Open rlynnj11 opened 2 years ago
This is achievable via the REST API today.
We're working with the customer on coming up with a more specific solution for their use case. I'm excited to say that this discussion is what led to the vulnerability automation features coming to Fleet early next year. See #3050 for more on that.
Goal
Trigger queries based on the results of other queries. More abstractly, the ability to create workflows via low-code/no-code approach in the console available for less technical users.
Note: at time of writing this is a "nice to have" level priority
How?
High level: is if a scheduled query finds $anything, it could in theory perform actions such as (a) do another different query (b) drop a notification in slack (c) hit an API endpoint elsewhere to do a thing
More granular examples: