Hello team! If possible, you could help us with setting up custom rules for SIEM. We had the following problem: The main idea is to create a rule according to which we would receive notifications when someone from the employee visits the Facebook site. We'd like to create our own signal rules an…

Custom Rules not working

borna_talebi (borna talebi) December 15, 2020, 11:44am 5

You need to use ECS for your mapping when creating custom rules. I had a similar problem too.

1 Like

Topic		Replies	Views
Detection Custom Rule not working SIEM	18	2557	March 28, 2020
SIEM rule not working for custom query SIEM	7	880	December 7, 2020
Adding a custom field in alerts without defining in query Elastic Security detection-rules	13	3777	November 4, 2022
Detections with custom query SIEM detection-rules	15	2361	November 27, 2020
Kibana SIEM and custom indexes SIEM	4	835	February 1, 2022

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.

Custom Rules not working

Related topics