How to use event.category intrusion_detection

How can I activate intrusion_detection in auditbeat event.category?

When debugging, log.logger occurs as a publisher and the event.category includes intrusion_detection, but when the daemon service is run, the intrusion_detection is not output and only the process is output.

#### intrusion_detection[edit](

Relating to intrusion detections from IDS/IPS systems and functions, both network and host-based. Use this category to visualize and analyze intrusion detection alerts from systems such as Snort, Suricata, and Palo Alto threat detections.

**Expected event types for category intrusion_detection:**

allowed, denied, info

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.