From 17c64aa18325c625a76d62c72d06750f559f6eb0 Mon Sep 17 00:00:00 2001 From: David Kilfoyle <41695641+kilfoyle@users.noreply.github.com> Date: Tue, 7 Jan 2025 12:53:09 -0500 Subject: [PATCH] [Docs] Update "Alert and action settings" docs to be generated from YAML source (#191787) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR: - Updates the Kibana [Alert and action settings](https://www.elastic.co/guide/en/kibana/current/alert-action-settings-kb.html) page to be based off of a YAML source file (`/docs/settings-gen/source/kibana-alert-action-settings.yml`) that is manually converted to Asciidoc format (`kibana-alert-action-settings.asciidoc`) by means of a Perl script (`docs/settings-gen/parse-settings.pl`). A preview of the new, generated page is [here](https://kibana_bk_191787.docs-preview.app.elstc.co/guide/en/kibana/master/alert-action-settings-kb.html). - Adds the `docs/settings-gen/parse-settings.pl` script which does the YAML → Asciidoc conversion. All new files are added to the `/docs/source-gen` folder. This is a trial run updating only one page of settings in the docs. Later, in separate PRs, we plan to convert other pages. After all Kibana settings pages have been converted, we would ask that the Perl script be run automatically as part of the CI whenever the YAML files in `/docs/source-gen` are added or updated. **Notes:** - The Docs team is happy to own and maintain the Perl script (sorry to use Perl - it's the only scripting language that I know). - In time we also plan to convert all of these files from Asciidoc to Markdown. - When we eventually/hopefully get the rest of the Kibana settings files converted, we will announce the settings doc process to the Kibana team by email and/or in the Kibana newsletter. Big thanks to the amazing @lukeelmers and @KOTungseth for guiding this! --- Why are we doing this? We aim to: - Create a more consistent appearance for settings across all of the docs. - Make it easier for people to contribute, since all Asciidoc/Markdown formatting is handled by a script. - Make it more apparent which settings may be missing info, such as the default values, available options, etc. --- P.S. I haven't worked in the Kibana repo very much and would appreciate any help navigating the CI checks. Rel: https://github.com/elastic/docs-projects/issues/239 --- .github/CODEOWNERS | 3 + docs/settings-gen/parse-settings.pl | 227 ++ docs/settings-gen/readme.md | 57 + .../kibana-alert-action-settings.asciidoc | 1250 +++++++++ .../source/kibana-alert-action-settings.yml | 2330 +++++++++++++++++ docs/settings/alert-action-settings.asciidoc | 624 +---- docs/setup/settings.asciidoc | 2 +- 7 files changed, 3870 insertions(+), 623 deletions(-) create mode 100644 docs/settings-gen/parse-settings.pl create mode 100644 docs/settings-gen/readme.md create mode 100644 docs/settings-gen/source/kibana-alert-action-settings.asciidoc create mode 100644 docs/settings-gen/source/kibana-alert-action-settings.yml diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index ec820ee4f3226..c30117937e84a 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -2640,6 +2640,9 @@ oas_docs/.spectral.yaml @elastic/platform-docs oas_docs/kibana.info.serverless.yaml @elastic/platform-docs oas_docs/kibana.info.yaml @elastic/platform-docs +# Documentation settings files +docs/settings-gen @elastic/platform-docs + # Plugin manifests /src/plugins/**/kibana.jsonc @elastic/kibana-core /src/platform/plugins/shared/**/kibana.jsonc @elastic/kibana-core diff --git a/docs/settings-gen/parse-settings.pl b/docs/settings-gen/parse-settings.pl new file mode 100644 index 0000000000000..f70dddccd9b8b --- /dev/null +++ b/docs/settings-gen/parse-settings.pl @@ -0,0 +1,227 @@ +#!/usr/bin/perl + +# This script takes all .yml files in the /source directory and, for each, generates an asciidoc file of the same name. +# Run the script: perl parse-settings.pl + +use strict; +use warnings; +use YAML::Tiny; +use File::Find; +use File::Copy; + +my $file; +# I'm hardcoding these directories just temporarily for testing +my $sourcedir = './source'; +my $asciidocdir = 'source/'; +my $count; + +find(\&iteratefiles, $sourcedir); +print "\n\nProcessed ".$count. " files.\n"; +exit; + +sub iteratefiles { + $file = $_; + # ignore any non-yaml files + if (!($file =~ /\.yml$/)) {return;} + print "\nParsed file: ".$file; + my $testslice = parsefile($file); +return; +} + +sub parsefile { + # Create an output file based on yaml filename + my $outputfile = my $outputfileorig = $file; + $outputfile =~ s/.yml/.asciidoc/g; + # We'll use this to store the contents of the generated asciidoc file + + # Read in the yaml file + my $yaml = YAML::Tiny->read( $file ); + + # Get a reference to the first document + #my $config = $yaml->[0]; + + my $collection = $yaml->[0]->{collection}; + my $product = $yaml->[0]->{product}; + + # This variable is used to capture all the content that will become our output asciidoc file + my $asciidocoutput = "\n".'// '."This is a generated file; please don't update it directly.\n".'//'." Instead, the updatable source for these settings can be found in ".$outputfileorig; + $asciidocoutput .= "\n".'// '."Collection: ".$collection; + $asciidocoutput .= "\n".'// '."Product: ".$product."\n\n"; + + # build the page preamble paragraphs + my $page_description = $yaml->[0]->{page_description}; + if ($page_description) { + # preserve newlines + $page_description =~ s/\n/\n\n/g; + $asciidocoutput .= $page_description; + } + + my $groups = $yaml->[0]{groups}; + for my $group (@$groups) { + + # Grab the group name, description, and other properties + my $group_id = $group->{id}; + my $group_name = $group->{group}; + my $group_description = $group->{description}; + my $group_example = $group->{example}; + + # Add the group info to the asciidoc file contents + $asciidocoutput .= "\n\n"; + if ($group_id) { + $asciidocoutput .= "[float]\n[[".$group_id."]]\n=== ".$group_name."\n\n"; + } + else { + $asciidocoutput .= "[float]\n=== ".$group_name."\n\n"; + } + if ($group_description) { + # preserve newlines + $group_description =~ s/\n/\n\n/g; + $asciidocoutput .= "\n$group_description\n"; + } + + + # Add an example if there is one, like this: include::../examples/example-logging-root-level.asciidoc[] + if ($group_example) { + $asciidocoutput .= "\n\n$group_example\n\n"; + } + + my $settings = $group->{settings}; + for my $setting (@$settings) { + + # Grab the setting name, description, and other properties + my $setting_name = $setting->{setting}; + my $setting_id = $setting->{id}; + my $setting_description = $setting->{description}; + my $setting_note = $setting->{note}; + my $setting_warning = $setting->{warning}; + my $setting_important = $setting->{important}; + my $setting_tip = $setting->{tip}; + my $setting_datatype = $setting->{datatype}; + my $setting_default = $setting->{default}; + my $setting_type = $setting->{type}; + my $setting_options = $setting->{options}; + my $setting_platforms = $setting->{platforms}; + my $setting_example = $setting->{example}; + my $setting_state = $setting->{state}; + my $deprecation_details = $setting->{deprecation_details}; + + # skip settings that are flagged as "hidden" + if (($setting_state) && ($setting_state =~ /hidden/i)) {next;} + + # Get the setting options and option descriptions and build the string + my $options = $setting->{options}; + my $setting_options_string = ""; + if ($options) { + for my $option (@$options) { + my $option_name = $option->{option}; + # if ($option_name) {print "\nOPTION = ".$option_name;} + if ($option_name) {$setting_options_string .= '* `'.$option_name.'`';} + my $option_description = $option->{description}; + # if ($option_description) {print "\nDESCRIPTION = ".$option_description;} + if ($option_description) {$setting_options_string .= ' - '.$option_description;} + $setting_options_string .= "\n"; + } + } + + # check if supported on Cloud (these settings are marked with a Cloud icon) + my $supported_cloud = 0; + for my $platform (@$setting_platforms) { + if ($platform =~ /cloud/) {$supported_cloud = 1;} + } + + # Add the settings info to the asciidoc file contents + $asciidocoutput .= "\n"; + if ($setting_id) { + $asciidocoutput .= "\n".'[['.$setting_id.']]'."\n"; + } + $asciidocoutput .= '`'.$setting_name.'`'; + if ($supported_cloud) { + $asciidocoutput .= ' {ess-icon}'; + } + $asciidocoutput .= "::\n+\n====\n"; + + if ($setting_state) { + # Add a standard disclaimer for technical preview settings + if ($setting_state =~ /technical-preview/i) + { + $asciidocoutput .= "\n\npreview::[]\n\n"; + } + + # Mark deprecated settings and add guidance (such as when it was deprecated) if there is any + elsif ($setting_state =~ /deprecated/i) + { + $asciidocoutput .= "**Deprecated:** "; + if ($deprecation_details) { + $asciidocoutput .= $deprecation_details."\n\n"; + } + } + # known setting_states are 'technical-preview', 'deprecated' and 'hidden'. Anything else is ignored. + else { + print "\nUnknown setting state: ".$setting_state."\n"; + } + } + + #if ($setting_description_string) { + # $asciidocoutput .= $setting_description_string; + #} + if ($setting_description) { + # preserve newlines + $setting_description =~ s/\n/\n\n/g; + $asciidocoutput .= "$setting_description"; + } + + if ($setting_note) { + $asciidocoutput .= "\nNOTE: ".$setting_note."\n"; + } + if ($setting_warning) { + $asciidocoutput .= "\nWARNING: ".$setting_warning."\n"; + } + if ($setting_important) { + $asciidocoutput .= "\nIMPORTANT: ".$setting_important."\n"; + } + if ($setting_tip) { + $asciidocoutput .= "\nTIP: ".$setting_tip."\n"; + } + + # If any of these are defined (setting options, setting default value, settting type...) add those inside a box. + # We put a " +" at the end of each line to to achieve single spacing inside the box. + + if (($setting_options_string) || ($setting_datatype) || ($setting_default) || ($setting_type)) { + if ($setting_datatype) { + $asciidocoutput .= "Data type: ".'`'.$setting_datatype.'`'.' +'."\n"; + } + if ($setting_options_string) { + $asciidocoutput .= "\nOptions:\n\n".$setting_options_string."\n"; + } + if ($setting_default) { + $asciidocoutput .= "Default: ".'`'.$setting_default.'`'.' +'."\n"; + } + if ($setting_type) { + $asciidocoutput .= 'Type: `'.$setting_type.'` +'."\n"; + } + } + + # Add an example if there is one, like this: include::../examples/example-logging-root-level.asciidoc[] + if ($setting_example) { + $asciidocoutput .= "\n\n$setting_example\n\n"; + } + + $asciidocoutput .= "====\n"; + } + } + + # Just in case we need to grab all of the keys, this is how: + # foreach my $key (keys %hash) { ... } + + $asciidocoutput .= "\n\n"; + + # write the contents into the generated asciidoc file + open (WRITE, "> $outputfile") or die("$!"); + print WRITE $asciidocoutput; + close WRITE; + print "\nGenerated file: ".$outputfile; + ++$count; + +return; +} + diff --git a/docs/settings-gen/readme.md b/docs/settings-gen/readme.md new file mode 100644 index 0000000000000..8e7f2d2a8de8f --- /dev/null +++ b/docs/settings-gen/readme.md @@ -0,0 +1,57 @@ +# YAML-based settings documentation + +We're aiming to update the Kibana configuration settings pages to be based off of YAML-formatted source files. The approach has the advantages that: + - The YAML format makes it easier to add new settings and update existing ones. The setting data is separate from almost all formatting, whether Asciidoc or (future) Markdown. + - The HTML files will have a more consistent and user-friendly appearance. + - The YAML format makes it easier for teams to identify missing settings or settings that are lacking details that should be made available in the docs. + +The YAML settings files in the `settings-gen/source` folder are converted to Asciidoc source, located in the same directory, by means of the `parse-settings.pl` Perl script. Please do not update the generated Asciidoc files directly as your changes will be overwritten. Please make any required docs changes in the `-settings.yml` files. + +Following is a schema for all available properties in a YAML settings file. + +## Schema + +``` +product: REQUIRED e.g. Elasticsearch, Kibana, Enterprise Search +collection: REQUIRED e.g. Alerting and action settings in Kibana +page_description: | + OPTIONAL + Multiline string. Can include tables, lists, code examples, etc. + +groups: + - group: REQUIRED e.g. Preconfigured connector settings + id: REQUIRED The ID used for documentation links, e.g., general-alert-action-settings + # description: | + OPTIONAL + Multiline string. Can include tables, lists, code examples, etc. + # example: | + OPTIONAL + Multiline string. + Can include tables, lists, code examples, etc. + + settings: + - setting: REQUIRED e.g. xpack.encryptedSavedObjects.encryptionKey + # id: OPTIONAL ID used for documentation links, e.g., xpack-encryptedsavedobjects-encryptionkey + description: | + REQUIRED + Multiline string. Can include tables, lists, code examples, etc. + # state: OPTIONAL One of deprecated/hidden/tech-preview + # deprecation_details: "" OPTIONAL + # note: "" OPTIONAL + # tip: "" OPTIONAL + # warning: "" OPTIONAL + # important: "" OPTIONAL + # datatype: REQUIRED One of string/bool/int/float/enum. For enum include the supported 'options', below. + # default: OPTIONAL + # options: + # - option: OPTIONAL + # description: "" OPTIONAL + # type: OPTIONAL ONe of static/dynamic + # platforms: OPTIONAL, list each supported platform + # - cloud + # - serverless + # - self-managed + # example: | + OPTIONAL + Multiline string. Can include tables, lists, code examples, etc. +``` diff --git a/docs/settings-gen/source/kibana-alert-action-settings.asciidoc b/docs/settings-gen/source/kibana-alert-action-settings.asciidoc new file mode 100644 index 0000000000000..1a53752f01542 --- /dev/null +++ b/docs/settings-gen/source/kibana-alert-action-settings.asciidoc @@ -0,0 +1,1250 @@ + +// This is a generated file; please don't update it directly. +// Instead, the updatable source for these settings can be found in kibana-alert-action-settings.yml +// Collection: Alerting and action settings in Kibana +// Product: Kibana + +Alerting and actions are enabled by default in {kib}, but require you to configure the following: + +. <>. + +. <>. + +. If you are using an *on-premises* Elastic Stack deployment, <>. + +You can configure the following settings in the `kibana.yml` file. + + + +[float] +[[general-alert-action-settings]] +=== General settings + + +`xpack.encryptedSavedObjects.encryptionKey`:: ++ +==== +A string of 32 or more characters used to encrypt sensitive properties on alerting rules and actions before they're stored in Elasticsearch. Third party credentials — such as the username and password used to connect to an SMTP service — are an example of encrypted properties. + +Kibana offers a <> to help generate this encryption key. + +If not set, Kibana will generate a random key on startup, but all alerting and action functions will be blocked. Generated keys are not allowed for alerting and actions because when a new key is generated on restart, existing encrypted data becomes inaccessible. For the same reason, alerting and actions in high-availability deployments of Kibana will behave unexpectedly if the key isn't the same on all instances of Kibana. + +Although the key can be specified in clear text in `kibana.yml`, it's recommended to store this key securely in the <>. Be sure to back up the encryption key value somewhere safe, as your alerting rules and actions will cease to function due to decryption failures should you lose it. If you want to rotate the encryption key, be sure to follow the instructions on <>. + +Data type: `string` + +==== + + +[float] +[[action-settings]] +=== Action settings + + +`xpack.actions.allowedHosts` {ess-icon}:: ++ +==== +A list of hostnames that Kibana is allowed to connect to when built-in actions are triggered. It defaults to `["*"]`, allowing any host, but keep in mind the potential for SSRF attacks when hosts are not explicitly added to the allowed hosts. An empty list `[]` can be used to block built-in actions from making any external connections. + +Note that hosts associated with built-in actions, such as Slack and PagerDuty, are not automatically added to allowed hosts. If you are not using the default `["*"]` setting, you must ensure that the corresponding endpoints are added to the allowed hosts as well. + +Data type: `string` + +==== + +`xpack.actions.customHostSettings` {ess-icon}:: ++ +==== +A list of custom host settings to override existing global settings. + +Each entry in the list must have a `url` property, to associate a connection type (mail or https), hostname and port with the remaining options in the entry. + +The settings in `xpack.actions.customHostSettings` can be used to override the global option `xpack.actions.ssl.verificationMode` and provide customized TLS settings on a per-server basis. Set `xpack.actions.ssl.verificationMode` to the value to be used by default for all servers, then add an entry in `xpack.actions.customHostSettings` for every server that requires customized settings. + +Data type: `string` + +Default: `an empty list` + + + +In the following example, two custom host settings +are defined. The first provides a custom host setting for mail server +`mail.example.com` using port 465 that supplies server certificate authentication +data from both a file and inline, and requires TLS for the +connection. The second provides a custom host setting for https server +`webhook.example.com` which turns off server certificate authentication, +that will allow Kibana to connect to the server if it's using a self-signed +certificate. The individual properties that can be used in the settings are +documented below. +[source,yaml] +-- +xpack.actions.customHostSettings: + - url: smtp://mail.example.com:465 + ssl: + verificationMode: 'full' + certificateAuthoritiesFiles: [ 'one.crt' ] + certificateAuthoritiesData: | + -----BEGIN CERTIFICATE----- + MIIDTD... + CwUAMD... + ... multiple lines of certificate data ... + -----END CERTIFICATE----- + smtp: + requireTLS: true + - url: https://webhook.example.com + ssl: + verificationMode: 'none' +-- + + +==== + +`xpack.actions.customHostSettings[n].url` {ess-icon}:: ++ +==== +A URL associated with this custom host setting. Should be in the form of `protocol://hostname:port`, where `protocol` is `https` or `smtp`. If the port is not provided, 443 is used for `https` and 25 is used for `smtp`. The `smtp` URLs are used for the Email actions that use this server, and the `https` URLs are used for actions which use `https` to connect to services. + +Entries with `https` URLs can use the `ssl` options, and entries with `smtp` URLs can use both the `ssl` and `smtp` options. + +No other URL values should be part of this URL, including paths, query strings, and authentication information. When an http or smtp request is made as part of running an action, only the protocol, hostname, and port of the URL for that request are used to look up these configuration values. + +Data type: `string` + +==== + +`xpack.actions.customHostSettings[n].smtp.ignoreTLS` {ess-icon}:: ++ +==== +A boolean value indicating that TLS must not be used for this connection. The options `smtp.ignoreTLS` and `smtp.requireTLS` can not both be set to true. + +Data type: `bool` + +Default: `false` + +==== + +`xpack.actions.customHostSettings[n].smtp.requireTLS` {ess-icon}:: ++ +==== +A boolean value indicating that TLS must be used for this connection. The options `smtp.ignoreTLS` and `smtp.requireTLS` can not both be set to true. + +Data type: `bool` + +Default: `false` + +==== + + +[[action-config-custom-host-verification-mode]] +`xpack.actions.customHostSettings[n].ssl.verificationMode` {ess-icon}:: ++ +==== +Controls the verification of the server certificate that Kibana receives when making an outbound SSL/TLS connection to the host server. Valid values are `full`, `certificate`, and `none`. Use `full` to perform hostname verification, `certificate` to skip hostname verification, and `none` to skip verification. Default: `full`. <>. Overrides the general `xpack.actions.ssl.verificationMode` configuration for requests made for this hostname/port. + +Data type: `enum` + + +Options: + +* `full` +* `certificate` +* `none` + +Default: `full` + +==== + +`xpack.actions.customHostSettings[n].ssl.certificateAuthoritiesFiles`:: ++ +==== +A file name or list of file names of PEM-encoded certificate files to use to validate the server. + +Data type: `string` + +==== + +`xpack.actions.customHostSettings[n].ssl.certificateAuthoritiesData` {ess-icon}:: ++ +==== +The contents of one or more PEM-encoded certificate files in multiline format. This configuration can be used for environments where the files cannot be made available. + +Data type: `string` + +==== + + +[[action-config-email-domain-allowlist]] +`xpack.actions.email.domain_allowlist` {ess-icon}:: ++ +==== +A list of allowed email domains which can be used with the email connector. When this setting is not used, all email domains are allowed. When this setting is used, if any email is attempted to be sent that (a) includes an addressee with an email domain that is not in the allowlist, or (b) includes a from address domain that is not in the allowlist, it will fail with a message indicating the email is not allowed. + + +WARNING: This feature is available in Kibana 7.17.4 and 8.3.0 onwards but is not supported in Kibana 8.0, 8.1 or 8.2. As such, this setting should be removed before upgrading from 7.17 to 8.0, 8.1 or 8.2. It is possible to configure the settings in 7.17.4 and then upgrade to 8.3.0 directly. +Data type: `string` + +==== + +`xpack.actions.enableFooterInEmail` {ess-icon}:: ++ +==== +A boolean value indicating that a footer with a relevant link should be added to emails sent as alerting actions. + +Data type: `bool` + +Default: `true` + +==== + +`xpack.actions.enabledActionTypes` {ess-icon}:: ++ +==== +A list of action types that are enabled. It defaults to `["*"]`, enabling all types. The names for built-in Kibana action types are prefixed with a `.` and include: `.email`, `.index`, `.jira`, `.opsgenie`, `.pagerduty`, `.resilient`, `.server-log`, `.servicenow`, .`servicenow-itom`, `.servicenow-sir`, `.slack`, `.swimlane`, `.teams`, `.tines`, `.torq`, `.xmatters`, `.gen-ai`, `.bedrock`, `.gemini`, `.d3security`, and `.webhook`. An empty list `[]` will disable all action types. + +Disabled action types will not appear as an option when creating new connectors, but existing connectors and actions of that type will remain in Kibana and will not function. + + +IMPORTANT: <> are not affected by this setting. +Data type: `string` + +Default: `["*"]` + +==== + +`xpack.actions.microsoftExchangeUrl`:: ++ +==== +The URL for the Microsoft Azure Active Directory endpoint to use for MS Exchange email authentication. + +Data type: `string` + +Default: `https://login.microsoftonline.com` + +==== + +`xpack.actions.microsoftGraphApiUrl`:: ++ +==== +The URL for the Microsoft Graph API endpoint to use for MS Exchange email authentication. + +Data type: `string` + +Default: `https://graph.microsoft.com/v1.0` + +==== + +`xpack.actions.microsoftGraphApiScope`:: ++ +==== +The URL for the Microsoft Graph API scope endpoint to use for MS Exchange email authentication. + +Data type: `string` + +Default: `https://graph.microsoft.com/.default` + +==== + +`xpack.actions.proxyUrl` {ess-icon}:: ++ +==== +Specifies the proxy URL to use, if using a proxy for actions. By default, no proxy is used. + +Proxies may be used to proxy http or https requests through a proxy using the http or https protocol. Kibana only uses proxies in "CONNECT" mode (sometimes referred to as "tunneling" TCP mode, compared to HTTP mode). That is, Kibana will always make requests through a proxy using the HTTP `CONNECT` method. + +If your proxy is using the https protocol (vs the http protocol), the setting `xpack.actions.ssl.proxyVerificationMode: none` will likely be needed, unless your proxy's certificates are signed using a publicly available certificate authority. + +There is currently no support for using basic authentication with a proxy (authentication for the proxy itself, not the URL being requested through the proxy). + +Data type: `string` + + + +To help diagnose problems using a proxy, you can use the `curl` command with options to use your proxy, and log debug information, with the following command, replacing the proxy and target URLs as appropriate. This will force the request to be made to the +proxy in tunneling mode, and display some of the interaction between the client and the proxy. +[source,sh] +-- +curl --verbose --proxytunnel --proxy http://localhost:8080 http://example.com +-- + + +==== + +`xpack.actions.proxyBypassHosts` {ess-icon}:: ++ +==== +Specifies hostnames which should not use the proxy, if using a proxy for actions. The value is an array of hostnames as strings. + +By default, all hosts will use the proxy, but if an action's hostname is in this list, the proxy will not be used. The settings `xpack.actions.proxyBypassHosts` and `xpack.actions.proxyOnlyHosts` cannot be used at the same time. + +Data type: `string` + + + +For example: +[source,yaml] +---- +xpack.actions.proxyBypassHosts: [ "events.pagerduty.com" ] +---- +If applicable, include the subdomain in the hostname + + +==== + +`xpack.actions.proxyOnlyHosts` {ess-icon}:: ++ +==== +Specifies hostnames which should only use the proxy, if using a proxy for actions. The value is an array of hostnames as strings. + +By default, no hosts will use the proxy, but if an action's hostname is in this list, the proxy will be used. The settings `xpack.actions.proxyBypassHosts` and `xpack.actions.proxyOnlyHosts` cannot be used at the same time. + +Data type: `string` + + + +For example: +[source,yaml] +---- +xpack.actions.proxyOnlyHosts: [ "events.pagerduty.com" ] +---- +If applicable, include the subdomain in the hostname + + +==== + +`xpack.actions.proxyHeaders` {ess-icon}:: ++ +==== +Specifies HTTP headers for the proxy, if using a proxy for actions. + +Data type: `string` + +Default: `{}` + +==== + + +[[action-config-proxy-verification-mode]] +`xpack.actions.ssl.proxyVerificationMode` {ess-icon}:: ++ +==== +Controls the verification for the proxy server certificate that Kibana receives when making an outbound SSL/TLS connection to the proxy server. + +Use `full` to perform hostname verification, `certificate` to skip hostname verification, and `none` to skip verification. + +<> + +Data type: `enum` + + +Options: + +* `full` +* `certificate` +* `none` + +Default: `full` + +==== + + +[[action-config-verification-mode]] +`xpack.actions.ssl.verificationMode` {ess-icon}:: ++ +==== +Controls the verification for the server certificate that Elastic Maps Server receives when making an outbound SSL/TLS connection for actions. Valid values are `full`, `certificate`, and `none`. Use `full` to perform hostname verification, `certificate` to skip hostname verification, and `none` to skip verification. + +<> + +This setting can be overridden for specific URLs by using the setting `xpack.actions.customHostSettings[n].ssl.verificationMode` (described above) to a different value. + +Data type: `enum` + + +Options: + +* `full` +* `certificate` +* `none` + +Default: `full` + +==== + +`xpack.actions.maxResponseContentLength` {ess-icon}:: ++ +==== +Specifies the max number of bytes of the http response for requests to external resources. + +Data type: `int` + +Default: `1000000 (1MB)` + +==== + +`xpack.actions.responseTimeout` {ess-icon}:: ++ +==== +Specifies the time allowed for requests to external resources. Requests that take longer are canceled. The time is formatted as a number and a time unit (`ms`, `s`, `m`, `h`, `d`, `w`, `M`, or `Y`). For example, `20m`, `24h`, `7d`, `1w`. Default: `60s`. + +Data type: `string` + +==== + +`xpack.actions.run.maxAttempts` {ess-icon}:: ++ +==== +Specifies the maximum number of times an action can be attempted to run. + +Data type: `int` + + +Options: + +* `minimum 1 and maximum 10` + +==== + +`xpack.actions.run.connectorTypeOverrides` {ess-icon}:: ++ +==== +Overrides the configs under `xpack.actions.run` for the connector type with the given ID. List the connector type identifier and its settings in an array of objects. + +Data type: `string` + + + +For example: +[source,yaml] +-- +xpack.actions.run: + maxAttempts: 1 + connectorTypeOverrides: + - id: '.server-log' + maxAttempts: 5 +-- + + +==== + +`xpack.actions.queued.max` {ess-icon}:: ++ +==== +Specifies the maximum number of actions that can be queued. + +Data type: `int` + +Default: `1000000` + +==== + + +[float] +[[preconfigured-connector-settings]] +=== Preconfigured connector settings + + +These settings vary depending on which type of preconfigured connector you're adding. + + + + +For example: +[source,yaml] +---------------------------------------- +xpack.actions.preconfigured: + my-server-log: + name: preconfigured-server-log-connector-type + actionTypeId: .server-log +---------------------------------------- +For more examples, go to <>. + + + +`xpack.actions.preconfiguredAlertHistoryEsIndex` {ess-icon}:: ++ +==== +Enables a preconfigured alert history Elasticsearch <> connector. + +Data type: `bool` + +Default: `false` + +==== + +`xpack.actions.preconfigured`:: ++ +==== +Specifies configuration details that are specific to the type of preconfigured connector. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..actionTypeId`:: ++ +==== +The type of preconfigured connector. + + +Options: + +* `.email` +* `.index` +* `.opsgenie` +* `.server-log` +* `.resilient` +* `.slack` +* `.webhook` + +==== + +`xpack.actions.preconfigured..config`:: ++ +==== +The configuration details, which are specific to the type of preconfigured connector. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..config.apiProvider`:: ++ +==== +For a <>, specifies the OpenAI API provider. + +Data type: `enum` + + +Options: + +* `OpenAI` +* `Azure OpenAI` + +==== + +`xpack.actions.preconfigured..config.apiUrl`:: ++ +==== +A configuration URL that varies by connector: + +* For an <>, specifies the {bedrock} request URL. + +* For an <>, specifies the {gemini} request URL. + +* For a <>, specifies the OpenAI request URL. + +* For a <>, specifies the {ibm-r} instance URL. + +* For a <>, specifies the Jira instance URL. + +* For an <>, specifies the {opsgenie} URL. For example, `https://api.opsgenie.com` or `https://api.eu.opsgenie.com`. + +* For a <>, specifies the PagerDuty event URL. Defaults to `https://events.pagerduty.com/v2/enqueue`. + +* For a <>, <>, or <> specifies the ServiceNow instance URL. + +* For a <>, specifies the {swimlane} instance URL. + + +NOTE: If you are using the `xpack.actions.allowedHosts` setting, make sure the hostname in the URL is added to the allowed hosts. +Data type: `string` + +==== + +`xpack.actions.preconfigured..config.appId`:: ++ +==== +An application ID that varies by connector: + +* For a <>, specifies a {swimlane} application identifier. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..config.clientId`:: ++ +==== +A client identifier that varies by connector: + +* For an <>, specifies a GUID format value that corresponds to the client ID, which is a part of OAuth 2.0 client credentials authentication. + +* For a <>, <>, or <> specifies the client identifier assigned to the OAuth application. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..config.configUrl`:: ++ +==== +For an <> with basic authentication, specifies the request URL for the Elastic Alerts trigger in xMatters. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..config.createCommentJson`:: ++ +==== +For a <>, specifies a stringified JSON payload with Mustache variables that is sent to the create comment URL to create a case comment. The required variable is `case.description`. + + +NOTE: The JSON is validated after the Mustache variables have been placed when the REST method runs. You should manually ensure that the JSON is valid, disregarding the Mustache variables, so the later validation will pass. +Data type: `string` + +==== + +`xpack.actions.preconfigured..config.createCommentMethod`:: ++ +==== +For a <>, specifies the REST API HTTP request method to create a case comment in the third-party system. + +Data type: `string` + + +Options: + +* `post` +* `put` +* `patch` + +Default: `put` + +==== + +`xpack.actions.preconfigured..config.createCommentUrl`:: ++ +==== +For a <>, specifies a REST API URL string to create a case comment by ID in the third-party system. + + +NOTE: If you are using the `xpack.actions.allowedHosts` setting, make sure the hostname in the URL is added to the allowed hosts. +Data type: `string` + +==== + +`xpack.actions.preconfigured..config.createIncidentJson`:: ++ +==== +For a <>, specifies a stringified JSON payload with Mustache variables that is sent to the create case URL to create a case. Required variables are `case.title` and `case.description`. + + +NOTE: The JSON is validated after the Mustache variables have been placed when the REST method runs. You should manually ensure that the JSON is valid, disregarding the Mustache variables, so the later validation will pass. +Data type: `string` + +==== + +`xpack.actions.preconfigured..config.createIncidentMethod`:: ++ +==== +For a <>, specifies the REST API HTTP request method to create a case in the third-party system + +Data type: `string` + + +Options: + +* `post` +* `put` +* `patch` + +Default: `post` + +==== + +`xpack.actions.preconfigured..config.createIncidentUrl`:: ++ +==== +For a <>, specifies a REST API URL string to create a case in the third-party system. + + +NOTE: If you are using the `xpack.actions.allowedHosts` setting, make sure the hostname in the URL is added to the allowed hosts. +Data type: `string` + +==== + +`xpack.actions.preconfigured..config.createIncidentResponseKey`:: ++ +==== +For a <>, specifies a string from the response body of the create case method that corresponds to the external service identifier. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..config.defaultModel`:: ++ +==== +The default model to use for requests, which varies by connector: + +* For an <>, current support is for the Anthropic Claude models. Defaults to `anthropic.claude-3-5-sonnet-20240620-v1:0`. + +* For a <>, current support is for the Gemini models. Defaults to `gemini-1.5-pro-002`. + +* For a <>, it is optional and applicable only when `xpack.actions.preconfigured..config.apiProvider` is `OpenAI`. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..config.executionTimeField`:: ++ +==== +For an <>, a field that indicates when the document was indexed. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..config.from`:: ++ +==== +For an <>, specifies the from address for all emails sent by the connector. It must be specified in `user@host-name` format. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..config.getIncidentResponseExternalTitleKey`:: ++ +==== +- "For a <>, specifies a string from the response body of the get case method that corresponds to the external service title." + +Data type: `string` + +==== + +`xpack.actions.preconfigured..config.getIncidentUrl`:: ++ +==== +For a <>, specifies a REST API URL string with an external service ID Mustache variable to get the case from the third-party system. + + +NOTE: If you are using the `xpack.actions.allowedHosts` setting, make sure the hostname in the URL is added to the allowed hosts. +Data type: `string` + +==== + +`xpack.actions.preconfigured..config.hasAuth`:: ++ +==== +For an <>, <>, or <>, specifies whether a user and password are required inside the secrets configuration. + +Data type: `bool` + +Default: `true` + +==== + +`xpack.actions.preconfigured..config.headers`:: ++ +==== +For a <> or <>, specifies a set of key-value pairs sent as headers with the request. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..config.host`:: ++ +==== +For an <>, specifies the host name of the service provider. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..config.index`:: ++ +==== +For an <>, specifies the Elasticsearch index. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..config.isOAuth`:: ++ +==== +For a <>, <>, or <>, specifies whether to use basic or OAuth authentication. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..config.jwtKeyId`:: ++ +==== +For a <>, <>, or <>, specifies the key ID assigned to the JWT verifier map of your OAuth application. It is required when `xpack.actions.preconfigured..config.isOAuth` is `true`. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..config.mappings`:: ++ +==== +For a <>, specifies field mappings. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..config.mappings.alertIdConfig`:: ++ +==== +For a <>, field mapping for the alert identifier. You must provide `fieldtype`, `id`, `key`, and `name` values. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..config.mappings.caseIdConfig`:: ++ +==== +For a <>, field mapping for the case identifier. You must provide `fieldtype`, `id`, `key`, and `name` values. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..config.mappings.caseNameConfig`:: ++ +==== +For a <>, field mapping for the case name. You must provide `fieldtype`, `id`, `key`, and `name` values. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..config.mappings.commentsConfig`:: ++ +==== +For a <>, field mapping for the case comments. You must provide `fieldtype`, `id`, `key`, and `name` values. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..config.mappings.descriptionConfig`:: ++ +==== +For a <>, field mapping for the case description. You must provide `fieldtype`, `id`, `key`, and `name` values. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..config.mappings.ruleNameConfig`:: ++ +==== +For a <>, field mapping for the rule name. You must provide `fieldtype`, `id`, `key`, and `name` values. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..config.mappings.severityConfig`:: ++ +==== +For a <>, specifies a field mapping for the severity. You must provide `fieldtype`, `id`, `key`, and `name` values. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..config.method`:: ++ +==== +For a <>, specifies the HTTP request method, either `post` or `put`. Defaults to `post`. + +Data type: `enum` + + +Options: + +* `post` +* `put` + +Default: `post` + +==== + +`xpack.actions.preconfigured..config.orgId`:: ++ +==== +For an <>, specifies the {ibm-r} organization identifier. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..config.port`:: ++ +==== +For an <>, specifies the port to connect to on the service provider. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..config.projectKey`:: ++ +==== +For a <>, specifies the Jira project key. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..config.secure`:: ++ +==== +For an <>, specifies whether the connection will use TLS when connecting to the service provider. If not true, the connection will initially connect over TCP then attempt to switch to TLS via the SMTP STARTTLS command. + +Data type: `bool` + +==== + +`xpack.actions.preconfigured..config.service`:: ++ +==== +For an <>, specifies the name of the email service. For example, `elastic_cloud`, `exchange_server`, `gmail`, `other`, `outlook365`, or `ses`. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..config.tenantId`:: ++ +==== +For an <>, specifies a GUID format value that corresponds to a tenant ID, which is a part of OAuth 2.0 client credentials authentication. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..config.updateIncidentJson`:: ++ +==== +For a <>, specifies a stringified JSON payload with Mustache variables that is sent to the update case URL to update a case. Required variables are `case.title` and `case.description`. + + +NOTE: The JSON is validated after the Mustache variables have been placed when the REST method runs. You should manually ensure that the JSON is valid, disregarding the Mustache variables, so the later validation will pass. +Data type: `string` + +==== + +`xpack.actions.preconfigured..config.updateIncidentMethod`:: ++ +==== +For a <>, specifies the REST API HTTP request method to update the case in the third-party system. + +Data type: `enum` + + +Options: + +* `post` +* `put` +* `patch` + +Default: `put` + +==== + +`xpack.actions.preconfigured..config.updateIncidentUrl`:: ++ +==== +For a <>, specifies the REST API URL to update the case by ID in the third-party system. + + +NOTE: If you are using the `xpack.actions.allowedHosts` setting, make sure the hostname in the URL is added to the allowed hosts. +Data type: `string` + +==== + +`xpack.actions.preconfigured..config.url`:: ++ +==== +A configuration URL that varies by connector: + +* For a <>, specifies the D3 Security API request URL. + +* For a <>, specifies the Tines tenant URL. + +* For a <>, specifies the web service request URL. + + +NOTE: If you are using the `xpack.actions.allowedHosts` setting, make sure this hostname is added to the allowed hosts. +Data type: `stringm` + +==== + +`xpack.actions.preconfigured..config.userIdentifierValue`:: ++ +==== +For a <>, <>, or <>, specifies the user identifier. It is required when required when `xpack.actions.preconfigured..config.isOAuth` is `true`. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..config.usesBasic`:: ++ +==== +For an <>, specifies whether it uses HTTP basic authentication. + +Data type: `bool` + +Default: `true` + +==== + +`xpack.actions.preconfigured..config.usesTableApi`:: ++ +==== +For a <> or <>, specifies whether the connector uses the Table API or the Import Set API. If set to `false`, the Elastic application should be installed in ServiceNow. + +Data type: `bool` + +==== + +`xpack.actions.preconfigured..config.viewIncidentUrl`:: ++ +==== +For a <>, specifies a URL string with either the external service ID or external service title Mustache variable to view a case in the external system. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..config.webhookIntegrationUrl`:: ++ +==== +For a <>, specifies the endpoint URL of the Elastic Security integration in Torq. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..name`:: ++ +==== +The name of the preconfigured connector. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..secrets`:: ++ +==== +Sensitive configuration details, such as username, password, and keys, which are specific to the connector type. + + +TIP: Sensitive properties, such as passwords, should be stored in the <>. +Data type: `string` + +==== + +`xpack.actions.preconfigured..secrets.accessKey`:: ++ +==== +For an <>, specifies the AWS access key for authentication. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..secrets.apikey`:: ++ +==== +An API key secret that varies by connector. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..secrets.credentialsJson`:: ++ +==== +For an <>, specifies the GCP service account credentials JSON file for authentication. + +* For a <>, specifies the OpenAI or Azure OpenAI API key for authentication. + +* For an <>, specifies the {opsgenie} API authentication key for HTTP basic authentication. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..secrets.apiKeyId`:: ++ +==== +For an <>, specifies the authentication key ID for HTTP basic authentication. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..secrets.apiKeySecret`:: ++ +==== +For an <>, specifies the authentication key secret for HTTP basic authentication. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..secrets.apiToken`:: ++ +==== +For a <> or <>, specifies the API authentication token for HTTP basic authentication. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..secrets.clientSecret`:: ++ +==== +A client secret that varies by connector: + +* For an <>, specifies the client secret that you generated for your app in the app registration portal. It is required when the email service is `exchange_server`, which uses OAuth 2.0 client credentials authentication. + +* For a <>, <>, or <>, specifies the client secret assigned to the OAuth application. It is required when `xpack.actions.preconfigured..config.isOAuth` is `true`. + + +NOTE: The client secret must be URL-encoded. +Data type: `string` + +==== + +`xpack.actions.preconfigured..secrets.email`:: ++ +==== +An email address that varies by connector: + +* For a <>, specifies the account email for HTTP basic authentication. + +* For a <>, specifies the email used to sign in to Tines. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..secrets.password`:: ++ +==== +A password secret that varies by connector: + +* For an <>, <>, or <>, specifies a password that is required when `xpack.actions.preconfigured..config.hasAuth` is `true`. + +* For a <>, <>, or <>, specifies a password that is required when `xpack.actions.preconfigured..config.isOAuth` is `false`. + +* For an <>, specifies a password that is required when `xpack.actions.preconfigured..config.usesBasic` is `true`. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..secrets.privateKey`:: ++ +==== +For a <>, <>, or <>, specifies the RSA private key. It is required when `xpack.actions.preconfigured..config.isOAuth` is `true`. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..secrets.privateKeyPassword`:: ++ +==== +For a <>, <>, or <>, specifies the password for the RSA private key. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..secrets.routingKey`:: ++ +==== +For a <>, specifies the 32 character PagerDuty Integration Key for an integration on a service, also referred to as the routing key. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..secrets.secret`:: ++ +==== +For an <>, specifies the AWS secret for authentication. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..secrets.secretsUrl`:: ++ +==== +For an <> with URL authentication, specifies the request URL for the Elastic Alerts trigger in xMatters with the API key included in the URL. It is used only when `xpack.actions.preconfigured..config.usesBasic` is `false`. + + +NOTE: If you are using the `xpack.actions.allowedHosts` setting, make sure this hostname is added to the allowed hosts. +Data type: `string` + +==== + +`xpack.actions.preconfigured..secrets.token`:: ++ +==== +A token secret that varies by connector: + +* For a <>, specifies the D3 Security token. + +* For a <>, specifies the Slack bot user OAuth token. + +* For a <>, specifies the Tines API token. + +* For a <>, specifies the secret of the webhook authentication header. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..secrets.user`:: ++ +==== +A user name secret that varies by connector: + +* For an <>, <>, or <>, specifies a user name that is required when `xpack.actions.preconfigured..config.hasAuth` is `true`. + +* For an <>, specifies a user name that is required when `xpack.actions.preconfigured..config.usesBasic` is `true`. + +Data type: `string` + +==== + +`xpack.actions.preconfigured..secrets.webhookUrl`:: ++ +==== +A URL that varies by connector: + +* For a <>, specifies the URL of the incoming webhook. + +* For a <>, specifies the Slack webhook URL. + + +NOTE: If you are using the `xpack.actions.allowedHosts` setting, make sure the hostname is added to the allowed hosts. +Data type: `string` + +==== + +`xpack.actions.preconfigured..secrets.username`:: ++ +==== +For a <>, <>, or <>, specifies a user name that is required when `xpack.actions.preconfigured..config.isOAuth` is `false`. + +Data type: `string` + +==== + + +[float] +[[alert-settings]] +=== Alerting settings + + +`xpack.alerting.cancelAlertsOnRuleTimeout` {ess-icon}:: ++ +==== +Specifies whether to skip writing alerts and scheduling actions if rule processing was cancelled due to a timeout. This setting can be overridden by individual rule types. + +Data type: `bool` + +Default: `true` + +==== + +`xpack.alerting.rules.maxScheduledPerMinute`:: ++ +==== +Specifies the maximum number of rules to run per minute. + +Data type: `int` + +Default: `10000` + +==== + +`xpack.alerting.rules.minimumScheduleInterval.value` {ess-icon}:: ++ +==== +Specifies the minimum schedule interval for rules. This minimum is applied to all rules created or updated after you set this value. The time is formatted as a number and a time unit (`s`, `m`, `h`, or `d`). For example, `20m`, `24h`, `7d`. This duration cannot exceed `1d`. + +Data type: `string` + +Default: `1m` + +==== + +`xpack.alerting.rules.minimumScheduleInterval.enforce` {ess-icon}:: ++ +==== +Specifies the behavior when a new or changed rule has a schedule interval less than the value defined in `xpack.alerting.rules.minimumScheduleInterval.value`. If `false`, rules with schedules less than the interval will be created but warnings will be logged. If `true`, rules with schedules less than the interval cannot be created. + +Data type: `bool` + +Default: `false` + +==== + +`xpack.alerting.rules.run.actions.max` {ess-icon}:: ++ +==== +Specifies the maximum number of actions that a rule can generate each time detection checks run. + +Data type: `int` + +==== + +`xpack.alerting.rules.run.alerts.max` {ess-icon}:: ++ +==== +Specifies the maximum number of alerts that a rule can generate each time detection checks run. + + +WARNING: The exact number of alerts your cluster can safely handle depends on your cluster configuration and workload, however setting a value higher than the default (`1000`) is not recommended or supported. Doing so could strain system resources and lead to performance issues, delays in alert processing, and potential disruptions during high alert activity periods. +Data type: `int` + +Default: `1000` + +==== + +`xpack.alerting.rules.run.timeout` {ess-icon}:: ++ +==== +Specifies the default timeout for tasks associated with all types of rules. The time is formatted as a number and a time unit (`ms`, `s`, `m`, `h`, `d`, `w`, `M`, or `Y`). For example, `20m`, `24h`, `7d`, `1w`. Default: `5m`. + +Data type: `string` + +==== + +`xpack.alerting.rules.run.ruleTypeOverrides` {ess-icon}:: ++ +==== +Overrides the configs under `xpack.alerting.rules.run` for the rule type with the given ID. List the rule identifier and its settings in an array of objects. + +Data type: `string` + + + +For example: +[source,yaml] +-- +xpack.alerting.rules.run: + timeout: '5m' + ruleTypeOverrides: + - id: '.index-threshold' + timeout: '15m' +-- + + +==== + +`xpack.alerting.rules.run.actions.connectorTypeOverrides` {ess-icon}:: ++ +==== +Overrides the configs under `xpack.alerting.rules.run.actions` for the connector type with the given ID. List the connector type identifier and its settings in an array of objects. + +Data type: `string` + + + +For example: +[source,yaml] +-- +xpack.alerting.rules.run: + actions: + max: 10 + connectorTypeOverrides: + - id: '.server-log' + max: 5 +-- + + +==== + + diff --git a/docs/settings-gen/source/kibana-alert-action-settings.yml b/docs/settings-gen/source/kibana-alert-action-settings.yml new file mode 100644 index 0000000000000..effe1d0cce831 --- /dev/null +++ b/docs/settings-gen/source/kibana-alert-action-settings.yml @@ -0,0 +1,2330 @@ +--- +# This file is used to generate "Alert and action settings" page in the product docs + +product: Kibana +collection: Alerting and action settings in Kibana +page_description: | + Alerting and actions are enabled by default in {kib}, but require you to configure the following: + . <>. + . <>. + . If you are using an *on-premises* Elastic Stack deployment, <>. + You can configure the following settings in the `kibana.yml` file. + + +groups: + - group: General settings + id: general-alert-action-settings + # description: | + # - "" + # example: example-group-name.asciidoc + settings: + + - setting: xpack.encryptedSavedObjects.encryptionKey + # id: + description: | + A string of 32 or more characters used to encrypt sensitive properties on alerting rules and actions before they're stored in Elasticsearch. Third party credentials — such as the username and password used to connect to an SMTP service — are an example of encrypted properties. + Kibana offers a <> to help generate this encryption key. + If not set, Kibana will generate a random key on startup, but all alerting and action functions will be blocked. Generated keys are not allowed for alerting and actions because when a new key is generated on restart, existing encrypted data becomes inaccessible. For the same reason, alerting and actions in high-availability deployments of Kibana will behave unexpectedly if the key isn't the same on all instances of Kibana. + + Although the key can be specified in clear text in `kibana.yml`, it's recommended to store this key securely in the <>. Be sure to back up the encryption key value somewhere safe, as your alerting rules and actions will cease to function due to decryption failures should you lose it. If you want to rotate the encryption key, be sure to follow the instructions on <>. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: "string" + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - group: Action settings + id: action-settings + # description: | + # - "" + # example: example-group-name.asciidoc + settings: + + - setting: xpack.actions.allowedHosts + # id: + description: | + A list of hostnames that Kibana is allowed to connect to when built-in actions are triggered. It defaults to `["*"]`, allowing any host, but keep in mind the potential for SSRF attacks when hosts are not explicitly added to the allowed hosts. An empty list `[]` can be used to block built-in actions from making any external connections. + Note that hosts associated with built-in actions, such as Slack and PagerDuty, are not automatically added to allowed hosts. If you are not using the default `["*"]` setting, you must ensure that the corresponding endpoints are added to the allowed hosts as well. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + platforms: + - cloud + # example: | + + - setting: xpack.actions.customHostSettings + # id: + description: | + A list of custom host settings to override existing global settings. + Each entry in the list must have a `url` property, to associate a connection type (mail or https), hostname and port with the remaining options in the entry. + The settings in `xpack.actions.customHostSettings` can be used to override the global option `xpack.actions.ssl.verificationMode` and provide customized TLS settings on a per-server basis. Set `xpack.actions.ssl.verificationMode` to the value to be used by default for all servers, then add an entry in `xpack.actions.customHostSettings` for every server that requires customized settings. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + default: an empty list + # options: + # - option: + # description: "" + # type: static/dynamic + platforms: + - cloud + example: | + In the following example, two custom host settings + are defined. The first provides a custom host setting for mail server + `mail.example.com` using port 465 that supplies server certificate authentication + data from both a file and inline, and requires TLS for the + connection. The second provides a custom host setting for https server + `webhook.example.com` which turns off server certificate authentication, + that will allow Kibana to connect to the server if it's using a self-signed + certificate. The individual properties that can be used in the settings are + documented below. + + [source,yaml] + -- + xpack.actions.customHostSettings: + - url: smtp://mail.example.com:465 + ssl: + verificationMode: 'full' + certificateAuthoritiesFiles: [ 'one.crt' ] + certificateAuthoritiesData: | + -----BEGIN CERTIFICATE----- + MIIDTD... + CwUAMD... + ... multiple lines of certificate data ... + -----END CERTIFICATE----- + smtp: + requireTLS: true + - url: https://webhook.example.com + ssl: + verificationMode: 'none' + -- + + - setting: xpack.actions.customHostSettings[n].url + # id: + description: | + A URL associated with this custom host setting. Should be in the form of `protocol://hostname:port`, where `protocol` is `https` or `smtp`. If the port is not provided, 443 is used for `https` and 25 is used for `smtp`. The `smtp` URLs are used for the Email actions that use this server, and the `https` URLs are used for actions which use `https` to connect to services. + Entries with `https` URLs can use the `ssl` options, and entries with `smtp` URLs can use both the `ssl` and `smtp` options. + No other URL values should be part of this URL, including paths, query strings, and authentication information. When an http or smtp request is made as part of running an action, only the protocol, hostname, and port of the URL for that request are used to look up these configuration values. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + platforms: + - cloud + # example: | + + - setting: xpack.actions.customHostSettings[n].smtp.ignoreTLS + # id: + description: | + A boolean value indicating that TLS must not be used for this connection. The options `smtp.ignoreTLS` and `smtp.requireTLS` can not both be set to true. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: bool + default: false + # options: + # - option: + # description: "" + # type: static/dynamic + platforms: + - cloud + # example: | + + - setting: xpack.actions.customHostSettings[n].smtp.requireTLS + # id: + description: | + A boolean value indicating that TLS must be used for this connection. The options `smtp.ignoreTLS` and `smtp.requireTLS` can not both be set to true. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: bool + default: false + # options: + # - option: + # description: "" + # type: static/dynamic + platforms: + - cloud + # example: | + + - setting: xpack.actions.customHostSettings[n].ssl.verificationMode + id: action-config-custom-host-verification-mode + description: | + Controls the verification of the server certificate that Kibana receives when making an outbound SSL/TLS connection to the host server. Valid values are `full`, `certificate`, and `none`. Use `full` to perform hostname verification, `certificate` to skip hostname verification, and `none` to skip verification. Default: `full`. <>. Overrides the general `xpack.actions.ssl.verificationMode` configuration for requests made for this hostname/port. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: enum + default: full + options: + - option: full + - option: certificate + - option: none + # description: "" + # type: static/dynamic + platforms: + - cloud + # example: | + + - setting: xpack.actions.customHostSettings[n].ssl.certificateAuthoritiesFiles + # id: + description: | + A file name or list of file names of PEM-encoded certificate files to use to validate the server. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.customHostSettings[n].ssl.certificateAuthoritiesData + # id: + description: | + The contents of one or more PEM-encoded certificate files in multiline format. This configuration can be used for environments where the files cannot be made available. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + platforms: + - cloud + # example: | + + - setting: xpack.actions.email.domain_allowlist + id: action-config-email-domain-allowlist + description: | + A list of allowed email domains which can be used with the email connector. When this setting is not used, all email domains are allowed. When this setting is used, if any email is attempted to be sent that (a) includes an addressee with an email domain that is not in the allowlist, or (b) includes a from address domain that is not in the allowlist, it will fail with a message indicating the email is not allowed. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + warning: "This feature is available in Kibana 7.17.4 and 8.3.0 onwards but is not supported in Kibana 8.0, 8.1 or 8.2. As such, this setting should be removed before upgrading from 7.17 to 8.0, 8.1 or 8.2. It is possible to configure the settings in 7.17.4 and then upgrade to 8.3.0 directly." + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + platforms: + - cloud + # example: | + + - setting: xpack.actions.enableFooterInEmail + # id: + description: | + A boolean value indicating that a footer with a relevant link should be added to emails sent as alerting actions. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: bool + default: true + # options: + # - option: + # description: "" + # type: static/dynamic + platforms: + - cloud + # example: | + + - setting: xpack.actions.enabledActionTypes + # id: + description: | + A list of action types that are enabled. It defaults to `["*"]`, enabling all types. The names for built-in Kibana action types are prefixed with a `.` and include: `.email`, `.index`, `.jira`, `.opsgenie`, `.pagerduty`, `.resilient`, `.server-log`, `.servicenow`, .`servicenow-itom`, `.servicenow-sir`, `.slack`, `.swimlane`, `.teams`, `.tines`, `.torq`, `.xmatters`, `.gen-ai`, `.bedrock`, `.gemini`, `.d3security`, and `.webhook`. An empty list `[]` will disable all action types. + Disabled action types will not appear as an option when creating new connectors, but existing connectors and actions of that type will remain in Kibana and will not function. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + important: "<> are not affected by this setting." + datatype: string + default: ["*"] + # options: + # - option: + # description: "" + # type: static/dynamic + platforms: + - cloud + # example: | + + - setting: xpack.actions.microsoftExchangeUrl + # id: + description: | + The URL for the Microsoft Azure Active Directory endpoint to use for MS Exchange email authentication. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + default: https://login.microsoftonline.com + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.microsoftGraphApiUrl + # id: + description: | + The URL for the Microsoft Graph API endpoint to use for MS Exchange email authentication. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + default: https://graph.microsoft.com/v1.0 + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.microsoftGraphApiScope + # id: + description: | + The URL for the Microsoft Graph API scope endpoint to use for MS Exchange email authentication. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + default: https://graph.microsoft.com/.default + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.proxyUrl + # id: + description: | + Specifies the proxy URL to use, if using a proxy for actions. By default, no proxy is used. + Proxies may be used to proxy http or https requests through a proxy using the http or https protocol. Kibana only uses proxies in "CONNECT" mode (sometimes referred to as "tunneling" TCP mode, compared to HTTP mode). That is, Kibana will always make requests through a proxy using the HTTP `CONNECT` method. + If your proxy is using the https protocol (vs the http protocol), the setting `xpack.actions.ssl.proxyVerificationMode: none` will likely be needed, unless your proxy's certificates are signed using a publicly available certificate authority. + There is currently no support for using basic authentication with a proxy (authentication for the proxy itself, not the URL being requested through the proxy). + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + platforms: + - cloud + example: | + To help diagnose problems using a proxy, you can use the `curl` command with options to use your proxy, and log debug information, with the following command, replacing the proxy and target URLs as appropriate. This will force the request to be made to the + proxy in tunneling mode, and display some of the interaction between the client and the proxy. + + [source,sh] + -- + curl --verbose --proxytunnel --proxy http://localhost:8080 http://example.com + -- + + - setting: xpack.actions.proxyBypassHosts + # id: + description: | + Specifies hostnames which should not use the proxy, if using a proxy for actions. The value is an array of hostnames as strings. + By default, all hosts will use the proxy, but if an action's hostname is in this list, the proxy will not be used. The settings `xpack.actions.proxyBypassHosts` and `xpack.actions.proxyOnlyHosts` cannot be used at the same time. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + platforms: + - cloud + example: | + For example: + + [source,yaml] + ---- + xpack.actions.proxyBypassHosts: [ "events.pagerduty.com" ] + ---- + + If applicable, include the subdomain in the hostname + + + - setting: xpack.actions.proxyOnlyHosts + # id: + description: | + Specifies hostnames which should only use the proxy, if using a proxy for actions. The value is an array of hostnames as strings. + By default, no hosts will use the proxy, but if an action's hostname is in this list, the proxy will be used. The settings `xpack.actions.proxyBypassHosts` and `xpack.actions.proxyOnlyHosts` cannot be used at the same time. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + platforms: + - cloud + example: | + For example: + + [source,yaml] + ---- + xpack.actions.proxyOnlyHosts: [ "events.pagerduty.com" ] + ---- + + If applicable, include the subdomain in the hostname + + - setting: xpack.actions.proxyHeaders + # id: + description: | + Specifies HTTP headers for the proxy, if using a proxy for actions. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + default: '{}' + # options: + # - option: + # description: "" + # type: static/dynamic + platforms: + - cloud + # example: | + + - setting: xpack.actions.ssl.proxyVerificationMode + id: action-config-proxy-verification-mode + description: | + Controls the verification for the proxy server certificate that Kibana receives when making an outbound SSL/TLS connection to the proxy server. + Use `full` to perform hostname verification, `certificate` to skip hostname verification, and `none` to skip verification. + <> + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: enum + default: full + options: + - option: full + - option: certificate + - option: none + # description: "" + # type: static/dynamic + platforms: + - cloud + # example: | + + - setting: xpack.actions.ssl.verificationMode + id: action-config-verification-mode + description: | + Controls the verification for the server certificate that Elastic Maps Server receives when making an outbound SSL/TLS connection for actions. Valid values are `full`, `certificate`, and `none`. Use `full` to perform hostname verification, `certificate` to skip hostname verification, and `none` to skip verification. + <> + This setting can be overridden for specific URLs by using the setting `xpack.actions.customHostSettings[n].ssl.verificationMode` (described above) to a different value. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: enum + default: full + options: + - option: full + - option: certificate + - option: none + # description: "" + # type: static/dynamic + platforms: + - cloud + # example: | + + - setting: xpack.actions.maxResponseContentLength + # id: + description: | + Specifies the max number of bytes of the http response for requests to external resources. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: int + default: 1000000 (1MB) + # options: + # - option: + # description: "" + # type: static/dynamic + platforms: + - cloud + # example: | + + - setting: xpack.actions.responseTimeout + # id: + description: | + Specifies the time allowed for requests to external resources. Requests that take longer are canceled. The time is formatted as a number and a time unit (`ms`, `s`, `m`, `h`, `d`, `w`, `M`, or `Y`). For example, `20m`, `24h`, `7d`, `1w`. Default: `60s`. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + platforms: + - cloud + # example: | + + - setting: xpack.actions.run.maxAttempts + # id: + description: | + Specifies the maximum number of times an action can be attempted to run. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: int + # default: + options: + - option: minimum 1 and maximum 10 + # description: "" + # type: static/dynamic + platforms: + - cloud + # example: | + + - setting: xpack.actions.run.connectorTypeOverrides + # id: + description: | + Overrides the configs under `xpack.actions.run` for the connector type with the given ID. List the connector type identifier and its settings in an array of objects. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + platforms: + - cloud + example: | + For example: + + [source,yaml] + -- + xpack.actions.run: + maxAttempts: 1 + connectorTypeOverrides: + - id: '.server-log' + maxAttempts: 5 + -- + + - setting: xpack.actions.queued.max + # id: + description: | + Specifies the maximum number of actions that can be queued. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: int + default: 1000000 + # options: + # - option: + # description: "" + # type: static/dynamic + platforms: + - cloud + # example: | + + - group: Preconfigured connector settings + id: preconfigured-connector-settings + description: | + These settings vary depending on which type of preconfigured connector you're adding. + example: | + For example: + + [source,yaml] + ---------------------------------------- + xpack.actions.preconfigured: + my-server-log: + name: preconfigured-server-log-connector-type + actionTypeId: .server-log + ---------------------------------------- + + For more examples, go to <>. + + settings: + + - setting: xpack.actions.preconfiguredAlertHistoryEsIndex + # id: + description: | + Enables a preconfigured alert history Elasticsearch <> connector. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: bool + default: false + # options: + # - option: + # description: "" + # type: static/dynamic + platforms: + - cloud + # example: | + + - setting: xpack.actions.preconfigured + # id: + description: | + Specifies configuration details that are specific to the type of preconfigured connector. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..actionTypeId + # id: + description: | + The type of preconfigured connector. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + # datatype: string/bool/int/float/enum + # default: + options: + - option: .email + - option: .index + - option: .opsgenie + - option: .server-log + - option: .resilient + - option: .slack + - option: .webhook + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config + # id: + description: | + The configuration details, which are specific to the type of preconfigured connector. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.apiProvider + # id: + description: | + For a <>, specifies the OpenAI API provider. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: enum + # default: + options: + - option: OpenAI + - option: Azure OpenAI + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.apiUrl + # id: + description: | + A configuration URL that varies by connector: + * For an <>, specifies the {bedrock} request URL. + * For an <>, specifies the {gemini} request URL. + * For a <>, specifies the OpenAI request URL. + * For a <>, specifies the {ibm-r} instance URL. + * For a <>, specifies the Jira instance URL. + * For an <>, specifies the {opsgenie} URL. For example, `https://api.opsgenie.com` or `https://api.eu.opsgenie.com`. + * For a <>, specifies the PagerDuty event URL. Defaults to `https://events.pagerduty.com/v2/enqueue`. + * For a <>, <>, or <> specifies the ServiceNow instance URL. + * For a <>, specifies the {swimlane} instance URL. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + note: "If you are using the `xpack.actions.allowedHosts` setting, make sure the hostname in the URL is added to the allowed hosts." + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.appId + # id: + description: | + An application ID that varies by connector: + * For a <>, specifies a {swimlane} application identifier. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.clientId + # id: + description: | + A client identifier that varies by connector: + * For an <>, specifies a GUID format value that corresponds to the client ID, which is a part of OAuth 2.0 client credentials authentication. + * For a <>, <>, or <> specifies the client identifier assigned to the OAuth application. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.configUrl + # id: + description: | + For an <> with basic authentication, specifies the request URL for the Elastic Alerts trigger in xMatters. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.createCommentJson + # id: + description: | + For a <>, specifies a stringified JSON payload with Mustache variables that is sent to the create comment URL to create a case comment. The required variable is `case.description`. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + note: "The JSON is validated after the Mustache variables have been placed when the REST method runs. You should manually ensure that the JSON is valid, disregarding the Mustache variables, so the later validation will pass." + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.createCommentMethod + # id: + description: | + For a <>, specifies the REST API HTTP request method to create a case comment in the third-party system. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + default: put + options: + - option: post + - option: put + - option: patch + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.createCommentUrl + # id: + description: | + For a <>, specifies a REST API URL string to create a case comment by ID in the third-party system. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + note: "If you are using the `xpack.actions.allowedHosts` setting, make sure the hostname in the URL is added to the allowed hosts." + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.createIncidentJson + # id: + description: | + For a <>, specifies a stringified JSON payload with Mustache variables that is sent to the create case URL to create a case. Required variables are `case.title` and `case.description`. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + note: "The JSON is validated after the Mustache variables have been placed when the REST method runs. You should manually ensure that the JSON is valid, disregarding the Mustache variables, so the later validation will pass." + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.createIncidentMethod + # id: + description: | + For a <>, specifies the REST API HTTP request method to create a case in the third-party system + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + default: post + options: + - option: post + - option: put + - option: patch + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.createIncidentUrl + # id: + description: | + For a <>, specifies a REST API URL string to create a case in the third-party system. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + note: "If you are using the `xpack.actions.allowedHosts` setting, make sure the hostname in the URL is added to the allowed hosts." + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.createIncidentResponseKey + # id: + description: | + For a <>, specifies a string from the response body of the create case method that corresponds to the external service identifier. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.defaultModel + # id: + description: | + The default model to use for requests, which varies by connector: + * For an <>, current support is for the Anthropic Claude models. Defaults to `anthropic.claude-3-5-sonnet-20240620-v1:0`. + * For a <>, current support is for the Gemini models. Defaults to `gemini-1.5-pro-002`. + * For a <>, it is optional and applicable only when `xpack.actions.preconfigured..config.apiProvider` is `OpenAI`. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.executionTimeField + # id: + description: | + For an <>, a field that indicates when the document was indexed. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.from + # id: + description: | + For an <>, specifies the from address for all emails sent by the connector. It must be specified in `user@host-name` format. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.getIncidentResponseExternalTitleKey + # id: + description: | + - "For a <>, specifies a string from the response body of the get case method that corresponds to the external service title." + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.getIncidentUrl + # id: + description: | + For a <>, specifies a REST API URL string with an external service ID Mustache variable to get the case from the third-party system. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + note: "If you are using the `xpack.actions.allowedHosts` setting, make sure the hostname in the URL is added to the allowed hosts. " + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.hasAuth + # id: + description: | + For an <>, <>, or <>, specifies whether a user and password are required inside the secrets configuration. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: bool + default: true + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.headers + # id: + description: | + For a <> or <>, specifies a set of key-value pairs sent as headers with the request. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.host + # id: + description: | + For an <>, specifies the host name of the service provider. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.index + # id: + description: | + For an <>, specifies the Elasticsearch index. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.isOAuth + # id: + description: | + For a <>, <>, or <>, specifies whether to use basic or OAuth authentication. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.jwtKeyId + # id: + description: | + For a <>, <>, or <>, specifies the key ID assigned to the JWT verifier map of your OAuth application. It is required when `xpack.actions.preconfigured..config.isOAuth` is `true`. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.mappings + # id: + description: | + For a <>, specifies field mappings. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.mappings.alertIdConfig + # id: + description: | + For a <>, field mapping for the alert identifier. You must provide `fieldtype`, `id`, `key`, and `name` values. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.mappings.caseIdConfig + # id: + description: | + For a <>, field mapping for the case identifier. You must provide `fieldtype`, `id`, `key`, and `name` values. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.mappings.caseNameConfig + # id: + description: | + For a <>, field mapping for the case name. You must provide `fieldtype`, `id`, `key`, and `name` values. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.mappings.commentsConfig + # id: + description: | + For a <>, field mapping for the case comments. You must provide `fieldtype`, `id`, `key`, and `name` values. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.mappings.descriptionConfig + # id: + description: | + For a <>, field mapping for the case description. You must provide `fieldtype`, `id`, `key`, and `name` values. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.mappings.ruleNameConfig + # id: + description: | + For a <>, field mapping for the rule name. You must provide `fieldtype`, `id`, `key`, and `name` values. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.mappings.severityConfig + # id: + description: | + For a <>, specifies a field mapping for the severity. You must provide `fieldtype`, `id`, `key`, and `name` values. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.method + # id: + description: | + For a <>, specifies the HTTP request method, either `post` or `put`. Defaults to `post`. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: enum + default: post + options: + - option: post + - option: put + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.orgId + # id: + description: | + For an <>, specifies the {ibm-r} organization identifier. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.port + # id: + description: | + For an <>, specifies the port to connect to on the service provider. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.projectKey + # id: + description: | + For a <>, specifies the Jira project key. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.secure + # id: + description: | + For an <>, specifies whether the connection will use TLS when connecting to the service provider. If not true, the connection will initially connect over TCP then attempt to switch to TLS via the SMTP STARTTLS command. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: bool + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.service + # id: + description: | + For an <>, specifies the name of the email service. For example, `elastic_cloud`, `exchange_server`, `gmail`, `other`, `outlook365`, or `ses`. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.tenantId + # id: + description: | + For an <>, specifies a GUID format value that corresponds to a tenant ID, which is a part of OAuth 2.0 client credentials authentication. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.updateIncidentJson + # id: + description: | + For a <>, specifies a stringified JSON payload with Mustache variables that is sent to the update case URL to update a case. Required variables are `case.title` and `case.description`. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + note: "The JSON is validated after the Mustache variables have been placed when the REST method runs. You should manually ensure that the JSON is valid, disregarding the Mustache variables, so the later validation will pass." + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.updateIncidentMethod + # id: + description: | + For a <>, specifies the REST API HTTP request method to update the case in the third-party system. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: enum + default: put + options: + - option: post + - option: put + - option: patch + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.updateIncidentUrl + # id: + description: | + For a <>, specifies the REST API URL to update the case by ID in the third-party system. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + note: "If you are using the `xpack.actions.allowedHosts` setting, make sure the hostname in the URL is added to the allowed hosts." + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.url + # id: + description: | + A configuration URL that varies by connector: + * For a <>, specifies the D3 Security API request URL. + * For a <>, specifies the Tines tenant URL. + * For a <>, specifies the web service request URL. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + note: "If you are using the `xpack.actions.allowedHosts` setting, make sure this hostname is added to the allowed hosts." + # tip: "" + # warning: "" + # important: "" + datatype: stringm + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.userIdentifierValue + # id: + description: | + For a <>, <>, or <>, specifies the user identifier. It is required when required when `xpack.actions.preconfigured..config.isOAuth` is `true`. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.usesBasic + # id: + description: | + For an <>, specifies whether it uses HTTP basic authentication. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: bool + default: true + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.usesTableApi + # id: + description: | + For a <> or <>, specifies whether the connector uses the Table API or the Import Set API. If set to `false`, the Elastic application should be installed in ServiceNow. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: bool + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.viewIncidentUrl + # id: + description: | + For a <>, specifies a URL string with either the external service ID or external service title Mustache variable to view a case in the external system. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..config.webhookIntegrationUrl + # id: + description: | + For a <>, specifies the endpoint URL of the Elastic Security integration in Torq. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..name + # id: + description: | + The name of the preconfigured connector. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..secrets + # id: + description: | + Sensitive configuration details, such as username, password, and keys, which are specific to the connector type. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + tip: "Sensitive properties, such as passwords, should be stored in the <>." + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..secrets.accessKey + # id: + description: | + For an <>, specifies the AWS access key for authentication. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..secrets.apikey + # id: + description: | + An API key secret that varies by connector. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..secrets.credentialsJson + # id: + description: | + For an <>, specifies the GCP service account credentials JSON file for authentication. + * For a <>, specifies the OpenAI or Azure OpenAI API key for authentication. + * For an <>, specifies the {opsgenie} API authentication key for HTTP basic authentication. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..secrets.apiKeyId + # id: + description: | + For an <>, specifies the authentication key ID for HTTP basic authentication. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..secrets.apiKeySecret + # id: + description: | + For an <>, specifies the authentication key secret for HTTP basic authentication. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..secrets.apiToken + # id: + description: | + For a <> or <>, specifies the API authentication token for HTTP basic authentication. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..secrets.clientSecret + # id: + description: | + A client secret that varies by connector: + * For an <>, specifies the client secret that you generated for your app in the app registration portal. It is required when the email service is `exchange_server`, which uses OAuth 2.0 client credentials authentication. + * For a <>, <>, or <>, specifies the client secret assigned to the OAuth application. It is required when `xpack.actions.preconfigured..config.isOAuth` is `true`. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + note: "The client secret must be URL-encoded." + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..secrets.email + # id: + description: | + An email address that varies by connector: + * For a <>, specifies the account email for HTTP basic authentication. + * For a <>, specifies the email used to sign in to Tines. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..secrets.password + # id: + description: | + A password secret that varies by connector: + * For an <>, <>, or <>, specifies a password that is required when `xpack.actions.preconfigured..config.hasAuth` is `true`. + * For a <>, <>, or <>, specifies a password that is required when `xpack.actions.preconfigured..config.isOAuth` is `false`. + * For an <>, specifies a password that is required when `xpack.actions.preconfigured..config.usesBasic` is `true`. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..secrets.privateKey + # id: + description: | + For a <>, <>, or <>, specifies the RSA private key. It is required when `xpack.actions.preconfigured..config.isOAuth` is `true`. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..secrets.privateKeyPassword + # id: + description: | + For a <>, <>, or <>, specifies the password for the RSA private key. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..secrets.routingKey + # id: + description: | + For a <>, specifies the 32 character PagerDuty Integration Key for an integration on a service, also referred to as the routing key. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..secrets.secret + # id: + description: | + For an <>, specifies the AWS secret for authentication. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..secrets.secretsUrl + # id: + description: | + For an <> with URL authentication, specifies the request URL for the Elastic Alerts trigger in xMatters with the API key included in the URL. It is used only when `xpack.actions.preconfigured..config.usesBasic` is `false`. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + note: "If you are using the `xpack.actions.allowedHosts` setting, make sure this hostname is added to the allowed hosts." + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..secrets.token + # id: + description: | + A token secret that varies by connector: + * For a <>, specifies the D3 Security token. + * For a <>, specifies the Slack bot user OAuth token. + * For a <>, specifies the Tines API token. + * For a <>, specifies the secret of the webhook authentication header. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..secrets.user + # id: + description: | + A user name secret that varies by connector: + * For an <>, <>, or <>, specifies a user name that is required when `xpack.actions.preconfigured..config.hasAuth` is `true`. + * For an <>, specifies a user name that is required when `xpack.actions.preconfigured..config.usesBasic` is `true`. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..secrets.webhookUrl + # id: + description: | + A URL that varies by connector: + * For a <>, specifies the URL of the incoming webhook. + * For a <>, specifies the Slack webhook URL. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + note: "If you are using the `xpack.actions.allowedHosts` setting, make sure the hostname is added to the allowed hosts." + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.actions.preconfigured..secrets.username + # id: + description: | + For a <>, <>, or <>, specifies a user name that is required when `xpack.actions.preconfigured..config.isOAuth` is `false`. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - group: Alerting settings + id: alert-settings + # description: | + # example: | + settings: + + - setting: xpack.alerting.cancelAlertsOnRuleTimeout + # id: + description: | + Specifies whether to skip writing alerts and scheduling actions if rule processing was cancelled due to a timeout. This setting can be overridden by individual rule types. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: bool + default: true + # options: + # - option: + # description: "" + # type: static/dynamic + platforms: + - cloud + # example: | + + - setting: xpack.alerting.rules.maxScheduledPerMinute + # id: + description: | + Specifies the maximum number of rules to run per minute. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: int + default: 10000 + # options: + # - option: + # description: "" + # type: static/dynamic + # platforms: + # - cloud/serverless/self-managed + # example: | + + - setting: xpack.alerting.rules.minimumScheduleInterval.value + # id: + description: | + Specifies the minimum schedule interval for rules. This minimum is applied to all rules created or updated after you set this value. The time is formatted as a number and a time unit (`s`, `m`, `h`, or `d`). For example, `20m`, `24h`, `7d`. This duration cannot exceed `1d`. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + default: 1m + # options: + # - option: + # description: "" + # type: static/dynamic + platforms: + - cloud + # example: | + + - setting: xpack.alerting.rules.minimumScheduleInterval.enforce + # id: + description: | + Specifies the behavior when a new or changed rule has a schedule interval less than the value defined in `xpack.alerting.rules.minimumScheduleInterval.value`. If `false`, rules with schedules less than the interval will be created but warnings will be logged. If `true`, rules with schedules less than the interval cannot be created. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: bool + default: false + # options: + # - option: + # description: "" + # type: static/dynamic + platforms: + - cloud + # example: | + + - setting: xpack.alerting.rules.run.actions.max + # id: + description: | + Specifies the maximum number of actions that a rule can generate each time detection checks run. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: int + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + platforms: + - cloud + # example: | + + - setting: xpack.alerting.rules.run.alerts.max + # id: + description: | + Specifies the maximum number of alerts that a rule can generate each time detection checks run. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + warning: "The exact number of alerts your cluster can safely handle depends on your cluster configuration and workload, however setting a value higher than the default (`1000`) is not recommended or supported. Doing so could strain system resources and lead to performance issues, delays in alert processing, and potential disruptions during high alert activity periods." + # important: "" + datatype: int + default: 1000 + # options: + # - option: + # description: "" + # type: static/dynamic + platforms: + - cloud + # example: | + + - setting: xpack.alerting.rules.run.timeout + # id: + description: | + Specifies the default timeout for tasks associated with all types of rules. The time is formatted as a number and a time unit (`ms`, `s`, `m`, `h`, `d`, `w`, `M`, or `Y`). For example, `20m`, `24h`, `7d`, `1w`. Default: `5m`. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + platforms: + - cloud + # example: | + + - setting: xpack.alerting.rules.run.ruleTypeOverrides + # id: + description: | + Overrides the configs under `xpack.alerting.rules.run` for the rule type with the given ID. List the rule identifier and its settings in an array of objects. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + platforms: + - cloud + example: | + For example: + + [source,yaml] + -- + xpack.alerting.rules.run: + timeout: '5m' + ruleTypeOverrides: + - id: '.index-threshold' + timeout: '15m' + -- + + - setting: xpack.alerting.rules.run.actions.connectorTypeOverrides + # id: + description: | + Overrides the configs under `xpack.alerting.rules.run.actions` for the connector type with the given ID. List the connector type identifier and its settings in an array of objects. + # state: deprecated/hidden/tech-preview + # deprecation_details: "" + # note: "" + # tip: "" + # warning: "" + # important: "" + datatype: string + # default: + # options: + # - option: + # description: "" + # type: static/dynamic + platforms: + - cloud + example: | + For example: + + [source,yaml] + -- + xpack.alerting.rules.run: + actions: + max: 10 + connectorTypeOverrides: + - id: '.server-log' + max: 5 + -- diff --git a/docs/settings/alert-action-settings.asciidoc b/docs/settings/alert-action-settings.asciidoc index 6bd7eb1e76345..5ca8a4051cbbf 100644 --- a/docs/settings/alert-action-settings.asciidoc +++ b/docs/settings/alert-action-settings.asciidoc @@ -1,5 +1,5 @@ [[alert-action-settings-kb]] -== Alerting and action settings in {kib} +=== Alerting and action settings in {kib} ++++ Alerting and action settings ++++ @@ -9,624 +9,4 @@ :frontmatter-tags-content-type: [reference] :frontmatter-tags-user-goals: [configure] -Alerting and actions are enabled by default in {kib}, but require you to configure the following: - -. <>. -. <>. -. If you are using an *on-premises* Elastic Stack deployment, <>. - -You can configure the following settings in the `kibana.yml` file. - -[float] -[[general-alert-action-settings]] -=== General settings - -`xpack.encryptedSavedObjects.encryptionKey`:: -A string of 32 or more characters used to encrypt sensitive properties on alerting rules and actions before they're stored in {es}. Third party credentials — such as the username and password used to connect to an SMTP service — are an example of encrypted properties. -+ -{kib} offers a <> to help generate this encryption key. -+ -If not set, {kib} will generate a random key on startup, but all alerting and action functions will be blocked. Generated keys are not allowed for alerting and actions because when a new key is generated on restart, existing encrypted data becomes inaccessible. For the same reason, alerting and actions in high-availability deployments of {kib} will behave unexpectedly if the key isn't the same on all instances of {kib}. -+ -Although the key can be specified in clear text in `kibana.yml`, it's recommended to store this key securely in the <>. -Be sure to back up the encryption key value somewhere safe, as your alerting rules and actions will cease to function due to decryption failures should you lose it. If you want to rotate the encryption key, be sure to follow the instructions on <>. - -[float] -[[action-settings]] -=== Action settings - -`xpack.actions.allowedHosts` {ess-icon}:: -A list of hostnames that {kib} is allowed to connect to when built-in actions are triggered. It defaults to `["*"]`, allowing any host, but keep in mind the potential for SSRF attacks when hosts are not explicitly added to the allowed hosts. An empty list `[]` can be used to block built-in actions from making any external connections. -+ -Note that hosts associated with built-in actions, such as Slack and PagerDuty, are not automatically added to allowed hosts. If you are not using the default `["*"]` setting, you must ensure that the corresponding endpoints are added to the allowed hosts as well. - -`xpack.actions.customHostSettings` {ess-icon}:: -A list of custom host settings to override existing global settings. -Default: an empty list. -+ -Each entry in the list must have a `url` property, to associate a connection -type (mail or https), hostname and port with the remaining options in the -entry. -+ -In the following example, two custom host settings -are defined. The first provides a custom host setting for mail server -`mail.example.com` using port 465 that supplies server certificate authentication -data from both a file and inline, and requires TLS for the -connection. The second provides a custom host setting for https server -`webhook.example.com` which turns off server certificate authentication, -that will allow Kibana to connect to the server if it's using a self-signed -certificate. The individual properties that can be used in the settings are -documented below. -+ -[source,yaml] --- -xpack.actions.customHostSettings: - - url: smtp://mail.example.com:465 - ssl: - verificationMode: 'full' - certificateAuthoritiesFiles: [ 'one.crt' ] - certificateAuthoritiesData: | - -----BEGIN CERTIFICATE----- - MIIDTD... - CwUAMD... - ... multiple lines of certificate data ... - -----END CERTIFICATE----- - smtp: - requireTLS: true - - url: https://webhook.example.com - ssl: - verificationMode: 'none' --- -+ -The settings in `xpack.actions.customHostSettings` can be used to override the -global option `xpack.actions.ssl.verificationMode` and provide customized TLS -settings on a per-server basis. Set `xpack.actions.ssl.verificationMode` to the -value to be used by default for all servers, then add an entry in -`xpack.actions.customHostSettings` for every server that requires customized -settings. - -`xpack.actions.customHostSettings[n].url` {ess-icon}:: -A URL associated with this custom host setting. Should be in the form of -`protocol://hostname:port`, where `protocol` is `https` or `smtp`. If the -port is not provided, 443 is used for `https` and 25 is used for -`smtp`. The `smtp` URLs are used for the Email actions that use this -server, and the `https` URLs are used for actions which use `https` to -connect to services. -+ -Entries with `https` URLs can use the `ssl` options, and entries with `smtp` -URLs can use both the `ssl` and `smtp` options. -+ -No other URL values should be part of this URL, including paths, -query strings, and authentication information. When an http or smtp request -is made as part of running an action, only the protocol, hostname, and -port of the URL for that request are used to look up these configuration -values. - -`xpack.actions.customHostSettings[n].smtp.ignoreTLS` {ess-icon}:: -A boolean value indicating that TLS must not be used for this connection. -The options `smtp.ignoreTLS` and `smtp.requireTLS` can not both be set to true. -Default: `false`. - -`xpack.actions.customHostSettings[n].smtp.requireTLS` {ess-icon}:: -A boolean value indicating that TLS must be used for this connection. -The options `smtp.ignoreTLS` and `smtp.requireTLS` can not both be set to true. -Default: `false`. - -[[action-config-custom-host-verification-mode]] `xpack.actions.customHostSettings[n].ssl.verificationMode` {ess-icon}:: -Controls the verification of the server certificate that {kib} receives when making an outbound SSL/TLS connection to the host server. Valid values are `full`, `certificate`, and `none`. -Use `full` to perform hostname verification, `certificate` to skip hostname verification, and `none` to skip verification. Default: `full`. <>. Overrides the general `xpack.actions.ssl.verificationMode` configuration -for requests made for this hostname/port. - -`xpack.actions.customHostSettings[n].ssl.certificateAuthoritiesFiles`:: -A file name or list of file names of PEM-encoded certificate files to use -to validate the server. - -`xpack.actions.customHostSettings[n].ssl.certificateAuthoritiesData` {ess-icon}:: -The contents of one or more PEM-encoded certificate files in multiline format. -This configuration can be used for environments where the files cannot be made available. - -[[action-config-email-domain-allowlist]] `xpack.actions.email.domain_allowlist` {ess-icon}:: -A list of allowed email domains which can be used with the email connector. When this setting is not used, all email domains are allowed. When this setting is used, if any email is attempted to be sent that (a) includes an addressee with an email domain that is not in the allowlist, or (b) includes a from address domain that is not in the allowlist, it will fail with a message indicating the email is not allowed. -+ -WARNING: This feature is available in {kib} 7.17.4 and 8.3.0 onwards but is not supported in {kib} 8.0, 8.1 or 8.2. As such, this setting should be removed before upgrading from 7.17 to 8.0, 8.1 or 8.2. It is possible to configure the settings in 7.17.4 and then upgrade to 8.3.0 directly. - -`xpack.actions.enableFooterInEmail` {ess-icon}:: -A boolean value indicating that a footer with a relevant link should be added to emails sent as alerting actions. Default: true. - -`xpack.actions.enabledActionTypes` {ess-icon}:: -A list of action types that are enabled. It defaults to `["*"]`, enabling all types. The names for built-in {kib} action types are prefixed with a `.` and include: `.email`, `.index`, `.jira`, `.opsgenie`, `.pagerduty`, `.resilient`, `.server-log`, `.servicenow`, .`servicenow-itom`, `.servicenow-sir`, `.slack`, `.swimlane`, `.teams`, `.thehive`, `.tines`, `.torq`, `.xmatters`, `.gen-ai`, `.bedrock`, `.gemini`, `.d3security`, and `.webhook`. An empty list `[]` will disable all action types. -+ --- -Disabled action types will not appear as an option when creating new connectors, but existing connectors and actions of that type will remain in {kib} and will not function. - -IMPORTANT: <> are not affected by this setting. --- - -`xpack.actions.microsoftExchangeUrl`:: -The URL for the Microsoft Azure Active Directory endpoint to use for MS Exchange email authentication. Default: `https://login.microsoftonline.com`. - -`xpack.actions.microsoftGraphApiUrl`:: -The URL for the Microsoft Graph API endpoint to use for MS Exchange email authentication. Default: `https://graph.microsoft.com/v1.0`. - -`xpack.actions.microsoftGraphApiScope`:: -The URL for the Microsoft Graph API scope endpoint to use for MS Exchange email authentication. Default: `https://graph.microsoft.com/.default`. - -`xpack.actions.proxyUrl` {ess-icon}:: -Specifies the proxy URL to use, if using a proxy for actions. By default, no proxy is used. -+ -Proxies may be used to proxy http or https requests through a proxy using the http or https protocol. Kibana only uses proxies in "CONNECT" mode (sometimes referred to as "tunneling" TCP mode, compared to HTTP mode). That is, Kibana will always make requests through a proxy using the HTTP `CONNECT` method. -+ -If your proxy is using the https protocol (vs the http protocol), the setting `xpack.actions.ssl.proxyVerificationMode: none` will likely be needed, unless your proxy's certificates are signed using a publicly available certificate authority. -+ -There is currently no support for using basic authentication with a proxy (authentication for the proxy itself, not the URL being requested through the proxy). -+ -To help diagnose problems using a proxy, you can use the `curl` command with options to use your proxy, and log debug information, with the following command, replacing the proxy and target URLs as appropriate. This will force the request to be made to the -proxy in tunneling mode, and display some of the interaction between the client and the proxy. -+ -[source,sh] --- -curl --verbose --proxytunnel --proxy http://localhost:8080 http://example.com --- - -`xpack.actions.proxyBypassHosts` {ess-icon}:: -Specifies hostnames which should not use the proxy, if using a proxy for actions. The value is an array of hostnames as strings. Example: -+ -[source,yaml] ----- -# If applicable, include the subdomain in the hostname -xpack.actions.proxyBypassHosts: [ "events.pagerduty.com" ] ----- -+ -By default, all hosts will use the proxy, but if an action's hostname is in this list, the proxy will not be used. The settings `xpack.actions.proxyBypassHosts` and `xpack.actions.proxyOnlyHosts` cannot be used at the same time. - -`xpack.actions.proxyOnlyHosts` {ess-icon}:: -Specifies hostnames which should only use the proxy, if using a proxy for actions. The value is an array of hostnames as strings. Example: -+ -[source,yaml] ----- -# If applicable, include the subdomain in the hostname -xpack.actions.proxyOnlyHosts: [ "events.pagerduty.com" ] ----- -+ -By default, no hosts will use the proxy, but if an action's hostname is in this list, the proxy will be used. The settings `xpack.actions.proxyBypassHosts` and `xpack.actions.proxyOnlyHosts` cannot be used at the same time. - -`xpack.actions.proxyHeaders` {ess-icon}:: -Specifies HTTP headers for the proxy, if using a proxy for actions. Default: {}. - -[[action-config-proxy-verification-mode]]`xpack.actions.ssl.proxyVerificationMode` {ess-icon}:: -Controls the verification for the proxy server certificate that Kibana receives when making an outbound SSL/TLS connection to the proxy server. Valid values are `full`, `certificate`, and `none`. -Use `full` to perform hostname verification, `certificate` to skip hostname verification, and `none` to skip verification. Default: `full`. <>. - -[[action-config-verification-mode]] `xpack.actions.ssl.verificationMode` {ess-icon}:: -Controls the verification for the server certificate that {hosted-ems} receives when making an outbound SSL/TLS connection for actions. Valid values are `full`, `certificate`, and `none`. -Use `full` to perform hostname verification, `certificate` to skip hostname verification, and `none` to skip verification. Default: `full`. <>. -+ -This setting can be overridden for specific URLs by using the setting -`xpack.actions.customHostSettings[n].ssl.verificationMode` (described above) to a different value. - -`xpack.actions.maxResponseContentLength` {ess-icon}:: -Specifies the max number of bytes of the http response for requests to external resources. Default: 1000000 (1MB). - -`xpack.actions.responseTimeout` {ess-icon}:: -Specifies the time allowed for requests to external resources. Requests that take longer are canceled. -The time is formatted as a number and a time unit (`ms`, `s`, `m`, `h`, `d`, `w`, `M`, or `Y`). -For example, `20m`, `24h`, `7d`, `1w`. Default: `60s`. - -`xpack.actions.run.maxAttempts` {ess-icon}:: -Specifies the maximum number of times an action can be attempted to run. Can be minimum 1 and maximum 10. - -`xpack.actions.run.connectorTypeOverrides` {ess-icon}:: -Overrides the configs under `xpack.actions.run` for the connector type with the given ID. List the connector type identifier and its settings in an array of objects. For example: -+ -[source,yaml] --- -xpack.actions.run: - maxAttempts: 1 - connectorTypeOverrides: - - id: '.server-log' - maxAttempts: 5 --- - -`xpack.actions.queued.max` {ess-icon}:: -Specifies the maximum number of actions that can be queued. Default: 1000000 - -[float] -[[preconfigured-connector-settings]] -=== Preconfigured connector settings - -These settings vary depending on which type of preconfigured connector you're adding. -For example: - -[source,yaml] ----------------------------------------- -xpack.actions.preconfigured: - my-server-log: - name: preconfigured-server-log-connector-type - actionTypeId: .server-log ----------------------------------------- - -For more examples, go to <>. - -`xpack.actions.preconfiguredAlertHistoryEsIndex` {ess-icon}:: -Enables a preconfigured alert history {es} <> connector. Default: `false`. - -`xpack.actions.preconfigured`:: -Specifies configuration details that are specific to the type of preconfigured connector. - -`xpack.actions.preconfigured..actionTypeId`:: -The type of preconfigured connector. -For example: `.email`, `.index`, `.opsgenie`, `.server-log`, `.resilient`, `.slack`, and `.webhook`. - -`xpack.actions.preconfigured..config`:: -The configuration details, which are specific to the type of preconfigured connector. - -`xpack.actions.preconfigured..config.apiProvider`:: -For a <>, specifies the OpenAI API provider, either `OpenAI` or `Azure OpenAI`. - -`xpack.actions.preconfigured..config.apiUrl`:: -A configuration URL that varies by connector: -+ --- -* For an <>, specifies the {bedrock} request URL. -* For an <>, specifies the {gemini} request URL. -* For a <>, specifies the OpenAI request URL. -* For a <>, specifies the {ibm-r} instance URL. -* For a <>, specifies the Jira instance URL. -* For an <>, specifies the {opsgenie} URL. For example, `https://api.opsgenie.com` or `https://api.eu.opsgenie.com`. -* For a <>, specifies the PagerDuty event URL. Defaults to `https://events.pagerduty.com/v2/enqueue`. -* For a <>, <>, or <> specifies the ServiceNow instance URL. -* For a <>, specifies the {swimlane} instance URL. -// ifeval::["featureAIConnector"=="true"] -// * For an <>, specifies the Elastic {inference} request. -// endif::[] -NOTE: If you are using the `xpack.actions.allowedHosts` setting, make sure the hostname in the URL is added to the allowed hosts. --- - -`xpack.actions.preconfigured..config.appId`:: -An application ID that varies by connector: -+ --- -* For a <>, specifies a {swimlane} application identifier. --- - -`xpack.actions.preconfigured..config.clientId`:: -A client identifier that varies by connector: -+ --- -* For an <>, specifies a GUID format value that corresponds to the client ID, which is a part of OAuth 2.0 client credentials authentication. -* For a <>, <>, or <> specifies the client identifier assigned to the OAuth application. --- - -`xpack.actions.preconfigured..config.configUrl`:: -For an <> with basic authentication, specifies the request URL for the Elastic Alerts trigger in xMatters. - -`xpack.actions.preconfigured..config.createCommentJson`:: -For a <>, specifies a stringified JSON payload with Mustache variables that is sent to the create comment URL to create a case comment. The required variable is `case.description`. -+ -NOTE: The JSON is validated after the Mustache variables have been placed when the REST method runs. You should manually ensure that the JSON is valid, disregarding the Mustache variables, so the later validation will pass. - -`xpack.actions.preconfigured..config.createCommentMethod`:: -For a <>, specifies the REST API HTTP request method to create a case comment in the third-party system. -For example: `post`, `put`(default), or `patch`. - -`xpack.actions.preconfigured..config.createCommentUrl`:: -For a <>, specifies a REST API URL string to create a case comment by ID in the third-party system. -+ -NOTE: If you are using the `xpack.actions.allowedHosts` setting, make sure the hostname in the URL is added to the allowed hosts. - -`xpack.actions.preconfigured..config.createIncidentJson`:: -For a <>, specifies a stringified JSON payload with Mustache variables that is sent to the create case URL to create a case. Required variables are `case.title` and `case.description`. -+ -NOTE: The JSON is validated after the Mustache variables have been placed when the REST method runs. You should manually ensure that the JSON is valid, disregarding the Mustache variables, so the later validation will pass. - -`xpack.actions.preconfigured..config.createIncidentMethod`:: -For a <>, specifies the REST API HTTP request method to create a case in the third-party system, either `post`(default), `put`, or `patch`. - -`xpack.actions.preconfigured..config.createIncidentUrl`:: -For a <>, specifies a REST API URL string to create a case in the third-party system. -+ -NOTE: If you are using the `xpack.actions.allowedHosts` setting, make sure the hostname in the URL is added to the allowed hosts. - -`xpack.actions.preconfigured..config.createIncidentResponseKey`:: -For a <>, specifies a string from the response body of the create case method that corresponds to the external service identifier. - -`xpack.actions.preconfigured..config.defaultModel`:: -The default model to use for requests, which varies by connector: -+ --- -* For an <>, current support is for the Anthropic Claude models. Defaults to `anthropic.claude-3-5-sonnet-20240620-v1:0`. -* For a <>, current support is for the Gemini models. Defaults to `gemini-1.5-pro-002`. -* For a <>, it is optional and applicable only when `xpack.actions.preconfigured..config.apiProvider` is `OpenAI`. --- - -`xpack.actions.preconfigured..config.executionTimeField`:: -For an <>, a field that indicates when the document was indexed. - -`xpack.actions.preconfigured..config.from`:: -For an <>, specifies the from address for all emails sent by the connector. -It must be specified in `user@host-name` format. - -`xpack.actions.preconfigured..config.getIncidentResponseExternalTitleKey`:: -For a <>, specifies a string from the response body of the get case method that corresponds to the external service title. - -`xpack.actions.preconfigured..config.getIncidentUrl`:: -For a <>, specifies a REST API URL string with an external service ID Mustache variable to get the case from the third-party system. -+ -NOTE: If you are using the `xpack.actions.allowedHosts` setting, make sure the hostname in the URL is added to the allowed hosts. - -`xpack.actions.preconfigured..config.hasAuth`:: -For an <>, <>, or <>, specifies whether a user and password are required inside the secrets configuration. Defaults to `true`. - -`xpack.actions.preconfigured..config.headers`:: -For a <> or <>, specifies a set of key-value pairs sent as headers with the request. - -`xpack.actions.preconfigured..config.host`:: -For an <>, specifies the host name of the service provider. - -`xpack.actions.preconfigured..config.index`:: -For an <>, specifies the {es} index. - -`xpack.actions.preconfigured..config.isOAuth`:: -For a <>, <>, or <>, specifies whether to use basic or OAuth authentication. - -`xpack.actions.preconfigured..config.jwtKeyId`:: -For a <>, <>, or <>, specifies the key ID assigned to the JWT verifier map of your OAuth application. It is required when `xpack.actions.preconfigured..config.isOAuth` is `true`. - -`xpack.actions.preconfigured..config.mappings`:: -For a <>, specifies field mappings. - -`xpack.actions.preconfigured..config.mappings.alertIdConfig`:: -For a <>, field mapping for the alert identifier. -You must provide `fieldtype`, `id`, `key`, and `name` values. - -`xpack.actions.preconfigured..config.mappings.caseIdConfig`:: -For a <>, field mapping for the case identifier. -You must provide `fieldtype`, `id`, `key`, and `name` values. - -`xpack.actions.preconfigured..config.mappings.caseNameConfig`:: -For a <>, field mapping for the case name. -You must provide `fieldtype`, `id`, `key`, and `name` values. - -`xpack.actions.preconfigured..config.mappings.commentsConfig`:: -For a <>, field mapping for the case comments. -You must provide `fieldtype`, `id`, `key`, and `name` values. - -`xpack.actions.preconfigured..config.mappings.descriptionConfig`:: -For a <>, field mapping for the case description. -You must provide `fieldtype`, `id`, `key`, and `name` values. - -`xpack.actions.preconfigured..config.mappings.ruleNameConfig`:: -For a <>, field mapping for the rule name. -You must provide `fieldtype`, `id`, `key`, and `name` values. - -`xpack.actions.preconfigured..config.mappings.severityConfig`:: -For a <>, specifies a field mapping for the severity. -You must provide `fieldtype`, `id`, `key`, and `name` values. - -`xpack.actions.preconfigured..config.method`:: -For a <>, specifies the HTTP request method, either `post` or `put`. Defaults to `post`. - -`xpack.actions.preconfigured..config.orgId`:: -For an <>, specifies the {ibm-r} organization identifier. - -`xpack.actions.preconfigured..config.port`:: -For an <>, specifies the port to connect to on the service provider. - -`xpack.actions.preconfigured..config.projectKey`:: -For a <>, specifies the Jira project key. - -`xpack.actions.preconfigured..config.secure`:: -For an <>, specifies whether the connection will use TLS when connecting to the service provider. If not true, the connection will initially connect over TCP then attempt to switch to TLS via the SMTP STARTTLS command. - -`xpack.actions.preconfigured..config.service`:: -For an <>, specifies the name of the email service. For example, `elastic_cloud`, `exchange_server`, `gmail`, `other`, `outlook365`, or `ses`. - -`xpack.actions.preconfigured..config.tenantId`:: -For an <>, specifies a GUID format value that corresponds to a tenant ID, which is a part of OAuth 2.0 client credentials authentication. - -`xpack.actions.preconfigured..config.updateIncidentJson`:: -For a <>, specifies a stringified JSON payload with Mustache variables that is sent to the update case URL to update a case. Required variables are `case.title` and `case.description`. -+ -NOTE: The JSON is validated after the Mustache variables have been placed when the REST method runs. You should manually ensure that the JSON is valid, disregarding the Mustache variables, so the later validation will pass. - -`xpack.actions.preconfigured..config.updateIncidentMethod`:: -For a <>, specifies the REST API HTTP request method to update the case in the third-party system. -For example: `post`, `put`(default), or `patch`. - -`xpack.actions.preconfigured..config.updateIncidentUrl`:: -For a <>, specifies the REST API URL to update the case by ID in the third-party system. -+ -NOTE: If you are using the `xpack.actions.allowedHosts` setting, make sure the hostname in the URL is added to the allowed hosts. - -`xpack.actions.preconfigured..config.url`:: -A configuration URL that varies by connector: -+ --- -* For a <>, specifies the D3 Security API request URL. -* For a <>, specifies the Tines tenant URL. -* For a <>, specifies the web service request URL. - -NOTE: If you are using the `xpack.actions.allowedHosts` setting, make sure this hostname is added to the allowed hosts. --- - -`xpack.actions.preconfigured..config.userIdentifierValue`:: -For a <>, <>, or <>, specifies the user identifier. It is required when required when `xpack.actions.preconfigured..config.isOAuth` is `true`. - -`xpack.actions.preconfigured..config.usesBasic`:: -For an <>, specifies whether it uses HTTP basic authentication. Defaults to `true`. - -`xpack.actions.preconfigured..config.usesTableApi`:: -For a <> or <>, specifies whether the connector uses the Table API or the Import Set API. -If set to `false`, the Elastic application should be installed in ServiceNow. - -`xpack.actions.preconfigured..config.viewIncidentUrl`:: -For a <>, specifies a URL string with either the external service ID or external service title Mustache variable to view a case in the external system. - -`xpack.actions.preconfigured..config.webhookIntegrationUrl`:: -For a <>, specifies the endpoint URL of the Elastic Security integration in Torq. - -`xpack.actions.preconfigured..name`:: -The name of the preconfigured connector. - -`xpack.actions.preconfigured..secrets`:: -Sensitive configuration details, such as username, password, and keys, which are specific to the connector type. -+ -TIP: Sensitive properties, such as passwords, should be stored in the <>. - -`xpack.actions.preconfigured..secrets.accessKey`:: -For an <>, specifies the AWS access key for authentication. - -`xpack.actions.preconfigured..secrets.apikey`:: -An API key secret that varies by connector: - -`xpack.actions.preconfigured..secrets.credentialsJson`:: -For an <>, specifies the GCP service account credentials JSON file for authentication. -+ --- -* For a <>, specifies the OpenAI or Azure OpenAI API key for authentication. -* For an <>, specifies the {opsgenie} API authentication key for HTTP basic authentication. --- - -`xpack.actions.preconfigured..secrets.apiKeyId`:: -For an <>, specifies the authentication key ID for HTTP basic authentication. - -`xpack.actions.preconfigured..secrets.apiKeySecret`:: -For an <>, specifies the authentication key secret for HTTP basic authentication. - -`xpack.actions.preconfigured..secrets.apiToken`:: -For a <> or <>, specifies the API authentication token for HTTP basic authentication. - -`xpack.actions.preconfigured..secrets.clientSecret`:: -A client secret that varies by connector: -+ --- -* For an <>, specifies the client secret that you generated for your app in the app registration portal. It is required when the email service is `exchange_server`, which uses OAuth 2.0 client credentials authentication. -* For a <>, <>, or <>, specifies the client secret assigned to the OAuth application. It is required when `xpack.actions.preconfigured..config.isOAuth` is `true`. - -NOTE: The client secret must be URL-encoded. --- - -`xpack.actions.preconfigured..secrets.email`:: -An email address that varies by connector: -+ --- -* For a <>, specifies the account email for HTTP basic authentication. -* For a <>, specifies the email used to sign in to Tines. --- - -`xpack.actions.preconfigured..secrets.password`:: -A password secret that varies by connector: -+ --- - -* For an <>, <>, or <>, specifies a password that is required when `xpack.actions.preconfigured..config.hasAuth` is `true`. -* For a <>, <>, or <>, specifies a password that is required when `xpack.actions.preconfigured..config.isOAuth` is `false`. -* For an <>, specifies a password that is required when `xpack.actions.preconfigured..config.usesBasic` is `true`. --- - -`xpack.actions.preconfigured..secrets.privateKey`:: -For a <>, <>, or <>, specifies the RSA private key. It is required when `xpack.actions.preconfigured..config.isOAuth` is `true`. - -`xpack.actions.preconfigured..secrets.privateKeyPassword`:: -For a <>, <>, or <>, specifies the password for the RSA private key. - -`xpack.actions.preconfigured..secrets.routingKey`:: -For a <>, specifies the 32 character PagerDuty Integration Key for an integration on a service, also referred to as the routing key. - -`xpack.actions.preconfigured..secrets.secret`:: -For an <>, specifies the AWS secret for authentication. - -`xpack.actions.preconfigured..secrets.secretsUrl`:: -For an <> with URL authentication, specifies the request URL for the Elastic Alerts trigger in xMatters with the API key included in the URL. -It is used only when `xpack.actions.preconfigured..config.usesBasic` is `false`. -+ -NOTE: If you are using the `xpack.actions.allowedHosts` setting, make sure this hostname is added to the allowed hosts. - -`xpack.actions.preconfigured..secrets.token`:: -A token secret that varies by connector: -+ --- -* For a <>, specifies the D3 Security token. -* For a <>, specifies the Slack bot user OAuth token. -* For a <>, specifies the Tines API token. -* For a <>, specifies the secret of the webhook authentication header. --- - -`xpack.actions.preconfigured..secrets.user`:: -A user name secret that varies by connector: -+ --- -* For an <>, <>, or <>, specifies a user name that is required when `xpack.actions.preconfigured..config.hasAuth` is `true`. -* For an <>, specifies a user name that is required when `xpack.actions.preconfigured..config.usesBasic` is `true`. --- - -`xpack.actions.preconfigured..secrets.webhookUrl`:: -A URL that varies by connector: -+ --- -* For a <>, specifies the URL of the incoming webhook. -For a <>, specifies the Slack webhook URL. - -NOTE: If you are using the `xpack.actions.allowedHosts` setting, make sure the hostname is added to the allowed hosts. --- - -`xpack.actions.preconfigured..secrets.username`:: -For a <>, <>, or <>, specifies a user name that is required when `xpack.actions.preconfigured..config.isOAuth` is `false`. - -[float] -[[alert-settings]] -=== Alerting settings - -`xpack.alerting.cancelAlertsOnRuleTimeout` {ess-icon}:: -Specifies whether to skip writing alerts and scheduling actions if rule -processing was cancelled due to a timeout. Default: `true`. This setting can be -overridden by individual rule types. - -`xpack.alerting.rules.maxScheduledPerMinute`:: -Specifies the maximum number of rules to run per minute. Default: 10000 - -`xpack.alerting.rules.minimumScheduleInterval.value` {ess-icon}:: -Specifies the minimum schedule interval for rules. This minimum is applied to all rules created or updated after you set this value. -The time is formatted as a number and a time unit (`s`, `m`, `h`, or `d`). -For example, `20m`, `24h`, `7d`. This duration cannot exceed `1d`. Default: `1m`. - -`xpack.alerting.rules.minimumScheduleInterval.enforce` {ess-icon}:: -Specifies the behavior when a new or changed rule has a schedule interval less than the value defined in `xpack.alerting.rules.minimumScheduleInterval.value`. If `false`, rules with schedules less than the interval will be created but warnings will be logged. If `true`, rules with schedules less than the interval cannot be created. Default: `false`. - -`xpack.alerting.rules.run.actions.max` {ess-icon}:: -Specifies the maximum number of actions that a rule can generate each time detection checks run. - -`xpack.alerting.rules.run.alerts.max` {ess-icon}:: -Specifies the maximum number of alerts that a rule can generate each time detection checks run. Default: 1000. -+ -WARNING: The exact number of alerts your cluster can safely handle depends on your cluster configuration and workload, however setting a value higher than the default (`1000`) is not recommended or supported. Doing so could strain system resources and lead to performance issues, delays in alert processing, and potential disruptions during high alert activity periods. - -`xpack.alerting.rules.run.timeout` {ess-icon}:: -Specifies the default timeout for tasks associated with all types of rules. -The time is formatted as a number and a time unit (`ms`, `s`, `m`, `h`, `d`, `w`, `M`, or `Y`). -For example, `20m`, `24h`, `7d`, `1w`. Default: `5m`. - -`xpack.alerting.rules.run.ruleTypeOverrides` {ess-icon}:: -Overrides the configs under `xpack.alerting.rules.run` for the rule type with the given ID. List the rule identifier and its settings in an array of objects. For example: -+ -[source,yaml] --- -xpack.alerting.rules.run: - timeout: '5m' - ruleTypeOverrides: - - id: '.index-threshold' - timeout: '15m' --- - -`xpack.alerting.rules.run.actions.connectorTypeOverrides` {ess-icon}:: -Overrides the configs under `xpack.alerting.rules.run.actions` for the connector type with the given ID. List the connector type identifier and its settings in an array of objects. For example: -+ -[source,yaml] --- -xpack.alerting.rules.run: - actions: - max: 10 - connectorTypeOverrides: - - id: '.server-log' - max: 5 --- +include::../settings-gen/source/kibana-alert-action-settings.asciidoc[] diff --git a/docs/setup/settings.asciidoc b/docs/setup/settings.asciidoc index aba0eb3a6bab5..14c691e17408b 100644 --- a/docs/setup/settings.asciidoc +++ b/docs/setup/settings.asciidoc @@ -653,7 +653,7 @@ Set this value to change the {kib} interface language. Valid locales are: `en`, `zh-CN`, `ja-JP`, `fr-FR`. *Default: `en`* include::{kibana-root}/docs/settings/ai-assistant-settings.asciidoc[] -include::{kibana-root}/docs/settings/alert-action-settings.asciidoc[leveloffset=+1] +include::{kibana-root}/docs/settings/alert-action-settings.asciidoc[] include::{kibana-root}/docs/settings/apm-settings.asciidoc[] include::{kibana-root}/docs/settings/banners-settings.asciidoc[] include::{kibana-root}/docs/settings/cases-settings.asciidoc[leveloffset=+1]