I have an automatic system that creates security cases in my Elastic stack using the Kibana Endpoint. This part is working perfectly.
Once an alert is created, I would like to automatically send a message on a Slack channel to inform the team that a new case has been created.
I didn't find any information on the Internet on how to accomplish that, so I created an Elastalert query for this but it doesn't work really well (My query is probably not really accurate, but I guess this is not the purpose of this forum to discuss Elastalert?).
Isn't there any integrated feature in Elastic allowing the creation of Slack alerts for cases? The external connectors don't include a Slack connector.
My Elastic stack:
Cloud-managed Elastic 7.16.2 with Gold license
At the moment is not possible to use the slack connector from within Cases. It is on our radar and we would love to support it one day. What I don't understand is how the case and the alert are associated?
@stephenb You are welcome! Using the slack connector as an action with alerts makes total sense. Understanding better the user flow and the correlation between cases and alerts would help.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.