Hello,
After working intensively with Elastic Detections and alerting etc, I wanted to suggest that imho it would be an improvement if the reference url's were key / value instead of only the url's. Sometimes the url's are not or less human readable and it would be nice and clear to have a key which explains what the reference url is for.
Also, imho it would be nice if all Elastic Detection rules would have a link to the Elastic Documentation by default.
WDYT?
Willem
What are you meaning by this exactly?
Sry meant the Elastic documentation of the rule
@austinsonger So not a good idea? Currently when trying to add the reference links in an email action etc, it it not clear what url reference is for what exactly. For example referring to a Kibana dashboard url does not make it very clear what this dashboard is about. When a key would be added, it would things a lot more clear and usable imho.
Reference URL is for the source material for building the detection rule. You would need to add the elastic detection pre-built documentation link to the each of the detections in Elastic.
Hope that helps.
Thanks for your answer Austin,
But that was not really my question or proposal. I know how to add url references.. 
But imho i'd like to suggest making it a key value array instead of just an array or url's. Because some url's are very dificult to read by a human, for example a link to a dashboard with an id does not give any info what's the dashboard is about.
A second thing was my proposal to add a reference url to the Elastic documentation of each rule by default.
I wanted to check animo before making GH issues..
Best regards,
Willem
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
