[Cases] Add cases workflow steps#253119
Merged
janmonschke merged 43 commits intoelastic:mainfrom Feb 27, 2026
Merged
Conversation
janmonschke
added
backport:skip
Contributor
|
Pinging @elastic/kibana-cases (Team:Cases) |
janmonschke
changed the title
elastic-vault-github-plugin-prod
Bot
requested a review
from a team
as a code owner
Contributor
Author
|
@elasticmachine merge upstream |
jbudz
approved these changes
Feb 23, 2026
Contributor
christineweng
left a comment
christineweng
left a comment
There was a problem hiding this comment.
@janmonschke Great work! Local testing LGTM, left some nit comments on consistency and logging
| documentation: { | ||
| details: i18n.CREATE_CASE_STEP_DOCUMENTATION_DETAILS, | ||
| examples: [ | ||
| `## Basic case creation |
Contributor
There was a problem hiding this comment.
personal nit: can these blobs be extracted to a docs folder somewhere?
christineweng
approved these changes
Feb 24, 2026
semd
reviewed
Feb 25, 2026
semd
reviewed
Feb 26, 2026
semd
reviewed
Feb 27, 2026
Contributor
Author
|
@elasticmachine merge upstream |
Contributor
⏳ Build in-progress
History
|
qn895
pushed a commit
to qn895/kibana
that referenced
this pull request
Mar 11, 2026
## Summary <img width="1212" height="720" alt="image" src="https://github.com/user-attachments/assets/59397721-4024-4877-8781-d7736b1d3628" /> This PR adds ~~five~~four ~~new~~ enhanced case workflow steps: 1. `cases.createCase`: Does not require user to add optional fields, supports adding a connector, better autocompletion 2. `cases.updateCase`: Does not require user to specify a `version`, eliminating the need to fetch the case in the step before. Better autocompletion. 3. `cases.getCase`: Gets a case by id 4. `cases.addCaseComment`: Adds a comment to a case with better autocompletion 5. `cases.createCaseFromTemplate`: Creates a case from an autocompleted case template. What, 5? I thought it was 4!? Well, yes. Technically there are 5 steps in this PR but only 4 of them are activated. `cases.createCaseFromTemplate` depends on workflow improvements mentioned in elastic#253568 (namely `owner` inspection). Note: **all** steps also support pushing the case after completion by setting the `push-case` property to `true`. ## Testing Add the following to your `kibana.dev.yml`: ```yml uiSettings: overrides: bfetch:disableCompression: true workflows:ui:enabled: true ``` I encourage you to check out the code locally and to play around with the workflow feature to get a feel for the autocompletion and how case steps behave. If you notice anything that should be enhanced, add a comment here. Here's a workflow spec that uses all (enabled) case steps: <details> <summary>Click to reveal yaml file</summary> ```yaml name: Case workflow kitchen sink enabled: false description: Tests all the case stes triggers: - type: manual steps: - name: create_case type: cases.createCase push-case: true connector-id: ba236d8b-67fb-47d6-8df8-bba91381beb1 with: description: "Test description" title: "test title" owner: securitySolution settings: syncAlerts: false - name: update_case type: cases.updateCase with: case_id: "{{steps.create_case.output.case.id}}" updates: status: in-progress title: The title changed - name: add_comment type: cases.addComment with: case_id: "{{steps.update_case.output.case.id}}" comment: "Test comment" - name: get_case type: cases.getCase with: case_id: "{{steps.add_comment.output.case.id}}" include_comments: false ``` </details> ## Notes Reach out to me on Slack for cloud env & connector credentials. ## Meta Depends on: elastic#253568 Partially implements: elastic/security-team#15084 Fixes elastic/security-team#15969 --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Mykhailo Kondrat <247111948+mykhailokondrat@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: Sergi Massaneda <sergi.massaneda@elastic.co>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
8 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR adds
fivefournewenhanced case workflow steps:cases.createCase: Does not require user to add optional fields, supports adding a connector, better autocompletioncases.updateCase: Does not require user to specify aversion, eliminating the need to fetch the case in the step before. Better autocompletion.cases.getCase: Gets a case by idcases.addCaseComment: Adds a comment to a case with better autocompletioncases.createCaseFromTemplate: Creates a case from an autocompleted case template.What, 5? I thought it was 4!? Well, yes. Technically there are 5 steps in this PR but only 4 of them are activated.
cases.createCaseFromTemplatedepends on workflow improvements mentioned in #253568 (namelyownerinspection).Note: all steps also support pushing the case after completion by setting the
push-caseproperty totrue.Testing
Add the following to your
kibana.dev.yml:I encourage you to check out the code locally and to play around with the workflow feature to get a feel for the autocompletion and how case steps behave. If you notice anything that should be enhanced, add a comment here.
Here's a workflow spec that uses all (enabled) case steps:
Click to reveal yaml file
Notes
Reach out to me on Slack for cloud env & connector credentials.
Meta
Depends on: #253568
Partially implements: https://github.com/elastic/security-team/issues/15084
Fixes https://github.com/elastic/security-team/issues/15969