- As suggested in the past, for using the KSPM on the SIEM Module, we need to use the Elastic Agent integration for our k8s clusters.
- Now if in case this data is read over CCR, what changes needs to be done other than mapping the index patterns on Security Data view?
- I tried and was disappointed that it does not work. But I feel there is something which needs to be changed than obvious.
- Currently the page asks me to install the integration, but I only need to use the available data which is fetched over CCR.
- I can see this works where the data is locally stored.