Hi All,
I currently have a use-case where I have a few rules that looks at similar data, but are intended to detect different things.
These rules have a very similar set of exceptions assigned to them. I'd like to be able to have an exception that is set/shared between all of these rules, while also allowing for the rules to have their own independent exceptions. Is this something that is possible? I don't see a way to do this via the Kibana UI.
It's not directly supported in the UI at the moment to be able to choose and different exceptions beyond two which is the "Endpoint list" and the "Detection List" for when you want detections on an endpoint vs server side.
You can write up a feature request for it though and if enough people ask for the feature it will end up getting written:
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.