elasticmachine
commented
1 year ago Pinging @elastic/response-ops (Team:ResponseOps)
Open mha00 opened 1 year ago
elasticmachine
commented
1 year ago Pinging @elastic/response-ops (Team:ResponseOps)
pmuellr
commented
1 year ago It's possible for on-prem customers, who are able to run custom Kibana plugins, to create a plugin which adds additional connectors. But it's not easy. And we aren't really set up to do this, so would likely involve making changes to a few places in the framework. But most of the work could be done in a custom plugin.
One of the referenced posts mentioned Webhooks (they didn't want to use them), but that's the easiest way out-of-the-box to run custom connectors. You would essentially implement your connector in the server handling the webhook.
Since you mention Swimlane specifically, is that we're open to extending existing connectors, but we'd need a more specific issue detailing changes needed.
Also, there is a PR open to add a D3 SOAR connector, but it looks like it's stalled; not sure what the status is on that.
We're also open to taking community contributions; this is basically the same amount of work as creating your own Kibana plugin (maybe a little less) - it's still complicated and will take some time. Bonus is that you'll get feedback directly from the development team. More info here: https://www.elastic.co/guide/en/kibana/master/development.html
Before doing any of this, might be worth detailing exactly what you want to do, in case there is some reason it's not feasible to implement.
I´d like to develop a custom connector which goes beyond the avalailable ones you can find here https://www.elastic.co/guide/en/kibana/current/action-types.html. Questions related to existing possibilites were asked and replied by your team twice in 2021. They suggested to raise a Github Issue for that:
They available connectors doesn´t match every specific use case. E.g. If you´d like to customize the available Swimlane SOAR fields in order to send more information. This is currently not possible. If there would be a possibility to customize the existing connector or develop one by myself that would be great.
Is this feature maybe already available? Are you planning to integrate this feature in future?
Thanks in advance.