IDH with 2.4.20 (manager, searchnode, idh setup) not producing alerts #11581
Replies: 1 comment 2 replies
-
|
Couple things to check:
|
Beta Was this translation helpful? Give feedback.
2 replies
-
|
Hi, In my case all the IDH plays are enabled and I can see IDH Logs in the HUNT Interface, but no alerts in Dashboard... 2.4.20 version. Thanks in advanced |
Beta Was this translation helpful? Give feedback.
-
|
What specific IDH logs do you see in Hunt? |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi,
I have setup a lab with three nodes, one manager, one search node and one IDH node. They all run the latest 2.4.20 ISO as of today. They are working and I can see Elastic Agent events working properly from other lab hosts. The firewall configuration is proper (everyone can talk to whoever they need to talk to).
I have tested the IDH from multiple hosts by scanning and connecting to the simulated services. I can see some process activity with filebeat, but no alerts arrive at the manager node. I don't see any logs being filed with Kibana (no idh dataset events). I inspected the docker container logs for IDH and nothing seems out of the norm.
I would appreciate some debugging instructions as this is quite strange, and I understand IDH is relatively new to SO (introduced this year AFAIK).
How can I verify log ingestion from the IDH node?
How can I verify why the alerts are not being filed?
Thank you!
Beta Was this translation helpful? Give feedback.
All reactions