Pre-built/Community Rules for Monitoring/Observability?

Hello All,

I was wonder if Elastic has any plans to offer a repo/project similar to GitHub - elastic/detection-rules: Rules for Elastic Security's detection engine, but more for Metrics/Logging/Observability? While I know Kibana provides some base line rules for things like Infrastructure (Hosts/Kubernetes pods) CPU/Memory/Disk/etc.... There isn't much in the way of pre-built rules for other modules that Elastic offers in the observability space. I think that this would be useful with helping provide a baseline for the Alerting tool, for those who may not have the time/expertise to build "good" baseline rules which could be modified to suite the user's environment.

Hey @BenB196,

that would indeed be very valuable. The security team is ahead of the curve here with their detection rules implementation.

The idea ultimately is to support this for more than just detection rules through the new "integrations" mechanism, that can be conveniently installed into Elastic Stack deployments via Kibana. The integrations themselves are developed in a public repo (GitHub - elastic/integrations: Elastic Integrations), which allows for full inspection and community contributions. I think at the moment there are some technical limitations for importing rules (related to actions and API keys IIRC, Packaged alerts · Issue #67293 · elastic/kibana · GitHub). But its definitely on our radar: Add alerts to integration packages · Issue #121 · elastic/package-spec · GitHub

You're welcome to chime in on any of these issues to add more weight to them.

Hi @weltenwort, thanks for the links to these tickets. I'll read over them and provide my input.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.