Hello All,
I'm new work with Elastic Security. I'm using the Elastic Security basic version and I want to create the detection rule with Index action.
My situation is, I created a rule to detect any connect malicious IP. This rule seems matched but I'm stuck with the Index action. I want to write the data into an index "test-ioc-match" when the rule matched.
Does anyone have an example indẽ action of this situation?
Thank You,
alextd
This is my configuration and the result. It seems cannot get the value of the variables.
index-action|690x416
result|690x228
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
