Hi, I am trying to use detection rules in Kibana. I am testing it on predefined rules under Security module. To be exact " User Account Creation" . I am using winlog to send out data to kibana. I see user creation event under discovery and on dashboards but detection rules are not working.
Do detection rules work with beats or only fleet? How to configure a simple detection rule that will detect new user creation?
From here it looks like it should work with Winlog
Usefully info, but rule is not working. How can I troubleshoot it?