In Security Analytics Correlation Rules, the Alert Trigger section appears and can be configured after upgrading to OpenSearch 3.3.0 with Security Analytics 3.3.2.
The trigger itself is saved and visible after reopening the rule, but the selected Notification Channel is not persisted.
After saving the rule and reopening it, the trigger is visible, but the notification channel configuration is lost.
This blocks the ability to send notifications (e.g., Jira, Slack, Webhook) directly from correlation rules.
The problem occurs since version 2.18.0
In Security Analytics Correlation Rules, the Alert Trigger section appears and can be configured after upgrading to OpenSearch 3.3.0 with Security Analytics 3.3.2.
The trigger itself is saved and visible after reopening the rule, but the selected Notification Channel is not persisted.
After saving the rule and reopening it, the trigger is visible, but the notification channel configuration is lost.
This blocks the ability to send notifications (e.g., Jira, Slack, Webhook) directly from correlation rules.
The problem occurs since version 2.18.0