daanraman
commented
4 years ago Hi there,
Thanks for the question! At the moment, we only support mail indeed (in a very basic way) - internally, we also use The Hive with ee-outliers in the following way:
- We add a tag to the use cases we want to alert on, i.e. outliers_type = "thehive_alert"
- In our templates of elastalert, we filter out all the events with this field & value
- Those are the ones we send through to The Hive for alerting
We wanted to keep the framework as agnostic of other tools as possible for now, so that's how we solve it ourselves internally - this ofcourse needs an integration with something like elastalert but we found that very simple to setup. Does this make sense for your use case?
Hello, ee-outliers seems like a good project, do you plan to add "notifier" like "TheHive" or other ?? SMTP is only the possibility for the moment.