Hello team! If possible, you could help us with setting up custom rules for SIEM. We had the following problem: The main idea is to create a rule according to which we would receive notifications when someone from the employee visits the Facebook site. We'd like to create our own signal rules an…

Custom Rules not working

borna_talebi (borna talebi) December 15, 2020, 11:44am 5

You need to use ECS for your mapping when creating custom rules. I had a similar problem too.

1 Like

Topic		Replies	Views
Adding a custom field in alerts without defining in query Elastic Security detection-rules	13	3349	November 4, 2022
SIEM rule not working for custom query SIEM	7	854	December 7, 2020
Detection Custom Rule not working SIEM elastic-stack-alerting , detection-rules	8	1370	May 27, 2021
Issue with rules creation SIEM detection-rules	15	1717	May 5, 2022
How to create a Security Rule (SIEM) for Custom Logs Integration Elastic Security	1	131	August 23, 2023

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.

Custom Rules not working

Related topics