Hi,
Problem: data from filebeat appear in SIEM, but at detection the it just empty and show this notification
"Let’s set up your detection engine
To use the detection engine, a user with the required cluster and index privileges must first access this page. For more help, contact your administrator."
what should i do to setup detection?
Hi @syafeera and welcome to the forums!
Check out this guide here and this should help you understand how to set things up:
https://www.elastic.co/guide/en/siem/guide/current/detection-engine-overview.html#detections-permissions
Hi there, thanks its working now..huhu
Great news!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.