2. You must provide a template name and case severity. You can optionally add template tags and a description, values for each case field, and a case connector. @@ -94,6 +87,3 @@ When users create cases, they can optionally select a template and use its value ::::{note} If you update or delete templates, existing cases are unaffected. :::: - - - diff --git a/explore-analyze/alerts-cases/cases/manage-cases.md b/explore-analyze/alerts-cases/cases/manage-cases.md index bc77ef558..4d9144c09 100644 --- a/explore-analyze/alerts-cases/cases/manage-cases.md +++ b/explore-analyze/alerts-cases/cases/manage-cases.md @@ -12,18 +12,16 @@ To perform these tasks, you must have [full access](setup-cases.md) to the appro Open a new case to keep track of issues and share their details with colleagues. 1. Go to **Management > {{stack-manage-app}} > Cases**, then click **Create case**. - - :::{image} ../../../images/kibana-cases-create.png - :alt: Create a case in {stack-manage-app} - :class: screenshot - ::: + :::{image} ../../../images/kibana-cases-create.png + :alt: Create a case in {stack-manage-app} + :class: screenshot + ::: 2. If you defined [templates](manage-cases-settings.md#case-templates), you can optionally select one to use its default field values. [preview] 3. Give the case a name, severity, and description. - - ::::{tip} - In the `Description` area, you can use [Markdown](https://www.markdownguide.org/cheat-sheet) syntax to create formatted text. - :::: + ::::{tip} + In the `Description` area, you can use [Markdown](https://www.markdownguide.org/cheat-sheet) syntax to create formatted text. + :::: 4. Optionally, add a category, assignees, and tags. You can add users only if they meet the necessary [prerequisites](setup-cases.md). 5. If you defined any [custom fields](manage-cases-settings.md#case-custom-fields), they appear in the **Additional fields** section. [8.15.0] @@ -32,7 +30,6 @@ Open a new case to keep track of issues and share their details with colleagues. [preview] Alternatively, you can configure your rules to automatically create cases by using [case actions](https://www.elastic.co/guide/en/kibana/current/cases-action-type.html). By default, the rule adds all of the alerts within a specified time window to a single case. You can optionally choose a field to group the alerts and create separate cases for each group. You can also choose whether you want the rule to reopen cases or open new ones when the time window elapses. - ## Add email notifications [add-case-notifications] You can configure email notifications that occur when users are assigned to cases. @@ -43,38 +40,35 @@ For hosted {{kib}} on {{ess}}: You do not need to take any more steps to configure an email connector or update {{kib}} user settings, since the preconfigured Elastic-Cloud-SMTP connector is used by default. - For self-managed {{kib}}: 1. Create a preconfigured email connector. - - ::::{note} - At this time, email notifications support only preconfigured connectors, which are defined in the `kibana.yml` file. For examples, refer to [Email connectors](https://www.elastic.co/guide/en/kibana/current/pre-configured-connectors.html#preconfigured-email-configuration) and [Configure email accounts for well-known services](https://www.elastic.co/guide/en/kibana/current/email-action-type.html#configuring-email). - :::: + ::::{note} + At this time, email notifications support only preconfigured connectors, which are defined in the `kibana.yml` file. For examples, refer to [Email connectors](https://www.elastic.co/guide/en/kibana/current/pre-configured-connectors.html#preconfigured-email-configuration) and [Configure email accounts for well-known services](https://www.elastic.co/guide/en/kibana/current/email-action-type.html#configuring-email). + :::: 2. Set the `notifications.connectors.default.email` {{kib}} setting in kibana.yml to the name of your email connector. -```js -notifications.connectors.default.email: ‘mail-dev’ - -xpack.actions.preconfigured: - mail-dev: - name: preconfigured-email-notification-maildev - actionTypeId: .email - config: - service: other - from: from address - host: host name - port: port number - secure: true/false - hasAuth: true/false -``` - -1. If you want the email notifications to contain links back to the case, you must configure the [server.publicBaseUrl](../../../deploy-manage/deploy/self-managed/configure.md#server-publicBaseUrl) setting. + ```js + notifications.connectors.default.email: ‘mail-dev’ + + xpack.actions.preconfigured: + mail-dev: + name: preconfigured-email-notification-maildev + actionTypeId: .email + config: + service: other + from: from address + host: host name + port: port number + secure: true/false + hasAuth: true/false + ``` + +3. If you want the email notifications to contain links back to the case, you must configure the [server.publicBaseUrl](../../../deploy-manage/deploy/self-managed/configure.md#server-publicBaseUrl) setting. When you subsequently add assignees to cases, they receive an email. - ## Add files [add-case-files] After you create a case, you can upload and manage files on the **Files** tab: @@ -95,8 +89,6 @@ Uploaded files are also accessible in **{{stack-manage-app}} > Files**. When you :::: - - ## Add visualizations [add-case-visualization] You can also optionally add visualizations. For example, you can portray event and alert data through charts and graphs. @@ -110,10 +102,9 @@ To add a visualization to a comment within your case: 1. Click the **Visualization** button. The **Add visualization** dialog appears. 2. Select an existing visualization from your Visualize Library or create a new visualization. - - ::::{important} - Set an absolute time range for your visualization. This ensures your visualization doesn’t change over time after you save it to your case and provides important context for viewers. - :::: + ::::{important} + Set an absolute time range for your visualization. This ensures your visualization doesn’t change over time after you save it to your case and provides important context for viewers. + :::: 3. After you’ve finished creating your visualization, click **Save and return** to go back to your case. 4. Click **Preview** to see how the visualization will appear in the case comment. @@ -123,7 +114,6 @@ Alternatively, while viewing a [dashboard](../../dashboards.md) you can open a p After a visualization has been added to a case, you can modify or interact with it by clicking the **Open Visualization** option in the case’s comment menu. - ## Manage cases [manage-case] In **Management > {{stack-manage-app}} > Cases**, you can search cases and filter them by attributes such as assignees, categories, severity, status, and tags. You can also select multiple cases and use bulk actions to delete cases or change their attributes. @@ -141,5 +131,3 @@ To view a case, click on its name. You can then: * Change the severity. * Close or delete the case. * Reopen a closed case. - - diff --git a/explore-analyze/alerts-cases/cases/setup-cases.md b/explore-analyze/alerts-cases/cases/setup-cases.md index 2380ea30a..33268623e 100644 --- a/explore-analyze/alerts-cases/cases/setup-cases.md +++ b/explore-analyze/alerts-cases/cases/setup-cases.md @@ -7,7 +7,6 @@ mapped_pages: To access cases in **{{stack-manage-app}}**, you must have the appropriate {{kib}} privileges: - ## Give full access to manage cases and settings [_give_full_access_to_manage_cases_and_settings] **{{kib}} privileges** @@ -22,8 +21,6 @@ By default, `All` for the **Cases** feature includes authority to delete cases a :::: - - ## Give assignee access to cases [_give_assignee_access_to_cases] **{{kib}} privileges** @@ -37,8 +34,6 @@ This privilege is also required to add [case actions](https://www.elastic.co/gui :::: - - ## Give view-only access to cases [_give_view_only_access_to_cases] **{{kib}} privileges** @@ -49,15 +44,12 @@ This privilege is also required to add [case actions](https://www.elastic.co/gui You can customize sub-feature privileges for deleting cases and comments, editing case settings, adding case comments and attachments, and re-opening cases. :::: - - ## Revoke all access to cases [_revoke_all_access_to_cases] **{{kib}} privileges** `None` for the **Cases** feature under **Management**. - ## More details [_more_details_2] For more details, refer to [{{kib}} privileges](../../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md).