Elastic Alerting

Elastic Security
1

Hi all,

I am creating a alerting system with elastic connectors , so far now i am able to send alerts to telegrame via a bot but the issue is the details of the alerts for a example:

I have a rule for firewall login failure and i need to send the alert with who failed to login like if user A failed to login alert should be << Elastic Alert: Firewall Login Failure , user A failed to login to the firewall >>

but it seems i cannot includ the username field to the alert data

Screenshot 2025-02-13 104754
Screenshot 2025-02-13 104754732×519 47.2 KB

I uploaded a screenshot of the body of the connection action
I bit confused with this variables that is available in this , what are they from where they get can i create a new variable?

I am hoping that someone can help me with this

Thank you

1 Like
2

Update:
So I found info about this on Elastic Rule Action variable page But it seems that I cannot create new variables I could not found any info about it also some fields did not worked for me for a example

**documents** _[view in Discover]({{{context.link}}})_

above context also did not worked .

I will upload a screnshot of the alert I get via telegrame for review

Image (3)
Image (3)1101×597 115 KB

Thank you.

1 Like
3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.