I would like to know whether it is possible to remove or hide Kibana and Signal fields in Elastic Security. When an alert is triggered, you can look over it, here you are a screenshot:
I understand that this information is useful, however, in the case of being agile, from my point of view, having many fields you can’t see the wood for the trees .
Have you already experimented with Timeline Templates? I've found that creating a Timeline Template with the desired set of fields and using that in a rule populates the Overview tab option with the key context I'm looking for. I see it as a workaround to your request, but was wondering what your experience might be.
I checked my timeline template to see what I might be doing differently, and I don't have any template fields defined for the filter criteria. The fields I toggle in the table below for column visibility seem to be the fields that show up in the Overview table.
I suggest removing the timeline template fields from the search criteria, but ensuring the target fields are toggled into the column view below, and then re-testing.
Hi @RdrgPorto - Thanks for reaching out here, and thank you @elknoob for working with him to debug. Currently, there isn't actually a direct relationship between the document summary of the fly-out and the template fields. The fields shown in the document summary are based on some fields on the underlying event such as event.category. The fact that there's a match for @elknoob is coincidental. I'll make a note of this feedback!
For now, one thing you can do is create a timeline template and configure the default columns there.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.