From b79810bd95d89129693dc83e88b762d927bd4a62 Mon Sep 17 00:00:00 2001 From: Karen Metts Date: Fri, 17 Oct 2025 19:31:11 -0400 Subject: [PATCH 1/3] Alert rule template as asset type --- reference/fleet/manage-integrations.md | 26 +++++++++----------------- 1 file changed, 9 insertions(+), 17 deletions(-) diff --git a/reference/fleet/manage-integrations.md b/reference/fleet/manage-integrations.md index 9f1671bd05..db83be5211 100644 --- a/reference/fleet/manage-integrations.md +++ b/reference/fleet/manage-integrations.md @@ -9,29 +9,26 @@ products: # Manage {{agent}} integrations [integrations] - -::::{admonition} -Integrations are available for a wide array of popular services and platforms. To see the full list of available integrations, go to the **Integrations** page in {{kib}}, or visit [Elastic Integrations](integration-docs://reference/index.md). - {{agent}} integrations provide a simple, unified way to collect data from popular apps and services, and protect systems from security threats. +Integrations are available for a wide array of popular services and platforms. To see the full list, go to the **Integrations** page in {{kib}}, or visit [Elastic Integrations](integration-docs://reference/index.md). -Each integration comes prepackaged with assets that support all of your observability needs: +Each integration comes prepackaged with assets that support your observability needs: * Data ingestion, storage, and transformation rules * Configuration options +* Alert templates to enable users to quickly set up custom alerting rules (available in some integrations) {applies_to}`stack: ga 9.2` * Pre-built, custom dashboards and visualizations * Documentation -:::: - +Note that the **Integrations** app in {{kib}} needs access to the public {{package-registry}} to discover integrations. If your deployment has network restrictions, you can [deploy your own self-managed {{package-registry}}](/reference/fleet/air-gapped.md#air-gapped-diy-epr). ::::{note} -Be aware that some integrations may function differently across different spaces. Also, some might only work in the default space. We recommend reviewing the specific integration documentation for any space-related considerations. - +Some integrations may function differently across different spaces, with some working only in the default space. Review the documentation specific to your integration for any space-related considerations. :::: +## Work with integrations [work-with-integrations] -The following table shows the main actions you can perform in the **Integrations** app in {{kib}}. You can perform some of these actions from other places in {{kib}}, too. +You can perform a variety of actions in the **Integrations** app in {{kib}}. Some of these actions are also available from other places in {{kib}}. | User action | Result | | --- | --- | @@ -42,11 +39,6 @@ The following table shows the main actions you can perform in the **Integrations | [View integration assets](/reference/fleet/view-integration-assets.md) | View the {{kib}} assets installed for a specific integration. | | [Upgrade an integration](/reference/fleet/upgrade-integration.md) | Upgrade an integration to the latest version. | -::::{note} -The **Integrations** app in {{kib}} needs access to the public {{package-registry}} to discover integrations. If your deployment has network restrictions, you can [deploy your own self-managed {{package-registry}}](/reference/fleet/air-gapped.md#air-gapped-diy-epr). - -:::: +## Customize integrations [customize-integrations] -:::{tip} -Once you've started using integrations to ingest data, you can customize how that data is managed over time. Refer to [Index lifecycle management](/reference/fleet/data-streams.md#data-streams-ilm) to learn more. -::: +After you've started using integrations to ingest data, you can customize how the data is managed over time. Refer to [Index lifecycle management](/reference/fleet/data-streams.md#data-streams-ilm) to learn more. From 9c59a26d477ec86d8691763f8040ee771b1122b5 Mon Sep 17 00:00:00 2001 From: Karen Metts Date: Sun, 19 Oct 2025 20:19:27 -0400 Subject: [PATCH 2/3] Add alert templates --- reference/fleet/alert-templates.md | 40 ++++++++++++++++++++++++++++++ reference/fleet/toc.yml | 1 + 2 files changed, 41 insertions(+) create mode 100644 reference/fleet/alert-templates.md diff --git a/reference/fleet/alert-templates.md b/reference/fleet/alert-templates.md new file mode 100644 index 0000000000..50b40d479b --- /dev/null +++ b/reference/fleet/alert-templates.md @@ -0,0 +1,40 @@ +--- +mapped_pages: + - https://www.elastic.co/guide/en/fleet/current/data-streams.html +applies_to: + stack: ga 9.2 + serverless: ga +products: + - id: fleet + - id: elastic-agent +navigation_title: Built-in alerts and templates +--- + +# Built-in alerts and templates [built-in-alerts] + +## {{agent}} out-of-the-box alert rules [ea-alert-rules] + +When you install or upgrade {{agent}}, a new alert rule is created automatically. You can configure and customize out-of-the-box alerts to get them up and running quickly. + +::::{note} +The built-in alerts feature for {{agent}} requires a valid Enterprise license or Enterprise trial license. Be sure that the license is in place before you install or upgrade {{agent}}. + +Check the [subscription information](https://www.elastic.co/subscriptions) for more details about managing licenses. +:::: + +In {{kib}}, you can enable out-of-the-box rules pre-configured with reasonable defaults to provide immediate value for managing agents. +You can use [ES|QL](/explore-analyze/discover/try-esql.md) to author conditions for each rule. + +Connectors are not added to rules automatically, but you can attach a connector to route alerts to your platform of choice -- Slack or email, for example. +In addition, you can add filters for policies, tags, or hostnames to scope alerts to specific sets of agents + +You can find these rules in **Stack Management** > **Alerts and Insights** > **Rules**. + + +## Alert templates assets for integrations [alert-templates] + +Some integration packages include alerting rule template assets that provide pre-made definitions of alerting rules. You can use the templates to create your own custom alerting rules that you can enable and fine tune. + +When you click a template, you get a pre-filled rule creation form. You can define and adjust values, set up connectors, and define rule actions to create your custom alerting rule. + +You can see available templates in the **integrations/detail//assets** view. diff --git a/reference/fleet/toc.yml b/reference/fleet/toc.yml index a08b40b87f..15bf074973 100644 --- a/reference/fleet/toc.yml +++ b/reference/fleet/toc.yml @@ -159,6 +159,7 @@ toc: - file: data-streams-scenario4.md - file: data-streams-pipeline-tutorial.md - file: data-streams-advanced-features.md + - file: alert-templates.md - file: agent-command-reference.md - file: agent-processors.md children: From 346c963cddfa8e92e6075b599905244d93bdc5e1 Mon Sep 17 00:00:00 2001 From: Karen Metts Date: Tue, 21 Oct 2025 16:18:47 -0400 Subject: [PATCH 3/3] Incorporate review comments --- reference/fleet/alert-templates.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/reference/fleet/alert-templates.md b/reference/fleet/alert-templates.md index 50b40d479b..3a9c6c7cf1 100644 --- a/reference/fleet/alert-templates.md +++ b/reference/fleet/alert-templates.md @@ -14,12 +14,12 @@ navigation_title: Built-in alerts and templates ## {{agent}} out-of-the-box alert rules [ea-alert-rules] -When you install or upgrade {{agent}}, a new alert rule is created automatically. You can configure and customize out-of-the-box alerts to get them up and running quickly. +When you install or upgrade {{agent}}, new alert rules are created automatically. You can configure and customize out-of-the-box alerts to get them up and running quickly. ::::{note} -The built-in alerts feature for {{agent}} requires a valid Enterprise license or Enterprise trial license. Be sure that the license is in place before you install or upgrade {{agent}}. +The built-in alerts feature for {{agent}} is available only for some subscription levels. The license (or a trial license) must be in place before you install or upgrade {{agent}} before this feature is available. -Check the [subscription information](https://www.elastic.co/subscriptions) for more details about managing licenses. +Refer [Elastic subscriptions](https://www.elastic.co/subscriptions) for more information. :::: In {{kib}}, you can enable out-of-the-box rules pre-configured with reasonable defaults to provide immediate value for managing agents.