Learn how to automate detection rule tuning requests in Elastic Security. This guide shows how to add custom fields to Cases, create a rule to detect tuning needs, and use a webhook to create a frictionless feedback loop between analysts and detection engineers.

Automating Detection Tuning Requests with Elastic Security

Custom Fields in Kibana Cases

Creating Custom fields

Using Runtime fields to map the custom fields

Creating the Runtime Fields

Automating the tuning request creation

Step 1: Find any cases recently tagged as `TuningRequired`

Step 2: Parsing each case

Step 3: Retrieving the alerts attached to the case

Step 4: Opening a tuning request.

Conclusion

Automating detection tuning requests with Kibana cases

Author

Aaron Jewitt

Articles

Automating detection tuning requests with Kibana cases