Email action message

Hello,

I have an alert using rule from security section.
My aim is to gather some information into the mail alert from the alert:

In my example, I would like to take the username & the ip:

{{#context.hits}} Username:  {{_source.source.user.name}} - IP: {{_source.destination.ip}}
{{/context.hits}}

I try several different configuration following links like Rule action variables | Kibana Guide [8.10] | Elastic.

But everytimes, there is a blank on my email alert.

Anyone experienced this ?
Any clue is appreciated :slight_smile:

Thank you

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.