Hello,
I’ve integrated my Wazuh deployment with Elasticsearch, and I’m looking to configure custom rules and policies for managing alerts. Could someone guide me through the process or point me to relevant documentation? I want to ensure alerts are tuned effectively to reduce noise and focus on the most critical security events.
Any tips, examples, or best practices for setting up custom rules and modifying alert policies would be greatly appreciated.
Thank you in advance!