SIEM with Basic License On-Prem?

We have a 3 node cluster on prem 7.6. Couple questions:

  1. Based on the docs we should be able to see and use pre-built detections with only a basic license?
  2. We do need (required to) have tls/ssl set up within the cluster, an encryption key created before we can access / see the detection rules? Is there anything else needed?

any insight that can be shared regarding set up of security in an on-prem situation that enables the default Security functions would be appreciated.


Welcome to the community @R99Stny!

The Elastic Security solution has come a looooong way since the 7.6 release. If you're just getting started with it and want to explore the detection rules before putting them into production, you may consider spinning up a free trial instance on Elastic cloud as an alternative fast-path to experiencing what the latest version has to offer.

Yes, the pre-built detections are free to use with the Basic license. You may also create your own custom detection rules for free with the Basic license.

The Detections prerequisites and requirements guide has the latest documentation for configuring detection rules on a self-managed Elastic Stack.

There doesn't appear to be a 7.6 version of the above guide, so your milage may (greatly) vary if the details in that guide are applied to a 7.6 deployment.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.