[RCA] R&D: What do we want to do, exactly, with connectors?

[jasonrhodes]

Acceptance criteria

• A new issue exists that defines the scope of what we want to build using connectors, to start with

Notes from @jasonrhodes

1. We should aim to understand existing capabilities of connectors, see how the synchronization works in cases and rules/alerts today
2. Can we start with something like this:
   • Create x in connected application - what all do we send to the app from the investigation?
   • When "status" of investigation changes, send update to connected application - what do we include in the update?
3. Explore what it could look like to receive updates from the connected application, two-way (this is probably a stretch for initial implementation)

Some thoughts from @kdelemme

I have been looking into the connectors implemented by Cases. Only the connectors to 3rd party incident management tool are available:

For some of them, they require an (elastic) app to be installed on their marketplace, e.g. ServiceNow. Not sure yet what this app does (is it just for permission on their side or does it do more?)

Next thing to figure out, is what data is being sent to the connectors. I guess text from notes would not be a problem, but what about our items? I don't think we can render a lens chart on the 3rd party.

[elasticmachine]

Pinging @elastic/obs-ux-management-team (Team:obs-ux-management)