Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Better abstraction of the type event.kind: alert #2312

Open
SebastianHuettersen opened this issue Jan 5, 2024 · 0 comments
Open

Better abstraction of the type event.kind: alert #2312

SebastianHuettersen opened this issue Jan 5, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@SebastianHuettersen
Copy link

Problem

Currently, you must be aware that if you use event.kind: alert, this is always handled in the context of a security event.
However, the description of the Allowed Value of alert describes this in terms of the "often populated" by security appliance.

This can lead to confusion if you use the event.kind alert in the context of observability, as the prebuild rule External Alerts automatically generates alerts in the context of security.

Motivation

As an integration developer, I would also like to have the option of creating observability alerts in the context of observability.
To achieve, it must be considered how to implement distinction between security alerts and observability alerts.
@SebastianHuettersen SebastianHuettersen added the bug Something isn't working label Jan 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@SebastianHuettersen