Prebuilt security rule not working with fleet architecture

Hello All,

first of all thank you for this product, your support and your time. :slight_smile:

I am using the Elastic Stack for a couple month to gather all the logs of my servers and i'm using the fleet server to enroll all of my elastic agent. Everything is working fine except for the prebuilt rules.

I installed all the prebuilt rule in kibana and I enabled all the rules. But I have nothing even when I try the trigger an alert myself.

After some investigation it seems like the rules are using the wrong index pattern (because I use elastic agent):

but the index that I have with the elastic agent are like logs-elastic_agent.*

So do you know if it is an error or if I have to duplicate all the rule myself and change the configuration or If can do anything else?

Thank you for your help :slight_smile:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.