Hi,
I am running 7.12 and would like to send an alerts to slack whenever a positive match occurs on one of the prebuilt detection rules.
i.e Prebuilt rule reference | Elastic Security Solution [7.12] | Elastic
I can see that you can send an alert when rule is run or at regular intervals but not when triggered.
Is it possible to send the alert when this occurs and to bulk update all rules to do the same?
Thanks
You can send alert to JIRA, Slack, Teams and etc, when rule is trigger
This is my creation for updating rules in bulk.
austinsonger/Elastic-Security (github.com)
Clever. Thanks that worked. Had to make a minor change to on curl from --raw-data to -d.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.