Elastic Security rule with Index action

Hello All,

I'm new work with Elastic Security. I'm using the Elastic Security basic version and I want to create the detection rule with Index action.
My situation is, I created a rule to detect any connect malicious IP. This rule seems matched but I'm stuck with the Index action. I want to write the data into an index "test-ioc-match" when the rule matched.
Does anyone have an example indẽ action of this situation?

Thank You,

This is my configuration and the result. It seems cannot get the value of the variables.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.