Bulk alerting configuration

We are using the alerting functionality inside the Elastic Security toolset, and we have turned on about 100-odd rules. We have created email and webhook integrations and have started to tune the data being sent from these integrations to the rules...BUT
Do we REALLY have to configure a separate integration screen for every single one of the rules that we have turned on? Is there some way to streamline this process?


1 Like

Hello there @rossw
Before we get too far, what version of Elastic and Kibana are you running?


We are running 8.6.3

Ok, I've reached out to some of my colleagues working in that area of Kibana. I'll let you know what I learn as soon as possible Ross.

Hey @rossw, I believe that by "email and webhook integrations" you mean Email and Webhook connectors that can be used in Elastic Security to set up alert notification actions for rules? Please correct me if I misunderstood what you're trying to achieve.

Starting from 8.5.0 you can add and overwrite notification actions in bulk, i.e. apply it to multiple rules simultaneously. You can find more info in this PR and this doc. Also, here's some screenshots:

1 Like

Many thanks for this information – I had not noticed the change in the drop down menus.


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.