Afternoon,
We are using the alerting functionality inside the Elastic Security toolset, and we have turned on about 100-odd rules. We have created email and webhook integrations and have started to tune the data being sent from these integrations to the rules...BUT
Do we REALLY have to configure a separate integration screen for every single one of the rules that we have turned on? Is there some way to streamline this process?
Hey @rossw, I believe that by "email and webhook integrations" you mean Email and Webhook connectors that can be used in Elastic Security to set up alert notification actions for rules? Please correct me if I misunderstood what you're trying to achieve.
Starting from 8.5.0 you can add and overwrite notification actions in bulk, i.e. apply it to multiple rules simultaneously. You can find more info in this PR and this doc. Also, here's some screenshots:
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.