XSOAR Connector (#212049)

## Summary

XSOAR action connector, enabling users to send alerts generated by the
rule detection engine to Palo Alto XSOAR for automation and remediation.

### **create connector**

![xsoar-connector](https://github.com/user-attachments/assets/14d9791b-0242-42b5-b9e4-975d7f6826cc)

### **test connector**
1. **test page**

![xsoar-params-test](https://github.com/user-attachments/assets/2bdd3b79-7f5f-4d52-836b-f458c390e55c)

2. **select playbook**

![xsoar-select-playbook](https://github.com/user-attachments/assets/23787b24-31b0-4f56-b451-0e8b42c79797)

### Checklist

Check the PR satisfies following conditions. 

Reviewers should verify this PR satisfies this list as well.

- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
- [x] This was checked for breaking HTTP API changes, and any breaking
changes have been approved by the breaking-change committee. The
`release_note:breaking` label should be applied in these situations.
- [x] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)

### For maintainers

- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Sergi Massaneda <sergi.massaneda@elastic.co>
Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>

docs/docset.yml

@@ -54,6 +54,7 @@ subs:
   bedrock:   "Amazon Bedrock"
   gemini:   "Google Gemini"
   hive:   "TheHive"
+  xsoar:   "XSOAR"
   report-features:   "reporting features"
   ml:   "machine learning"
   ccs:   "cross-cluster search"

docs/reference/connectors-kibana.md

@@ -41,6 +41,7 @@ Actions are instantiations of a connector that are linked to rules and run as ba
 * [{{webhook}}](/reference/connectors-kibana/webhook-action-type.md): Send a request to a web service.
 * [{{webhook-cm}}](/reference/connectors-kibana/cases-webhook-action-type.md): Send a request to a Case Management web service.
 * [xMatters](/reference/connectors-kibana/xmatters-action-type.md): Send actionable alerts to on-call xMatters resources.
+* [{{xsoar}}](/reference/connectors-kibana/xsoar-action-type.md): Create an incident in Cortex {{xsoar}}.
 
 ::::{note}
 Some connector types are paid commercial features, while others are free. For a comparison of the Elastic subscription levels, go to [the subscription page](https://www.elastic.co/subscriptions).

docs/reference/connectors-kibana/xsoar-action-type.md

@@ -0,0 +1,80 @@
+---
+navigation_title: "{{xsoar}}"
+mapped_pages:
+  - https://www.elastic.co/guide/en/kibana/current/xsoar-action-type.html
+---
+
+# {{xsoar}} connector and action [xsoar-action-type]
+
+
+{{xsoar}} connector uses the [{{xsoar}} REST API](https://cortex-panw.stoplight.io/docs/cortex-xsoar-8/m0qlgh9inh4vk-create-or-update-an-incident) to create Cortex {{xsoar}} incidents.
+
+
+## Create connectors in {{kib}} [define-xsoar-ui]
+
+You can create connectors in **{{stack-manage-app}} > {{connectors-ui}}** or as needed when you’re creating a rule. For example:
+
+% TO DO: Use `:class: screenshot`
+![XSOAR connector](../images/xsoar-connector.png)
+
+
+### Connector configuration [xsoar-connector-configuration]
+
+{{xsoar}} connectors have the following configuration properties:
+
+Name
+:   The name of the connector.
+
+URL
+:   The {{xsoar}} instance URL.
+
+API key
+:   The {{xsoar}} API key for authentication.
+
+    ::::{note}
+    If you do not have an API key, refer to [Create a new API key](https://cortex-panw.stoplight.io/docs/cortex-xsoar-8/t09y7hrb5d14m-create-a-new-api-key) to make one for your {{xsoar}} instance.
+    ::::
+
+API key id
+:   The {{xsoar}} API key ID for authentication. (Mandatory for cloud instance users.)
+
+
+## Test connectors [xsoar-action-configuration]
+
+You can test connectors as you’re creating or editing the connector in {{kib}}. For example:
+
+% TO DO: Use `:class: screenshot`
+![XSOAR params test](../images/xsoar-params-test.png)
+
+{{xsoar}} actions have the following configuration properties.
+
+Name
+:   The incident name.
+
+Playbook
+:   The playbook to associate with the incident.
+
+Start investigation
+:   If turned on, will automatically start the investigation process after the incident is created.
+
+Severity
+:   The severity of the incident. Can be `Unknown`, `Informational`, `Low`, `Medium`, `High` or `Critical`.
+
+    ::::{note}
+    Turn on `Keep severity from rule` to create an incident that inherits the rule's severity.
+    ::::
+
+Body
+:   A JSON payload that includes additional parameters to be included in the API request.
+
+    ```json
+    {
+      "details": "This is an example incident",
+      "type": "Unclassified"
+    }
+    ```
+
+
+## Connector networking configuration [xsoar-connector-networking-configuration]
+
+Use the [Action configuration settings](/reference/configuration-reference/alerting-settings.md#action-settings) to customize connector networking configurations, such as proxies, certificates, or TLS settings. You can set configurations that apply to all your connectors or use `xpack.actions.customHostSettings` to set per-host configurations.

docs/reference/toc.yml

@@ -58,6 +58,7 @@ toc:
       - file: connectors-kibana/webhook-action-type.md
       - file: connectors-kibana/cases-webhook-action-type.md
       - file: connectors-kibana/xmatters-action-type.md
+      - file: connectors-kibana/xsoar-action-type.md
       - file: connectors-kibana/pre-configured-connectors.md
   - file: kibana-plugins.md
   - file: commands.md
@@ -65,4 +66,4 @@ toc:
       - file: commands/kibana-encryption-keys.md
       - file: commands/kibana-verification-code.md
   - file: osquery-exported-fields.md
-  - file: osquery-manager-prebuilt-packs.md
+  - file: osquery-manager-prebuilt-packs.md