Security Analytics Receive Alerts from Alerting Plugin

I have logs with numeric data in them. I would like to create an alert when a value is out of range. I haven’t been able to do that with the Sigma rules in Security Analytics plug-in. I can do this with rules in a Monitor in the Alerting plugin. Is there any way to “read” the alerts generated from the Alerting plugin into the Security Analytics? Thanks!

Hi @jmaurio, thank you for filing a question on the OpenSearch forum. Perhaps the Anomaly Detection features in the Observability plugin would be useful for your scenario? To my knowledge, there is nothing ‘special’ about the functions of the Security Analytics that would prevent you piping in the values from your monitor. That being said, if you want to create the alerts based off of numeric values and then aggregate them, you may be better off sticking with the Observability plugin.

Thank you for the response. I am new to opensearch. I can see how to interact / display data from and index in the plugins and dashboards. How do I get data generated from a plugin (an alert from the Alerting plugin for example) into another plugin like Security Analytics? Since that data is not part of an index, I don’t know how to access it. Thanks!

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.