diff --git a/reference/fleet/alert-templates.md b/reference/fleet/alert-templates.md new file mode 100644 index 0000000000..3a9c6c7cf1 --- /dev/null +++ b/reference/fleet/alert-templates.md @@ -0,0 +1,40 @@ +--- +mapped_pages: + - https://www.elastic.co/guide/en/fleet/current/data-streams.html +applies_to: + stack: ga 9.2 + serverless: ga +products: + - id: fleet + - id: elastic-agent +navigation_title: Built-in alerts and templates +--- + +# Built-in alerts and templates [built-in-alerts] + +## {{agent}} out-of-the-box alert rules [ea-alert-rules] + +When you install or upgrade {{agent}}, new alert rules are created automatically. You can configure and customize out-of-the-box alerts to get them up and running quickly. + +::::{note} +The built-in alerts feature for {{agent}} is available only for some subscription levels. The license (or a trial license) must be in place before you install or upgrade {{agent}} before this feature is available. + +Refer [Elastic subscriptions](https://www.elastic.co/subscriptions) for more information. +:::: + +In {{kib}}, you can enable out-of-the-box rules pre-configured with reasonable defaults to provide immediate value for managing agents. +You can use [ES|QL](/explore-analyze/discover/try-esql.md) to author conditions for each rule. + +Connectors are not added to rules automatically, but you can attach a connector to route alerts to your platform of choice -- Slack or email, for example. +In addition, you can add filters for policies, tags, or hostnames to scope alerts to specific sets of agents + +You can find these rules in **Stack Management** > **Alerts and Insights** > **Rules**. + + +## Alert templates assets for integrations [alert-templates] + +Some integration packages include alerting rule template assets that provide pre-made definitions of alerting rules. You can use the templates to create your own custom alerting rules that you can enable and fine tune. + +When you click a template, you get a pre-filled rule creation form. You can define and adjust values, set up connectors, and define rule actions to create your custom alerting rule. + +You can see available templates in the **integrations/detail//assets** view. diff --git a/reference/fleet/manage-integrations.md b/reference/fleet/manage-integrations.md index f9260c28a2..bbd930c4bb 100644 --- a/reference/fleet/manage-integrations.md +++ b/reference/fleet/manage-integrations.md @@ -12,26 +12,28 @@ products: # Manage {{agent}} integrations [integrations] -{{agent}} integrations provide a unified way to collect data from apps and services and to protect systems from security threats. - -Integrations are available for a wide array of services and platforms. To browse the full list of available integrations, go to the **Integrations** page in {{kib}}, or visit [Elastic Integrations](integration-docs://reference/index.md). +{{agent}} integrations provide a simple, unified way to collect data from popular apps and services, and protect systems from security threats. +Integrations are available for a wide array of popular services and platforms. To see the full list, go to the **Integrations** page in {{kib}}, or visit [Elastic Integrations](integration-docs://reference/index.md). {{agent}} integrations based on the [Elastic Common Schema](ecs://reference/index.md) (ECS) come prepackaged with assets that support your observability needs: * Data ingestion, storage, and transformation rules * Configuration options +* Alert templates to enable users to quickly set up custom alerting rules (available in some integrations) {applies_to}`stack: ga 9.2` * Pre-built, custom dashboards and visualizations * Documentation {applies_to}`stack: preview 9.2.0` {{fleet}} also supports installing {{agent}} integration packages for collecting and visualizing OpenTelemetry data. For more information, refer to [Collect OpenTelemetry data with {{agent}} integrations](/reference/fleet/otel-integrations.md). +Note that the **Integrations** app in {{kib}} needs access to the public {{package-registry}} to discover integrations. If your deployment has network restrictions, you can [deploy your own self-managed {{package-registry}}](/reference/fleet/air-gapped.md#air-gapped-diy-epr). + ::::{note} -Some integrations may function differently across different spaces, and some might only work in the default space. For any space-related considerations, review the documentation for the specific integration. +Some integrations may function differently across different spaces, with some working only in the default space. Review the documentation specific to your integration for any space-related considerations. :::: -## Integration actions [integration-actions] +## Work with integrations [work-with-integrations] -The following table shows the main actions you can perform in the **Integrations** app in {{kib}}. You can perform some of these actions from other places in {{kib}}, too. +You can perform a variety of actions in the **Integrations** app in {{kib}}. Some of these actions are also available from other places in {{kib}}. | User action | Result | | --- | --- | @@ -42,10 +44,6 @@ The following table shows the main actions you can perform in the **Integrations | [View integration assets](/reference/fleet/view-integration-assets.md) | View the {{kib}} assets installed for a specific integration. | | [Upgrade an integration](/reference/fleet/upgrade-integration.md) | Upgrade an integration to the latest version. | -::::{note} -The **Integrations** app in {{kib}} needs access to the public {{package-registry}} to discover integrations. If your deployment has network restrictions, you can [deploy your own self-managed {{package-registry}}](/reference/fleet/air-gapped.md#air-gapped-diy-epr). -:::: +## Customize integrations [customize-integrations] -:::{tip} -Once you've started using integrations to ingest data, you can customize how that data is managed over time. Refer to [Index lifecycle management](/reference/fleet/data-streams.md#data-streams-ilm) to learn more. -::: \ No newline at end of file +After you've started using integrations to ingest data, you can customize how the data is managed over time. Refer to [Index lifecycle management](/reference/fleet/data-streams.md#data-streams-ilm) to learn more. diff --git a/reference/fleet/toc.yml b/reference/fleet/toc.yml index cadbf6392a..a98cfac671 100644 --- a/reference/fleet/toc.yml +++ b/reference/fleet/toc.yml @@ -160,6 +160,7 @@ toc: - file: data-streams-scenario4.md - file: data-streams-pipeline-tutorial.md - file: data-streams-advanced-features.md + - file: alert-templates.md - file: agent-command-reference.md - file: agent-processors.md children: