Failed to installed pre-packaged rules from elastic

I have just upgrade my elk to 7.6.0 and I want to test the rules in SIEM, but I just can't load prebuilt detection rules. It said that

// Your visualization has error(s)

Failed to installed pre-packaged rules from elastic

An internal server error occurred

Status Code: 500

Hi wlzylal,

Did you upgrading an existing on premise install of the Elastic Stack? If so, do you have the Kibana log file or console you are running it on close by to peek into it to see if maybe there is more involved error message?

That 500 could be a variety of things such as but not limited to...Networking issues, disk issues, memory issues, etc... Sometimes within the Kibana logs there is a more detailed error message or a collection of other errors that proceeds this one which would help identify what is happening :crossed_fingers:

Also, do you get the same 500 error message if you try and create a custom rule or just when you try to install the pre-packaged rules?

Oh and of course, welcome to the discuss forums and thanks for taking the time to post your first post!

Thank you for your answer!

I have solved the problem by enabling the settings of ssl and api_key in elasticsearch.yml

like this:
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/certs/elastic-certificates.p12
xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/certs/elastic-certificates.p12
xpack.security.authc.api_key.enabled: true

1 Like

Adding the TLS configuration for the http endpoint of Elasticsearch did the trick. Thanks!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.