I am reletively new to Elastic SIEM. I have dont some formal training with elastic (2 day entry course) along with the online SIEM fundamentals course. I am also a certifice GIAC GCDA. Our operations team have primarily being using elastic for some time and we have our own RBAC setup dedicated for security. The elastic stack itself has alot of data in it which is being mainly taken in from winlogbeats agents. I woudl like to take a look at the SIEM module for windows event log based on already indexed data in elastic but when I go to SIEM it doesnt recognise that the elastic stack already has lots of data from winlogbeats. When I go to the SIEM module it promts me to add data from the various apps. Any idea what I need to do in order to get the already ingested data in elastic to appear in the SIEM dashboard?