search

elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.79k stars 8.19k forks source link

[Host Isolation][UX] Allow multiple IP addresses for host exception values #194446

Open nicpenning opened 2 weeks ago

nicpenning commented 2 weeks ago

Describe the feature: As an Elastic stack engineer, I would like to add all IP addresses that can be logically be grouped into a single exception instead of creating multiple exception per IP address / IP CIDR.

Describe a specific use case for the feature: I do not want to create 5 rule exceptions where 1 can do the trick.

This would suffice: Image

I imagine this would change the current IS statement to IS ONE OF.

elasticmachine commented 2 weeks ago

Pinging @elastic/security-solution (Team: SecuritySolution)

elasticmachine commented 1 week ago

Pinging @elastic/security-defend-workflows (Team:Defend Workflows)

ferullo commented 1 week ago

cc @caitlinbetz