Is there a way to get how much time it gets to execute all security rules. In "Stack Management" -> "Rules and Connectors" analytics available per each rule but summary analytics seems to be missing. For example all rules duration summary.
In my case 500 rules duration summary is 1 hour (made manual summary). How can I get this info using API?
Also I'm interested how this value changes:
So we're still working on surfacing high level KPI's and metrics summarizing all rule executions, but we are writing all the data from each execution to the kibana event log, so you should be able to build a custom dashboard around this data for your needs in the interim.
If you go to Discover, and create a Data View for the .kibana-event-log-* system index you'll see all the events that are written as part of each rule execution. Please check out this source file for details on relevant field names -- this is the source for the Rule Execution Log that we have on Rule Details here:
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
