Open spong opened 2 years ago
Pinging @elastic/security-detections-response (Team:Detections and Resp)
Pinging @elastic/security-solution (Team: SecuritySolution)
Another community request from slack for making the Server Log
connector available to rules.
@paulewing let's review this one to see if we need this allow list anymore.
As per 8.12, there are no more allow-list for rule actions in Security.
Availability of each connector is set within connector definition. So, if we would like to make any connector available it Security it should be done explicitly. As an example, for xMatters
, Security app must be added here
Here is a table for each connector and application it is available in
Connector | Security | Alerting | Cases | Uptime | Gen AI |
---|---|---|---|---|---|
✅ | ✅ | ✅ | |||
Index | ✅ | ✅ | ✅ | ||
PagerDuty | ✅ | ✅ | ✅ | ||
Swimlane | ✅ | ✅ | ✅ | ||
Server log | ✅ | ✅ | |||
Slack | ✅ | ✅ | ✅ | ||
Slack API (hidden in UI) | ✅ | ✅ | |||
Webhook | ✅ | ✅ | ✅ | ||
Webhook - Case Management | ✅ | ||||
xMatters | ✅ | ||||
ServiceNow ITSM | ✅ | ✅ | ✅ | ✅ | |
ServiceNow SecOps | ✅ | ✅ | ✅ | ||
ServiceNow ITOM | ✅ | ✅ | |||
Jira | ✅ | ✅ | ✅ | ✅ | |
IBM Resilient | ✅ | ✅ | ✅ | ||
Microsoft Teams | ✅ | ✅ | ✅ | ||
Torq | ✅ | ✅ | ✅ | ||
Opsgenie | ✅ | ✅ | ✅ | ||
Tines | ✅ | ||||
OpenAI | ✅ | ||||
Amazon Bedrock | ✅ | ||||
D3 Security | ✅ | ✅ | |||
Sentinel One (hidden behind Feature flag) | ✅ |
Based on requests for enabling specific connectors and its applicability, for the next stage of testing I am going to enable xMatters
and Server log
connectors to deploy on a test host.
Gen AI and Webhook - Case Management
connectors, looks like would not fit for Security rule actions purposes
As discussed here, it is no longer a requirement to allow-list which Rule Actions can be used within the Security app -- all actions may be made available by default.
Allow-list is currently located here: https://github.com/elastic/kibana/blob/faf6482e01d5b7ef1b31a58bb70a576a54e422dd/x-pack/plugins/security_solution/common/constants.ts#L272-L282