I have created a security alert by defining the proper rules ( i am using custom query in defination where I have written the query as "username: missing_name"
uploaded a csv in which there is a column "username" if the missing_name is encountered then we have to send the email alerts along with the address of corresponding to the missing_name there is column with "address" I have connected the email connector , the alerts are generated and triggered also but the address and other dynamic part is missing in the email,
I am using the below syntax to send the email, how to fix it??
Hello Team,
An alert has been triggered for missing name in the security logs. Below are the details of the detected issue:
**Alert Details:**
- **Rule Name**: {{rule.name}}
- **Date Triggered**: {{date}}
- **Alert Count**: {{alerts.new.count}}
{{#alerts.new.data}}
**Detected address**: {{context.address}}
Looks like moustache syntax used in email body is not correct.
I can see there variable {{#alert.new.data}}, Symbol # is used when looping through array required and it needs a closing statement: {{/alert.new.data}}, as per Rule action variables | Kibana Guide [8.15] | Elastic
So, if you would like to loop through new alerts, this syntax should be used
R -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- R
{{/context.alerts}}
Because it's possible for more than one alert hit to appear in each email, we include a couple of carrige returns along with the R----R to differentiate between the different alerts.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
