Detection-rules

dddddddddddddddd · April 5, 2021, 9:40am

Hi,
i hope this message finds you well , so how to add the project elastic/detection-rules to my elk stack
regards and thanks

Felix_Roessel · April 5, 2021, 2:23pm

Hi

If you use v 7.12:
What you need to do is clicking into detections. (Kibana->Elastic Security->Detections) . Click on Manage rules.
There you find a button to load Pre build Elastic rules.

You can also download 3rd party detection rules like the ones from Sigma:

dddddddddddddddd · April 6, 2021, 3:40pm

thanks for your reply
could you tell me if there is a method to integrate this project (GitHub - elastic/detection-rules: Rules for Elastic Security's detection engine) into my elk stack
regards

Felix_Roessel · April 6, 2021, 4:35pm

Thats what happening when you click on load pre build elastic rules in Kibana as described above

dddddddddddddddd · April 7, 2021, 9:52am

Thanks for your reply
does this features need a paid Xpack or free X-pack is enough ?
regards

Felix_Roessel · April 7, 2021, 10:42am

Its available in the free version. However if you would like to also leverage Machine Learning based rules I recommend to test the Platinum version.

dddddddddddddddd · April 7, 2021, 10:45am

So how much Platinum,Entreprise version cost

Felix_Roessel · April 7, 2021, 2:48pm

You need to fill in the contact form the get those information based on your region you are living

dddddddddddddddd · April 7, 2021, 4:26pm

thank you very much

system · May 5, 2021, 4:27pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.