Skip to content

[Update] Response action / rule types #6043

New issue
New issue
Closed
#6050
Closed
[Update] Response action / rule types#6043
#6050
Assignees
joepeeples
Labels
Feature: Response actionsalso includes response consoleTeam: EDR WorkflowsFormerly Defend Workflows, Onboarding and Lifecycle ManagementsuggestionSuggestions to improve documentationv8.16.0
@caitlinbetz

Description

@caitlinbetz
caitlinbetz
opened on Oct 31, 2024

What can we change to make the docs better?

We previously updated docs to include new rule types for automated response actions (serverless) (see: https://github.com/elastic/security-docs-internal/issues/40). However, we now support all rule types with osquery/defend response actions.

We can remove the requirement text stating that automated actions can only be configured for certain rule types:

You can only add automated response actions to custom query, event correlation (EQL), new terms, and ES|QL type rules.

Doc URL

Please include the doc URL and any other related information where applicable:
Doc URL: ESS | Serverless
Github issue link(s)/Other resources: https://github.com/elastic/security-docs-internal/issues/40

Which documentation set needs improvement?

ESS and serverless

Software version

8.16

Metadata

Metadata

Assignees

Labels

Feature: Response actionsalso includes response consoleTeam: EDR WorkflowsFormerly Defend Workflows, Onboarding and Lifecycle ManagementsuggestionSuggestions to improve documentationv8.16.0

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions