Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution][Detections] Ability to group by multiple fields for Threshold detection rule #86100

Closed
jguay opened this issue Dec 16, 2020 · 3 comments
Closed

[Security Solution][Detections] Ability to group by multiple fields for Threshold detection rule #86100

jguay opened this issue Dec 16, 2020 · 3 comments
Labels
Feature:Detection Rules Anything related to Security Solution's Detection Rules Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.

Comments

@jguay
Copy link
Contributor

jguay commented Dec 16, 2020

Describe the feature:
Currently (7.10.1), it is possible in Alerts and Action to define an alert of type Metric threshold in this case with metricbeat system module data with filesystem metricset using 2 fields :
Screenshot 2020-12-16 at 11 48 01

However, only one field can be used for grouping when defining a Threshold signal detection rule :
Screenshot 2020-12-16 at 11 53 22

Describe a specific use case for the feature:
Ability to group by more than one field in detection rule.
@jguay jguay added the Feature:Detection Rules Anything related to Security Solution's Detection Rules label Dec 16, 2020
@jguay jguay mentioned this issue Dec 21, 2020
Open
@peluja1012 peluja1012 added the Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. label Jun 17, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@peluja1012 peluja1012 added the Team:Detections and Resp Security Detection Response Team label Jun 17, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@peluja1012
Copy link
Contributor

Implemented by this PR #90826

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature:Detection Rules Anything related to Security Solution's Detection Rules Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@peluja1012 @elasticmachine @jguay