Hello,
I’m using ELK with opendistro and i’m using alerting module with DSL queries to extract information from elasticsearch.
Here is an example of a result of one of my queries :
=======================================================
Problem
Source IP address : 1.1.1.1
Destination IP addresses :
IP : 2.2.2.2 | Number of scanned ports : 3 | List of scanned ports : 23 / 25 / 80 /
IP : 9.9.9.9 | Number of scanned ports : 3 | List of scanned ports : 389 / 445 / 69 /
=======================================================
Problem
Source IP address : 50.50.50.50
Destination IP addresses :
IP : 3.3.3.3 | Number of scanned ports : 3 | List of scanned ports : 20 / 25 / 389 /
This result will send all the problems in the same email. Is there any solution to send every problem in a separated email?