I have just upgrade my elk to 7.6.0 and I want to test the rules in SIEM, but I just can't load prebuilt detection rules. It said that
// Your visualization has error(s)
Failed to installed pre-packaged rules from elastic
An internal server error occurred
Status Code: 500
Hi wlzylal,
Did you upgrading an existing on premise install of the Elastic Stack? If so, do you have the Kibana log file or console you are running it on close by to peek into it to see if maybe there is more involved error message?
That 500 could be a variety of things such as but not limited to...Networking issues, disk issues, memory issues, etc... Sometimes within the Kibana logs there is a more detailed error message or a collection of other errors that proceeds this one which would help identify what is happening 
Also, do you get the same 500 error message if you try and create a custom rule or just when you try to install the pre-packaged rules?
Oh and of course, welcome to the discuss forums and thanks for taking the time to post your first post!
Thank you for your answer!
I have solved the problem by enabling the settings of ssl and api_key in elasticsearch.yml
like this:
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/certs/elastic-certificates.p12
xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/certs/elastic-certificates.p12
xpack.security.authc.api_key.enabled: true
Adding the TLS configuration for the http endpoint of Elasticsearch did the trick. Thanks!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.