[DOCS][API] Add TheHive connector config and secrets

docs/action-type-template.asciidoc

@@ -22,7 +22,9 @@ or as needed when you're creating a rule.
 <ACTION-TYPE> connectors have the following configuration properties:
 
 ////
-List of user-facing connector configurations. This should align with the fields available in the Create connector flyout form for this connector type.
+List of user-facing connector configurations.
+This should align with the fields available in the Create connector flyout form for this connector type.
+To include these configuration details in the API documentation, add apprpriate files in x-pack/plugins/actions/docs/openapi/components/schemas/ and reference them from oas_docs/overlays/connectors.overlays.yaml
 ////
 
 Property1:: A short description of this property.
@@ -41,7 +43,9 @@ You can test connectors as you're creating or editing the connector in {kib}.
 <ACTION-TYPE> actions have the following properties.
 
 ////
-List of user-facing action configurations. This should align with the fields available in the Action section of the Create/Update alert flyout.
+List of user-facing action configurations.
+This should align with the fields available in the Action section of the Create/Update alert flyout.
+To include these configuration details in the API documentation, add apprpriate files in x-pack/plugins/actions/docs/openapi/components/schemas/ and reference them from oas_docs/overlays/connectors.overlays.yaml
 ////
 
 Property1:: A short description of this property.

oas_docs/overlays/connectors.overlays.yaml

@@ -159,7 +159,7 @@ actions:
                     # Observability AI Assistant (.observability-ai-assistant) TBD
                     # Azure OpenAI (.gen-ai)
                     - $ref:  '../../x-pack/plugins/actions/docs/openapi/components/schemas/genai_azure_config.yaml'
-                   # OpenAI (.gen-ai)
+                    # OpenAI (.gen-ai)
                     - $ref:  '../../x-pack/plugins/actions/docs/openapi/components/schemas/genai_openai_config.yaml'
                     # Opsgenie (.opsgenie)
                     - $ref: '../../x-pack/plugins/actions/docs/openapi/components/schemas/opsgenie_config.yaml'
@@ -177,6 +177,8 @@ actions:
                     - $ref: '../../x-pack/plugins/actions/docs/openapi/components/schemas/slack_api_config.yaml'
                     # Swimlane (.swimlane)
                     - $ref: '../../x-pack/plugins/actions/docs/openapi/components/schemas/swimlane_config.yaml'
+                    # TheHive (.thehive)
+                    - $ref: '../../x-pack/plugins/actions/docs/openapi/components/schemas/thehive_config.yaml'
                     # Tines (.tines)
                     - $ref: '../../x-pack/plugins/actions/docs/openapi/components/schemas/tines_config.yaml'
                     # Torq (.torq)
@@ -224,6 +226,8 @@ actions:
                     - $ref: '../../x-pack/plugins/actions/docs/openapi/components/schemas/slack_api_secrets.yaml'
                     # Swimlane (.swimlane)
                     - $ref: '../../x-pack/plugins/actions/docs/openapi/components/schemas/swimlane_secrets.yaml'
+                    # TheHive (.thehive)
+                    - $ref: '../../x-pack/plugins/actions/docs/openapi/components/schemas/thehive_secrets.yaml'
                     # Tines (.tines)
                     - $ref: '../../x-pack/plugins/actions/docs/openapi/components/schemas/tines_secrets.yaml'
                     # Torq (.torq)
@@ -284,6 +288,8 @@ actions:
                     - $ref: '../../x-pack/plugins/actions/docs/openapi/components/schemas/slack_api_config.yaml'
                     # Swimlane (.swimlane)
                     - $ref: '../../x-pack/plugins/actions/docs/openapi/components/schemas/swimlane_config.yaml'
+                    # TheHive (.thehive)
+                    - $ref: '../../x-pack/plugins/actions/docs/openapi/components/schemas/thehive_config.yaml'
                     # Tines (.tines)
                     - $ref: '../../x-pack/plugins/actions/docs/openapi/components/schemas/tines_config.yaml'
                     # Torq (.torq)
@@ -331,6 +337,8 @@ actions:
                     - $ref: '../../x-pack/plugins/actions/docs/openapi/components/schemas/slack_api_secrets.yaml'
                     # Swimlane (.swimlane)
                     - $ref: '../../x-pack/plugins/actions/docs/openapi/components/schemas/swimlane_secrets.yaml'
+                    # TheHive (.thehive)
+                    - $ref: '../../x-pack/plugins/actions/docs/openapi/components/schemas/thehive_secrets.yaml'
                     # Tines (.tines)
                     - $ref: '../../x-pack/plugins/actions/docs/openapi/components/schemas/tines_secrets.yaml'
                     # Torq (.torq)

x-pack/plugins/actions/docs/openapi/components/schemas/run_createalert.yaml

@@ -3,7 +3,7 @@ type: object
 required:
   - subAction
   - subActionParams
-description: The `createAlert` subaction for Opsgenie connectors.
+description: The `createAlert` subaction for Opsgenie and TheHive connectors.
 properties:
   subAction:
     type: string
@@ -12,12 +12,10 @@ properties:
       - createAlert
   subActionParams:
     type: object
-    required:
-      - message
     properties:
       actions:
         type: array
-        description: The custom actions available to the alert.
+        description: The custom actions available to the alert in Opsgenie connectors.
         items: 
           type: string
       alias:
@@ -28,21 +26,21 @@ properties:
         description: A description that provides detailed information about the alert.
       details:
         type: object
-        description: The custom properties of the alert.
+        description: The custom properties of the alert in Opsgenie connectors.
         additionalProperties: true
         example: {"key1":"value1","key2":"value2"}
       entity:
         type: string
-        description: The domain of the alert. For example, the application or server name.
+        description: The domain of the alert in Opsgenie connectors. For example, the application or server name.
       message:
         type: string
-        description: The alert message.
+        description: The alert message in Opsgenie connectors.
       note:
         type: string
-        description: Additional information for the alert.
+        description: Additional information for the alert in Opsgenie connectors.
       priority:
         type: string
-        description: The priority level for the alert.
+        description: The priority level for the alert in Opsgenie connectors.
         enum:
           - P1
           - P2
@@ -52,7 +50,7 @@ properties:
       responders:
         type: array
         description: >
-          The entities to receive notifications about the alert.
+          The entities to receive notifications about the alert in Opsgenie connectors.
           If `type` is `user`, either `id` or `username` is required.
           If `type` is `team`, either `id` or `name` is required.
         items:
@@ -75,14 +73,39 @@ properties:
             username:
               type: string
               description: A valid email address for the user.
+      severity:
+        type: integer
+        minimum: 1
+        maximum: 4
+        description: >
+          The severity of the incident for TheHive connectors.
+          The value ranges from 1 (low) to 4 (critical) with a default value of 2 (medium).
       source:
         type: string
-        description: The display name for the source of the alert.
+        description: The display name for the source of the alert in Opsgenie and TheHive connectors.
+      sourceRef:
+        type: string
+        description: A source reference for the alert in TheHive connectors.
       tags:
         type: array
-        description: The tags for the alert.
+        description: The tags for the alert in Opsgenie and TheHive connectors.
         items:
           type: string
+      title:
+        type: string
+        description: >
+          A title for the incident for TheHive connectors.
+          It is used for searching the contents of the knowledge base.
+      tlp:
+        type: integer
+        minimum: 0
+        maximum: 4
+        default: 2
+        description: >
+          The traffic light protocol designation for the incident in TheHive connectors. Valid values include: 0 (clear), 1 (green), 2 (amber), 3 (amber and strict), and 4 (red).
+      type:
+        type: string
+        description: The type of alert in TheHive connectors.
       user:
         type: string
         description: The display name for the owner.

x-pack/plugins/actions/docs/openapi/components/schemas/run_pushtoservice.yaml

@@ -3,7 +3,7 @@ type: object
 required:
   - subAction
   - subActionParams
-description: The `pushToService` subaction for Jira, ServiceNow ITSM, ServiceNow SecOps, Swimlane, and Webhook - Case Management connectors.
+description: The `pushToService` subaction for Jira, ServiceNow ITSM, ServiceNow SecOps, Swimlane, TheHive, and Webhook - Case Management connectors.
 properties: 
   subAction:
     type: string
@@ -16,7 +16,7 @@ properties:
     properties:
       comments:
         type: array
-        description: Additional information that is sent to Jira, ServiceNow ITSM, ServiceNow SecOps, or Swimlane.
+        description: Additional information that is sent to Jira, ServiceNow ITSM, ServiceNow SecOps, Swimlane, or TheHive.
         items:
           type: object
           properties:
@@ -28,7 +28,7 @@ properties:
               description: A unique identifier for the comment.
       incident:
         type: object
-        description: Information necessary to create or update a Jira, ServiceNow ITSM, ServiveNow SecOps, or Swimlane incident.
+        description: Information necessary to create or update a Jira, ServiceNow ITSM, ServiveNow SecOps, Swimlane, or TheHive incident.
         properties:
           alertId:
             type: string
@@ -52,7 +52,7 @@ properties:
               NOTE: Using the default configuration of `{{ruleID}}:{{alert ID}}` ensures that ServiceNow creates a separate incident record for every generated alert that uses a unique alert ID. If the rule generates multiple alerts that use the same alert IDs, ServiceNow creates and continually updates a single incident record for the alert.
           description:
             type: string
-            description: The description of the incident for Jira, ServiceNow ITSM, ServiceNow SecOps, Swimlane, and Webhook - Case Management connectors.
+            description: The description of the incident for Jira, ServiceNow ITSM, ServiceNow SecOps, Swimlane, TheHive, and Webhook - Case Management connectors.
           dest_ip:
             description: >
               A list of destination IP addresses related to the security incident for ServiceNow SecOps connectors. The IPs are added as observables to the security incident.
@@ -113,8 +113,10 @@ properties:
             type: string
             description: The rule name for Swimlane connectors.
           severity:
-            type: string
-            description: The severity of the incident for ServiceNow ITSM and Swimlane connectors.
+            type: integer
+            description: >
+              The severity of the incident for ServiceNow ITSM, Swimlane, and TheHive connectors.
+              In TheHive connectors, the severity value ranges from 1 (low) to 4 (critical) with a default value of 2 (medium).
           short_description:
             type: string
             description: >
@@ -139,12 +141,19 @@ properties:
             type: array
             items:
               type: string
-            description: A list of tags for Webhook - Case Management connectors.
+            description: A list of tags for TheHive and Webhook - Case Management connectors.
           title:
             type: string
             description: >
-              A title for the incident for Jira and Webhook - Case Management connectors.
+              A title for the incident for Jira, TheHive, and Webhook - Case Management connectors.
               It is used for searching the contents of the knowledge base.
+          tlp:
+            type: integer
+            minimum: 0
+            maximum: 4
+            default: 2
+            description: >
+              The traffic light protocol designation for the incident in TheHive connectors. Valid values include: 0 (clear), 1 (green), 2 (amber), 3 (amber and strict), and 4 (red).
           urgency:
             type: string
             description: The urgency of the incident for ServiceNow ITSM connectors.

x-pack/plugins/actions/docs/openapi/components/schemas/thehive_config.yaml

@@ -0,0 +1,16 @@
+title: Connector request properties for a TheHive connector
+description: Defines configuration properties for connectors when type is `.thehive`.
+type: object
+required:
+  - url
+properties:
+  organisation:
+    type: string
+    description: >
+      The organisation in TheHive that will contain the alerts or cases.
+      By default, the connector uses the default organisation of the user account that created the API key.
+  url:
+    type: string
+    description: >
+      The instance URL in TheHive.
+      If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.

x-pack/plugins/actions/docs/openapi/components/schemas/thehive_secrets.yaml

@@ -0,0 +1,9 @@
+title: Connector secrets properties for a TheHive connector
+description: Defines secrets for connectors when type is `.thehive`.
+required:
+  - apiKey
+type: object
+properties:
+  apiKey:
+    type: string
+    description: The API key for authentication in TheHive.