Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security solution to onboard alert summaries and report the alerts 1:1 to the platform #147379

Closed
mikecote opened this issue Dec 12, 2022 · 2 comments
Closed

Security solution to onboard alert summaries and report the alerts 1:1 to the platform #147379

mikecote opened this issue Dec 12, 2022 · 2 comments
Assignees
@ymao1
Labels
Feature:Alerting/RulesFramework Issues related to the Alerting Rules Framework Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)

Comments

@mikecote
Copy link
Contributor

In this effort, we should support the security solution to report their alerts 1:1 to the platform by leveraging the alert summaries feature. This will lay the groundwork necessary to develop future features like conditional actions where the alert actions may be per alert, a summarization or a group by of a different field.
@mikecote mikecote added Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) Feature:Alerting/RulesFramework Issues related to the Alerting Rules Framework labels Dec 12, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/response-ops (Team:ResponseOps)

@mikecote mikecote moved this from Awaiting Triage to In Progress in AppEx: ResponseOps - Execution & Connectors Dec 12, 2022
This was referenced Dec 20, 2022
Closed
Merged
ymao1 added a commit that referenced this issue Dec 21, 2022
@ymao1
[Response Ops] [Alerting] Unflattening summarized alerts (#147890)
efb7cdd 
Towards #147379

## Summary

When investigating how to [onboard detection alerts onto framework alert
summaries](#147379), there were
some discrepancies in the format of the alert documents returned. This
PR fixes the formatting so it matches and there will be no difference in
`context.alerts` when we migrate detection alerts to the framework.


### Checklist

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
simianhacker pushed a commit to simianhacker/kibana that referenced this issue Dec 22, 2022
@ymao1 @simianhacker
[Response Ops] [Alerting] Unflattening summarized alerts (elastic#147890
e7a8f20 
)

Towards elastic#147379

## Summary

When investigating how to [onboard detection alerts onto framework alert
summaries](elastic#147379), there were
some discrepancies in the format of the alert documents returned. This
PR fixes the formatting so it matches and there will be no difference in
`context.alerts` when we migrate detection alerts to the framework.


### Checklist

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
@ymao1
Copy link
Contributor

ymao1 commented Jan 9, 2023

POC for onboarding detection rules: #147539

The framework will implement these issues in preparation for feature delivery:

@ymao1 ymao1 closed this as completed Jan 9, 2023
@ymao1 ymao1 mentioned this issue Feb 9, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ymao1 ymao1

Labels
Feature:Alerting/RulesFramework Issues related to the Alerting Rules Framework Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)
Projects
No open projects
AppEx: ResponseOps - Execution & Connectors
Archived in project
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mikecote @ymao1 @elasticmachine