Include reference to prebuilt rules for SIEM

I think it would be very valuable to include a directory that loads the prebuilt SIEM rules_export.ndjson file in the filebeat configuration. This way if we need to change the default indicies we could modify the json as needed. Thoughts on this?

I don't understand what you are getting at, but anyhow. You should go and create a Enhancement Request in github.

Make sure you add [Filebeat] so it is label correctly.

I also don't understand what ur asking for. The built-in siem rules have nothing to do with filebeat. The built in rules are compiled into the elasticsearch release, not filebeat.