Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Alerting] Automation/Remediation Scripts #204062

Open
Erikg346 opened this issue Dec 12, 2024 · 1 comment
Open

[Alerting] Automation/Remediation Scripts #204062

Erikg346 opened this issue Dec 12, 2024 · 1 comment
Labels
Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)

Comments

@Erikg346
Copy link

Describe the feature:

Using alerts, Elastic can provide a way to remediate those alerts through some form of automation/remediation using Elastic Agent.

Describe a specific use case for the feature:
An example of an alert would be a windows service "stopped"; the alert could trigger a script to run to "restart" the service.

Also, our customers have been comparing Elastic with popular Observability tools.
These tools seem to offer the ability to remediate an issue. This is very similar to how Endpoint Security can "self heal" by rolling back file changes https://www.elastic.co/guide/en/security/8.16/self-healing-rollback.html
I understand you can use custom webhooks already, and that can be leveraged, but it feels like an opportunity for Elastic to leverage more of Elastic Agent and integrate more within the platform.
Also, I understand there are security concerns. Therefore, Elastic can produce the scripts if needed.

References:

https://docs.appdynamics.com/appd/23.x/latest/en/appdynamics-essentials/alert-and-respond/actions/remediation-actions/remediation-scripts

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-executing-an-external-program-sw1052.htm

https://www.datadoghq.com/blog/automate-end-to-end-processes-with-datadog-workflows/#:~:text=Use%20the%20full%20Datadog%20platform&text=Now%2C%20teams%20can%20combine%20monitoring,alerts%2C%20events%2C%20and%20threats.

@botelastic botelastic bot added the needs-team Issues missing a team label label Dec 12, 2024
@wayneseymour wayneseymour added the Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) label Dec 13, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/response-ops (Team:ResponseOps)

@botelastic botelastic bot removed the needs-team Issues missing a team label label Dec 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)
Projects
None yet
Development

No branches or pull requests

3 participants