Hi Everyone,
I do not store my winlogbeat data in the default named indexes (winlogbeat-*) but rather windows_logs-* for ease of management with ILM, log type clarity, etc. I have installed the default kibana dashboards and reconfigured the objects to read from my windows_logs-* index pattern rather than the default, which works fine. How do I get the SIEM module to read and interpret data from the non-standard index pattern? Is there a read alias I could set up to 'trick' the system? Or is there a configuration option I could set?
Thank you!