Hey,
I notices that our siem app has alot of missing features, like the counting query, can we have that like query something then if it pass a threashold then create a detection signal. Since only having able to query the log file to search for something but not how many time they apear is not really useful.
I know that i can use watcher to do that but watcher does not generate signal for me.
Thank.
Hi @lusynda! Threshold-based Rules are currently under development and should be available soon. Follow that issue for updates, and please keep the suggestions and use cases coming! Knowing our users' needs keeps our products great.
Thanks,
--
Ryland
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.