Afternoon,
We are using the alerting functionality inside the Elastic Security toolset, and we have turned on about 100-odd rules. We have created email and webhook integrations and have started to tune the data being sent from these integrations to the rules...BUT
Do we REALLY have to configure a separate integration screen for every single one of the rules that we have turned on? Is there some way to streamline this process?
Thanks
Hello there @rossw
Before we get too far, what version of Elastic and Kibana are you running?
Morning
We are running 8.6.3
Ok, I've reached out to some of my colleagues working in that area of Kibana. I'll let you know what I learn as soon as possible Ross.
Hey @rossw, I believe that by "email and webhook integrations" you mean Email and Webhook connectors that can be used in Elastic Security to set up alert notification actions for rules? Please correct me if I misunderstood what you're trying to achieve.
Starting from 8.5.0 you can add and overwrite notification actions in bulk, i.e. apply it to multiple rules simultaneously. You can find more info in this PR and this doc. Also, here's some screenshots:
Many thanks for this information – I had not noticed the change in the drop down menus.
Ross
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
