Auditbeat Version 8.4.1 event.category

Auditbeat version 8.4.1 is in use.
When debugging, event.category occurs as ["intrusion_detection", "process"] When running the auditbeat daemon service, event.category appears only as process, what should I set in auditbeat.yml if I want to hand over the intrusion_detection?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.