This repository contains a few examples of webhook actions that can be added to rules within Elastic Security. Each subdirectory contains the following files:
- A JSON file containing the action content. Please feel free to change the variables and other content as you see fit.
- A README file with specific instructions for the action connector in question.
- A screenshot of the connector configuration in Kibana's connector management page.
- A screenshot of the expected outcome when an action runs successfully.
Please use these actions with caution, and test appropriately. Do not blindly add an action to a detection rule if you are unsure of what the outcome is, or how it will impact your organization. You should follow any operational procedures you may have in place for any form of automation scenarios.
The screenshot below shows an example of what one of these actions would look like as part of a detection rule configuration:
Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one or more contributor license agreements. Licensed under the Elastic License 2.0; you may not use these artifacts except in compliance with the Elastic License 2.0
Contributors must sign a Contributor License Agreement before contributing code to any Elastic repositories.