Summary
If you're running Elastic Security and need to manage SOC cases programmatically, this handles the full lifecycle through Kibana's Cases API. Create cases after alert triage, search by hostname or agent ID, attach alerts in batches, add investigation notes, update severity and status. It's hardcoded to securitySolution owner, so don't try using it for Observability cases. The execution rules are refreshingly blunt: start immediately, report API output verbatim, don't invent details or round numbers. Includes multi-step workflow examples like "find cases for a host" and batch alert attachment with automatic rate limiting. Requires Node.js 22+ and either API key or username/password auth to your Kibana instance.
Install to Claude Code
npx -y skills add elastic/agent-skills --skill security-case-management --agent claude-codeInstalls into .claude/skills of the current project.
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
An agent that runs the SEO playbooks that move rankings and ships PRs you control.
Get founding access →
Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.
Try For Free →Files
SKILL.md
Select a file.
Featured
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →An agent that runs the SEO playbooks that move rankings and ships PRs you control.
Get founding access →Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.
Try For Free →
