Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Research] Supporting response actions with alerting and connectors #155644

Open
mikecote opened this issue Apr 24, 2023 · 1 comment
Open

[Research] Supporting response actions with alerting and connectors #155644

mikecote opened this issue Apr 24, 2023 · 1 comment
Labels
Feature:Actions/Framework Issues related to the Actions Framework Feature:Alerting/RulesFramework Issues related to the Alerting Rules Framework research Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)

Comments

@mikecote
Copy link
Contributor

mikecote commented Apr 24, 2023
edited
Loading

Response actions are used by security solution as automation workflows when an alert is detected. These actions are currently coded within the rule executor given we have limitations with the actions framework to fully support this.

We should research how we can enhance the actions framework to support actions within Kibana and providing a solution in these areas:

  1. There shouldn't be a need to create a connector saved in the UI when the integration is within our own products and doesn't require a configuration (ex: case, OS Query, server log, etc)
  2. The RBAC should re-use the feature privilege of the existing product (ex: case feature privileges for the case action)
  3. Guidance on how the connector can handle the response of a request (ex: OS Query response) for re-use
@mikecote mikecote added Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) research Feature:Alerting/RulesFramework Issues related to the Alerting Rules Framework Feature:Actions/Framework Issues related to the Actions Framework labels Apr 24, 2023
@elasticmachine
Copy link
Contributor

Pinging @elastic/response-ops (Team:ResponseOps)

@shanisagiv1 shanisagiv1 mentioned this issue May 2, 2023
Closed
@cnasikas cnasikas mentioned this issue Jun 23, 2023
Closed
15 tasks
@banderror banderror mentioned this issue Jun 30, 2023
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature:Actions/Framework Issues related to the Actions Framework Feature:Alerting/RulesFramework Issues related to the Alerting Rules Framework research Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)
Projects
No open projects
AppEx: ResponseOps - Execution & Connectors
Status: Todo
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mikecote @elasticmachine