I have been using the Detection API to add actions to certain Detection jobs. I am using a Jira connector.
Am seeing this sort of behaviour in the action message body.
When using the "{{{context.results_link}}}" in the action message body, some detection jobs show the full url link with to be able to click to. But some do not, which then it will just show the broken link (paths of the link and not including the base kibana url).
Should show (seen on some rules):
https://{kibana-base-url}:{kibana-port}/app/security/detections/rules/id/{rule-id}
See in broken links:
/app/security/detections/rules/id/{rule-id}
In all instances the input used in the message body to display this link when the alert is actioned is: {{{context.results_link}}}
Across all boards, the message template that is being used for the action alert message is below:
The {{alertName}} has been activated.
Alert Result Link: {{{context.results_link}}}
Alert Severity: {{context.rule.severity}}
Alert Threat: {{context.rule.threat}}
Is there a work around to this? or would this be a thing that would been to do done manually when after adding this action via the API? Is there a difference in the behaviour of actions when using ML detection jobs to query jobs?
If you use JIRA Wiki Rendering parameters and I never get broke links like the following screenshot. Also I load pre-built rules and then I duplicate all of the rules and then delete the pre-built rules under Elastic Rules. So it will appear like the following. Elastic Rules (0) Custom Rules (480)
Jira has their own “markdown” variant, they also probably do some “linkification”, it also probably has some “issues”, and it can probably/usually be worked around by not using auto-linkification, but the specific link format prescribed by the rendering engine.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
