elasticmachine
commented
5 years ago Pinging @elastic/kibana-stack-services
Open clintongormley opened 5 years ago
elasticmachine
commented
5 years ago Pinging @elastic/kibana-stack-services
pmuellr
commented
5 years ago We've talked about creating GH issues as an example, I think action types should probably be that specific, vs just a "github" action. Were you thinking it could be more general, like a "github" action that had a property indicating what you wanted to do at GH - create an issue vs comment on an issue vs ...?
clintongormley
commented
4 years ago @pmuellr exactly that- creating a GitHub issue. Same thing for jira
alexfrancoeur
commented
4 years ago ++ I've been meaning to open an issue like this as well. Seems like we could have a meta issue tracking all actions and detail out the requirements for each action in a separate GitHub issue.
pmuellr
commented
4 years ago We might as well use THIS issue as the meta issue.
It would be nice to get some prioritization, if there's known demand for some over others.
And we might want to start grouping these - the top of the list is ticketing systems (currently our only "ticketing" action is pagerduty) - the bottom of the list is notification systems (similar to our slack, email, etc actions).
Another thing to keep in mind is that as we start adding more of these, folks will want a way to get a url to a generated ticket to use in a subsequent action. Eg, generate a GH issue, then post a slack message with the url to that GH issue. We don't currently support that kind of flow. I fear having notification actions WITHOUT that capability is going to be painful to customers.
mikecote
commented
4 years ago @pmuellr I recall the mentions of subsequent actions but somehow we didn't have an issue created for it yet. I went ahead and created one and referenced your comments. https://github.com/elastic/kibana/issues/51282.
peterschretlen
commented
4 years ago Related https://github.com/elastic/kibana/issues/50103 - Case Management for SIEM
peterschretlen
commented
4 years ago Added trello, which came up as action used in the Security space but also broadly applicable.
alexfrancoeur
commented
4 years ago I've been hearing multiple requests for Mattermost lately, an OSS Slack alternative. Added to the list to track. https://mattermost.com/
nicpenning
commented
4 years ago ++ On TheHive :)
Webhooks can be leveraged to create Alerts or Cases in TheHive 3.4 but a native integration would save those who use TheHive some time from rolling there own integrations.
MikePaquette
commented
4 years ago @arisonl From the SIEM/Security App perspective, our prioritized list of action "connectors" :
jeffrey-e
commented
4 years ago The Hive integration would rock!
shaunmcgough
commented
4 years ago @arisonl - for Kibana App (Discover, Visualize, Lens, Dashboard, Canvas, Graph, et al)l, and also for general consideration;
arisonl
commented
4 years ago Thank you Mike, Shaun. @shaunmcgough is your list prioritised?
shaunmcgough
commented
4 years ago @arisonl negatory.
arisonl
commented
4 years ago Here is an initial attempt to gather, breakdown and prio (superset of what's listed in this issue) - WIP: https://docs.google.com/document/d/1n7LnK_cx1WNoMTPTHFkRxJUgy6Ki0jmEKHQ8Cl0bzcg/edit#heading=h.lfymnl3t4b0r
hungnguyen-elastic
commented
3 years ago There has also been requests from customers to add connectWise to the list. - https://www.connectwise.com/
Would be good to add the following action types to alerting (in no particular order):