Hi everyone,
does anyone have experience with managing prebuilt detection rules with your own index-patterns and exceptions?
Right now I load the prebuilt rules into kibana and then duplicate them in order to add my own index-patterns. (I am using mostly custom logstash Pipelines to integrate my log sources, so none of them are in the preconfigured index-patterns)
However this means I have no way of updating those duplicates, whenever theres a new version of the prebuilt rules available.
Is there a way to update those rule duplicates but keep my custom index-patterns and exception lists? Or even better - is there a proven method of detection rule management that I don't know of?