Prebuilt security detection rules not showing any alters

Hi,

i am trying to work on elasticsearch security. i have installed elastic agent using fleet. Now i have enabled prebuilt security detection rules and status shows as successful when rules are executed however i dont see any alerts generated with respect to these.
i have enabled "hosts file modified" rule.

can anyone please help.

Thanks
Satendra

Hi @satendra1987 , I'm using Elastic Security 8.5 and I have a host, with Elastic Agent, collecting logs and metrics. I enabled the rule you mentioned, went to my linux host and edited the hosts file with vim:

vim /etc/hosts

I waited a few minutes and the rule matched

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.