ajesh
(ajesh)
December 11, 2020, 1:14pm
1
Hi Team,
Can you please let me know how i can add additional details to detection rules message body
For example , for root login attempt failure , i need the email message body with host.hostname, @timestamp , event.outcome, source.ip, message etc.
Thanks,
Ajesh
1 Like
ajesh
(ajesh)
December 14, 2020, 9:36am
2
Hello Team,
Kindly look into this we are currently evaluating the SIEM functionality.
Regards,
Ajesh
ajesh
(ajesh)
December 28, 2020, 11:20am
4
Hi Yassine,
Thanks for that , did you mean we don't have that feature in 7.9.0 ?
If feature exist , how can we add make it display in email body , any syntax for this.
What you are allow to add to the rule action is here.
You may be able to accomplish what you are looking to accomplish by using elastic actions.
You could also add comments to the pull request 85488 explaining what you are trying to achieve.
system
(system)
Closed
January 25, 2021, 9:20pm
6
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.