Hi All, Is there a way to create an default detection rule alert action endpoint and then have this for all detection rules alerts? i.e. bulk action all enabled rules to send the alerts to our notification endpoint?
Cheers
Sunil
Hi All, Is there a way to create an default detection rule alert action endpoint and then have this for all detection rules alerts? i.e. bulk action all enabled rules to send the alerts to our notification endpoint?
Cheers
Sunil
Hello @Sunil_Iyengar
Welcome to the community
Alert action can be setup Create a detection rule | Elastic Security Solution [8.13] | Elastic
By notification endpoint, do you mean external web service? If so, this action connector would help: Webhook connector and action | Kibana Guide [8.13] | Elastic
This webhook action can be added in bulk to rules: Manage detection rules | Elastic Security Solution [8.13] | Elastic
Thanks, Vitalii
Hi @vitaliidm, Thanks.
I am trying to send some custom source fields using <context.alerts> to the pagerduty actions message.
Elastic adds defaults notification properties as default. How can I change this default properties so I can have a default values filled for the pagerduty context notification object.
Is this done by moustache templating? Where can we change this so it is applied to all elastic rule alerts (elastic and custom rules).
Can provide some examples if that helps.
Kind Regards
Sunil
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.