Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DOCS] Add alert source to detection rule action context #449

Closed
jmikell821 opened this issue Jan 14, 2021 · 1 comment
Closed

[DOCS] Add alert source to detection rule action context #449

jmikell821 opened this issue Jan 14, 2021 · 1 comment
Assignees
@jmikell821
Labels
Team: Detections/Response Detections and Response v7.11.0

Comments

@jmikell821
Copy link
Contributor

Issue: elastic/kibana#85488

Docs update: Alert data is now available in detection rule actions at {{context.alerts}} as an array. This array contains each alert generated since the last time the action executed. Mustache templating can be used to iterate over all alerts in the array and capture information from each one. For example, {{#context.alerts}}Detection alert for user: {{user.name}}{{/context.alerts}} would create the string Detection alert for user: <user.name> for every alert in the array. Any alerts that don't have user.name will still generate the string but leave <user.name> blank.

image
@jmikell821 jmikell821 self-assigned this Jan 14, 2021
This was referenced Jan 14, 2021
Closed
Merged
@jmikell821
Copy link
Contributor Author

Merged #450.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jmikell821 jmikell821

Labels
Team: Detections/Response Detections and Response v7.11.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jmikell821