[Security Solution] Cases Webhook connector, expose more case fields

[stephmilovic]

Cases webhook connector users have requested other case fields, such as the case id, should be exposed as options in the different request JSON body inputs. Currently we only expose title, description, and tags.

Let's definitely expose case id as it has been requested, and look at the case object to determine what else would be useful:

{
  "id":"31cdada0-02c1-11ed-85f2-4f7c222ca2fa",
  "version":"WzM2LDFd",
  "comments":[], // handled by comments api configuration
  "totalComment":1,
  "totalAlerts":0,
  "title":"Case title 1",
  "tags":["tag 1"],
  "settings":{"syncAlerts":true},
  "owner":"cases",
  "description":"A case description",
  "duration":null, 
  "severity":"low",
  "closed_at":null,
  "closed_by":null,
  "created_at":"2022-07-13T15:33:50.604Z",
  "created_by":{"username":"elastic","email":null,"full_name":null},
  "status":"open",
  "updated_at":"2022-07-13T15:40:32.335Z",
  "updated_by":{"full_name":null,"email":null,"username":"elastic"},
  "assignees":[{"uid":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"}],
  "connector":{"id":"none","name":"none","type":".none","fields":null},
  "external_service":null
}

@cnasikas @paulewing could I please get your input on which additional fields we should expose?

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[elasticmachine]

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

[stephmilovic]

Also wondering if we should take the "Tech Preview" label off @paulewing ?

[cnasikas]

Thanks, @stephmilovic for opening the issue. For starters, I would say

• Case ID
• Status
• Severity
• Tags (?)

About the "Tech Preview", I would say to keep it a couple of releases more so we can get user feedback.