SIEM - Discuss the Elastic Stack

Topic	Replies	Views	Activity
Kibana SIEM Function: Failed to Parse Date field? (Epoch Time)	9	1155	August 25, 2020
Unable to use SIEM module	11	1054	May 6, 2021
Calling Alerts from Watchers to detection Signals	15	904	October 29, 2020
SIEM Signals not triggering	11	1039	December 7, 2020
Fortigate Integrations	9	1063	October 10, 2024
Threshold rule can't group by with source.ip but only with source.ip.keyword	11	907	December 6, 2022
SIEM -- Event Columns (Only Default Category)	9	904	June 29, 2020
How many swap files are created when you update a text file	9	890	October 24, 2019
Problem with Detections - Custom query rule	10	830	September 8, 2022
Timeline Template not applied when Alert fires	9	824	May 10, 2022
DNS Check Malware	9	737	August 3, 2020
Prebuilt ML jobs fail elastic-stack-machine-learning	10	699	May 18, 2020
Error activating rule (api key name is required) elastic-stack-alerting , detection-rules	9	728	January 6, 2022
Threshold security rule	9	602	August 12, 2024
Firewall logs to different Datastream by type	23	298	May 22, 2025
Error in detection rule: Remote Computer Account DnsHostName Update	9	96	May 31, 2025
Threat Intel and SIEM	3	4412	December 15, 2020
[ Creating new rule ]: ERROR Authentication using apikey failed - api key has been invalidated elastic-stack-security , elastic-stack-alerting	5	9434	February 16, 2021
Elastic SIEM TheHive Integration	2	2524	September 7, 2021
Palo Alto [SIEM]	3	716	July 17, 2020
SIgma rules for Elastic SIEM	5	12918	May 1, 2021
Active Directory logs and mapping to ECS (I am stumped) ecs-elastic-common-schema	7	8655	November 11, 2019
Detecting inactive users in Active Directory elastic-stack-alerting	5	1762	January 25, 2023
Limit CPU/Memory usage in Auditbeat & Filebeats , version 7.9.0	8	5379	October 15, 2020
Event Correlation on ELK	3	7919	September 23, 2019
Multiple Different Clients	5	1996	February 1, 2021
Hosts table : host.name (alias of beat.name) used instead of agent.hostname	2	3918	March 16, 2020
Feature Request for more robust vector graphics (Vega not enough) so I can generate good looking network maps (non-geographic)	3	583	April 20, 2023
Best way to analyze Event Correlation Sequence detections elastic-stack-alerting , eql-elastic-query-language	6	2299	January 4, 2023
Seperate email alerts per detection? elastic-stack-security	3	526	June 14, 2022
Fleet server agent unable to start- Connection refused fleet	4	4625	November 4, 2021
Hosts duplicated with and without fqdn	7	1873	July 28, 2020
SOAR for elk	3	4632	May 14, 2020
Config alerts and actions email connector	8	2797	October 22, 2020
Unifi Ubiquity USG IPS Suricata Filebeat Logging	3	1319	June 11, 2020
SIEM feature request	5	585	October 29, 2020
WHAT SIEM CAN DO?	4	1138	September 10, 2020
How to define time range in custom query rule in elasticsiem?	6	1710	April 20, 2021
Alert when an event is not followed by another detection-rules	7	885	October 24, 2022
Bulk indexing of signals failed in Kibana 7.10.2	8	2636	February 26, 2021
Detection rule: Failed login attempts	3	3907	June 30, 2021
Building block rules/use case	8	2486	December 8, 2020
"path: /_security/api_key... api keys are not enabled" while loading prebuilt detection rules	4	3293	March 15, 2020
Difference between source/destination and server/client ecs-elastic-common-schema	2	2370	September 13, 2019
Run Elastic detection rule in non real time logs	2	737	October 9, 2021
Security rules failing (timed out) all the time detection-rules	6	2666	November 29, 2021
SIEM Threshold - unique values	6	1495	September 29, 2020
UEBA for elk	3	3455	April 10, 2020
SOAR for Elastic Capabilities	2	2238	August 14, 2019
Graylog logs directed to Elastic SIEM	6	2595	June 29, 2020