Hi all,
We have implemented an instance of Elastic SIEM in our environment, and we're already receiving data on it that we can see in Kibana's tab, but if going to Security tab, only displays the welcome page to add agents (which aren't really needed at this point as we already have data we would like to show there)
If I go to Kibana tab/options I can see the data received, but not in the Security tabs/options
Using Stack Management 7.16.3
Thanks in advance
Hey, which indexes had data?
As I understand it's looking for data in securitySolution:defaultIndex
By default it's "apm--transaction, traces-apm*, auditbeat-, endgame-, filebeat-, logs-, packetbeat-, winlogbeat-"
You can also change this value in Advanced Settings.
Awesome, thank you so much for your reply!
Thank to that I was able to include the index where we have all the info stored as it wasn't the default ones.
Additional detail for someone else looking at this and could be helpful
Location of the field mentioned by Nikita, going by GUI:
Management > Kibana > Advanced Settings > Security Solution > Elasticsearch indices
Best Regards
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
