We have a 3 node cluster on prem 7.6. Couple questions:
Based on the docs we should be able to see and use pre-built detections with only a basic license?
We do need (required to) have tls/ssl set up within the cluster, an encryption key created before we can access / see the detection rules? Is there anything else needed?
any insight that can be shared regarding set up of security in an on-prem situation that enables the default Security functions would be appreciated.
The Elastic Security solution has come a looooong way since the 7.6 release. If you're just getting started with it and want to explore the detection rules before putting them into production, you may consider spinning up a free trial instance on Elastic cloud as an alternative fast-path to experiencing what the latest version has to offer.
Yes, the pre-built detections are free to use with the Basic license. You may also create your own custom detection rules for free with the Basic license.
There doesn't appear to be a 7.6 version of the above guide, so your milage may (greatly) vary if the details in that guide are applied to a 7.6 deployment.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.