Hi all
I have successfully config for siem to send alert mail and now when i tried it with the theashold rule it failed.
So i want to ask how to format theashold rule mail to send infomation.
The format that i tried is:
{{#context.alerts}}
Detection alert for :
From source.ip : {{signal.threshold_result.terms.value}} at {{@timestamp}}
{{/context.alerts}}
HI Iusynda! Thanks for reaching out. What version of the stack are you on?
If you happen to be on 7.12.1, then the threshold_results.terms is an array, so you'd need to access the value as follows:
{{#context.alerts}}
Detection alert for :
From source.ip : {{#signal.threshold_result.terms}}{{value}}{{/signal.threshold_result.terms}} at {{@timestamp}}
{{/context.alerts}}Yes thanks for your replies.
I am on version 7.12.0, will your queries works as well.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.