SIEM - Discuss the Elastic Stack

Topic	Replies	Views	Activity
Missing required fields in duplicated rules	2	435	January 6, 2023
Question on the capability of elastic SIEM	2	434	December 8, 2020
How to configure fleet server and enroll agents? fleet	2	430	October 11, 2022
Elastic SIEM does not show the netflow data using filebeat	1	525	May 18, 2020
Threshold rule	2	428	July 20, 2023
Elastic agent log parsing	1	521	July 1, 2021
Sizing Parameters for deploying SIEM	1	521	May 14, 2020
Question on populating SIEM dashboard with winlogbeat data and Logstash	2	425	October 28, 2020
Threshold Rule type - not able to send more than three field values in email action	2	423	February 4, 2022
Assign Single Exception to Multiple Detection Rules detection-rules	2	422	August 13, 2021
Journalbeat in Elastic SIEM	2	421	October 1, 2020
"Run now" action for SIEM rule	2	420	December 22, 2020
Elastic SIEM Fields Populate to JIRA Custom Fields elastic-stack-alerting	2	417	January 18, 2021
Machine learning use case - Anomaly Detection	7	254	August 7, 2025
Feature request?	2	414	July 29, 2020
AquaSec / TwistLock features for containers?	1	507	March 13, 2020
Host.hostname field_data issue with SIEM and auditbeat	1	502	May 5, 2020
Windows 2019: elastic-agent and endpoint security elastic-agent	1	498	December 15, 2020
Simulation of Adobe Hijack	2	406	July 14, 2020
Parse json file elastic-agent	1	497	July 13, 2022
Detection Rule - Output of a aggregation bucket should match with other types of logs in the same index detection-rules	1	497	June 25, 2021
Logstash and filebeat	2	405	June 18, 2021
"Azure Excessive Signin Logs by Azure Identity" unusable azure.signinlogs.identity	2	404	May 10, 2021
AWS VPC Flow Log integration	1	494	May 4, 2022
Custom EQL Query where one event happened and another didnt eql-elastic-query-language	1	487	March 7, 2022
Kibana Query Language summarize	5	281	December 23, 2024
Common File for adding email address in SIEM Detection email action elastic-stack-alerting , detection-rules	2	397	September 26, 2021
Elastic siem overview dashboard config	2	396	November 19, 2020
Eql query usage in watcher/siem detection rules elastic-stack-alerting	1	484	December 17, 2020
Panw module (Palo Alto) ingest reports Object Object.getClass() error because receiver is null	2	391	September 9, 2020
Value Lists as Exception in Threshold and Correlation type rules	2	390	May 11, 2021
Detector field "beat.hostname" is not an aggregatable field	2	383	November 23, 2021
Ingesting from AWS & Azzure	2	382	December 8, 2020
Feedback: Cases	2	382	September 30, 2020
The issue in a detection rule	3	329	October 18, 2023
Registering Wasabi as Snapshot repository for ECE cluster	2	379	September 11, 2023
Decentralised architecture with elastic SIEM	2	379	September 8, 2023
Server send security events with WEF and in Authentication tab I don't found all accesses	1	464	March 12, 2020
Signal detection ML rule not working	1	463	September 19, 2020
Google Workspace integration - logs-sdk admin	2	376	December 14, 2023
Correlation rules not working elastic-stack-alerting	1	460	May 22, 2021
EQL signal query return with error	2	375	March 25, 2021
Create a rule or alert to monitor when its not receiving logs by 24 hours?	2	373	September 18, 2023
How to discard specific event from storing or correlation in SIEM to save resources	2	373	June 3, 2021
Why `elastic-es-default-0` (which is the pod name for my Elasticsearch) becomes a "host"?	2	373	February 16, 2021
Considerations about default terms agg for Elastic SIEM Detections histogram	2	373	July 13, 2020
Orchestrate Elastic SIEM for training labs docker	3	321	March 27, 2024
SIEM detection rule apply for difference time	2	369	October 23, 2020
Packetbeat Alerts	2	367	May 12, 2023
Detection rule CLI error	2	367	May 17, 2021