SIEM - Discuss the Elastic Stack

Topic	Replies	Views	Activity
Send sophos logs via filebeat to elasticsearch ( ubuntu 20.04 )	2	418	April 11, 2022
Modify ID of an installed agent	2	418	March 22, 2024
"Run now" action for SIEM rule	2	417	December 22, 2020
Threshold Rule type - not able to send more than three field values in email action	2	415	February 4, 2022
Sizing Parameters for deploying SIEM	1	510	May 14, 2020
AquaSec / TwistLock features for containers?	1	507	March 13, 2020
Question on populating SIEM dashboard with winlogbeat data and Logstash	2	413	October 28, 2020
Journalbeat in Elastic SIEM	2	413	October 1, 2020
Elastic agent log parsing	1	505	July 1, 2021
Elastic SIEM Fields Populate to JIRA Custom Fields elastic-stack-alerting	2	406	January 18, 2021
Assign Single Exception to Multiple Detection Rules detection-rules	2	405	August 13, 2021
Feature request?	2	404	July 29, 2020
Windows 2019: elastic-agent and endpoint security elastic-agent	1	490	December 15, 2020
"Azure Excessive Signin Logs by Azure Identity" unusable azure.signinlogs.identity	2	400	May 10, 2021
How to configure fleet server and enroll agents? fleet	2	399	October 11, 2022
Simulation of Adobe Hijack	2	396	July 14, 2020
Detection Rule - Output of a aggregation bucket should match with other types of logs in the same index detection-rules	1	484	June 25, 2021
Logstash and filebeat	2	394	June 18, 2021
Parse json file elastic-agent	1	480	July 13, 2022
Common File for adding email address in SIEM Detection email action elastic-stack-alerting , detection-rules	2	389	September 26, 2021
Host.hostname field_data issue with SIEM and auditbeat	1	475	May 5, 2020
Elastic siem overview dashboard config	2	387	November 19, 2020
Custom EQL Query where one event happened and another didnt eql-elastic-query-language	1	472	March 7, 2022
Panw module (Palo Alto) ingest reports Object Object.getClass() error because receiver is null	2	385	September 9, 2020
AWS VPC Flow Log integration	1	471	May 4, 2022
Eql query usage in watcher/siem detection rules elastic-stack-alerting	1	471	December 17, 2020
Feedback: Cases	2	376	September 30, 2020
Value Lists as Exception in Threshold and Correlation type rules	2	375	May 11, 2021
Server send security events with WEF and in Authentication tab I don't found all accesses	1	459	March 12, 2020
Decentralised architecture with elastic SIEM	2	374	September 8, 2023
Detector field "beat.hostname" is not an aggregatable field	2	374	November 23, 2021
Signal detection ML rule not working	1	456	September 19, 2020
Ingesting from AWS & Azzure	2	372	December 8, 2020
Considerations about default terms agg for Elastic SIEM Detections histogram	2	372	July 13, 2020
How to discard specific event from storing or correlation in SIEM to save resources	2	366	June 3, 2021
Correlation rules not working elastic-stack-alerting	1	447	May 22, 2021
EQL signal query return with error	2	363	March 25, 2021
The issue in a detection rule	3	311	October 18, 2023
Registering Wasabi as Snapshot repository for ECE cluster	2	359	September 11, 2023
Why `elastic-es-default-0` (which is the pod name for my Elasticsearch) becomes a "host"?	2	357	February 16, 2021
SIEM - "All Hosts" Not showing Operating System	1	435	March 31, 2020
Detection rule CLI error	2	355	May 17, 2021
Packetbeat Alerts	2	354	May 12, 2023
SIEM detection rule apply for difference time	2	352	October 23, 2020
7.6.1 SIEM not showing packetbeat flow asn info	2	347	April 23, 2020
Threshold Rule type - not able to send more than three field values in email action elastic-stack-alerting , detection-rules	1	424	August 31, 2021
Detection alerts not visible to all users	3	298	December 11, 2023
Create a rule or alert to monitor when its not receiving logs by 24 hours?	2	342	September 18, 2023
How to give access to Security Cases of one Kibana Space to the users in another Kibana Space?	2	338	March 12, 2021
Orchestrate Elastic SIEM for training labs docker	3	291	March 27, 2024