Elastic Detections permissions issues

Hi @yarooski - thank you for using Elastic Security!

You will need to ensure that you are logging in as a user who has all of the required permissions for the signals index. After logged in as a user with the required permissions, you need to visit the detections page to enable the engine.

Take a look at this documentation: https://www.elastic.co/guide/en/security/current/detections-permissions-section.html
Especially, take a look at the "Enable Detections" section as it has details on the permissions you must have when you visit the detections page.

Additionally, take a look at this discussion thread which troubleshoots some similar issues. SIEM detection engine is not getting started

Let me know if that helps, thanks!

  • Kevin