Skip to content

Add OOB alerts and alert rule template as asset type #3537

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Add OOB alerts and alert rule template as asset type #3537

wants to merge 3 commits into from

Conversation

karenzone
Copy link
Contributor

@karenzone karenzone commented Oct 17, 2025
edited
Loading

Related:
#2760

This PR:

  • Adds OOB alert rules for Elastic Agent
  • Adds alert templates to list of assets included with integrations
  • Restructures content for better flow and to replace several notes and admonitions with heads for better scanability and SEO performance

To Do:

  • Confirm license requirements in content and subscription page
  • List alerts
  • Add example(s) of alerts as integration assets

@karenzone karenzone self-assigned this Oct 17, 2025
@karenzone karenzone changed the title Alert rule template as asset type Add OOB alerts and alert rule template as asset type Oct 20, 2025
@github-actions GitHub Actions
Copy link

🔍 Preview links for changed docs

@karenzone karenzone marked this pull request as ready for review October 20, 2025 00:34
@karenzone karenzone requested a review from a team as a code owner October 20, 2025 00:34
@karenzone
Copy link
Contributor Author

cc:/ @nimarezainia @MichelLosier @nchaulet @kpollich Here's a draft. Please let me know what you think, and we can iterate.

@nimarezainia
Copy link

Thank you @karenzone
For the Elastic Agent ootb rules we need to provide more detail IMO. Examples of some of these alerts (as documented I the issue) and what they provide the user. @MichelLosier has explained them here for the alerts that will be in the package.

I think we need to document the alert name, condition it is looking for and a blurb description for it (which could just be copy+past from the issue).

Regarding the alerts as integration assets: if we have an example to show that would be great. I know that this content is very much dependent on what the package owner adds to their package.

vishaangelova
vishaangelova reviewed Oct 20, 2025
View reviewed changes
vishaangelova
vishaangelova reviewed Oct 20, 2025
View reviewed changes
@vishaangelova vishaangelova requested a review from a team October 20, 2025 11:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vishaangelova vishaangelova vishaangelova left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@karenzone karenzone

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@karenzone @nimarezainia @vishaangelova