Hello team! If possible, you could help us with setting up custom rules for SIEM. We had the following problem: The main idea is to create a rule according to which we would receive notifications when someone from the employee visits the Facebook site. We'd like to create our own signal rules an…

Custom Rules not working

borna_talebi (borna talebi) December 15, 2020, 11:44am 5

You need to use ECS for your mapping when creating custom rules. I had a similar problem too.

1 Like

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.