{"users":[{"id":60,"username":"warkolm","name":"Mark Walkom","avatar_template":"/user_avatar/discuss.elastic.co/warkolm/{size}/39224_2.png","trust_level":2},{"id":-1,"username":"system","name":"system","avatar_template":"https://us1.discourse-cdn.com/elastic/original/3X/1/a/1ac57faf039f6b580b3f104ef42a2a89e41014de.png","admin":true,"moderator":true,"trust_level":4},{"id":168048,"username":"wicklanm","name":"Mike","avatar_template":"/user_avatar/discuss.elastic.co/wicklanm/{size}/140035_2.png","trust_level":0},{"id":167575,"username":"proclick","name":"","avatar_template":"/user_avatar/discuss.elastic.co/proclick/{size}/139736_2.png","trust_level":0},{"id":167967,"username":"PatreKerier","name":"Patreik","avatar_template":"/user_avatar/discuss.elastic.co/patrekerier/{size}/141214_2.png","trust_level":0},{"id":150656,"username":"Florian_Heigl","name":"Florian Heigl","avatar_template":"/user_avatar/discuss.elastic.co/florian_heigl/{size}/123692_2.png","trust_level":1},{"id":114815,"username":"ferullo","name":"Daniel Ferullo","avatar_template":"/user_avatar/discuss.elastic.co/ferullo/{size}/74240_2.png","primary_group_name":"elastic_team","flair_name":"elastic_team","flair_url":"https://us1.discourse-cdn.com/elastic/original/3X/d/a/da51fdee688298baeeac95dbab7916a88ba95532.png","flair_group_id":44,"trust_level":4},{"id":12203,"username":"willemdh","name":"WillemDH","avatar_template":"/user_avatar/discuss.elastic.co/willemdh/{size}/16922_2.png","trust_level":2},{"id":168014,"username":"Omar_Tawfik_kandil","name":"Omar Tawfik kandil","avatar_template":"/user_avatar/discuss.elastic.co/omar_tawfik_kandil/{size}/143039_2.png","trust_level":0},{"id":167795,"username":"arav","name":"","avatar_template":"https://avatars.discourse-cdn.com/v4/letter/a/b9e5f3/{size}.png","trust_level":1},{"id":80,"username":"Christian_Dahlqvist","name":"Christian Dahlqvist","avatar_template":"/user_avatar/discuss.elastic.co/christian_dahlqvist/{size}/4617_2.png","trust_level":3},{"id":146055,"username":"lonpm2","name":"","avatar_template":"https://avatars.discourse-cdn.com/v4/letter/l/f08c70/{size}.png","trust_level":1},{"id":164695,"username":"dot-mike","name":"","avatar_template":"/user_avatar/discuss.elastic.co/dot-mike/{size}/143339_2.png","trust_level":2},{"id":156483,"username":"vpolius","name":"","avatar_template":"/user_avatar/discuss.elastic.co/vpolius/{size}/132838_2.png","trust_level":1},{"id":167851,"username":"Kenny-Yeh","name":"Kenny Yeh","avatar_template":"/user_avatar/discuss.elastic.co/kenny-yeh/{size}/147121_2.png","trust_level":0},{"id":125462,"username":"lesio","name":"Leszek Kubik","avatar_template":"/user_avatar/discuss.elastic.co/lesio/{size}/89323_2.png","primary_group_name":"elastic_team","flair_name":"elastic_team","flair_url":"https://us1.discourse-cdn.com/elastic/original/3X/d/a/da51fdee688298baeeac95dbab7916a88ba95532.png","flair_group_id":44,"trust_level":4},{"id":139260,"username":"juancamiloll","name":"","avatar_template":"/user_avatar/discuss.elastic.co/juancamiloll/{size}/110326_2.png","trust_level":2},{"id":159868,"username":"logalicious","name":"","avatar_template":"https://avatars.discourse-cdn.com/v4/letter/l/dfb087/{size}.png","trust_level":1},{"id":127854,"username":"wsouza","name":"Wagner Souza","avatar_template":"/user_avatar/discuss.elastic.co/wsouza/{size}/92547_2.png","trust_level":2},{"id":164474,"username":"Rafa_Silva","name":"Rafa Silva","avatar_template":"/user_avatar/discuss.elastic.co/rafa_silva/{size}/142716_2.png","trust_level":2},{"id":167840,"username":"David_Elgut","name":"David Elgut","avatar_template":"/user_avatar/discuss.elastic.co/david_elgut/{size}/142075_2.png","primary_group_name":"elastic_team","flair_name":"elastic_team","flair_url":"https://us1.discourse-cdn.com/elastic/original/3X/d/a/da51fdee688298baeeac95dbab7916a88ba95532.png","flair_group_id":44,"trust_level":4},{"id":167703,"username":"K4ruzo","name":"K4ruzo","avatar_template":"/user_avatar/discuss.elastic.co/k4ruzo/{size}/146924_2.png","trust_level":0},{"id":163050,"username":"iremtoru","name":"","avatar_template":"/user_avatar/discuss.elastic.co/iremtoru/{size}/140807_2.png","trust_level":1},{"id":167791,"username":"Attacker_Tester","name":"Attacker Tester","avatar_template":"/user_avatar/discuss.elastic.co/attacker_tester/{size}/140410_2.png","trust_level":0},{"id":84308,"username":"stephenb","name":"Stephen Brown","avatar_template":"/user_avatar/discuss.elastic.co/stephenb/{size}/40856_2.png","primary_group_name":"elastic_team","flair_name":"elastic_team","flair_url":"https://us1.discourse-cdn.com/elastic/original/3X/d/a/da51fdee688298baeeac95dbab7916a88ba95532.png","flair_group_id":44,"admin":true,"moderator":true,"trust_level":4},{"id":167619,"username":"4l13v","name":"","avatar_template":"/user_avatar/discuss.elastic.co/4l13v/{size}/146872_2.png","trust_level":1},{"id":34955,"username":"leandrojmp","name":"Leandro Pereira","avatar_template":"/user_avatar/discuss.elastic.co/leandrojmp/{size}/107231_2.png","primary_group_name":"elastic_certified","flair_name":"elastic_certified","flair_url":"https://us1.discourse-cdn.com/elastic/original/3X/4/b/4b7ff6230ea5ae3c4c3f43b26e783b36ceea35b2.png","flair_color":"00BFB3","flair_group_id":46,"trust_level":2},{"id":167413,"username":"sdesalas","name":"Steven de Salas","avatar_template":"/user_avatar/discuss.elastic.co/sdesalas/{size}/146614_2.png","primary_group_name":"elastic_team","flair_name":"elastic_team","flair_url":"https://us1.discourse-cdn.com/elastic/original/3X/d/a/da51fdee688298baeeac95dbab7916a88ba95532.png","flair_group_id":44,"trust_level":4},{"id":167720,"username":"abel1","name":"","avatar_template":"https://avatars.discourse-cdn.com/v4/letter/a/a8b319/{size}.png","trust_level":0},{"id":160312,"username":"Cristina_Marletta_Li","name":"Cristina Marletta Livi","avatar_template":"/user_avatar/discuss.elastic.co/cristina_marletta_li/{size}/137793_2.png","trust_level":1},{"id":149737,"username":"Jatin_Kathuria","name":"Jatin Kathuria","avatar_template":"https://avatars.discourse-cdn.com/v4/letter/j/d6d6ee/{size}.png","primary_group_name":"elastic_team","flair_name":"elastic_team","flair_url":"https://us1.discourse-cdn.com/elastic/original/3X/d/a/da51fdee688298baeeac95dbab7916a88ba95532.png","flair_group_id":44,"trust_level":4},{"id":146372,"username":"syk","name":"Rainer Sykora","avatar_template":"/user_avatar/discuss.elastic.co/syk/{size}/141533_2.png","trust_level":1},{"id":99262,"username":"NickFritts","name":"Nick Fritts","avatar_template":"/user_avatar/discuss.elastic.co/nickfritts/{size}/47189_2.png","primary_group_name":"elastic_team","flair_name":"elastic_team","flair_url":"https://us1.discourse-cdn.com/elastic/original/3X/d/a/da51fdee688298baeeac95dbab7916a88ba95532.png","flair_group_id":44,"trust_level":4},{"id":144570,"username":"welch27330","name":"Jonathan","avatar_template":"https://avatars.discourse-cdn.com/v4/letter/w/d07c76/{size}.png","trust_level":1},{"id":149836,"username":"Maxim_Palenov","name":"Maxim Palenov","avatar_template":"/user_avatar/discuss.elastic.co/maxim_palenov/{size}/122504_2.png","primary_group_name":"elastic_team","flair_name":"elastic_team","flair_url":"https://us1.discourse-cdn.com/elastic/original/3X/d/a/da51fdee688298baeeac95dbab7916a88ba95532.png","flair_group_id":44,"trust_level":4},{"id":92938,"username":"stephmilovic","name":"Steph Milovic","avatar_template":"/user_avatar/discuss.elastic.co/stephmilovic/{size}/146835_2.png","primary_group_name":"elastic_team","flair_name":"elastic_team","flair_url":"https://us1.discourse-cdn.com/elastic/original/3X/d/a/da51fdee688298baeeac95dbab7916a88ba95532.png","flair_group_id":44,"trust_level":4},{"id":149732,"username":"Ammar_Mostafa","name":"Elastic_Lover","avatar_template":"/user_avatar/discuss.elastic.co/ammar_mostafa/{size}/122331_2.png","trust_level":1},{"id":29038,"username":"RainTown","name":"Kevin Maguire","avatar_template":"/user_avatar/discuss.elastic.co/raintown/{size}/140206_2.png","trust_level":3},{"id":84703,"username":"Musab_Dogan","name":"Musab Dogan","avatar_template":"/user_avatar/discuss.elastic.co/musab_dogan/{size}/70691_2.png","trust_level":2},{"id":160049,"username":"arcsons","name":"Jon L","avatar_template":"https://avatars.discourse-cdn.com/v4/letter/a/5fc32e/{size}.png","trust_level":1},{"id":151524,"username":"erikg","name":"","avatar_template":"https://avatars.discourse-cdn.com/v4/letter/e/91b2a8/{size}.png","trust_level":2},{"id":104741,"username":"yctercero","name":"Yara Tercero","avatar_template":"/user_avatar/discuss.elastic.co/yctercero/{size}/68560_2.png","primary_group_name":"elastic_team","flair_name":"elastic_team","flair_url":"https://us1.discourse-cdn.com/elastic/original/3X/d/a/da51fdee688298baeeac95dbab7916a88ba95532.png","flair_group_id":44,"trust_level":4},{"id":153227,"username":"michael-a","name":"elastic-mike","avatar_template":"https://avatars.discourse-cdn.com/v4/letter/m/c57346/{size}.png","trust_level":1},{"id":109144,"username":"RylandHerrick","name":"Ryland Herrick","avatar_template":"/user_avatar/discuss.elastic.co/rylandherrick/{size}/67401_2.png","primary_group_name":"elastic_team","flair_name":"elastic_team","flair_url":"https://us1.discourse-cdn.com/elastic/original/3X/d/a/da51fdee688298baeeac95dbab7916a88ba95532.png","flair_group_id":44,"trust_level":4}],"primary_groups":[{"id":44,"name":"elastic_team"},{"id":46,"name":"elastic_certified"}],"flair_groups":[{"id":44,"name":"elastic_team","flair_url":"https://us1.discourse-cdn.com/elastic/original/3X/d/a/da51fdee688298baeeac95dbab7916a88ba95532.png","flair_bg_color":"","flair_color":""},{"id":46,"name":"elastic_certified","flair_url":"https://us1.discourse-cdn.com/elastic/original/3X/4/b/4b7ff6230ea5ae3c4c3f43b26e783b36ceea35b2.png","flair_bg_color":"","flair_color":"00BFB3"}],"topic_list":{"can_create_topic":false,"more_topics_url":"/c/security/83/l/latest?page=1","per_page":30,"top_tags":[{"id":64,"name":"detection-rules","slug":"detection-rules"},{"id":25,"name":"fleet","slug":"fleet"},{"id":8,"name":"elastic-stack-security","slug":"elastic-stack-security"},{"id":12,"name":"elastic-stack-alerting","slug":"elastic-stack-alerting"},{"id":15,"name":"docker","slug":"docker"},{"id":63,"name":"elastic-agent","slug":"elastic-agent"},{"id":9,"name":"elastic-stack-machine-learning","slug":"elastic-stack-machine-learning"},{"id":93,"name":"eql-elastic-query-language","slug":"eql-elastic-query-language"},{"id":94,"name":"osquery-manager","slug":"osquery-manager"},{"id":26,"name":"ecs-elastic-common-schema","slug":"ecs-elastic-common-schema"},{"id":104,"name":"integrations","slug":"integrations"},{"id":14,"name":"license","slug":"license"},{"id":44,"name":"windows","slug":"windows"},{"id":7,"name":"elastic-stack-monitoring","slug":"elastic-stack-monitoring"},{"id":19,"name":"painless","slug":"painless"},{"id":127,"name":"dashboard","slug":"dashboard"},{"id":85,"name":"datastreams","slug":"datastreams"},{"id":136,"name":"elastic-ai-assistant","slug":"elastic-ai-assistant"},{"id":82,"name":"ingest-pipeline","slug":"ingest-pipeline"},{"id":27,"name":"ccs-cross-cluster-search","slug":"ccs-cross-cluster-search"},{"id":149,"name":"esql","slug":"esql"},{"id":49,"name":"kql-kibana-query-language","slug":"kql-kibana-query-language"},{"id":43,"name":"language-clients","slug":"language-clients"},{"id":154,"name":"serverless","slug":"serverless"},{"id":41,"name":"windows-installer","slug":"windows-installer"},{"id":29,"name":"beats-module","slug":"beats-module"},{"id":24,"name":"curator","slug":"curator"},{"id":10,"name":"elastic-stack-reporting","slug":"elastic-stack-reporting"},{"id":89,"name":"snapshot-and-restore","slug":"snapshot-and-restore"},{"id":110,"name":"timelion","slug":"timelion"}],"topics":[{"fancy_title":"About the Elastic Security category","id":235256,"title":"About the Elastic Security category","slug":"about-the-elastic-security-category","posts_count":2,"reply_count":0,"highest_post_number":3,"image_url":null,"created_at":"2020-06-02T00:08:50.240Z","last_posted_at":"2022-11-04T08:00:37.332Z","bumped":true,"bumped_at":"2021-11-27T02:17:57.558Z","archetype":"regular","unseen":false,"pinned":true,"unpinned":null,"excerpt":"Unified protection, from the creators of the Elastic Stack\nIntegrate free and open SIEM, and endpoint, to prevent, detect, and respond to threats.","visible":true,"closed":true,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":3011,"like_count":0,"has_summary":false,"last_poster_username":"system","category_id":83,"op_like_count":0,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":null,"description":"Original Poster","user_id":60,"primary_group_id":null,"flair_group_id":null},{"extras":"latest","description":"Most Recent Poster","user_id":-1,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"Error after creating Detection rules in Elastic Security; Not getting alerts","id":385908,"title":"Error after creating Detection rules in Elastic Security; Not getting alerts","slug":"error-after-creating-detection-rules-in-elastic-security-not-getting-alerts","posts_count":1,"reply_count":0,"highest_post_number":1,"image_url":"https://us1.discourse-cdn.com/elastic/optimized/3X/f/7/f765d46bd9e0e4a92bac600217d8f0bc3e8e6d68_2_1024x434.png","created_at":"2026-04-15T22:23:15.211Z","last_posted_at":"2026-04-15T22:23:15.322Z","bumped":true,"bumped_at":"2026-04-15T22:23:15.322Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":3,"like_count":0,"has_summary":false,"last_poster_username":"wicklanm","category_id":78,"op_like_count":0,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest single","description":"Original Poster, Most Recent Poster","user_id":168048,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"UX improvements (Security app)","id":385898,"title":"UX improvements (Security app)","slug":"ux-improvements-security-app","posts_count":1,"reply_count":0,"highest_post_number":1,"image_url":null,"created_at":"2026-04-15T13:50:26.163Z","last_posted_at":"2026-04-15T13:50:26.244Z","bumped":true,"bumped_at":"2026-04-15T13:50:26.244Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":7,"like_count":0,"has_summary":false,"last_poster_username":"proclick","category_id":78,"op_like_count":0,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest single","description":"Original Poster, Most Recent Poster","user_id":167575,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"Using Elastic Security as SOAR for IBM QRadar SIEM (Log Forwarding Architecture)","id":385893,"title":"Using Elastic Security as SOAR for IBM QRadar SIEM (Log Forwarding Architecture)","slug":"using-elastic-security-as-soar-for-ibm-qradar-siem-log-forwarding-architecture","posts_count":1,"reply_count":0,"highest_post_number":1,"image_url":null,"created_at":"2026-04-15T06:33:04.468Z","last_posted_at":"2026-04-15T06:33:04.570Z","bumped":true,"bumped_at":"2026-04-15T06:33:04.570Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":6,"like_count":0,"has_summary":false,"last_poster_username":"PatreKerier","category_id":78,"op_like_count":0,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest single","description":"Original Poster, Most Recent Poster","user_id":167967,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"Can you track Windows Defender sample submission?","id":385705,"title":"Can you track Windows Defender sample submission?","slug":"can-you-track-windows-defender-sample-submission","posts_count":4,"reply_count":2,"highest_post_number":4,"image_url":null,"created_at":"2026-03-31T01:44:38.212Z","last_posted_at":"2026-04-13T19:28:48.915Z","bumped":true,"bumped_at":"2026-04-13T19:28:48.915Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":49,"like_count":1,"has_summary":false,"last_poster_username":"willemdh","category_id":83,"op_like_count":1,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":null,"description":"Original Poster","user_id":150656,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":114815,"primary_group_id":44,"flair_group_id":44},{"extras":"latest","description":"Most Recent Poster","user_id":12203,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"Sensor endgame WebSocket validation","id":385836,"title":"Sensor endgame WebSocket validation","slug":"sensor-endgame-websocket-validation","posts_count":1,"reply_count":0,"highest_post_number":1,"image_url":null,"created_at":"2026-04-09T23:39:35.567Z","last_posted_at":"2026-04-09T23:39:35.657Z","bumped":true,"bumped_at":"2026-04-09T23:39:35.657Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":15,"like_count":0,"has_summary":false,"last_poster_username":"Omar_Tawfik_kandil","category_id":83,"op_like_count":0,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest single","description":"Original Poster, Most Recent Poster","user_id":168014,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"Workflows’ Connectors in DaC","id":385829,"title":"Workflows' Connectors in DaC","slug":"workflows-connectors-in-dac","posts_count":1,"reply_count":0,"highest_post_number":1,"image_url":null,"created_at":"2026-04-09T17:43:51.725Z","last_posted_at":"2026-04-09T17:43:51.822Z","bumped":true,"bumped_at":"2026-04-09T17:43:51.822Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":20,"like_count":1,"has_summary":false,"last_poster_username":"proclick","category_id":78,"op_like_count":1,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest single","description":"Original Poster, Most Recent Poster","user_id":167575,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"System requirements for Elastic Security “All-in-One” pilot deployment","id":385731,"title":"System requirements for Elastic Security \"All-in-One\" pilot deployment","slug":"system-requirements-for-elastic-security-all-in-one-pilot-deployment","posts_count":4,"reply_count":2,"highest_post_number":4,"image_url":null,"created_at":"2026-04-01T14:01:02.190Z","last_posted_at":"2026-04-03T08:30:42.888Z","bumped":true,"bumped_at":"2026-04-03T08:30:42.888Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":52,"like_count":3,"has_summary":false,"last_poster_username":"Christian_Dahlqvist","category_id":78,"op_like_count":0,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":null,"description":"Original Poster","user_id":167967,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":167795,"primary_group_id":null,"flair_group_id":null},{"extras":"latest","description":"Most Recent Poster","user_id":80,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"Entra ID Unusual Cloud Device Registration","id":385717,"title":"Entra ID Unusual Cloud Device Registration","slug":"entra-id-unusual-cloud-device-registration","posts_count":3,"reply_count":0,"highest_post_number":3,"image_url":null,"created_at":"2026-03-31T14:04:57.499Z","last_posted_at":"2026-04-01T08:05:38.688Z","bumped":true,"bumped_at":"2026-04-01T08:05:38.688Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":39,"like_count":0,"has_summary":false,"last_poster_username":"lonpm2","category_id":83,"op_like_count":0,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest","description":"Original Poster, Most Recent Poster","user_id":146055,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":164695,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"Indicator Match rule not generating alerts (Basic license, self-managed 9.3.0)","id":385726,"title":"Indicator Match rule not generating alerts (Basic license, self-managed 9.3.0)","slug":"indicator-match-rule-not-generating-alerts-basic-license-self-managed-9-3-0","posts_count":1,"reply_count":0,"highest_post_number":1,"image_url":null,"created_at":"2026-04-01T07:34:13.122Z","last_posted_at":"2026-04-01T07:34:13.190Z","bumped":true,"bumped_at":"2026-04-01T07:34:13.190Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[{"id":64,"name":"detection-rules","slug":"detection-rules"}],"tags_descriptions":{},"views":21,"like_count":0,"has_summary":false,"last_poster_username":"arav","category_id":83,"op_like_count":0,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest single","description":"Original Poster, Most Recent Poster","user_id":167795,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"Guidance for running Elastic Defend on ECE hosts","id":385617,"title":"Guidance for running Elastic Defend on ECE hosts","slug":"guidance-for-running-elastic-defend-on-ece-hosts","posts_count":1,"reply_count":0,"highest_post_number":1,"image_url":null,"created_at":"2026-03-25T20:48:11.903Z","last_posted_at":"2026-03-25T20:48:11.966Z","bumped":true,"bumped_at":"2026-03-25T20:48:11.966Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":21,"like_count":0,"has_summary":false,"last_poster_username":"willemdh","category_id":80,"op_like_count":0,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest single","description":"Original Poster, Most Recent Poster","user_id":12203,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"Elastic External Connector Question","id":385470,"title":"Elastic External Connector Question","slug":"elastic-external-connector-question","posts_count":1,"reply_count":0,"highest_post_number":1,"image_url":null,"created_at":"2026-03-16T16:06:19.253Z","last_posted_at":"2026-03-16T16:06:19.333Z","bumped":true,"bumped_at":"2026-03-16T16:06:19.333Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":29,"like_count":0,"has_summary":false,"last_poster_username":"vpolius","category_id":83,"op_like_count":0,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest single","description":"Original Poster, Most Recent Poster","user_id":156483,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"Is Elastic Endpoint immune to Zombie ZIP evasion?","id":385438,"title":"Is Elastic Endpoint immune to Zombie ZIP evasion?","slug":"is-elastic-endpoint-immune-to-zombie-zip-evasion","posts_count":2,"reply_count":0,"highest_post_number":2,"image_url":"https://us1.discourse-cdn.com/elastic/optimized/3X/5/1/51192da034ba66d8318a57565ac2c3d1c2a1b1e2_2_1024x512.png","created_at":"2026-03-13T01:44:17.672Z","last_posted_at":"2026-03-16T09:55:35.057Z","bumped":true,"bumped_at":"2026-03-16T09:55:35.057Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":58,"like_count":0,"has_summary":false,"last_poster_username":"lesio","category_id":83,"op_like_count":0,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":null,"description":"Original Poster","user_id":167851,"primary_group_id":null,"flair_group_id":null},{"extras":"latest","description":"Most Recent Poster","user_id":125462,"primary_group_id":44,"flair_group_id":44}]},{"fancy_title":"AI Agent feedback","id":385435,"title":"AI Agent feedback","slug":"ai-agent-feedback","posts_count":1,"reply_count":0,"highest_post_number":1,"image_url":null,"created_at":"2026-03-12T20:58:01.206Z","last_posted_at":"2026-03-12T20:58:01.262Z","bumped":true,"bumped_at":"2026-03-12T20:58:01.262Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":66,"like_count":0,"has_summary":false,"last_poster_username":"juancamiloll","category_id":83,"op_like_count":0,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest single","description":"Original Poster, Most Recent Poster","user_id":139260,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"Threat Intelligence View Not Using securitySolution:defaultThreatIndex","id":385403,"title":"Threat Intelligence View Not Using securitySolution:defaultThreatIndex","slug":"threat-intelligence-view-not-using-securitysolution-defaultthreatindex","posts_count":2,"reply_count":0,"highest_post_number":2,"image_url":"https://us1.discourse-cdn.com/elastic/optimized/3X/a/0/a03dff9f0fa663b5905ec33d85235ac5a9d9af6f_2_1023x535.png","created_at":"2026-03-11T02:37:47.661Z","last_posted_at":"2026-03-12T14:30:00.230Z","bumped":true,"bumped_at":"2026-03-12T14:30:00.230Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":28,"like_count":0,"has_summary":false,"last_poster_username":"logalicious","category_id":83,"op_like_count":0,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest single","description":"Original Poster, Most Recent Poster","user_id":159868,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"Using Case templates in Attack Discovery scheduling","id":385398,"title":"Using Case templates in Attack Discovery scheduling","slug":"using-case-templates-in-attack-discovery-scheduling","posts_count":4,"reply_count":1,"highest_post_number":4,"image_url":"https://us1.discourse-cdn.com/elastic/original/3X/a/d/adf9ebe6ae43f2efd3db59a063e91eb3358f3fea.png","created_at":"2026-03-10T17:58:32.265Z","last_posted_at":"2026-03-12T12:59:58.943Z","bumped":true,"bumped_at":"2026-03-12T12:59:58.943Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":55,"like_count":1,"has_summary":false,"last_poster_username":"wsouza","category_id":83,"op_like_count":0,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest","description":"Original Poster, Most Recent Poster","user_id":127854,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":164474,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":167840,"primary_group_id":44,"flair_group_id":44}]},{"fancy_title":"Threat Intel Rules and Threat Enrichments","id":385093,"title":"Threat Intel Rules and Threat Enrichments","slug":"threat-intel-rules-and-threat-enrichments","posts_count":2,"reply_count":0,"highest_post_number":2,"image_url":null,"created_at":"2026-02-18T11:17:44.003Z","last_posted_at":"2026-03-10T18:07:44.085Z","bumped":true,"bumped_at":"2026-03-10T18:07:44.085Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":71,"like_count":1,"has_summary":false,"last_poster_username":"wsouza","category_id":83,"op_like_count":1,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":null,"description":"Original Poster","user_id":167703,"primary_group_id":null,"flair_group_id":null},{"extras":"latest","description":"Most Recent Poster","user_id":127854,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"Clarification on using “timestamp_override: event.ingested” with EQL sequence rules","id":385377,"title":"Clarification on using \"timestamp_override: event.ingested\" with EQL sequence rules","slug":"clarification-on-using-timestamp-override-event-ingested-with-eql-sequence-rules","posts_count":1,"reply_count":0,"highest_post_number":1,"image_url":null,"created_at":"2026-03-09T11:22:02.639Z","last_posted_at":"2026-03-09T11:22:02.707Z","bumped":true,"bumped_at":"2026-03-09T11:22:02.707Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[{"id":64,"name":"detection-rules","slug":"detection-rules"}],"tags_descriptions":{},"views":32,"like_count":1,"has_summary":false,"last_poster_username":"iremtoru","category_id":83,"op_like_count":1,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest single","description":"Original Poster, Most Recent Poster","user_id":163050,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"Question About OOS Closure for Elasticsearch Deployment on es.io","id":385303,"title":"Question About OOS Closure for Elasticsearch Deployment on es.io","slug":"question-about-oos-closure-for-elasticsearch-deployment-on-es-io","posts_count":2,"reply_count":0,"highest_post_number":2,"image_url":null,"created_at":"2026-03-02T14:59:51.732Z","last_posted_at":"2026-03-02T15:16:06.767Z","bumped":true,"bumped_at":"2026-03-02T15:16:06.767Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":23,"like_count":1,"has_summary":false,"last_poster_username":"stephenb","category_id":83,"op_like_count":0,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":null,"description":"Original Poster","user_id":167791,"primary_group_id":null,"flair_group_id":null},{"extras":"latest","description":"Most Recent Poster","user_id":84308,"primary_group_id":44,"flair_group_id":44}]},{"fancy_title":"Knowledge Base loading indefinitely","id":385224,"title":"Knowledge Base loading indefinitely","slug":"knowledge-base-loading-indefinitely","posts_count":2,"reply_count":0,"highest_post_number":2,"image_url":"https://us1.discourse-cdn.com/elastic/optimized/3X/2/0/20cabf788edcc1f29af5a2a016323539d6a53c87_2_1024x486.png","created_at":"2026-02-25T13:41:40.664Z","last_posted_at":"2026-02-25T15:18:44.636Z","bumped":true,"bumped_at":"2026-02-25T15:18:44.636Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":44,"like_count":1,"has_summary":false,"last_poster_username":"juancamiloll","category_id":83,"op_like_count":0,"pinned_globally":false,"featured_link":null,"has_accepted_answer":true,"can_vote":false,"posters":[{"extras":"latest single","description":"Original Poster, Most Recent Poster, Accepted Answer","user_id":139260,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"Elastic - MISP Integration shows total Indicators ( fortigate logs)","id":385132,"title":"Elastic - MISP Integration shows total Indicators ( fortigate logs)","slug":"elastic-misp-integration-shows-total-indicators-fortigate-logs","posts_count":7,"reply_count":4,"highest_post_number":7,"image_url":"https://us1.discourse-cdn.com/elastic/optimized/3X/3/1/313e186a0cf5e6f4c59f99d84d478b19f7e055f1_2_1024x531.png","created_at":"2026-02-20T06:42:01.030Z","last_posted_at":"2026-03-24T11:08:11.154Z","bumped":true,"bumped_at":"2026-02-24T11:07:56.350Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":true,"archived":false,"bookmarked":null,"liked":null,"tags":[{"id":19,"name":"painless","slug":"painless"}],"tags_descriptions":{},"views":83,"like_count":2,"has_summary":false,"last_poster_username":"system","category_id":78,"op_like_count":0,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":null,"description":"Original Poster","user_id":167619,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":34955,"primary_group_id":46,"flair_group_id":46},{"extras":null,"description":"Frequent Poster","user_id":167413,"primary_group_id":44,"flair_group_id":44},{"extras":"latest","description":"Most Recent Poster","user_id":-1,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"Trial extension request for Elastic ML features on on-premises","id":385155,"title":"Trial extension request for Elastic ML features on on-premises","slug":"trial-extension-request-for-elastic-ml-features-on-on-premises","posts_count":2,"reply_count":0,"highest_post_number":2,"image_url":null,"created_at":"2026-02-23T06:40:21.794Z","last_posted_at":"2026-02-23T12:51:07.266Z","bumped":true,"bumped_at":"2026-02-23T12:51:07.266Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":35,"like_count":0,"has_summary":false,"last_poster_username":"sdesalas","category_id":83,"op_like_count":0,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":null,"description":"Original Poster","user_id":167720,"primary_group_id":null,"flair_group_id":null},{"extras":"latest","description":"Most Recent Poster","user_id":167413,"primary_group_id":44,"flair_group_id":44}]},{"fancy_title":"Security alerts notes","id":385113,"title":"Security alerts notes","slug":"security-alerts-notes","posts_count":3,"reply_count":1,"highest_post_number":3,"image_url":null,"created_at":"2026-02-19T11:52:56.245Z","last_posted_at":"2026-02-19T14:20:05.790Z","bumped":true,"bumped_at":"2026-02-19T14:20:05.790Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":63,"like_count":0,"has_summary":false,"last_poster_username":"Cristina_Marletta_Li","category_id":83,"op_like_count":0,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest","description":"Original Poster, Most Recent Poster","user_id":160312,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":149737,"primary_group_id":44,"flair_group_id":44}]},{"fancy_title":"Independent Agent Version 9.3.0+build202602051825","id":385074,"title":"Independent Agent Version 9.3.0+build202602051825","slug":"independent-agent-version-9-3-0-build202602051825","posts_count":4,"reply_count":2,"highest_post_number":4,"image_url":"https://us1.discourse-cdn.com/elastic/original/3X/3/3/33801d8165059843c31d74c93bf5e0b7aa57e8ae.png","created_at":"2026-02-17T07:50:16.846Z","last_posted_at":"2026-02-18T22:45:15.604Z","bumped":true,"bumped_at":"2026-02-18T22:45:15.604Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":81,"like_count":3,"has_summary":false,"last_poster_username":"NickFritts","category_id":83,"op_like_count":1,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":null,"description":"Original Poster","user_id":146372,"primary_group_id":null,"flair_group_id":null},{"extras":"latest","description":"Most Recent Poster","user_id":99262,"primary_group_id":44,"flair_group_id":44}]},{"fancy_title":"Elastic rule Hyperlinks in Highlighted Fields","id":384894,"title":"Elastic rule Hyperlinks in Highlighted Fields","slug":"elastic-rule-hyperlinks-in-highlighted-fields","posts_count":3,"reply_count":1,"highest_post_number":3,"image_url":null,"created_at":"2026-02-03T18:01:08.593Z","last_posted_at":"2026-02-13T02:48:48.655Z","bumped":true,"bumped_at":"2026-02-13T02:48:48.655Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[{"id":64,"name":"detection-rules","slug":"detection-rules"}],"tags_descriptions":{},"views":30,"like_count":0,"has_summary":false,"last_poster_username":"welch27330","category_id":83,"op_like_count":0,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest","description":"Original Poster, Most Recent Poster","user_id":144570,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":149836,"primary_group_id":44,"flair_group_id":44}]},{"fancy_title":"Elastic Rule Alert With External hyper link field creation in highlighted Fields [feature request]","id":384868,"title":"Elastic Rule Alert With External hyper link field creation in highlighted Fields [feature request]","slug":"elastic-rule-alert-with-external-hyper-link-field-creation-in-highlighted-fields-feature-request","posts_count":4,"reply_count":1,"highest_post_number":4,"image_url":null,"created_at":"2026-02-02T20:10:53.363Z","last_posted_at":"2026-03-13T02:35:07.045Z","bumped":true,"bumped_at":"2026-02-13T02:34:30.003Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":true,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":37,"like_count":0,"has_summary":false,"last_poster_username":"system","category_id":78,"op_like_count":0,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":null,"description":"Original Poster","user_id":144570,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":92938,"primary_group_id":44,"flair_group_id":44},{"extras":"latest","description":"Most Recent Poster","user_id":-1,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"ELK Architecture Distribution for Hardware to Achieve high availability","id":384936,"title":"ELK Architecture Distribution for Hardware to Achieve high availability","slug":"elk-architecture-distribution-for-hardware-to-achieve-high-availability","posts_count":17,"reply_count":15,"highest_post_number":18,"image_url":null,"created_at":"2026-02-06T03:32:51.988Z","last_posted_at":"2026-02-11T09:22:20.338Z","bumped":true,"bumped_at":"2026-02-11T09:22:20.338Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":123,"like_count":12,"has_summary":false,"last_poster_username":"Christian_Dahlqvist","category_id":83,"op_like_count":1,"pinned_globally":false,"featured_link":null,"has_accepted_answer":true,"can_vote":false,"posters":[{"extras":null,"description":"Original Poster","user_id":149732,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster, Accepted Answer","user_id":29038,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":84703,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":34955,"primary_group_id":46,"flair_group_id":46},{"extras":"latest","description":"Most Recent Poster","user_id":80,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"SIEM reports","id":384985,"title":"SIEM reports","slug":"siem-reports","posts_count":2,"reply_count":0,"highest_post_number":2,"image_url":null,"created_at":"2026-02-09T23:04:01.746Z","last_posted_at":"2026-02-10T21:21:08.735Z","bumped":true,"bumped_at":"2026-02-10T21:21:08.735Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":71,"like_count":0,"has_summary":false,"last_poster_username":"erikg","category_id":83,"op_like_count":0,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":null,"description":"Original Poster","user_id":160049,"primary_group_id":null,"flair_group_id":null},{"extras":"latest","description":"Most Recent Poster","user_id":151524,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"Exceptions in rules through DaC","id":384790,"title":"Exceptions in rules through DaC","slug":"exceptions-in-rules-through-dac","posts_count":4,"reply_count":0,"highest_post_number":4,"image_url":null,"created_at":"2026-01-29T09:42:31.332Z","last_posted_at":"2026-03-09T21:44:29.166Z","bumped":true,"bumped_at":"2026-02-09T21:43:35.873Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":true,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":50,"like_count":3,"has_summary":false,"last_poster_username":"system","category_id":78,"op_like_count":1,"pinned_globally":false,"featured_link":null,"has_accepted_answer":true,"can_vote":false,"posters":[{"extras":null,"description":"Original Poster","user_id":167575,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster, Accepted Answer","user_id":104741,"primary_group_id":44,"flair_group_id":44},{"extras":"latest","description":"Most Recent Poster","user_id":-1,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"Alerts missing key fields","id":384449,"title":"Alerts missing key fields","slug":"alerts-missing-key-fields","posts_count":4,"reply_count":2,"highest_post_number":4,"image_url":null,"created_at":"2026-01-09T08:04:12.090Z","last_posted_at":"2026-02-09T14:05:04.470Z","bumped":true,"bumped_at":"2026-02-09T14:05:04.470Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":92,"like_count":3,"has_summary":false,"last_poster_username":"michael-a","category_id":83,"op_like_count":0,"pinned_globally":false,"featured_link":null,"has_accepted_answer":true,"can_vote":false,"posters":[{"extras":"latest","description":"Original Poster, Most Recent Poster","user_id":153227,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster, Accepted Answer","user_id":109144,"primary_group_id":44,"flair_group_id":44}]}]}}