File tree Expand file tree Collapse file tree 1 file changed +34
-0
lines changed
Expand file tree Collapse file tree 1 file changed +34
-0
lines changed Original file line number Diff line number Diff line change 1+ # Rule name, must be unique
2+ name : Spike in attacks on server
3+
4+ # Type of alert.
5+ type : spike
6+
7+ # num_events must occur within this amount of time to trigger an alert
8+ timeframe :
9+ seconds : 60
10+ spike_height : 10
11+ spike_type : up
12+
13+ # Index to search, wildcard supported
14+ index : bitsensor
15+ timestamp_field : endpoint.localtime
16+
17+ query_key :
18+ - endpoint.name
19+
20+ alert_subject : " Surge in attacks on {}"
21+ alert_subject_args :
22+ - endpoint.name
23+
24+ alert_text_type : alert_text_only
25+ alert_text : " Surge in attacks on {}"
26+ alert_text_args :
27+ - endpoint.name
28+
29+ # The alert is use when a match is found
30+ alert :
31+ - slack
32+ slack_webhook_url : " https://hooks.slack.com/services/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"
33+ slack_username_override : " ElastAlert"
34+
You can’t perform that action at this time.
0 commit comments