[Cases] Enable auto-extraction by default and add user actions for observable actions#236524
Merged
christineweng merged 6 commits intoelastic:mainfrom Oct 6, 2025
Merged
Conversation
christineweng
added
release_note:fix
backport:skip
christineweng
force-pushed
the
cases-observables-actions
branch
from
86a442a to
f8ea5b1
Compare
10 tasks
christineweng
force-pushed
the
cases-observables-actions
branch
from
f8ea5b1 to
798bea9
Compare
michaelolo24
force-pushed
the
cases-observables-actions
branch
from
798bea9 to
54bdd1f
Compare
Contributor
|
Pinging @elastic/kibana-cases (Team:Cases) |
michaelolo24
force-pushed
the
cases-observables-actions
branch
from
54bdd1f to
700546b
Compare
PhilippeOberti
approved these changes
Oct 2, 2025
Contributor
PhilippeOberti
left a comment
PhilippeOberti
left a comment
There was a problem hiding this comment.
Code review only for @elastic/security-threat-hunting-investigations, LGTM, only one file impacted
lgestc
approved these changes
Oct 3, 2025
Contributor
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Module Count
Async chunks
Page load bundle
History
|
Contributor
Author
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
christineweng
added a commit
to christineweng/kibana
that referenced
this pull request
Oct 14, 2025
…servable actions (elastic#236524) ## Summary Ref: elastic#234007 This PR enables auto-extraction in alerts and adds activity entry for observable actions (manually add/update/delete 1 observable, bulk add from auto-extraction). Before Observable actions are not reflected in the activity tab After <img width="513" height="263" alt="image" src="https://github.com/user-attachments/assets/28bf5e20-ed80-40b0-9100-24e5132902a9" /> ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. --------- Co-authored-by: Michael Olorunnisola <michael.olorunnisola@elastic.co> (cherry picked from commit 435b225)
christineweng
added a commit
that referenced
this pull request
Oct 14, 2025
…for observable actions (#236524) (#238884) # Backport This will backport the following commits from `main` to `9.2`: - [[Cases] Enable auto-extraction by default and add user actions for observable actions (#236524)](#236524) <!--- Backport version: 10.0.2 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"christineweng","email":"18648970+christineweng@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-10-06T18:50:20Z","message":"[Cases] Enable auto-extraction by default and add user actions for observable actions (#236524)\n\n## Summary\n\nRef: https://github.com/elastic/kibana/issues/234007\n\nThis PR enables auto-extraction in alerts and adds activity entry for\nobservable actions (manually add/update/delete 1 observable, bulk add\nfrom auto-extraction).\n\nBefore\nObservable actions are not reflected in the activity tab\n\nAfter\n\n<img width=\"513\" height=\"263\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/28bf5e20-ed80-40b0-9100-24e5132902a9\"\n/>\n\n\n\n### Checklist\n\n- [x] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [ ]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for features that require explanation or tutorials\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [ ] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n- [ ] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [x] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n\n---------\n\nCo-authored-by: Michael Olorunnisola <michael.olorunnisola@elastic.co>","sha":"435b22513d15851e695ca3f1dedfff21609c4d9e","branchLabelMapping":{"^v9.3.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","backport:skip","Team:Cases","v9.2.0","v9.3.0"],"title":"[Cases] Enable auto-extraction by default and add user actions for observable actions","number":236524,"url":"https://github.com/elastic/kibana/pull/236524","mergeCommit":{"message":"[Cases] Enable auto-extraction by default and add user actions for observable actions (#236524)\n\n## Summary\n\nRef: https://github.com/elastic/kibana/issues/234007\n\nThis PR enables auto-extraction in alerts and adds activity entry for\nobservable actions (manually add/update/delete 1 observable, bulk add\nfrom auto-extraction).\n\nBefore\nObservable actions are not reflected in the activity tab\n\nAfter\n\n<img width=\"513\" height=\"263\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/28bf5e20-ed80-40b0-9100-24e5132902a9\"\n/>\n\n\n\n### Checklist\n\n- [x] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [ ]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for features that require explanation or tutorials\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [ ] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n- [ ] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [x] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n\n---------\n\nCo-authored-by: Michael Olorunnisola <michael.olorunnisola@elastic.co>","sha":"435b22513d15851e695ca3f1dedfff21609c4d9e"}},"sourceBranch":"main","suggestedTargetBranches":["9.2"],"targetPullRequestStates":[{"branch":"9.2","label":"v9.2.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.3.0","branchLabelMappingKey":"^v9.3.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/236524","number":236524,"mergeCommit":{"message":"[Cases] Enable auto-extraction by default and add user actions for observable actions (#236524)\n\n## Summary\n\nRef: https://github.com/elastic/kibana/issues/234007\n\nThis PR enables auto-extraction in alerts and adds activity entry for\nobservable actions (manually add/update/delete 1 observable, bulk add\nfrom auto-extraction).\n\nBefore\nObservable actions are not reflected in the activity tab\n\nAfter\n\n<img width=\"513\" height=\"263\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/28bf5e20-ed80-40b0-9100-24e5132902a9\"\n/>\n\n\n\n### Checklist\n\n- [x] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [ ]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for features that require explanation or tutorials\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [ ] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n- [ ] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [x] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n\n---------\n\nCo-authored-by: Michael Olorunnisola <michael.olorunnisola@elastic.co>","sha":"435b22513d15851e695ca3f1dedfff21609c4d9e"}}]}] BACKPORT--> Co-authored-by: Michael Olorunnisola <michael.olorunnisola@elastic.co>
rylnd
pushed a commit
to rylnd/kibana
that referenced
this pull request
Oct 17, 2025
…servable actions (elastic#236524) ## Summary Ref: elastic#234007 This PR enables auto-extraction in alerts and adds activity entry for observable actions (manually add/update/delete 1 observable, bulk add from auto-extraction). Before Observable actions are not reflected in the activity tab After <img width="513" height="263" alt="image" src="https://github.com/user-attachments/assets/28bf5e20-ed80-40b0-9100-24e5132902a9" /> ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. --------- Co-authored-by: Michael Olorunnisola <michael.olorunnisola@elastic.co>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Ref: #234007
This PR enables auto-extraction in alerts and adds activity entry for observable actions (manually add/update/delete 1 observable, bulk add from auto-extraction).
Before
Observable actions are not reflected in the activity tab
After
Checklist
release_note:breakinglabel should be applied in these situations.release_note:*label is applied per the guidelinesbackport:*labels.