Enable Security Alerts to be added to Elastic Security via an API

elastic / elasticsearch

Free and Open Source, Distributed, RESTful Search Engine

https://www.elastic.co/products/elasticsearch

Other

1.45k stars 24.88k forks source link

Enable Security Alerts to be added to Elastic Security via an API #113918

Open stuartMoorhouse opened 1 month ago

stuartMoorhouse commented 1 month ago

Description

A SOC could have multiple security operations centres which will need to glue different services together, including services that produce Alerts – and part of that will be adding each alert to Elasticsearch programitcally. For example, via a REST API.

This is necessary to action, create or modify alerts that aren’t log-based or come from alternate sources.

elasticsearchmachine commented 1 month ago

Pinging @elastic/es-security (Team:Security)