[Security Solution] Bundle Rule Monitoring dashboard with Rule Execution Log enhancements #112196
Labels
enhancement
New value added to drive a business result
Feature:Detection Rules
Security Solution rules and Detection Engine
Feature:Rule Monitoring
Security Solution Detection Rule Monitoring area
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Comments
spong
added
enhancement
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
One of the issues with dashboards over system indices ( |
|
Linking Rule Monitoring POC #111452 (comment) -- if this ships as experimental in 7.16 there is less of a need to bundle this dashboard as an interim solution. |
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
banderror
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Similar to how the CTI folks started linking off to custom dashboards for Threat Intelligence (#100423), while we enhance our capabilities around Rule Monitoring, it would be nice if we could ship a Rule Monitoring dashboard similar to the great dashboard @pmuellr put together for better diagnosing Task Manager/Alerting issues.
Unlike the CTI dashboard PR above, which I believe was relying on dashboards being loaded as part of setting up the filebeat threat intel module, we'd need to provide the dashboard assets and corresponding KIPs (now DataViews), so this may be a little more effort than it's worth depending on our in-flight Rule Monitoring upgrades.
The text was updated successfully, but these errors were encountered: