[ResponseOps] add saved object names to audit documents #178974
Labels
Feature:Actions
Feature:Alerting
Team:ResponseOps
Label for the ResponseOps team (formerly the Cases and Alerting teams)
Comments
pmuellr
added
Feature:Alerting
Feature:Actions
Team:ResponseOps
|
Pinging @elastic/response-ops (Team:ResponseOps) |
github-project-automation
bot
moved this to Awaiting Triage
in AppEx: ResponseOps - Execution & Connectors
|
cc @XavierM Is this something the RAM team could handle? |
pmuellr
moved this from Awaiting Triage
to Todo
in AppEx: ResponseOps - Execution & Connectors
|
+1 Our IT security controls team are currently trying to build dashboards and reporting for SIEM security rules. A big improvement will be adding the security rule name to the dashboards and reporting. |
|
Going to close this issue, it looks like the Management Experience team is using the enhancement request issue. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
enhancement request: https://github.com/elastic/enhancements/issues/19823
newly merged basic audit capability to store saved object names in audit documents: #175626
For alerting saved objects, we should start using the appropriate "name" of the object in our calls to the audit logger. This certainly means rules and connectors, not sure if other saved objects are applicable
The text was updated successfully, but these errors were encountered: