I have working with the new SIEM module in 7.2 and have been consuming Suricata data with the filebeat module. When reviewing the data in the SIEM view, some fields and tables are empty, where I would expect data to show up.
We have quite a bit of DNS traffic being analyzed by Suricata, and this data shows up in other sections of Kibana. Please let me know if there are troubleshooting steps I can take to resolve this, or if I'm misunderstanding what data should be in these fields.
Thanks!