I've made it to the final step of Lab 3 of the "Elastic Security Fundamentals: SIEM". I have been able to successfully complete all of the prior steps up to this point (including installing and configuring the 3 different beat agents), but am finally stuck.
On the final step of Lab 3, Step H, we are to create a custom detection rule. I can follow the instructions to the very end without issue, but when I click "Create & Activate Rule", I am receiving the following error message:
[feature_not_enabled_exception] api keys are not enabled, with { disabled.feature="api_keys" }
However, as a student, I do not have access to the /etc/Elasticsearch folder where I think the configuration file for this setting is stored. In addition to not having access to this config file, even if I was able to enable this feature, I would then also need to enable https for Elasticsearch (I think, based on my research for this issue).
Just to test, I was able to create the rule without activating it. If I then navigate to "Manage Detection Rules" and attempt to activate from here using the toggle, I receive the same error message as above.
Am I doing something wrong, or is Step H unable to currently be completed with the current lab configuration?
Thanks!