Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Additional action types for alerting #45023

Open
8 of 27 tasks
clintongormley opened this issue Sep 6, 2019 · 17 comments
Open
8 of 27 tasks

Additional action types for alerting #45023

clintongormley opened this issue Sep 6, 2019 · 17 comments
Labels
connectivity Issues relating to connectivity between Kibana and external services Feature:Actions/ConnectorTypes Issues related to specific Connector Types on the Actions Framework Feature:Actions Meta Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)

Comments

@clintongormley
Copy link
Contributor

clintongormley commented Sep 6, 2019

Would be good to add the following action types to alerting (in no particular order):

@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-stack-services

@pmuellr
Copy link
Member

pmuellr commented Sep 6, 2019

We've talked about creating GH issues as an example, I think action types should probably be that specific, vs just a "github" action. Were you thinking it could be more general, like a "github" action that had a property indicating what you wanted to do at GH - create an issue vs comment on an issue vs ...?

@clintongormley
Copy link
Contributor Author

@pmuellr exactly that- creating a GitHub issue. Same thing for jira

@alexfrancoeur
Copy link

++ I've been meaning to open an issue like this as well. Seems like we could have a meta issue tracking all actions and detail out the requirements for each action in a separate GitHub issue.

@pmuellr
Copy link
Member

pmuellr commented Nov 21, 2019

We might as well use THIS issue as the meta issue.

It would be nice to get some prioritization, if there's known demand for some over others.

And we might want to start grouping these - the top of the list is ticketing systems (currently our only "ticketing" action is pagerduty) - the bottom of the list is notification systems (similar to our slack, email, etc actions).

Another thing to keep in mind is that as we start adding more of these, folks will want a way to get a url to a generated ticket to use in a subsequent action. Eg, generate a GH issue, then post a slack message with the url to that GH issue. We don't currently support that kind of flow. I fear having notification actions WITHOUT that capability is going to be painful to customers.

@mikecote
Copy link
Contributor

@pmuellr I recall the mentions of subsequent actions but somehow we didn't have an issue created for it yet. I went ahead and created one and referenced your comments. #51282.

@peterschretlen
Copy link
Contributor

Related #50103 - Case Management for SIEM

@peterschretlen
Copy link
Contributor

Added trello, which came up as action used in the Security space but also broadly applicable.

@alexfrancoeur
Copy link

alexfrancoeur commented Apr 7, 2020

I've been hearing multiple requests for Mattermost lately, an OSS Slack alternative. Added to the list to track. https://mattermost.com/

@nicpenning
Copy link

++ On TheHive :)

Webhooks can be leveraged to create Alerts or Cases in TheHive 3.4 but a native integration would save those who use TheHive some time from rolling there own integrations.

@MikePaquette
Copy link

MikePaquette commented May 14, 2020

@arisonl From the SIEM/Security App perspective, our prioritized list of action "connectors" :

  • Service Now ITSM (shipped in 7.7 as part of SIEM case workflow management) [Platinum]
  • Jira (targeted for 7.8 - also integrated with SIEM case workflow management) [Gold]
  • IBM Resilient (targeted for 7.9 - also integrated with SIEM case workflow management) [Platinum]
  • ServiceNow Security Ops (SOAR, distinct from ITSM action above) [Platinum]
  • TheHive [Basic]
  • Palo Also Cortex XSOAR (SOAR, builds off existing Demisto/Elastic integration done by PANW) [Platinum]

@jeffrey-e
Copy link

The Hive integration would rock!

@shaunmcgough
Copy link

@arisonl - for Kibana App (Discover, Visualize, Lens, Dashboard, Canvas, Graph, et al)l, and also for general consideration;

  • IFTTT (Generally, a good idea to force multiple)
  • PDF generation automation (Adobe, Foxit, etc. For watermarking and PDF security)
  • Gitlab
  • Bitbucket
  • Onpage
  • chatwork
  • flowdock
  • Moxtra
  • DingTalk
  • Microsoft Azure DevOps
  • Amazon Simple Email Service (SES)
  • Zendesk
  • Hubspot

@arisonl
Copy link
Contributor

arisonl commented May 15, 2020

Thank you Mike, Shaun. @shaunmcgough is your list prioritised?

@shaunmcgough
Copy link

@arisonl negatory.

@arisonl
Copy link
Contributor

arisonl commented May 15, 2020

Here is an initial attempt to gather, breakdown and prio (superset of what's listed in this issue) - WIP: https://docs.google.com/document/d/1n7LnK_cx1WNoMTPTHFkRxJUgy6Ki0jmEKHQ8Cl0bzcg/edit#heading=h.lfymnl3t4b0r

@hungnguyen-elastic
Copy link

There has also been requests from customers to add connectWise to the list. - https://www.connectwise.com/

@gmmorris gmmorris added Feature:Actions Feature:Actions/ConnectorTypes Issues related to specific Connector Types on the Actions Framework and removed Feature:Alerting labels Jul 1, 2021
@gmmorris gmmorris added the connectivity Issues relating to connectivity between Kibana and external services label Aug 16, 2021
@kobelb kobelb added the needs-team Issues missing a team label label Jan 31, 2022
@botelastic botelastic bot removed the needs-team Issues missing a team label label Jan 31, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
connectivity Issues relating to connectivity between Kibana and external services Feature:Actions/ConnectorTypes Issues related to specific Connector Types on the Actions Framework Feature:Actions Meta Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)
Projects
None yet
Development

No branches or pull requests