Skip to content

[DOCS] Add alert source to detection rule action context #449

New issue
New issue
Closed
Closed
[DOCS] Add alert source to detection rule action context#449
Assignees
jmikell821
Labels
Team: Detections/ResponseDetections and Responsev7.11.0
@jmikell821

Description

@jmikell821
jmikell821
opened on Jan 14, 2021

Issue: elastic/kibana#85488

Docs update: Alert data is now available in detection rule actions at {{context.alerts}} as an array. This array contains each alert generated since the last time the action executed. Mustache templating can be used to iterate over all alerts in the array and capture information from each one. For example, {{#context.alerts}}Detection alert for user: {{user.name}}{{/context.alerts}} would create the string Detection alert for user: <user.name> for every alert in the array. Any alerts that don't have user.name will still generate the string but leave <user.name> blank.

image

Metadata

Metadata

Assignees

Labels

Team: Detections/ResponseDetections and Responsev7.11.0

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions