CCR KSPM Data

karnamonkster · October 9, 2024, 2:53pm

As suggested in the past, for using the KSPM on the SIEM Module, we need to use the Elastic Agent integration for our k8s clusters.
Now if in case this data is read over CCR, what changes needs to be done other than mapping the index patterns on Security Data view?
I tried and was disappointed that it does not work. But I feel there is something which needs to be changed than obvious.
Currently the page asks me to install the integration, but I only need to use the available data which is fetched over CCR.
I can see this works where the data is locally stored.

Topic		Replies	Views
Cross cluster search for SIEM rules Elastic Security	2	143	June 9, 2024
CSPM third Party SIEM	2	440	January 22, 2023
Detection Rules, Signals and CCS Elastic Security	3	414	October 6, 2020
CCR between 2 Elastic clusters in different K8s clusters Elasticsearch docker , ccr-cross-cluster-replication	1	724	April 12, 2021
Kubernetes integration does not work on Elasticsearch/Kibana ver. 8.6.2 (SSL issue) Elastic Agent integrations	16	1687	March 30, 2023