Response actions are used by security solution as automation workflows when an alert is detected. These actions are currently coded within the rule executor given we have limitations with the actions framework to fully support this.
We should research how we can enhance the actions framework to support actions within Kibana and providing a solution in these areas:
- There shouldn't be a need to create a connector saved in the UI when the integration is within our own products and doesn't require a configuration (ex: case, OS Query, server log, etc)
- The RBAC should re-use the feature privilege of the existing product (ex: case feature privileges for the case action)
- Guidance on how the connector can handle the response of a request (ex: OS Query response) for re-use
Response actions are used by security solution as automation workflows when an alert is detected. These actions are currently coded within the rule executor given we have limitations with the actions framework to fully support this.
We should research how we can enhance the actions framework to support actions within Kibana and providing a solution in these areas: