elastic · lcawl · Sep 11, 2024 · Sep 10, 2024 · Sep 10, 2024 · Sep 10, 2024
@@ -8,7 +8,13 @@
 :frontmatter-tags-content-type: [how-to]
 :frontmatter-tags-user-goals: [configure]
 
-TheHive connector uses the https://docs.strangebee.com/thehive/api-docs/[TheHive (v1) REST API] to create cases and alerts.
+TheHive connector uses the https://docs.strangebee.com/thehive/api-docs/[TheHive (v1) REST API] to create cases and alerts. added:[8.16.0]
+
+[NOTE]
+====
+If you use this connector with <<cases,cases>>, the status values differ in {kib} and TheHive.
+The status values are not synchronized when you update a case.
+====
 
 [float]
 [[define-thehive-ui]]
@@ -28,9 +34,9 @@ image::management/connectors/images/thehive-connector.png[TheHive connector]
 TheHive connectors have the following configuration properties:
 
 Name::         The name of the connector.
-Organisation:: Organisation name in which user intends to create cases or alerts.
-URL::          TheHive instance URL.
-API Key::      TheHive API key for authentication.
+Organisation:: The organisation in TheHive that will contain the cases or alerts.
+URL::          The instance URL in TheHive.
+API key::      The API key for authentication in TheHive.
 
 [float]
 [[thehive-action-configuration]]
@@ -49,28 +55,16 @@ image::management/connectors/images/thehive-params-alert-test.png[TheHive alert
 
 TheHive actions have the following configuration properties.
 
-Event Action:: Action that will be performed in thehive. Supported actions are Create Case (default) and Create Alert.
-Title:: Title of the incident.
+Event action:: The action that will be performed in TheHive: create a case or an alert.
+Title:: The title of the incident.
 Description:: The details about the incident.
-Severity:: Severity of the incident. This can be one of `LOW`, `MEDIUM`(default), `HIGH` or `CRITICAL`.
-TLP:: Traffic Light Protocol designation for the incident. This can be one of `CLEAR`, `GREEN`, `AMBER`(default), `AMBER+STRICT` or `RED`.
-Tags:: The keywords or tags about the incident.
-Additional comments:: Additional information about the Case.
-Type:: Type of the Alert.
-Source:: Source of the Alert.
-Source Reference:: Source reference of the Alert.
-
-[float]
-[[thehive-features]]
-=== Features
-
-1. Rule base creation of alerts and cases.
-2. Create case, Update case.
-
-[NOTE]
-====
-* For update case, status of the case is not sync with the kibana case.
-====
+Severity:: The severity of the incident: `LOW`, `MEDIUM`, `HIGH` or `CRITICAL`.
+TLP:: The traffic light protocol designation for the incident: `CLEAR`, `GREEN`, `AMBER`, `AMBER+STRICT` or `RED`.
+Tags:: The keywords or tags for the incident.
+Additional comments:: Additional information about the incident.
+Type:: The type of alert.
+Source:: The source of the alert.
+Source reference:: A source reference for the alert.
 
 [float]
 [[thehive-connector-networking-configuration]]
@@ -82,7 +76,7 @@ Use the <<action-settings, Action configuration settings>> to customize connecto
 [[configure-thehive]]
 === Configure TheHive
 
-To generate an API Key in TheHive:
+To generate an API key in TheHive:
 
 1. Log in to your TheHive instance.
 2. Open profile tab and select the settings.

diff --git a/x-pack/plugins/stack_connectors/public/connector_types/thehive/constants.ts b/x-pack/plugins/stack_connectors/public/connector_types/thehive/constants.ts
@@ -14,7 +14,7 @@ export const eventActionOptions = [
     text: i18n.translate(
       'xpack.stackConnectors.components.thehive.eventSelectCreateCaseOptionLabel',
       {
-        defaultMessage: 'Create Case',
+        defaultMessage: 'Create case',
       }
     ),
   },
@@ -23,7 +23,7 @@ export const eventActionOptions = [
     text: i18n.translate(
       'xpack.stackConnectors.components.thehive.eventSelectCreateAlertOptionLabel',
       {
-        defaultMessage: 'Create Alert',
+        defaultMessage: 'Create alert',
       }
     ),
   },

diff --git a/x-pack/plugins/stack_connectors/public/connector_types/thehive/thehive.test.tsx b/x-pack/plugins/stack_connectors/public/connector_types/thehive/thehive.test.tsx
@@ -130,7 +130,7 @@ describe('thehive createAlert action params validation', () => {
         'createAlertParam.description': ['Description is required.'],
         'createAlertParam.type': ['Type is required.'],
         'createAlertParam.source': ['Source is required.'],
-        'createAlertParam.sourceRef': ['Source Reference is required.'],
+        'createAlertParam.sourceRef': ['Source reference is required.'],
       },
     });
   });

diff --git a/x-pack/plugins/stack_connectors/public/connector_types/thehive/translations.ts b/x-pack/plugins/stack_connectors/public/connector_types/thehive/translations.ts
@@ -21,35 +21,35 @@ export const ORGANISATION_LABEL = i18n.translate(
 export const ORGANISATION_HELP_TEXT = i18n.translate(
   'xpack.stackConnectors.components.thehive.organisationFieldHelpText',
   {
-    defaultMessage: `By default, the user's default organization will be considered.`,
+    defaultMessage: 'By default, it uses the default organisation of the API key owner.',
   }
 );
 
 export const API_KEY_LABEL = i18n.translate(
   'xpack.stackConnectors.components.thehive.apiKeyFieldLabel',
   {
-    defaultMessage: 'API Key',
+    defaultMessage: 'API key',
   }
 );
 
 export const EVENT_ACTION_LABEL = i18n.translate(
   'xpack.stackConnectors.components.thehive.eventActionSelectFieldLabel',
   {
-    defaultMessage: 'Event Action',
+    defaultMessage: 'Event action',
   }
 );
 
 export const TITLE_LABEL = i18n.translate(
   'xpack.stackConnectors.components.thehive.titleFieldLabel',
   {
-    defaultMessage: 'Title*',
+    defaultMessage: 'Title',
   }
 );
 
 export const DESCRIPTION_LABEL = i18n.translate(
   'xpack.stackConnectors.components.thehive.descriptionFieldLabel',
   {
-    defaultMessage: 'Description*',
+    defaultMessage: 'Description',
   }
 );
 
@@ -84,21 +84,21 @@ export const COMMENTS_LABEL = i18n.translate(
 export const TYPE_LABEL = i18n.translate(
   'xpack.stackConnectors.components.thehive.typeFieldLabel',
   {
-    defaultMessage: 'Type*',
+    defaultMessage: 'Type',
   }
 );
 
 export const SOURCE_LABEL = i18n.translate(
   'xpack.stackConnectors.components.thehive.sourceFieldLabel',
   {
-    defaultMessage: 'Source*',
+    defaultMessage: 'Source',
   }
 );
 
 export const SOURCE_REF_LABEL = i18n.translate(
   'xpack.stackConnectors.components.thehive.sourceRefFieldLabel',
   {
-    defaultMessage: 'Source Reference*',
+    defaultMessage: 'Source reference',
   }
 );
 
@@ -133,6 +133,6 @@ export const SOURCE_REQUIRED = i18n.translate(
 export const SOURCE_REF_REQUIRED = i18n.translate(
   'xpack.stackConnectors.components.thehive.requiredSourceRefText',
   {
-    defaultMessage: 'Source Reference is required.',
+    defaultMessage: 'Source reference is required.',
   }
 );
@@ -47,6 +47,7 @@ export enum ExternalServiceSimulator {
   TINES = 'tines',
   SENTINELONE = 'sentinelone',
   CROWDSTRIKE = 'crowdstrike',
+  THEHIVE = 'thehive',
 }
 
 export function getExternalServiceSimulatorPath(service: ExternalServiceSimulator): string {
@@ -67,6 +68,7 @@ export function getAllExternalServiceSimulatorPaths(): string[] {
   allPaths.push(`/api/_${NAME}/${ExternalServiceSimulator.TINES}/webhook/path/secret`);
   allPaths.push(`/api/_${NAME}/${ExternalServiceSimulator.SENTINELONE}/web/api/v2.1/`);
   allPaths.push(`/api/_${NAME}/${ExternalServiceSimulator.CROWDSTRIKE}`);
+  allPaths.push(`/api/_${NAME}/${ExternalServiceSimulator.THEHIVE}`);
   return allPaths;
 }
 
@@ -160,6 +162,7 @@ export class FixturePlugin implements Plugin<void, void, FixtureSetupDeps, Fixtu
       getExternalServiceSimulatorPath(ExternalServiceSimulator.SERVICENOW)
     );
     initTines(router, getExternalServiceSimulatorPath(ExternalServiceSimulator.TINES));
+    initTines(router, getExternalServiceSimulatorPath(ExternalServiceSimulator.THEHIVE));
     initUnsecuredAction(router, core);
   }
 

@@ -71,6 +71,7 @@ export default function ({ loadTestFile, getService }: FtrProviderContext) {
     loadTestFile(require.resolve('./servicenow_itsm_connector'));
     loadTestFile(require.resolve('./servicenow_sir_connector'));
     loadTestFile(require.resolve('./slack_connector'));
+    loadTestFile(require.resolve('./thehive_connector'));
     loadTestFile(require.resolve('./tines_connector'));
     loadTestFile(require.resolve('./webhook_connector'));
     loadTestFile(require.resolve('./xmatters_connector'));

@@ -0,0 +1,56 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import {
+  ExternalServiceSimulator,
+  getExternalServiceSimulatorPath,
+} from '@kbn/actions-simulators-plugin/server/plugin';
+import { FtrProviderContext } from '../../../ftr_provider_context';
+
+export default function ({ getService, getPageObjects }: FtrProviderContext) {
+  const commonScreenshots = getService('commonScreenshots');
+  const screenshotDirectories = ['response_ops_docs', 'stack_connectors'];
+  const pageObjects = getPageObjects(['common', 'header']);
+  const actions = getService('actions');
+  const kibanaServer = getService('kibanaServer');
+  const testSubjects = getService('testSubjects');
+  const toasts = getService('toasts');
+
+  let simulatorUrl: string;
+  let editSimulatorUrl: string;
+
+  describe('thehive connector', function () {
+    before(async () => {
+      simulatorUrl = kibanaServer.resolveUrl(
+        getExternalServiceSimulatorPath(ExternalServiceSimulator.THEHIVE)
+      );
+      editSimulatorUrl = simulatorUrl.replace('/elastic:changeme@', '/');
+    });
+
+    beforeEach(async () => {
+      await pageObjects.common.navigateToApp('connectors');
+      await pageObjects.header.waitUntilLoadingHasFinished();
+    });
+
+    it('thehive connector screenshots', async () => {
+      await pageObjects.common.navigateToApp('connectors');
+      await pageObjects.header.waitUntilLoadingHasFinished();
+      await actions.common.openNewConnectorForm('thehive');
+      await testSubjects.setValue('nameInput', 'TheHive test connector');
+      await testSubjects.setValue('config.organisation-input', 'test');
+      await testSubjects.setValue('config.url-input', editSimulatorUrl);
+      await testSubjects.setValue('secrets.apiKey-input', 'tester');
+      await commonScreenshots.takeScreenshot('thehive-connector', screenshotDirectories);
+      await testSubjects.click('create-connector-flyout-save-test-btn');
+      await toasts.dismissAll();
+      await commonScreenshots.takeScreenshot('thehive-params-case-test', screenshotDirectories);
+      await testSubjects.setValue('eventActionSelect', 'createAlert');
+      await commonScreenshots.takeScreenshot('thehive-params-alert-test', screenshotDirectories);
+      await testSubjects.click('euiFlyoutCloseButton');
+    });
+  });
+}