-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Additional action types for alerting #45023
Comments
Pinging @elastic/kibana-stack-services |
We've talked about creating GH issues as an example, I think action types should probably be that specific, vs just a "github" action. Were you thinking it could be more general, like a "github" action that had a property indicating what you wanted to do at GH - create an issue vs comment on an issue vs ...? |
@pmuellr exactly that- creating a GitHub issue. Same thing for jira |
++ I've been meaning to open an issue like this as well. Seems like we could have a meta issue tracking all actions and detail out the requirements for each action in a separate GitHub issue. |
We might as well use THIS issue as the meta issue. It would be nice to get some prioritization, if there's known demand for some over others. And we might want to start grouping these - the top of the list is ticketing systems (currently our only "ticketing" action is pagerduty) - the bottom of the list is notification systems (similar to our slack, email, etc actions). Another thing to keep in mind is that as we start adding more of these, folks will want a way to get a url to a generated ticket to use in a subsequent action. Eg, generate a GH issue, then post a slack message with the url to that GH issue. We don't currently support that kind of flow. I fear having notification actions WITHOUT that capability is going to be painful to customers. |
Related #50103 - Case Management for SIEM |
Added trello, which came up as action used in the Security space but also broadly applicable. |
I've been hearing multiple requests for Mattermost lately, an OSS Slack alternative. Added to the list to track. https://mattermost.com/ |
++ On TheHive :) Webhooks can be leveraged to create Alerts or Cases in TheHive 3.4 but a native integration would save those who use TheHive some time from rolling there own integrations. |
@arisonl From the SIEM/Security App perspective, our prioritized list of action "connectors" :
|
The Hive integration would rock! |
@arisonl - for Kibana App (Discover, Visualize, Lens, Dashboard, Canvas, Graph, et al)l, and also for general consideration;
|
Thank you Mike, Shaun. @shaunmcgough is your list prioritised? |
@arisonl negatory. |
Here is an initial attempt to gather, breakdown and prio (superset of what's listed in this issue) - WIP: https://docs.google.com/document/d/1n7LnK_cx1WNoMTPTHFkRxJUgy6Ki0jmEKHQ8Cl0bzcg/edit#heading=h.lfymnl3t4b0r |
There has also been requests from customers to add connectWise to the list. - https://www.connectwise.com/ |
Would be good to add the following action types to alerting (in no particular order):
The text was updated successfully, but these errors were encountered: