Case Management

Manage SOC cases through the Kibana Cases API. All cases are scoped to securitySolution — this skill operates exclusively within Elastic Security. Cases appear in Kibana Security and can be assigned to analysts, linked to alerts, and pushed to external incident management systems via connectors.

Prerequisites

Install dependencies before first use from the skills/security directory:

cd skills/security && npm install

Set the required environment variables (or add them to a .env file in the workspace root):