|
Threat hunting with suricata, ElasticSecurity
|
|
2
|
814
|
June 14, 2021
|
|
Feature Request: Alert Assignment to user
|
|
2
|
451
|
September 30, 2020
|
|
Siem anomaly detection prebuild jobs
|
|
2
|
800
|
January 30, 2020
|
|
Can I change the primary key for identifying hosts in the SIEM app?
|
|
4
|
618
|
September 1, 2020
|
|
Rules in ElasticSIEM not create signals
|
|
5
|
563
|
May 14, 2020
|
|
Aggregating Case Information
|
|
5
|
562
|
February 11, 2022
|
|
Unusual Process For a Windows Host (rare_process_by_host_windows_ecs)
|
|
5
|
558
|
July 29, 2021
|
|
EQL rules do not work but see hits
|
|
3
|
681
|
March 14, 2022
|
|
Aggregation facility in the detections rules tab?
|
|
2
|
441
|
July 3, 2020
|
|
Auditbeat docker (7.4.2) starts and then terminates with no error
|
|
2
|
779
|
December 17, 2019
|
|
Viewing Pinned Timeline Events
|
|
2
|
776
|
November 22, 2019
|
|
Watch configuration (advance watch - Jason queries for cyber security)
|
|
5
|
539
|
August 31, 2021
|
|
Reporting email action failure from watcher - ELK7.8
|
|
3
|
658
|
April 15, 2021
|
|
How to change query in SIEM
|
|
3
|
658
|
November 18, 2019
|
|
Last Seen timestamp under Hosts section appears to be incorrect
|
|
3
|
658
|
August 8, 2019
|
|
Elastic Detection Actions - any way to add fields?
|
|
2
|
427
|
April 25, 2022
|
|
Edit Telnet port Activity rule
|
|
3
|
647
|
April 19, 2021
|
|
Update field on all SIEM detection Rules in one go
|
|
6
|
485
|
April 18, 2022
|
|
Detection Rule Key Value Reference Url's
|
|
6
|
481
|
June 19, 2021
|
|
Fielddata error preventing Authentications tab populating
|
|
4
|
569
|
October 2, 2019
|
|
NetFlow Traffic from ASA
|
|
2
|
731
|
August 13, 2020
|
|
Opsgenie SIEM Case connector
|
|
2
|
722
|
January 19, 2021
|
|
Detection Rule - Output of a aggregation bucket should match with other types of logs in the same index
|
|
2
|
717
|
February 2, 2022
|
|
Cloudflare integration Logpull not working
|
|
3
|
618
|
June 29, 2022
|
|
Index patterns global and per rule?
|
|
3
|
617
|
November 24, 2020
|
|
SIEM error new install
|
|
2
|
707
|
July 29, 2020
|
|
EQL library where
|
|
2
|
704
|
July 10, 2021
|
|
SIEM Overview Page : Modify Security Settings Kibana
|
|
5
|
491
|
September 7, 2020
|
|
Auditing all Linux clients with centralised server
|
|
4
|
537
|
August 7, 2021
|
|
Rule failure for Windows path exclusions?
|
|
5
|
489
|
January 6, 2021
|
|
Reduce duplicate signals/ alerts
|
|
1
|
846
|
September 26, 2021
|
|
Having SIEM read windows events from non-default index pattern
|
|
3
|
598
|
August 26, 2019
|
|
SIEM feature request
|
|
4
|
533
|
December 8, 2020
|
|
Multiple index search
|
|
6
|
451
|
May 1, 2023
|
|
Remove Ingest Processor
|
|
1
|
473
|
May 31, 2022
|
|
Zeek filebeat - HTTP and TLS events not fully populating
|
|
4
|
530
|
May 9, 2020
|
|
I want to enable the map which is present in SIEM app
|
|
1
|
836
|
January 6, 2020
|
|
Security events and rules matching
|
|
3
|
591
|
August 23, 2022
|
|
Conflict between ECS and SIEM authentication events visualization
|
|
3
|
588
|
February 26, 2020
|
|
Rules failing
|
|
3
|
583
|
January 15, 2024
|
|
Detection not finding anything but same query finds them
|
|
6
|
440
|
March 27, 2021
|
|
SIEM > Detections will not setup
|
|
2
|
672
|
March 11, 2020
|
|
SIEM Infrastructure design
|
|
2
|
673
|
October 28, 2019
|
|
Detection rules CLI
|
|
3
|
580
|
April 29, 2021
|
|
Create a rule to detect number of beats
|
|
5
|
473
|
May 26, 2021
|
|
Customize Columns for SIEM Signals and External Alerts not persistent?
|
|
4
|
518
|
July 23, 2020
|
|
Linux_anomalous_process_all_hosts_ecs apparently not only covering Linux, but full auditbeat
|
|
3
|
576
|
February 3, 2022
|
|
Elastic SIEM cloud data storage location? Canadian Data Residency
|
|
2
|
658
|
October 31, 2022
|
|
Zeek DNS Logs Into Top DNS Domains Section
|
|
2
|
655
|
August 26, 2019
|
|
Defenxor DSIEM for Event Correlation with Logstash
|
|
1
|
798
|
October 28, 2019
|