Hello,
So is there a way to search or filter on severity of the rule?
Grtz
Unfortunately, no.
One alternative would be to create a custom tag on your rules, something like Severity: high, then you would be able to filter by this tag (one at time, as the filter is an AND, not an OR).
The rule management lacks a lot of management features, on my company we created a custom automation using he rules api to export the rules and reingest this on a custom index where we can build dashboards as we want.
I also opened some issues in Github with some suggestions a couple of years ago.
Like this one: [ Security Solution ] Create a Rule Overview page with built-in visualizations to improve Rule Management · Issue #190756 · elastic/kibana · GitHub and this one [Security Solution] Allow an option to filter the Detection Rules if the integration needed is installed or not. · Issue #167333 · elastic/kibana · GitHub
1 Like
I think it would be really helpful if the Rules interface had better built-in search and filtering options.
I’ve also upvoted your GitHub issues (#190756, #167333) because this would really help in day-to-day operations, especially when reviewing or tuning rules in larger environments.
Thanks @leandrojmp !
2 Likes