I noticed that alerts are no longer appearing in the Security > Alerts view after a 8.5.2 > 8.8.0 upgrade.
The noisy 'Component Object Model Hijacking' rule is no longer appearing during the usual browser upgrades, and yesterday a malware prevention alert fired on the endpoint (vulnerable driver) but is not in the Security > Alerts view.
However, this alert does appear in the index below:
I don't appear to have any index or datastream errors aside from 'Missing Replica Shards' (single instance test environment)
I DID modify the logs[Managed] index policy - I added a delete phase after 90 days to fit within this test environment, wondering if this infact did break Kibana as the warning would suggest.
Any advice on troubleshooting? Any help would be appreciated, otherwise a fresh instance is my next step.
Thank you!