Is there a way to construct a URL that will render as a hyper link in the alerts dashboard that will allow the user to review (Highlighted fields) the alert and then show a hyperlink to the external asset that the information was ingested from. It would be nice to have a simple solution that would allow this to be added to the required fields for the alert so that pivoting between API exteranl resources becomes apart of the rule capability it self.
Yes. The most practical approach is to put the external URL into a field on the source event (for example url.full or your own field like external.asset.url), make sure that field is copied into the generated alert, and then format that field as a URL in Kibana (Stack Management → Data Views → pick the data view → set the field format to URL). Once that’s done, add the field as a column in the Alerts table and it will render as a clickable link so analysts can jump straight to the originating system.
For the “highlighted fields” part, Elastic Security already lets you pick which fields a rule highlights in the alert flyout. Add your URL field there along with the key context fields you want reviewers to see. One caveat is that the Highlighted fields section may show the URL as plain text, so if you need it to be reliably clickable, use the Alerts table column or the flyout’s Table tab where field formatting is applied.
Thanks that confirm what I have been doing with a pipeline that constructs the url to pass to api endpoint. I just wish there was a simpler way. My customer uses a tone of other assets, and it would be nice to have it render as a clickable link in a highlighted field.