How can i add additional fields in alert email action body in detection rules. I am using ELK 7.10.
For eg: Need to include user.name and source.ip field in the rule alert in the body of alert email action.
Rule Logic is: More than 3 authentication failure in 5min from same user.
I have created this rule using Threshold option in Detections.