You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem?
ctx.results is present in alerts but always empty. Enriching detector alerts with details from findings is not possible.
What solution would you like?
In Alerting ctx.results is populated and can be used. Including findings as ctx.results in Security Analytics would be consistent with the behaviour in Alerting. Also, including details from the findings via ctx.results in the trigger message would greatly improve alerting workflows.
What alternatives have you considered?
I do not see an alternative, since the information is currently just not available.
Do you have any additional context?
I am referring to the feature set of OpenSearch 2.10 using notification messages in alert trigger in the Security Analytics plugin.
The text was updated successfully, but these errors were encountered:
Including findings like ctx.results in Security Analytics would be a game changer. For specific scenarios, not having ctx.results in Security Analytics makes it unfeasible to use, as the output is very poor.
Hi @agoerl and @gabrielssant0s . Yes we are tracking this issue, but dont have a timeline to provide. Agree that this will be a useful enhancement. There are some other requests on alert enrichment with more context from the findings / document as well. We are evaluating these requests together.
Is your feature request related to a problem?
ctx.results is present in alerts but always empty. Enriching detector alerts with details from findings is not possible.
What solution would you like?
In Alerting ctx.results is populated and can be used. Including findings as ctx.results in Security Analytics would be consistent with the behaviour in Alerting. Also, including details from the findings via ctx.results in the trigger message would greatly improve alerting workflows.
What alternatives have you considered?
I do not see an alternative, since the information is currently just not available.
Do you have any additional context?
I am referring to the feature set of OpenSearch 2.10 using notification messages in alert trigger in the Security Analytics plugin.
The text was updated successfully, but these errors were encountered: