Elastic Security - Host No longer logging Alert


I want to create a detection rule in Elastic Security that would trigger when no logs have been injested to Elastic for more than 24 hours from a particular host.name.

The idea is to detect potential logging problems on the different hosts.

We currently use Elastic 8.6.0. We don't have the ML functionality available and I don't have access to the Watcher and Index Settings (I don't have admin rights) unfortunately.

I have the option to create detection rules (Custom Query, Threshold, Event Correlation, Indicator Match, New Terms).

Is there a way to achieve this with the current access I have? I believe there is a way to do this with a watcher but if I can avoid it, I would be very happy.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.