I followed configuring ingest manager with fleet mode https://www.elastic.co/guide/en/ingest-management/7.9/ingest-management-getting-started.html.
Added End Point Security, Systems and Windows to the default configuration and have one windows agent enrolled and shows online in the Fleel tab. I see no datasets, no end point indicies nor data in the SIEM moduel for that host.
What am I missing?
Added ca.crt to [Certificates - Local Computer Trusted Root Certification Authorities\Certiificates] and seeing data sets in the Integration Module and the machine listed in Security Administration. Still not seeing events for the host in Security.
Needed thie added to advanced setting Security logs-* metrics-*
Thanks for marking this as the solution and updating the thread @frankfoti, not many people do that and just want to point out the awesomeness of it for anyone else encountering this.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.