[SIEM] [Case] Case workflow api schema #51535
Conversation
|
Pinging @elastic/siem (Team:SIEM) |
stephmilovic
changed the title
💔 Build Failed |
…tephmilovic/kibana into case-workflow-api-schema
|
retest |
1 similar comment
|
retest |
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
…tephmilovic/kibana into case-workflow-api-schema
x-pack/legacy/plugins/siem/index.ts
Outdated
| // TODO: Remove once while Saved Object Mappings API is programmed for the NP See: https://github.com/elastic/kibana/issues/50309 | ||
| savedObjectSchemas: { | ||
| 'case-workflow': { | ||
| indexPattern: '.case-testing-ground', // TODO: Change this name and use kibana.yml settings to override it. |
There was a problem hiding this comment.
What's the reason for having this stored in a separate index? If we can avoid it, we should as a failed migration requires each of these indices to to removed currently and won't be resolved until 8.0.
There was a problem hiding this comment.
i will need it in a separate index, but apparently there is a way to get access to the kibana.yml from this part of the code which I had not believed to be possible. I need to track down an example, brb!
There was a problem hiding this comment.
I removed these lines for now since they will need to be done from the NP side ultimately. could have to do with these failures, we'll see
|
Something is blocking the Kibana server from starting for me, which is probably the cause of the CI failures. If I disable the plugin Are you able to reproduce this if you remove the configuration from your |
I think this all has to do with creating NP case saved objects from legacy siem. That was a temporary work around anyways. I removed that code, have the kibana server running locally without issues, let's see if we can get a green build |
💚 Build SucceededTo update your PR or re-run it, just comment with: |
* master: (23 commits) [Vis: Default editor] Reactify the timelion editor (elastic#52990) [Discover] fix histogram min interval (elastic#53979) [Telemetry] [Monitoring] Only retry fetching usage once monito… (elastic#54309) [docs][APM] Add runtime index config documentation (elastic#53907) [SIEM] Detection engine timeline (elastic#53783) Filter scripted fields preview field list to source fields (elastic#53826) Management - New platform api (elastic#52579) Reset region and Account when switching inventory (elastic#54287) [SIEM] [Case] Case workflow api schema (elastic#51535) Code coverage setup on CI (elastic#49003) [ML] DF Analytics Results: adds link to docs (elastic#54189) Update schemas boolean, byteSize, and duration to coerce strings (elastic#54177) [Metrics UI] Pass relevant shouldAllowEdit capabilities into SettingsPage (elastic#49781) [Canvas] Fixes bugs with autoplay and refresh (elastic#53149) [ML] DF Analytics Classification: ensure confusion matrix can be fetched (elastic#53629) Fix Vega react eslint errors (elastic#54259) Remove non existing codeowners (elastic#54274) use correct type (elastic#54244) [Dashboard] Removing 100% as dshDashboardViewport height (elastic#54263) add `examples/` to no-restricted-path config (elastic#54252) ...
Summary
To test locally, add the following line to your
kibana.dev.yml:This PR establishes the initial Case Workflow API, including case and comment schema. Please reference this Postman generated documentation of the API.
Case & Comment mappings are in this temp file, see note below:
x-pack/legacy/plugins/siem/server/lib/case/saved_object_mappings_temp.tsBig Time Note
I needed to use the legacy API in order to to write mappings for case as the Saved Object Mappings API is not yet available on the NP. See: #50309
Therefore, I had to create some temporary files in the
siemdir. I plan to commit this to master as I may need to change mappings. Eventually, this will get moved to the new platform.Checklist
This was checked for cross-browser compatibility, including a check against IE11Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n supportDocumentation was added for features that require explanation or tutorialsThis was checked for keyboard-only and screenreader accessibilityFor maintainers
This was checked for breaking API changes and was labeled appropriatelyThis includes a feature addition or change that requires a release note and was labeled appropriately