Hi Team,
Can you please let me know how i can add additional details to detection rules message body
For example , for root login attempt failure , i need the email message body with host.hostname, @timestamp, event.outcome, source.ip, message etc.
Thanks,
Ajesh
Hello Team,
Kindly look into this we are currently evaluating the SIEM functionality.
Regards,
Ajesh
Hi Yassine,
Thanks for that , did you mean we don't have that feature in 7.9.0 ?
If feature exist , how can we add make it display in email body , any syntax for this.
What you are allow to add to the rule action is here.
You may be able to accomplish what you are looking to accomplish by using elastic actions.
You could also add comments to the pull request 85488 explaining what you are trying to achieve.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
