Add custom field for action to teams webhook

fontexD · May 31, 2023, 9:49am

im trying to add a custom field from the table of the event but it dosent pass the value into the teams webhook

vitaliidm · June 2, 2023, 6:46pm

Hi @fontexD
Which version of ES/Kibana are you using?

Before 8.8, action has in its context array of alerts. So, to get property from alert, you would need to do something like this:

Get property from the first only alert

{{#context.alerts.0}}{{custom.property}}{{/context.alerts.0}}

Get all properties from array

{{#context.alerts}}{{custom.property}}{{/context.alerts}}

Thanks, Vitalii

fontexD · June 6, 2023, 12:42pm

how would i get this one ? im using 8.8 :=)

i tried all of this

{
"alert_id": "{{alert.id}}",
"alert_action_group": "{{alert.actionGroup}}",
"alert_action_subgroup": "{{alert.actionSubgroup}}",
"alert_action_group_name": "{{alert.actionGroupName}}",
"kibana_base_url": "{{kibanaBaseUrl}}",
"rule_id": "{{rule.id}}",
"rule_name": "{{rule.name}}",
"rule_description": "{{rule.description}}",
"user": "{{user.target.name}}",
"user": "{{winlog.event_data.TargetUserName}}"

fontexD · June 6, 2023, 12:58pm

IT WORKED! thank you!

system · July 4, 2023, 12:58pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Add a json in webhook body for teams Elasticsearch elastic-stack-alerting	4	1083	July 2, 2018
Problem adding document field to alert's webhook body Kibana elastic-stack-alerting	4	709	December 12, 2022
Adding a custom field in alerts Kibana detection-rules	1	52	September 11, 2024
Including Field Value in Webhook Message Elasticsearch	1	992	October 17, 2019
How we can attach a document with the alert to teams action? Kibana elastic-stack-alerting	4	770	January 5, 2022

Add custom field for action to teams webhook

Related topics