Is there a way to set a default action in Elastic Siem? Manually setting up an action on 300+ rules is pretty raw!
Hey there @hilt86! 
While there isn't currently a way to set a default action on a selection of rules, we are looking into ways to make this a bit less cumbersome, whether that be bulk editing of Rules, or a default action that is applied to all Rules as you mention. I've created this kibana issue for tracking -- if you could stop by and 
it and add a bit about your use case that will help us prioritize these enhancements. 
We're looking to enhance the overall Rule Management experience, but in the meantime, using the API is probably the best way to automate things here a bit.
Cheers!
Garrett
Any news on that? We're starting 2023 soon and still have to edit hundreds of rules at a time to give them a default action, otherwise there's alerts that we don't get notified for!!!
Hey @lamp123432, starting from 8.5 there is a possibility to bulk edit actions in rules:
This feature would allow to set an action to all rules, with no need to edit rule one by one.
Thanks, Vitalii
1 Like