Kibana Alerting Rules Core Concepts A rule has three parts: conditions (what to detect), schedule (how often to check), and actions (what happens when conditions are met). When conditions are met, the rule creates alerts , which trigger actions via connectors . Authentication All alerting API calls require either API key auth or Basic auth. Every mutating request must include the header. Required Privileges - privileges for the appropriate Kibana feature (e.g., Stack Rules, Observability, Security) - privileges for Actions and Connectors (to attach actions to rules) API Reference Base path: (…