Hello,
I want to create a detection rule in Elastic Security that would trigger when no logs have been injested to Elastic for more than 24 hours from a particular host.name.
The idea is to detect potential logging problems on the different hosts.
We currently use Elastic 8.6.0. We don't have the ML functionality available and I don't have access to the Watcher and Index Settings (I don't have admin rights) unfortunately.
I have the option to create detection rules (Custom Query, Threshold, Event Correlation, Indicator Match, New Terms).
Is there a way to achieve this with the current access I have? I believe there is a way to do this with a watcher but if I can avoid it, I would be very happy.