Hi,
I am now on 7.9.2, is there the ability to create an alert for all detections or does it involve going through each indivudually? Also i remember there was talk of been able to suppress detections so that noisy detections do not spam alerts, is this part of Actions Frequency?
At the moment i am using elastalert to do the above but looking to move to the elastic cloud and would like to mimic the control we currently have.
Thanks
Phil
is there the ability to create an alert for all detections or does it involve going through each indivudually?
Not at the moment, no.
Also i remember there was talk of been able to suppress detections so that noisy detections do not spam alerts, is this part of Actions Frequency?
We have frequency you can set:
And if you have false positives you can add exceptions to a rule here:
So does hourly mean that a detection that is triggered multiple times for a host.name will be alerted once then every hour if it persists, if another device for the same detection triggers within that hour will it then alert and start an hourly period for that device, or is it per detection and if multiple devices/hosts trigger you will receive the one alert for the first and once every hour if it persists.
Regarding the 1 alert for multiple rules, is that on the roadmap?
I have used the exclusions, very handy. Much easier than having to butcher the query.
Thanks
Phil
Regarding the 1 alert for multiple rules, is that on the roadmap?
Hard to say as we have a lot of overlap of features and things change quickly. For example a lot of people request a way to "bulk edit rules" which could be used to solve your use case.
If you want you're always free to request a feature:
And then follow the ticket to see what happens.
Here are the docs for the actions and when they fire:
It should fire when there are signals for that particular rule during the hour, daily, weekly, etc... for that rule. So if you select daily, it should only fire once daily if there are 1 or more signals for that particular rule during that day.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
