Hello,
I have been experiencing some issues with Elastic SIEM Network Map Layers. I have configured only indices corporatepfw-ecs-* from which the SIEM app collects events. See the image below.
However, In the SIEM > Network > Map Layers I still see more that on layer of indices, that is corporatepfw-ecs-* and corporatepfw-. In my configurations I have not configured corporatepfw- in SIEM. See the image below.
Kindly assist on how to remove the indices corporatepfw-* in the SIEM > Network > Map Layers. I do not wish to delete the indices corporatepfw-*.
Thanks!
Frank