Dear team, We are actually playing with the detection of elastic and something seems weird for us. We have created a Rule and we add an action in order to populate an index using our collector : [image] We choose all fied found on the documentation in order to have everything and to choose the…

How to exploit rules

georgii (Georgii Gorbachev) March 23, 2023, 10:17am 7

@Iroshu It turns out there's a recent thread where another user had a similar question about reindexing alerts into a separate index.

In that thread, it was suggested that for the time being, the best workaround would be leveraging Logstash pipelines for reindexing alerts elsewhere. Related documentation:

Creating a Logstash pipeline | Logstash Reference [8.11] | Elastic
Elasticsearch input plugin | Logstash Reference [8.11] | Elastic

Topic		Replies	Views
Index/API end point to edit detection rules? SIEM detection-rules	2	564	April 5, 2021
Detection rules SIEM detection-rules	4	679	January 11, 2021
Calling Alerts from Watchers to detection Signals SIEM	15	839	October 29, 2020
Custom Rules not working SIEM elastic-stack-alerting	8	1468	January 13, 2021
Threat Hunting Report for Elasticsearch SIEM	11	1416	October 7, 2020

How to exploit rules

Related topics