[FEATURE] Security Analytics: Inlcude findings as ctx.results #696
Comments
|
Including findings like ctx.results in Security Analytics would be a game changer. For specific scenarios, not having ctx.results in Security Analytics makes it unfeasible to use, as the output is very poor. Is there a roadmap for this to be implemented? |
|
Hi @agoerl and @gabrielssant0s . Yes we are tracking this issue, but dont have a timeline to provide. Agree that this will be a useful enhancement. There are some other requests on alert enrichment with more context from the findings / document as well. We are evaluating these requests together. |
praveensameneni
added this to Backlog (Feature Requests, Enhancements)
in Security Analytics Roadmap
praveensameneni
moved this from Backlog (Feature Requests, Enhancements)
to 6-month roadmap
in Security Analytics Roadmap
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem?
ctx.results is present in alerts but always empty. Enriching detector alerts with details from findings is not possible.
What solution would you like?
In Alerting ctx.results is populated and can be used. Including findings as ctx.results in Security Analytics would be consistent with the behaviour in Alerting. Also, including details from the findings via ctx.results in the trigger message would greatly improve alerting workflows.
What alternatives have you considered?
I do not see an alternative, since the information is currently just not available.
Do you have any additional context?
I am referring to the feature set of OpenSearch 2.10 using notification messages in alert trigger in the Security Analytics plugin.
The text was updated successfully, but these errors were encountered: