Hi all,
I added a note to a security alert. The document associated with the alert is viewable in Discover, but I don't see any fields containing my note. In which index is the note stored?
I read that it is stored in the kibana.alert.workflow_reason field but I can't find this field among those populated in the document corresponding to the alert.
Thank you for any help you can give me.
Hello @Cristina_Marletta_Li ,
Notes cannot be accessed in Discover since they are not part of the alert document. There are plans in future to add notes capability in discover but for now it is only Security Solution feature.
Hi,
but other field like kibana.alert.workflow_status are visible…
What field can I use to add variable information (e.g. a TT number) to the alert that is discoverable?
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.