[SIEM][CASE][skip-ci] Connectors flyout

x-pack/legacy/plugins/siem/index.ts

@@ -40,7 +40,7 @@ export const siem = (kibana: any) => {
     id: APP_ID,
     configPrefix: 'xpack.siem',
     publicDir: resolve(__dirname, 'public'),
-    require: ['kibana', 'elasticsearch', 'alerting', 'actions'],
+    require: ['kibana', 'elasticsearch', 'alerting', 'actions', 'triggers_actions_ui'],
     uiExports: {
       app: {
         description: i18n.translate('xpack.siem.securityDescription', {

x-pack/legacy/plugins/siem/public/lib/connectors/config.ts

@@ -0,0 +1,17 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { Connector } from './types';
+import serviceNowLogo from './logos/servicenow.svg';
+
+const connectors = new Map<string, Connector>();
+
+connectors.set('.servicenow', {
+  actionTypeId: '.servicenow',
+  logo: serviceNowLogo,
+});
+
+export { connectors };

x-pack/legacy/plugins/siem/public/lib/connectors/index.ts

@@ -0,0 +1,7 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+export { getActionType as serviceNowActionType } from './servicenow';

x-pack/legacy/plugins/siem/public/lib/connectors/servicenow.tsx

@@ -0,0 +1,238 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+import React from 'react';
+import {
+  EuiFieldText,
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiFormRow,
+  EuiFieldPassword,
+  EuiRadioGroup,
+} from '@elastic/eui';
+import {
+  ActionConnectorFieldsProps,
+  ActionTypeModel,
+  ValidationResult,
+  ActionParamsProps,
+  // eslint-disable-next-line @kbn/eslint/no-restricted-paths
+} from '../../../../../../plugins/triggers_actions_ui/public/types';
+
+import * as i18n from './translations';
+
+import { ServiceNowActionConnector } from './types';
+import { isUrlInvalid } from './validators';
+
+import { connectors } from './config';
+
+const serviceNowDefinition = connectors.get('.servicenow')!;
+
+interface ServiceNowActionParams {
+  message: string;
+}
+
+export function getActionType(): ActionTypeModel {
+  return {
+    id: serviceNowDefinition.actionTypeId,
+    iconClass: serviceNowDefinition.logo,
+    selectMessage: i18n.SERVICENOW_DESC,
+    actionTypeTitle: i18n.SERVICENOW_TITLE,
+    validateConnector: (action: ServiceNowActionConnector): ValidationResult => {
+      const validationResult = { errors: {} };
+      const errors = {
+        apiUrl: [] as string[],
+        username: [] as string[],
+        password: [] as string[],
+      };
+
+      if (!action.config.apiUrl) {
+        errors.apiUrl.push(i18n.SERVICENOW_API_URL_REQUIRED);
+      }
+
+      if (isUrlInvalid(action.config.apiUrl)) {
+        errors.apiUrl.push(i18n.SERVICENOW_API_URL_INVALID);
+      }
+
+      if (!action.secrets.username) {
+        errors.username.push(i18n.SERVICENOW_USERNAME_REQUIRED);
+      }
+
+      if (!action.secrets.password) {
+        errors.password.push(i18n.SERVICENOW_PASSWORD_REQUIRED);
+      }
+
+      validationResult.errors = errors;
+      return validationResult;
+    },
+    validateParams: (actionParams: ServiceNowActionParams): ValidationResult => {
+      const validationResult = { errors: {} };
+      const errors = {
+        message: [] as string[],
+      };
+      validationResult.errors = errors;
+      return validationResult;
+    },
+    actionConnectorFields: ServiceNowConnectorFields,
+    actionParamsFields: ServiceNowParamsFields,
+  };
+}
+
+const ServiceNowConnectorFields: React.FunctionComponent<ActionConnectorFieldsProps<
+  ServiceNowActionConnector
+>> = ({ action, editActionConfig, editActionSecrets, errors }) => {
+  const { apiUrl, casesConfiguration } = action.config;
+  const { username, password } = action.secrets;
+
+  const closure = casesConfiguration?.closure ?? 'manual';
+
+  const isApiUrlInvalid: boolean = errors.apiUrl.length > 0 && apiUrl !== undefined;
+  const isUsernameInvalid: boolean = errors.username.length > 0 && username !== undefined;
+  const isPasswordInvalid: boolean = errors.password.length > 0 && password !== undefined;
+
+  if (!casesConfiguration) {
+    editActionConfig('casesConfiguration', {
+      closure: 'manual',
+      mapping: [
+        {
+          source: 'title',
+          target: 'description',
+          onEditAndUpdate: 'nothing',
+        },
+        {
+          source: 'description',
+          target: 'short_description',
+          onEditAndUpdate: 'nothing',
+        },
+        {
+          source: 'comments',
+          target: 'work_notes',
+          onEditAndUpdate: 'nothing',
+        },
+      ],
+    });
+  }
+
+  const radios = [
+    {
+      id: 'manual',
+      label: 'Manually close SIEM cases',
+    },
+    {
+      id: 'newIncident',
+      label: 'Automatically close SIEM cases when pushing new incident to third-party',
+    },
+    {
+      id: 'closedIncident',
+      label: 'Automatically close SIEM cases when incident is closed in third-party',
+    },
+  ];
+
+  return (
+    <>
+      <EuiFlexGroup>
+        <EuiFlexItem>
+          <EuiFormRow
+            id="apiUrl"
+            fullWidth
+            error={errors.apiUrl}
+            isInvalid={isApiUrlInvalid}
+            label={i18n.SERVICENOW_API_URL_LABEL}
+          >
+            <EuiFieldText
+              fullWidth
+              isInvalid={isApiUrlInvalid}
+              name="apiUrl"
+              value={apiUrl}
+              data-test-subj="apiUrlFromInput"
+              placeholder="https://<instance>.service-now.com"
+              onChange={e => {
+                editActionConfig('apiUrl', e.target.value);
+              }}
+              onBlur={() => {
+                if (!apiUrl) {
+                  editActionConfig('apiUrl', '');
+                }
+              }}
+            />
+          </EuiFormRow>
+        </EuiFlexItem>
+      </EuiFlexGroup>
+      <EuiFlexGroup>
+        <EuiFlexItem>
+          <EuiFormRow
+            id="username"
+            fullWidth
+            error={errors.username}
+            isInvalid={isUsernameInvalid}
+            label={i18n.SERVICENOW_USERNAME_LABEL}
+          >
+            <EuiFieldText
+              fullWidth
+              isInvalid={isUsernameInvalid}
+              name="username"
+              value={username}
+              data-test-subj="usernameFromInput"
+              onChange={e => {
+                editActionSecrets('username', e.target.value);
+              }}
+              onBlur={() => {
+                if (!username) {
+                  editActionSecrets('username', '');
+                }
+              }}
+            />
+          </EuiFormRow>
+        </EuiFlexItem>
+      </EuiFlexGroup>
+      <EuiFlexGroup>
+        <EuiFlexItem>
+          <EuiFormRow
+            id="password"
+            fullWidth
+            error={errors.password}
+            isInvalid={isPasswordInvalid}
+            label={i18n.SERVICENOW_PASSWORD_LABEL}
+          >
+            <EuiFieldPassword
+              fullWidth
+              isInvalid={isPasswordInvalid}
+              name="password"
+              value={password}
+              data-test-subj="passwordFromInput"
+              onChange={e => {
+                editActionSecrets('password', e.target.value);
+              }}
+              onBlur={() => {
+                if (!password) {
+                  editActionSecrets('password', '');
+                }
+              }}
+            />
+          </EuiFormRow>
+        </EuiFlexItem>
+      </EuiFlexGroup>
+      <EuiFlexGroup>
+        <EuiFlexItem>
+          <EuiFormRow id="closure" fullWidth label={'Case closure options'}>
+            <EuiRadioGroup
+              options={radios}
+              idSelected={closure}
+              onChange={(val: string) => {
+                editActionConfig('casesConfiguration', { ...casesConfiguration, closure: val });
+              }}
+              name="closure"
+            />
+          </EuiFormRow>
+        </EuiFlexItem>
+      </EuiFlexGroup>
+    </>
+  );
+};
+
+const ServiceNowParamsFields: React.FunctionComponent<ActionParamsProps<
+  ServiceNowActionParams
+>> = ({ actionParams, editAction, index, errors }) => {
+  return null;
+};

x-pack/legacy/plugins/siem/public/lib/connectors/translations.ts

@@ -0,0 +1,70 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { i18n } from '@kbn/i18n';
+
+export const SERVICENOW_DESC = i18n.translate(
+  'xpack.siem.case.connectors.servicenow.selectMessageText',
+  {
+    defaultMessage: 'Push or update SIEM case data to a new incident in ServiceNow',
+  }
+);
+
+export const SERVICENOW_TITLE = i18n.translate(
+  'xpack.siem.case.connectors.servicenow.actionTypeTitle',
+  {
+    defaultMessage: 'ServiceNow',
+  }
+);
+
+export const SERVICENOW_API_URL_LABEL = i18n.translate(
+  'xpack.siem.case.connectors.servicenow.apiUrlTextFieldLabel',
+  {
+    defaultMessage: 'URL',
+  }
+);
+
+export const SERVICENOW_API_URL_REQUIRED = i18n.translate(
+  'xpack.siem.case.connectors.servicenow.requiredApiUrlTextField',
+  {
+    defaultMessage: 'URL is required',
+  }
+);
+
+export const SERVICENOW_API_URL_INVALID = i18n.translate(
+  'xpack.siem.case.connectors.servicenow.invalidApiUrlTextField',
+  {
+    defaultMessage: 'URL is invalid',
+  }
+);
+
+export const SERVICENOW_USERNAME_LABEL = i18n.translate(
+  'xpack.siem.case.connectors.servicenow.usernameTextFieldLabel',
+  {
+    defaultMessage: 'Username',
+  }
+);
+
+export const SERVICENOW_USERNAME_REQUIRED = i18n.translate(
+  'xpack.siem.case.connectors.servicenow.requiredUsernameTextField',
+  {
+    defaultMessage: 'Username is required',
+  }
+);
+
+export const SERVICENOW_PASSWORD_LABEL = i18n.translate(
+  'xpack.siem.case.connectors.servicenow.passwordTextFieldLabel',
+  {
+    defaultMessage: 'Password',
+  }
+);
+
+export const SERVICENOW_PASSWORD_REQUIRED = i18n.translate(
+  'xpack.siem.case.connectors.servicenow.requiredPasswordTextField',
+  {
+    defaultMessage: 'Password is required',
+  }
+);

x-pack/legacy/plugins/siem/public/lib/connectors/types.ts

@@ -0,0 +1,27 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+interface ServiceNowConfig {
+  apiUrl: string;
+  casesConfiguration: {
+    closure: string;
+  };
+}
+
+interface ServiceNowSecrets {
+  username: string;
+  password: string;
+}
+
+export interface ServiceNowActionConnector {
+  config: ServiceNowConfig;
+  secrets: ServiceNowSecrets;
+}
+
+export interface Connector {
+  actionTypeId: string;
+  logo: string;
+}

x-pack/legacy/plugins/siem/public/lib/connectors/validators.ts

@@ -0,0 +1,7 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+export { isUrlInvalid } from '../../utils/validators';