diff --git a/docs/management/cases/cases.asciidoc b/docs/management/cases/cases.asciidoc new file mode 100644 index 0000000000000..ec61e6342f1e6 --- /dev/null +++ b/docs/management/cases/cases.asciidoc @@ -0,0 +1,20 @@ +[[cases]] +== Cases + +preview::[] + +Cases are used to open and track issues directly in {kib}. All cases list +the original reporter and all the users who contribute to a case (_participants_). +You can also send cases to third party systems by configuring external connectors. + +[role="screenshot"] +image::images/cases.png[Cases page] + +NOTE: If you create cases in the {observability} or {security-app}, they are not +visible in *{stack-manage-app}*. Likewise, the cases you create in +*{stack-manage-app}* are not visible in the {observability} or {security-app}. +You also cannot attach alerts from the {observability} or {security-app} to +cases in *{stack-manage-app}*. + +* <> +* <> \ No newline at end of file diff --git a/docs/management/cases/images/cases-visualization.png b/docs/management/cases/images/cases-visualization.png new file mode 100644 index 0000000000000..77f249f26d091 Binary files /dev/null and b/docs/management/cases/images/cases-visualization.png differ diff --git a/docs/management/cases/images/cases.png b/docs/management/cases/images/cases.png new file mode 100644 index 0000000000000..7b0c551cb6903 Binary files /dev/null and b/docs/management/cases/images/cases.png differ diff --git a/docs/management/cases/index.asciidoc b/docs/management/cases/index.asciidoc new file mode 100644 index 0000000000000..86e68cbfbe77f --- /dev/null +++ b/docs/management/cases/index.asciidoc @@ -0,0 +1,4 @@ +include::cases.asciidoc[] +include::setup-cases.asciidoc[leveloffset=+1] +include::manage-cases.asciidoc[leveloffset=+1] +//=== Configure external connectors \ No newline at end of file diff --git a/docs/management/cases/manage-cases.asciidoc b/docs/management/cases/manage-cases.asciidoc new file mode 100644 index 0000000000000..e8b46f3e14870 --- /dev/null +++ b/docs/management/cases/manage-cases.asciidoc @@ -0,0 +1,71 @@ +[[manage-cases]] +== Open and manage cases + +preview::[] + +[[open-case]] +=== Open a new case + +Open a new case to keep track of issues and share their details with colleagues. + +. Go to *Management > {stack-manage-app} > Cases*, then click *Create case*. + +. Give the case a name, add any relevant tags and a description. ++ +TIP: In the `Description` area, you can use +https://www.markdownguide.org/cheat-sheet[Markdown] syntax to create formatted +text. + +. For *External incident management system*, select a connector. If you've +previously added one, that connector displays as the default selection. +Otherwise, the default setting is `No connector selected`. + +. After you've completed all of the required fields, click *Create case*. + +[[add-case-visualization]] +=== Add a visualization + +After you create a case, you can optionally add a visualization. For +example, you can portray event and alert data through charts and graphs. + +[role="screenshot"] +image::images/cases-visualization.png[Cases page] + +To add a visualization to a comment within your case: + +. Click the *Visualization* button. The *Add visualization* dialog appears. + +. Select an existing visualization from your Visualize Library or create a new +visualization. ++ +IMPORTANT: Set an absolute time range for your visualization. This ensures your +visualization doesn't change over time after you save it to your case and +provides important context for viewers. + +. After you've finished creating your visualization, click *Save and return* to +go back to your case. + +. Click *Preview* to see how the visualization will appear in the case comment. + +. Click *Add Comment* to add the visualization to your case. + +After a visualization has been added to a case, you can modify or interact with +it by clicking the *Open Visualization* option in the comment menu. + +[[manage-case]] +=== Manage cases + +In *Management > {stack-manage-app} > Cases*, you can search cases and filter +them by tags, reporter. + +To view a case, click on its name. You can then: + +* Add a new comment. +* Edit existing comments and the description. +* Add a connector. +* Send updates to external systems (if external connections are configured). +* Edit tags. +* Refresh the case to retrieve the latest updates. +* Change the status. +* Close or delete the case. +* Reopen a closed case. \ No newline at end of file diff --git a/docs/management/cases/setup-cases.asciidoc b/docs/management/cases/setup-cases.asciidoc new file mode 100644 index 0000000000000..b0d68a22d9915 --- /dev/null +++ b/docs/management/cases/setup-cases.asciidoc @@ -0,0 +1,28 @@ +[[setup-cases]] +== Configure access to cases + +preview::[] + +To access cases in *{stack-manage-app}*, you must have the appropriate {kib} +privileges: + +[options="header"] +|=== + +| Action | {kib} privileges +| Give full access to manage cases +a| +* `All` for the *Cases* feature under *Management*. +* `All` for the *Actions and Connectors* feature under *Management*. + +NOTE: The `All` *Actions and Connectors* feature privilege is required to +create, add, delete, and modify case connectors and to send updates to external +systems. + +| Give view-only access for cases | `Read` for the *Cases* feature under *Management*. + +| Revoke all access to cases | `None` for the *Cases* feature under *Management*. + +|=== + +For more details, refer to <>. diff --git a/docs/user/management.asciidoc b/docs/user/management.asciidoc index 6c309d56f2294..908cdc792431c 100644 --- a/docs/user/management.asciidoc +++ b/docs/user/management.asciidoc @@ -78,6 +78,9 @@ You can add and remove remote clusters, and check their connectivity. | Centrally <> across {kib}. Create and <> for triggering actions. +| <> +| Create and manage cases to investigate issues. + | <> | Monitor the generation of reports—PDF, PNG, and CSV—and download reports that you previously generated. A report can contain a dashboard, visualization, saved search, or Canvas workpad. @@ -175,6 +178,8 @@ see the https://www.elastic.co/subscriptions[subscription page]. include::{kib-repo-dir}/management/advanced-options.asciidoc[] +include::{kib-repo-dir}/management/cases/index.asciidoc[] + include::{kib-repo-dir}/management/action-types.asciidoc[] include::{kib-repo-dir}/management/managing-licenses.asciidoc[]