[DOCS] Add Stack Management cases

docs/management/cases/cases.asciidoc

@@ -0,0 +1,20 @@
+[[cases]]
+== Cases
+
+preview::[]
+
+Cases are used to open and track issues directly in {kib}. All cases list
+the original reporter and all the users who contribute to a case (_participants_).
+You can also send cases to third party systems by configuring external connectors.
+
+[role="screenshot"]
+image::images/cases.png[Cases page]
+
+NOTE: If you create cases in the {observability} or {security-app}, they are not
+visible in *{stack-manage-app}*. Likewise, the cases you create in
+*{stack-manage-app}* are not visible in the {observability} or {security-app}.
+You also cannot attach alerts from the {observability} or {security-app} to
+cases in *{stack-manage-app}*.
+
+* <<setup-cases>>
+* <<manage-cases>>

docs/management/cases/index.asciidoc

@@ -0,0 +1,4 @@
+include::cases.asciidoc[]
+include::setup-cases.asciidoc[leveloffset=+1]
+include::manage-cases.asciidoc[leveloffset=+1]
+//=== Configure external connectors

docs/management/cases/manage-cases.asciidoc

@@ -0,0 +1,71 @@
+[[manage-cases]]
+== Open and manage cases
+
+preview::[]
+
+[[open-case]]
+=== Open a new case
+
+Open a new case to keep track of issues and share their details with colleagues.
+
+. Go to *Management > {stack-manage-app} > Cases*, then click *Create case*.
+
+. Give the case a name, add any relevant tags and a description.
++
+TIP: In the `Description` area, you can use
+https://www.markdownguide.org/cheat-sheet[Markdown] syntax to create formatted
+text.
+
+. For *External incident management system*, select a connector. If you've
+previously added one, that connector displays as the default selection.
+Otherwise, the default setting is `No connector selected`.
+
+. After you've completed all of the required fields, click *Create case*.
+
+[[add-case-visualization]]
+=== Add a visualization
+
+After you create a case, you can optionally add a visualization. For
+example, you can portray event and alert data through charts and graphs.
+
+[role="screenshot"]
+image::images/cases-visualization.png[Cases page]
+
+To add a visualization to a comment within your case:
+
+. Click the *Visualization* button. The *Add visualization* dialog appears.
+
+. Select an existing visualization from your Visualize Library or create a new
+visualization.
++
+IMPORTANT: Set an absolute time range for your visualization. This ensures your
+visualization doesn't change over time after you save it to your case and
+provides important context for viewers.
+
+. After you've finished creating your visualization, click *Save and return* to
+go back to your case.
+
+. Click *Preview* to see how the visualization will appear in the case comment.
+
+. Click *Add Comment* to add the visualization to your case.
+
+After a visualization has been added to a case, you can modify or interact with
+it by clicking the *Open Visualization* option in the comment menu.
+
+[[manage-case]]
+=== Manage cases
+
+In *Management > {stack-manage-app} > Cases*, you can search cases and filter
+them by tags, reporter.
+
+To view a case, click on its name. You can then:
+
+* Add a new comment.
+* Edit existing comments and the description.
+* Add a connector.
+* Send updates to external systems (if external connections are configured).
+* Edit tags.
+* Refresh the case to retrieve the latest updates.
+* Change the status.
+* Close or delete the case.
+* Reopen a closed case.

docs/management/cases/setup-cases.asciidoc

@@ -0,0 +1,28 @@
+[[setup-cases]]
+== Configure access to cases
+
+preview::[]
+
+To access cases in *{stack-manage-app}*, you must have the appropriate {kib}
+privileges:
+
+[options="header"]
+|=== 
+
+| Action | {kib} privileges
+| Give full access to manage cases 
+a|
+* `All` for the *Cases* feature under *Management*.
+* `All` for the *Actions and Connectors* feature under *Management*.
+
+NOTE: The `All` *Actions and Connectors* feature privilege is required to
+create, add, delete, and modify case connectors and to send updates to external
+systems.
+
+| Give view-only access for cases | `Read` for the *Cases* feature under *Management*.
+
+| Revoke all access to cases | `None` for the *Cases* feature under *Management*.
+
+|=== 
+
+For more details, refer to <<kibana-privileges>>.

docs/user/management.asciidoc

@@ -78,6 +78,9 @@ You can add and remove remote clusters, and check their connectivity.
 | Centrally <<create-and-manage-rules, manage your rules>> across {kib}. Create and <<connector-management, manage reusable
 connectors>> for triggering actions.
 
+| <<cases,Cases>>
+| Create and manage cases to investigate issues.
+
 | <<reporting-getting-started, Reporting>>
 | Monitor the generation of reports&mdash;PDF, PNG, and CSV&mdash;and download reports that you previously generated.
 A report can contain a dashboard, visualization, saved search, or Canvas workpad.
@@ -175,6 +178,8 @@ see the https://www.elastic.co/subscriptions[subscription page].
 
 include::{kib-repo-dir}/management/advanced-options.asciidoc[]
 
+include::{kib-repo-dir}/management/cases/index.asciidoc[]
+
 include::{kib-repo-dir}/management/action-types.asciidoc[]
 
 include::{kib-repo-dir}/management/managing-licenses.asciidoc[]