When I'm on the Detection & Response page, I am seeing alerts for various SIEM rules. However; when I go to the Alerts page, I only see alerts from the Threat Intelligence alerts. No other alerts are displayed.
Can you share more information about your setup?
- What version of Kibana are you running?
- Which pages specifically do you mean by "Detection & Response page" and "Alerts page"? The "Alerts page" sounds like the first one shown here, can you confirm?
- Is the KQL filter bar empty on the Alerts page? Are any other filters being applied? If you hover the mouse near "Additional filters" an "Inspect" button should appear and let you see the actual query that's being made to populate the alerts table. This may provide more insights into what's going on.
I'm on 8.10.
Your link helped. I had the Additional Filter enabled to only show threat indicator events. I simply had to de-select that.
Can't believe I missed that Thanks!
1 Like
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.