Hi All,
How can I enable email Alerts for ALL High Severity Detections?
Best regards,
Currently (as of 8.1), you'll need to leverage the API to bulk add/update actions. So you could fetch all rules with High Severity, then use the bulk API (docs) to patch them all with the appropriate action(s).
That said, we've started surfacing Bulk Edit Actions in the UI (currently Index Patterns and Tags) starting in 8.1 (release notes on it), and we'll be working through the remaining fields (like actions, risk score/severity, etc) in upcoming releases.
1 Like
Will there be an ability to filter on rules that do and dont have actions, thinking of when new rules are added, been able to filter all that dont have an action and push.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.