How can I activate intrusion_detection in auditbeat event.category?
When debugging, log.logger occurs as a publisher and the event.category includes intrusion_detection, but when the daemon service is run, the intrusion_detection is not output and only the process is output.
#### intrusion_detection[edit](https://github.com/elastic/ecs/edit/8.4/docs/fields/field-values.asciidoc)
Relating to intrusion detections from IDS/IPS systems and functions, both network and host-based. Use this category to visualize and analyze intrusion detection alerts from systems such as Snort, Suricata, and Palo Alto threat detections.
**Expected event types for category intrusion_detection:**
allowed, denied, info
https://www.elastic.co/guide/en/ecs/8.4/ecs-allowed-values-event-category.html