Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature: Processing of threshold detection events #88632

Open
Tracked by #165878
ansell opened this issue Jan 18, 2021 · 2 comments
Open
Tracked by #165878

Feature: Processing of threshold detection events #88632

ansell opened this issue Jan 18, 2021 · 2 comments
Labels
enhancement New value added to drive a business result Feature:Threshold Rule Security Solution Threshold rule type Team:Detection Engine Security Solution Detection Engine Area Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:SIEM triage_needed

Comments

@ansell
Copy link

ansell commented Jan 18, 2021
edited
Loading

Describe the feature:

I would like a way to enrich detection events using processors. In particular, I would like to enrich detection events generated from threshold rules, where only a single source field is passed through to the detection event from the original document set.

Describe a specific use case for the feature:

In my specific case, I would like to process threshold detection events that rely on a single IP address field to add geoip processed fields to the event so that I can triage the threshold detection events more efficiently based on noticing geoip related patterns, as I do already with non-threshold IP events.
@streamich streamich added Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! triage_needed labels Jan 19, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-security (Team:Security)

@azasypkin azasypkin added Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:SIEM and removed Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! labels Jan 19, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/siem (Team:SIEM)

@spong spong added Feature:Threshold Rule Security Solution Threshold rule type Team:Detections and Resp Security Detection Response Team labels Jan 20, 2021
@peluja1012 peluja1012 added the Team:Detection Alerts Security Detection Alerts Area Team label Aug 4, 2022
@yctercero yctercero added Team:Detection Engine Security Solution Detection Engine Area and removed Team:Detection Alerts Security Detection Alerts Area Team labels May 13, 2023
@yctercero yctercero added the enhancement New value added to drive a business result label Sep 6, 2023
@yctercero yctercero mentioned this issue Sep 6, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New value added to drive a business result Feature:Threshold Rule Security Solution Threshold rule type Team:Detection Engine Security Solution Detection Engine Area Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:SIEM triage_needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@ansell @peluja1012 @azasypkin @spong @streamich @yctercero @elasticmachine