Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possibility to develop custom alert connectors #162139

Open
mha00 opened this issue Jul 18, 2023 · 2 comments
Open

Possibility to develop custom alert connectors #162139

mha00 opened this issue Jul 18, 2023 · 2 comments
Labels
Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)

Comments

@mha00
Copy link

mha00 commented Jul 18, 2023
edited
Loading

I´d like to develop a custom connector which goes beyond the avalailable ones you can find here https://www.elastic.co/guide/en/kibana/current/action-types.html.
Questions related to existing possibilites were asked and replied by your team twice in 2021. They suggested to raise a Github Issue for that:

They available connectors doesn´t match every specific use case. E.g. If you´d like to customize the available Swimlane SOAR fields in order to send more information. This is currently not possible. If there would be a possibility to customize the existing connector or develop one by myself that would be great.

Is this feature maybe already available? Are you planning to integrate this feature in future?

Thanks in advance.
@botelastic botelastic bot added the needs-team Issues missing a team label label Jul 18, 2023
@nreese nreese added the Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) label Jul 20, 2023
@elasticmachine
Copy link
Contributor

Pinging @elastic/response-ops (Team:ResponseOps)

@botelastic botelastic bot removed the needs-team Issues missing a team label label Jul 20, 2023
@pmuellr
Copy link
Member

pmuellr commented Jul 27, 2023

It's possible for on-prem customers, who are able to run custom Kibana plugins, to create a plugin which adds additional connectors. But it's not easy. And we aren't really set up to do this, so would likely involve making changes to a few places in the framework. But most of the work could be done in a custom plugin.

One of the referenced posts mentioned Webhooks (they didn't want to use them), but that's the easiest way out-of-the-box to run custom connectors. You would essentially implement your connector in the server handling the webhook.

Since you mention Swimlane specifically, is that we're open to extending existing connectors, but we'd need a more specific issue detailing changes needed.

Also, there is a PR open to add a D3 SOAR connector, but it looks like it's stalled; not sure what the status is on that.

We're also open to taking community contributions; this is basically the same amount of work as creating your own Kibana plugin (maybe a little less) - it's still complicated and will take some time. Bonus is that you'll get feedback directly from the development team. More info here: https://www.elastic.co/guide/en/kibana/master/development.html

Before doing any of this, might be worth detailing exactly what you want to do, in case there is some reason it's not feasible to implement.

@pmuellr pmuellr moved this from Awaiting Triage to Todo in AppEx: ResponseOps - Execution & Connectors Jul 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)
Projects
No open projects
AppEx: ResponseOps - Execution & Connectors
Status: Todo
Milestone
No milestone
Development

No branches or pull requests
5 participants
@pmuellr @nreese @mikecote @elasticmachine @mha00