Import Saved Search in Detections Rule #81566
Labels
enhancement
New value added to drive a business result
Feature:Detection Rules
Anything related to Security Solution's Detection Rules
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Team:SIEM
Comments
kindsun
added
enhancement
|
Pinging @elastic/siem (Team:SIEM) |
MindyRS
added
the
Team: SecuritySolution
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the feature:
Similar to how you can create a visualization in Kibana using a "Saved Search", when you're creating a
Custom Rulein Detections you should be able to import query from a "Saved Search".Describe a specific use case for the feature:
This would be helpful while creating custom rules because right now you have to do the search somewhere else and copy and paste it into the
Custom Rule. If you were able to do the search in Discover and save it, you'd be able to import it easier when creating aCustom Rulein Detections.The text was updated successfully, but these errors were encountered: