|
Threat Intel and SIEM
|
|
2
|
4441
|
November 17, 2020
|
|
Elastic SIEM TheHive Integration
|
|
1
|
2539
|
August 10, 2021
|
|
[ Creating new rule ]: ERROR Authentication using apikey failed - api key has been invalidated
|
|
4
|
9536
|
January 19, 2021
|
|
Palo Alto [SIEM]
|
|
2
|
726
|
June 19, 2020
|
|
Best way to analyze Event Correlation Sequence detections
|
|
5
|
2359
|
December 7, 2022
|
|
SIgma rules for Elastic SIEM
|
|
4
|
13157
|
April 3, 2021
|
|
Detecting inactive users in Active Directory
|
|
5
|
1792
|
January 25, 2023
|
|
Active Directory logs and mapping to ECS (I am stumped)
|
|
6
|
8708
|
October 14, 2019
|
|
Creating a case for an alert automatically
|
|
2
|
1676
|
January 27, 2022
|
|
Limit CPU/Memory usage in Auditbeat & Filebeats , version 7.9.0
|
|
7
|
5419
|
September 17, 2020
|
|
Multiple Different Clients
|
|
4
|
2036
|
January 4, 2021
|
|
Event Correlation on ELK
|
|
2
|
7970
|
August 26, 2019
|
|
Can I still use Threat Intelligence?
|
|
6
|
807
|
November 29, 2022
|
|
Import rules from public detection rules repo
|
|
2
|
1936
|
August 18, 2020
|
|
Feature Request for more robust vector graphics (Vega not enough) so I can generate good looking network maps (non-geographic)
|
|
2
|
609
|
March 23, 2023
|
|
Hosts table : host.name (alias of beat.name) used instead of agent.hostname
|
|
1
|
3951
|
February 17, 2020
|
|
Seperate email alerts per detection?
|
|
2
|
548
|
May 17, 2022
|
|
Fleet server agent unable to start- Connection refused
|
|
3
|
4661
|
October 7, 2021
|
|
"Machine learning permission error" for demo user
|
|
1
|
1150
|
June 25, 2020
|
|
Filebeat for Sophos XG Firewall
|
|
8
|
3030
|
August 7, 2019
|
|
Hosts duplicated with and without fqdn
|
|
6
|
1903
|
June 30, 2020
|
|
SIEM ECS descriptions taking huge amount of unneccesary space in SIEM
|
|
1
|
621
|
September 27, 2019
|
|
Config alerts and actions email connector
|
|
7
|
2876
|
September 24, 2020
|
|
SOAR for elk
|
|
2
|
4650
|
April 16, 2020
|
|
Aggregation support in SIEM
|
|
2
|
784
|
June 23, 2020
|
|
SIEM feature request
|
|
4
|
604
|
October 1, 2020
|
|
How to define time range in custom query rule in elasticsiem?
|
|
5
|
1735
|
March 23, 2021
|
|
Bulk indexing of signals failed in Kibana 7.10.2
|
|
7
|
2667
|
January 29, 2021
|
|
Alert when an event is not followed by another
|
|
6
|
900
|
September 26, 2022
|
|
WHAT SIEM CAN DO?
|
|
3
|
1170
|
August 13, 2020
|
|
Unifi Ubiquity USG IPS Suricata Filebeat Logging
|
|
2
|
1342
|
May 14, 2020
|
|
Signal - multiple login failure from same user
|
|
1
|
1642
|
November 16, 2020
|
|
Building block rules/use case
|
|
7
|
2561
|
November 10, 2020
|
|
Sending the alert JSON details using Webhook Connector
|
|
7
|
1386
|
April 11, 2024
|
|
Detection rule: Failed login attempts
|
|
2
|
3961
|
June 2, 2021
|
|
Host not showing up despite events being present
|
|
8
|
2271
|
March 13, 2020
|
|
Security rules failing (timed out) all the time
|
|
5
|
2703
|
November 1, 2021
|
|
SIEM Threshold - unique values
|
|
5
|
1517
|
September 1, 2020
|
|
"path: /_security/api_key... api keys are not enabled" while loading prebuilt detection rules
|
|
3
|
3303
|
February 16, 2020
|
|
Creating a rule exception
|
|
1
|
1449
|
July 21, 2022
|
|
Graylog logs directed to Elastic SIEM
|
|
5
|
2644
|
June 1, 2020
|
|
Another Feature Request for SIEM
|
|
5
|
825
|
July 8, 2020
|
|
Shards failed warning on Network dashboard in SIEM app
|
|
8
|
2115
|
March 3, 2020
|
|
How to create a rule with aggregation
|
|
4
|
2824
|
April 6, 2021
|
|
Elastic SIEM for MSSP
|
|
6
|
2381
|
June 11, 2020
|
|
Shodan Integration
|
|
4
|
2732
|
April 1, 2020
|
|
SSH auth logs not visualized in Kibana
|
|
5
|
2467
|
May 19, 2020
|
|
Adding Fleet Server failed because “x509: certificate signed by unknown authority“
|
|
5
|
2465
|
January 30, 2023
|
|
UEBA for elk
|
|
2
|
3471
|
March 13, 2020
|
|
Difference between source/destination and server/client
|
|
1
|
2385
|
August 16, 2019
|