Hello Elastic discuss,
Am on:
ECE 2.9.0
Elastic 7.12.
I have been using the Detection API to add actions to certain Detection jobs. I am using a Jira connector.
Am seeing this sort of behaviour in the action message body.
When using the "{{{context.results_link}}}
" in the action message body, some detection jobs show the full url link with to be able to click to. But some do not, which then it will just show the broken link (paths of the link and not including the base kibana url).
Should show (seen on some rules):
https://{kibana-base-url}:{kibana-port}/app/security/detections/rules/id/{rule-id}
See in broken links:
/app/security/detections/rules/id/{rule-id}
In all instances the input used in the message body to display this link when the alert is actioned is:
{{{context.results_link}}}
Across all boards, the message template that is being used for the action alert message is below:
The {{alertName}} has been activated.
Alert Result Link: {{{context.results_link}}}
Alert Severity: {{context.rule.severity}}
Alert Threat: {{context.rule.threat}}
Is there a work around to this? or would this be a thing that would been to do done manually when after adding this action via the API? Is there a difference in the behaviour of actions when using ML detection jobs to query jobs?
Below is a GitHub issue that has been noted:
Thanks!