Detection rule: Email CSV file as action


When configuring Detection Rules, is there a way to send a CSV file as part of the Email action (when the rule triggers)? I am aware Mustache and Markdown syntax is supported for the email body, but I was wondering if Kibana allows to automatically create a CSV file containing all the generated alerts for the triggered rule, and then send that CSV file in an email as an action.

For example: this text would print in the email body specific fields for all the generated alerts as a table; I am looking to "translate" that table to a CSV file.

| Date and Time | User | Process |
| :--- | :---: | :---: |
| {{@timestamp}} | {{winlog.event_data.SubjectUserName}} | {{}} |

Any input will be appreciated. Thank you!


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.