Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SIEM: Allow a default detection signal action/connector #93247

Open
hungnguyen-elastic opened this issue Mar 2, 2021 · 4 comments
Open

SIEM: Allow a default detection signal action/connector #93247

hungnguyen-elastic opened this issue Mar 2, 2021 · 4 comments
Labels
Feature:Rule Actions Security Solution Detection Rule Actions area Feature:Rule Management Security Solution Detection Rule Management area Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Theme: simp_prot_mgmt Security Solution Simplified Protection Management Theme

Comments

@hungnguyen-elastic
Copy link

Describe the feature:
This feature will allow users to apply connector in bulk to many detection signal at the same time or create a default action for all signals

Describe a specific use case for the feature:
When users decide to use Elastic built-in detection signals and use external case management tool, users would have to go each on of the signals to setup the connector. This can be time consuming
@elasticmachine
Copy link
Contributor

Pinging @elastic/siem (Team:SIEM)

@spong
Copy link
Member

spong commented Mar 6, 2021

Related:

[SecuritySolution][Detections] Allow bulk editing of Rules #86198
[Actions] Add action group for notifying users of alert execution failure #83748

@peluja1012 peluja1012 added Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. and removed triage_needed labels Sep 15, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@peluja1012 peluja1012 added the Team:Detections and Resp Security Detection Response Team label Sep 15, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@peluja1012 peluja1012 added Team:Detection Rule Management Security Detection Rule Management Team Feature:Rule Actions Security Solution Detection Rule Actions area Feature:Rule Management Security Solution Detection Rule Management area labels Sep 15, 2021
@peluja1012 peluja1012 added Theme: simp_prot_mgmt Security Solution Simplified Protection Management Theme and removed Team:SIEM labels Oct 26, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature:Rule Actions Security Solution Detection Rule Actions area Feature:Rule Management Security Solution Detection Rule Management area Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Theme: simp_prot_mgmt Security Solution Simplified Protection Management Theme
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@peluja1012 @spong @streamich @elasticmachine @hungnguyen-elastic