Elastic Security Detection Rule Management - Update of Duplicates

Hi everyone,

does anyone have experience with managing prebuilt detection rules with your own index-patterns and exceptions?

Right now I load the prebuilt rules into kibana and then duplicate them in order to add my own index-patterns. (I am using mostly custom logstash Pipelines to integrate my log sources, so none of them are in the preconfigured index-patterns)
However this means I have no way of updating those duplicates, whenever theres a new version of the prebuilt rules available.

Is there a way to update those rule duplicates but keep my custom index-patterns and exception lists? Or even better - is there a proven method of detection rule management that I don't know of?

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.