Using custom alert actions in ITSI is a little different than in ES. If you wish to use a custom alert action for an event generated by a correlation search, you have to set it up as an action rule on an aggregation policy. You also have to configure the custom alert action in a conf file to be selectable as an action against an event. Parameters to invoke the action are configured as part of the policy.
There’s not a whole lot of documentation on this, but there is some to help you get started on docs.
Edit*** I would also like to add that you could technically just use your custom alert action from ES on ITSI events and episodes. Episode information is indexed in itsigroupedalerts and notable events are indexed in itsitrackedalerts. If the SHC with itsi installed is running from the same indexer cluster as your deployment of ES, you can search the itsi internal indexes from ES as well.