We have implemented an instance of Elastic SIEM in our environment, and we're already receiving data on it that we can see in Kibana's tab, but if going to Security tab, only displays the welcome page to add agents (which aren't really needed at this point as we already have data we would like to show there)
As I understand it's looking for data in securitySolution:defaultIndex
By default it's "apm--transaction, traces-apm*, auditbeat-, endgame-, filebeat-, logs-, packetbeat-, winlogbeat-"
You can also change this value in Advanced Settings.
Awesome, thank you so much for your reply!
Thank to that I was able to include the index where we have all the info stored as it wasn't the default ones.
Additional detail for someone else looking at this and could be helpful
Location of the field mentioned by Nikita, going by GUI:
Management > Kibana > Advanced Settings > Security Solution > Elasticsearch indices
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.