New "Elastic Defend" integration not recognized by rules (8.6.2)


I'm not able to satisfy the dependency of the "Prebuilt Security Detection Rules" on a fresh installation (on premises) of Elastic and Kibana version 8.6.2:
Rules demand "Endpoint Security" integration being installed - but that is deprected and superseded by the "Elastic Defend" integration. (If you browse available integrations for "endpoint" only the new one shows up...)

I've already deleted all integrations from all policies, added the deprecated one first and then upgraded to the new integration -> no success
Reinstalling the "Prebuilt Security Detection Rules" also didn't do the trick

Installed integrations ("Elastic Defend" which should be version 8.6.1 of "Endpoint"):

Missing integrations (there are many rules demanding "Endpoint" being installed):

One example for a rule damanding the "old" integration:

Another example: rule "Endpoint Security" (the warning about a missing index is NOT my issue here):

Following the link to the missing integration (screenshot above) I get the option to add the old deprecated "Endpoint Security"... (which I tried to add and then upgrade - but that didn't resolve the problem):

any ideas?
kind regards, syk

We're seeing the same thing. I posted just yesterday on it as well.

1 Like

I just replied to the post @Kelly_Slavens

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.