Detection's creates the .siem-signals index responsible for housing alerts generated by the system. While it conforms to ECS the fields under signal.* are not documented GitHub - elastic/ecs: Elastic Common Schema. Is there any documentation regarding the field structure and if so where?
1 Like
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.