Assign current user to acknowledged alert / Elastic Security


Is it possible to set the current user that has acknowledged an alert to a new field using the painless / runtime scripts to set a value? I've read over some documentation for it but can't figure out how to pull the user doing the actions when something is acknowledged.

Trying to fully move over to this and this will be a requirement for us.


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.