@Frank_Hassanabad Could you please help to resolve the below mentioned issue.
I am trying to add additional fields in alert email action body in detection rules in ELK 7.10.
For eg: Need to include user.name field in the rule alert in the body of alert email action.
Rule Logic is: More than 3 authentication failure in 5min from same user.
I am able to create this rule using Threshold and EQL option in Detections and alerts are triggering, but i couldn't find an option to add one additional field in notification placeholder.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.