Alert actions - how to kill process?

Several of these alert rules are severe enough that I would want to kill the process that generated the alert. Suspicious .NET Reflection via PowerShell would be an example. It would be nice to be able to kill the process or process trees right then. Is this possible? Right now it seems like all it can do is send a email or alert through another service.

Hi @yak990 - thanks for using Elastic Security! What you are looking for unfortunately is not currently available in elastic security - however, your request is well-aligned with capabilities that we are actively working to bring to the security solution. While I can't provide timing specifics - please keep an eye out!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.