Hello everyone,
I am currently setting up various alerts on Kibana and would need to know if what I want to set up is possible.
I currently have a Threshold rule with these parameters:
And the following action:
My rule works very well, behind I've linked everything to a webhook using a script, my alert is generated with several pieces of information about the alert, such as the user who is the target of this alert, the name of the alert, the descrpition...
Now what I'd like is to be able to retrieve the different values of the winlog.event_data.IpAddress field from the 10 logs I'm retrieving. In my example I have grouped by user and host.name, so I can retrieve this information but I don't want to group by source IP address, so I'd like to know if it's possible to retrieve the values of winlog.event_data.IpAddress because after a lot of searching, I can't find anything.