Hello,
Could someone explain me to which agent policy should I apply this integration taking into account that I have a separate server for each instance?
1 Logstash server
1 Elasticsearch server
1 Kibana server
1 Fleet server
Additionally I would appreciate if someone could clarify me if what I consider is right or wrong regarding this integration I understand that it activates additional rules for the “Security” section that are not by default and that are additional?
Thanks
You do not actually need to add this to an integration policy -- it can be slightly confusing but to download or update the rules, open the "pre built security rules" integration and instead of clicking the normal add pre built... button, instead click Settings > Install Prebuilt Security Detection Rules assets . Then import(external, opens in a new tab or window) the rules into the Detection engine.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
