Detection rule: Email CSV file as action

cdelgado · November 13, 2023, 10:12pm

Hello,

When configuring Detection Rules, is there a way to send a CSV file as part of the Email action (when the rule triggers)? I am aware Mustache and Markdown syntax is supported for the email body, but I was wondering if Kibana allows to automatically create a CSV file containing all the generated alerts for the triggered rule, and then send that CSV file in an email as an action.

For example: this text would print in the email body specific fields for all the generated alerts as a table; I am looking to "translate" that table to a CSV file.

| Date and Time | User | Process |
| :--- | :---: | :---: |
{{#context.alerts}}
| {{@timestamp}} | {{winlog.event_data.SubjectUserName}} | {{process.name}} |
{{/context.alerts}}

Any input will be appreciated. Thank you!

Camilo

system · December 11, 2023, 10:13pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Detection rules: include Kibana visualization in email SIEM	1	287	December 12, 2023
Scheduled Email notifications (Alerts) with aggregated results in the form of excel sheets Kibana	4	285	August 17, 2022
Unable to send CSV data through email notification Elasticsearch elastic-stack-alerting	4	1038	February 4, 2019
Email action message Kibana	1	174	October 24, 2023
Help with rule variables(email alert) Kibana elastic-stack-alerting	5	2390	October 6, 2021

Detection rule: Email CSV file as action

Related topics