Skip to content

This repository contains a few examples of actions that can be added to rules within Elastic Security.

License

Notifications You must be signed in to change notification settings

BizaNator/security-action-examples

 
 

Repository files navigation

Security Action Examples

This repository contains a few examples of webhook actions that can be added to rules within Elastic Security. Each subdirectory contains the following files:

  • A JSON file containing the action content. Please feel free to change the variables and other content as you see fit.
  • A README file with specific instructions for the action connector in question.
  • A screenshot of the connector configuration in Kibana's connector management page.
  • A screenshot of the expected outcome when an action runs successfully.

Please use these actions with caution, and test appropriately. Do not blindly add an action to a detection rule if you are unsure of what the outcome is, or how it will impact your organization. You should follow any operational procedures you may have in place for any form of automation scenarios.

The screenshot below shows an example of what one of these actions would look like as part of a detection rule configuration:

Result

License

Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one or more contributor license agreements. Licensed under the Elastic License 2.0; you may not use these artifacts except in compliance with the Elastic License 2.0

Contributors must sign a Contributor License Agreement before contributing code to any Elastic repositories.

About

This repository contains a few examples of actions that can be added to rules within Elastic Security.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published