Hi,
i am trying to work on elasticsearch security. i have installed elastic agent using fleet. Now i have enabled prebuilt security detection rules and status shows as successful when rules are executed however i dont see any alerts generated with respect to these.
i have enabled "hosts file modified" rule.
can anyone please help.
Thanks
Satendra
Hi @satendra1987 , I'm using Elastic Security 8.5 and I have a host, with Elastic Agent, collecting logs and metrics. I enabled the rule you mentioned, went to my linux host and edited the hosts file with vim:
I waited a few minutes and the rule matched
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
