[Detection Engine][Rule Creation] - Use ESQL query fields for custom highlighted fields #171058
Labels
enhancement
New value added to drive a business result
Feature:Rule Creation
Security Solution Detection Rule Creation workflow
Team:Detection Engine
Security Solution Detection Engine Area
Team:Detections and Resp
Security Detection Response Team
Comments
yctercero
added
enhancement
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
Addressed in #177746 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the feature:
In ESQL, you are able to specify unmapped fields that are returned in the results. At the moment, you are only able to specify mapped fields from the source event for custom highlighted fields. Use similar logic as is used for rule name override, to allow unmapped ESQL fields to be included in the custom highlighted fields option.
Component to use - https://github.com/elastic/kibana/blob/main/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/esql_autocomplete/esql_autocomplete.tsx
The text was updated successfully, but these errors were encountered: