Skip to content

[REQUEST]: Enable endpoint actions in events #674

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
christineweng opened this issue Mar 5, 2025 · 0 comments
Open

[REQUEST]: Enable endpoint actions in events #674

christineweng opened this issue Mar 5, 2025 · 0 comments
Assignees
@nastasha-solomon
Labels
Team:Security Issues owned by the Security Docs Team

Comments

@christineweng
Copy link

Description

Endpoint actions (isolate/release, respond) were available in alerts. This PR extends the availability to events. If a host can be isolated, it will show up for an event. 2 places where users expect to see updates:

  • When investigating in analyzer (must be open in flyout), clicking an event opens an event preview, isolate host and respond are now available in take action
  • When in event flyout (from host, user table), the options are also shown in the take action menu.

Image

Resources

PR: elastic/kibana#206857
Issue: https://github.com/elastic/security-team/issues/11248

This enhancement will go to 8.19, 9.1 and serverless

Which documentation set does this change impact?

Elastic On-Prem and Cloud (all)

Feature differences

The feature is identical in all deployment methods

What release is this request related to?

N/A

Collaboration model

The documentation team

Point of contact.

Main contact: @christineweng

Stakeholders: @paulewing @elastic/security-defend-workflows
@christineweng christineweng mentioned this issue Mar 5, 2025
Merged
2 tasks
@bmorelli25 bmorelli25 added needs-team Issues pending triage by the Docs Team Team:Platform Issues owned by the Platform Docs Team labels Apr 17, 2025
@github-actions github-actions bot removed the needs-team Issues pending triage by the Docs Team label Apr 17, 2025
@georgewallace georgewallace added Team:Security Issues owned by the Security Docs Team and removed Team:Platform Issues owned by the Platform Docs Team labels May 5, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nastasha-solomon nastasha-solomon

Labels
Team:Security Issues owned by the Security Docs Team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@bmorelli25 @georgewallace @christineweng @nastasha-solomon