That's not a bad idea. In the code we always look for .siem-signals-${space-id} such as .siem-signals-default within SIEM if that helps you out planning a strategy.
Happy to hear you're a very experienced beats person! 
That's not a bad idea. In the code we always look for .siem-signals-${space-id} such as .siem-signals-default within SIEM if that helps you out planning a strategy.
Happy to hear you're a very experienced beats person!
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.