[Cases] Add auto-push case option to case connector

[janmonschke]

Summary

Addresses https://github.com/elastic/security-team/issues/15315

Adds the option to auto-push a case when a case template with connector is defined.

Testing

• Add a case template with connector
• Create a new rule with a case connector (group by agent.id, time window 5min)
• Generate events
• Check that cases are automatically push
• Check that the telemetry counter is incremented correctly:

GET .kibana_usage_counters/_search
{
    "query": {
        "prefix": {
          "usage-counter.counterName": {
            "value": "CasesPush"
          }
        }
    },
    "fields": [
      "usage-counter.counterName",
      "usage-counter.count"
    ],
    "_source": false
}

[elasticmachine]

Pinging @elastic/kibana-cases (Team:Cases)

[NicholasPeretti]

This looks great! Thank you for fixing this ☺️

Sorry, approved by mistake

[MykhailoKondrat]

In other places in this file we are using if (this.logger.isLevelEnabled('debug')) check, maybe we want to add it here too ( or change log level )

[janmonschke]

It is not needed in this context. It's handy when the logging operation is more expensive (e.g. if we need to calculate or query sth). But good catch :)

[elasticmachine]

💛 Build succeeded, but was flaky

• Buildkite Build
• Commit: 6416279

Failed CI Steps

• FTR Configs #6
• FTR Configs #7
• FTR Configs #27
• FTR Configs #36
• FTR Configs #69
• FTR Configs #81
• FTR Configs #88
• FTR Configs #116

Test Failures

• [job] [logs] FTR Configs #69 / "before all" hook in "{root}"
• [job] [logs] FTR Configs #88 / Cloud Security Posture Test adding Cloud Security Posture Integrations CNVM CNVM AWS On Add Agent modal there should be modal that has Cloud Formation details as well as button that redirects user to Cloud formation page on AWS upon clicking them

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
cases	1.4MB	1.4MB	+445.0B

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id	before	after	diff
cases	145.0KB	145.1KB	+153.0B

Unknown metric groups

ESLint disabled line counts

id	before	after	diff
cases	72	73	+1

Total ESLint disabled count

id	before	after	diff
cases	84	85	+1

History

• 💔 Build #386074 failed 4a75282
• 💔 Build #385429 failed da44309
• 💚 Build #385253 succeeded 30b9b44
• 💔 Build #384926 failed 992f693
• 💛 Build #382552 was flaky 35722b7
• 💔 Build #382444 failed d34877b

[divyaaghi-qasource]

Hi @janmonschke and @vgomez-el

We are currently working on feature testing around this feature on 9.4 snapshot build.

As per the ticket reported regarding Cases Connectors, our testing scope regarding this feature ticket has been decreased.

Please let us know if anything else is required from our end!

Thanks!

[janmonschke]

@divyaaghi-qasource The linked ticket and this PR are two distinct features. This PR adds new functionality.

[divyaaghi-qasource]

Hi @janmonschke

Thanks for the clarification.

Yes, we agree these are separate from the linked ticket, and we’re continuing to test this PR’s new functionality on the 9.4 snapshot build.

One note on scope: our end-to-end verification that cases are successfully pushed to the external system is currently reduced because the login credentials to the connected external system are not working on our side. We can still validate the Kibana-side behavior (configuration/option, UI flow, and that the push action is triggered), but we can’t fully confirm the external third party connector's status right now.

Please let us know if we missed anything.

Thanks!