Additional event "message" properties #103358
Labels
enhancement
New value added to drive a business result
Feature:Detection Alerts
Security Solution Detection Alerts Feature
Feature:Detection Rules
Anything related to Security Solution's Detection Rules
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Team:SIEM
Comments
cybersecdiva
added
enhancement
|
Pinging @elastic/siem (Team:SIEM) |
MindyRS
added
the
Team: SecuritySolution
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the feature:
Adding event properties to detections event.
i.e.
message.property_1
message.property_2
message.property_3
The user can select an property to add to the detection based on the fields available with the selected index for the detection.
Describe a specific use case for the feature:
An improved filtering for detections would allow the event "message" and having additional properties associated with the event.
The text was updated successfully, but these errors were encountered: