Skip to content

Commit

Permalink
fix#4999 auto alerting workflows
Browse files Browse the repository at this point in the history
Signed-off-by: cwillum <[email protected]>
  • Loading branch information
cwillum committed Sep 19, 2023
1 parent 39b7644 commit ffd0cd3
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion _observing-your-data/alerting/composite-monitors.md
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ In this simple example, the first monitor could be a per document monitor config

## Managing composite monitors with the API

You can manage composite monitors using the OpenSearch REST API or [OpenSearch Dashboards](#creating-composite-monitors-in-opensearch-dashboards). This section covers API functionality for composite monitors.
You can manage composite monitors using the OpenSearch REST API or [OpenSearch Dashboards](#creating-composite-monitors-in-opensearch-dashboards). This section describes API functionality for composite monitors.

### Create composite monitor

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -146,7 +146,7 @@ To set up an alert for a detector, continue with the following steps:

## Integrated Alerting plugin workflows

By default, when you create a threat detector the system automatically creates a composite monitor and triggers workflows for the Alerting plugin. The detector's rules are converted into search queries for the Alerting plugin monitor, and the monitor executes its queries according to a schedule derived from the detector's configuration.
By default, when you create a threat detector, the system automatically creates a composite monitor and triggers workflows for the Alerting plugin. The detector's rules are converted into search queries for the Alerting plugin monitor, and the monitor executes its queries according to a schedule derived from the detector's configuration.

You can change the behavior of automatically generated composite monitors by enabling or disabling the workflow functionality with the `plugins.security_analytics.enable_workflow_usage` setting. This setting is defined using the [Cluster settings API]({{site.url}}{{site.baseurl}}/api-reference/cluster-api/cluster-settings/).

Expand Down

0 comments on commit ffd0cd3

Please sign in to comment.