SIEM - Discuss the Elastic Stack

Topic	Replies	Views	Activity
Find exceptions in indices	1	279	October 6, 2021
Filter Alerts by data_stream.namespace	1	269	October 19, 2023
ServiceNow SecOps connector	1	268	December 28, 2023
Packetbeat 7.14.1 process.env not added to the document	1	265	October 6, 2021
EQL sequence detection on windows and cloudtrail	1	245	November 16, 2023
Problem with security timelines for alias	1	244	October 25, 2023
Elastic Security - what is the difference between adding something to the fleet, and a host / endpoint?	1	241	December 25, 2023
Assign current user to acknowledged alert / Elastic Security painless	1	239	June 22, 2023
List all Rules Exceptions	4	145	September 26, 2024
Publish data to Elastic SIEM	4	142	August 5, 2024
System Virtual Process Detection Rule	2	176	May 17, 2024
How to detect abnormal User behaviour (sequence of actions)	4	124	June 21, 2025
The suricata results shown on the [filebeat dashboard] are different from the results shown in the [security -> alerts] on kibana	2	152	October 29, 2024
Detecting inital of breach	2	150	July 9, 2024
Elastic Agent - Ship Windows logs for SIEM	1	183	May 2, 2024
Carbon Black Cloud: CEL alert_v7 400 bad request	6	92	October 25, 2024
How to Retrieve More Than 10K Records in EQL (_eql/search)? (Elasticsearch 7.10.1)	2	73	March 11, 2025
Correlation Query for spam email - not working	1	150	March 26, 2024
Create Detection Rules via TF	1	146	May 21, 2024
Detection Rules Integration Dependencies	5	82	November 13, 2024
Notification from machine learning job per anomaly score	1	140	May 8, 2024
Elastic SIEM Detection Rules	2	113	December 10, 2024
Log Stoppage Monitoring	1	133	May 27, 2024
Fortigate not listed under "Network events" in Security	4	84	August 21, 2025
Share cases between spaces	1	131	May 9, 2024
Regarding Cross cluster replication	5	73	January 21, 2025
Machine learning rules : where to apply the high_non_zero_count function	1	119	May 27, 2024
How to import suricate.rules into SIEM deteciton rules?	2	95	October 29, 2024
Cannot view alerted log in security alert	5	65	November 19, 2024
Versions of components used in elasticsearch:8.12.2 and 8.12.0 docker	1	109	July 17, 2024
My low priority alerts are not showing in alerts?	2	88	September 2, 2024
EQL Detection Rule issues	2	85	May 2, 2025
After upgrading Elastic SIEM to version 8.17.2 a lot security alerts are not being displayed.	1	55	March 27, 2025
Least-Privilege To View All Server Asset Sending Logs	1	97	June 5, 2024
Maximum Number of Cases Template on Elastic SIEM	3	67	August 21, 2025
Security Case Data for Custom Dashboard	2	77	October 3, 2024
Sysmon registry logs don't get to elastic windows	1	88	March 19, 2025
Does Common Event Format (CEF) not allow a custom ingestion pipeline?	5	49	May 9, 2025
Closing an alert in Elastic Security without using the GUI	1	83	April 21, 2025
Hunt dashboard dashboard	1	73	September 26, 2024
Unable to source and feed in the correct information in src country	6	39	September 1, 2024
Question About the ‘Supplied Configurations’ Section in Anomaly Detection for Time Series Data with Machine Learning on Elastic Cloud 8.17	5	42	January 30, 2025
FIM and Windows Updates Best Practices	1	70	October 9, 2024
Is there a way to correlate FortiGate logs?	2	53	August 17, 2025
Cef log with custom udp integration	5	37	June 19, 2025
Elastic and AlienVault OTX integration	2	51	August 21, 2025
Create new Event Renderers	2	47	April 3, 2025
How to reduce false/positives for prebuilt Windows Security ML jobs?	1	49	March 14, 2025
ML anomaly detection alert	1	48	April 22, 2025
Import ingest pipeline	2	39	June 3, 2025