Hi,
I'm using elastic stack 7.1.1 with x-pack installed and i want to enable siem but cant see the siem section in kibana .
so, please let me know which version of elastic stack supports siem ?
You will need version 7.4 or above
Keep in mind to get the most out of this you will need your beats to be up to 7.4 too and using the ECS.
i have installed Elastic stack of 7.5.1 without x-pack but i am getting the following error while running auditbeat ?
2019-12-30T20:09:35.379+0530 ERROR instance/beat.go:916 Exiting: 2 errors: 1 error: failed to create audit client: failed to get audit status: operation not permitted; 1 error: unable to create DNS sniffer: failed creating af_packet sniffer: operation not permitted
Exiting: 2 errors: 1 error: failed to create audit client: failed to get audit status: operation not permitted; 1 error: unable to create DNS sniffer: failed creating af_packet sniffer: operation not permitted
Please help me solve it.
Auditbeat is FOSS, and if you have setup questions for that you should try the Beats subforum: https://discuss.elastic.co/c/beats/7
The SIEM app in Kibana is Basic licensed: https://www.elastic.co/subscriptions
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.