Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Rule actions] Send a mail for each alert #142426

Open
smnschneider opened this issue Oct 2, 2022 · 5 comments
Open

[Rule actions] Send a mail for each alert #142426

smnschneider opened this issue Oct 2, 2022 · 5 comments
Labels
Team:Detections and Resp Security Detection Response Team

Comments

@smnschneider
Copy link
Contributor

Describe the feature:

At the moment it is not possible to send a mail for each alert. It is only possible to send one mail via rule actions with an information how many alerts has been created. There is a workaround with watcher, but to have this kind of feature in the UI would be great.

image

Describe a specific use case for the feature:

There are customers that would like to be informed for every alert that comes up. Furthermore they want to forward the alert information to differen mail adresses depending on fields in the alert. So they can contact the correct team directly.
@botelastic botelastic bot added the needs-team Issues missing a team label label Oct 2, 2022
@smnschneider smnschneider changed the title Send a mail for each alert [Rule actions] Send a mail for each alert Oct 2, 2022
@nickpeihl nickpeihl added the Team: Actionable Observability - DEPRECATED For Observability Alerting and SLOs use "Team:obs-ux-management", for AIops "Team:obs-knowledge" label Oct 4, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/actionable-observability (Team: Actionable Observability)

@botelastic botelastic bot removed the needs-team Issues missing a team label label Oct 4, 2022
@nickpeihl nickpeihl added the Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) label Oct 4, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/response-ops (Team:ResponseOps)

@nickpeihl nickpeihl removed the Team: Actionable Observability - DEPRECATED For Observability Alerting and SLOs use "Team:obs-ux-management", for AIops "Team:obs-knowledge" label Oct 4, 2022
@mikecote mikecote added Team:Detections and Resp Security Detection Response Team and removed Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) labels Oct 4, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@mikecote
Copy link
Contributor

mikecote commented Oct 4, 2022

Security solution rules should be able to report alerts 1:1 to the platform once the implementation of #68828 is complete. Once #68828 is done, the API will allow actions to run once for all alerts or on a per-alert basis.

@smnschneider
Copy link
Contributor Author

Is this then also configureable in Kibana?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Team:Detections and Resp Security Detection Response Team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@nickpeihl @mikecote @elasticmachine @smnschneider