|
Cases - Disable external systems prompt
|
|
2
|
464
|
July 28, 2020
|
|
Limit storage needs by automatically remove data after 28 days
|
|
4
|
351
|
May 11, 2023
|
|
ML job - detect new port
|
|
3
|
391
|
March 3, 2021
|
|
ELK siem and audit log source options
|
|
2
|
450
|
August 12, 2020
|
|
How to aggregate alerts?
|
|
1
|
551
|
February 15, 2022
|
|
SIEM with Basic License On-Prem?
|
|
2
|
449
|
June 2, 2021
|
|
Where are Security Rules run?
|
|
5
|
316
|
December 8, 2023
|
|
How much is xpack-siem, please tell me , thanks
|
|
3
|
386
|
March 1, 2023
|
|
SIEM not show country flag
|
|
2
|
445
|
September 14, 2020
|
|
Auditbeat omniscience?
|
|
2
|
445
|
March 12, 2020
|
|
Correlation in Elastic-SIEM
|
|
2
|
441
|
July 2, 2020
|
|
Alert when winlogbeat host stop sending events
|
|
4
|
341
|
August 22, 2023
|
|
CSPM third Party
|
|
2
|
440
|
January 22, 2023
|
|
Automaticaly close SIEM case
|
|
2
|
440
|
June 6, 2022
|
|
Unable to forward watcher alert to index with all details
|
|
3
|
380
|
April 21, 2021
|
|
Going from detection page to rule page in 1 click
|
|
3
|
379
|
November 9, 2020
|
|
Discover is not working for range between <date> - "now "
|
|
3
|
378
|
July 1, 2021
|
|
Uploading third-party JSON output
|
|
2
|
435
|
March 9, 2020
|
|
SIEM signals can not be closed with another status or comment except "Closed"
|
|
2
|
434
|
August 24, 2020
|
|
Unable to add Cisco integration under Fleet Policy
|
|
2
|
433
|
June 16, 2021
|
|
Notes on Alerts or auto open case
|
|
1
|
298
|
November 23, 2023
|
|
Elasticsearch SIEM Dashboard
|
|
2
|
431
|
March 29, 2020
|
|
Problems With Import-Rules and Create-Rules
|
|
2
|
430
|
December 10, 2022
|
|
Document enrichment via ingest pipeline or Indicator Match rule - which is preferable?
|
|
2
|
430
|
November 3, 2022
|
|
Multi-value lists for elk rule
|
|
1
|
296
|
October 6, 2023
|
|
Enable email Alerts for High Severity Detections
|
|
3
|
372
|
April 25, 2022
|
|
Elastic SIEM miss leading text on analyzer
|
|
3
|
371
|
August 4, 2022
|
|
Missing required fields in duplicated rules
|
|
2
|
427
|
January 6, 2023
|
|
Managing event filters outside the UI
|
|
4
|
329
|
August 24, 2022
|
|
Threat detection rules VS beats
|
|
2
|
423
|
July 23, 2021
|
|
Auto response (Auto remediation) SIEM
|
|
1
|
518
|
January 1, 2021
|
|
Populating SIEM
|
|
2
|
422
|
August 12, 2020
|
|
Addition of other visualizations in Elastic-SIEM dashboards
|
|
2
|
415
|
July 3, 2020
|
|
Elasticsearch SIEM is not working, but EQL query is ok
|
|
2
|
413
|
November 26, 2021
|
|
Filebeat Office 365 Failed getting a token
|
|
2
|
412
|
December 21, 2020
|
|
Threshold Rule type - not able to send more than three field values in email action
|
|
2
|
411
|
February 4, 2022
|
|
Elastic SIEM does not show the netflow data using filebeat
|
|
1
|
502
|
May 18, 2020
|
|
Ubuntu system log parsing
|
|
2
|
408
|
May 25, 2021
|
|
"Run now" action for SIEM rule
|
|
2
|
406
|
December 22, 2020
|
|
Journalbeat in Elastic SIEM
|
|
2
|
406
|
October 1, 2020
|
|
AquaSec / TwistLock features for containers?
|
|
1
|
497
|
March 13, 2020
|
|
Elastic siem receive another Security Device log
|
|
2
|
405
|
October 19, 2020
|
|
Sizing Parameters for deploying SIEM
|
|
1
|
496
|
May 14, 2020
|
|
Alerting by amount of "hits"
|
|
2
|
403
|
June 18, 2020
|
|
Question on the capability of elastic SIEM
|
|
2
|
400
|
December 8, 2020
|
|
Update prebuilt ML jobs
|
|
2
|
400
|
July 12, 2020
|
|
Elastic agent log parsing
|
|
1
|
488
|
July 1, 2021
|
|
Elastic SIEM Fields Populate to JIRA Custom Fields
|
|
2
|
398
|
January 18, 2021
|
|
Question on populating SIEM dashboard with winlogbeat data and Logstash
|
|
2
|
395
|
October 28, 2020
|
|
Send sophos logs via filebeat to elasticsearch ( ubuntu 20.04 )
|
|
2
|
394
|
April 11, 2022
|