Confused - Elastic Security Detection Engine & Rules

[cukal]

I used 2.3 for a while but it was too heavy on the endpoint managing requirements (osquery, Beats, and Wazuh). 2.4 is whole lot easier in enrolling endpoints through Fleet but I'm confused. I was under the impression that 2.4 would also include Elastic Security Detection Engine & the predefined rules running on top of the fleet agents etc? I installed 2.4, enrolled a few agents and tried to checkout the rules but alas, there doesn't seem to be a way to use/import the predefined ruleset but only an option to manually create rules?
Any enlightenment is highly appreciated.

[cukal]

For future reference: https://www.elastic.co/guide/en/kibana/master/xpack-spaces.html#spaces-control-feature-visibility
It's not enabled by default.

[dougburks]

I used 2.3 for a while but it was too heavy on the endpoint managing requirements (osquery, Beats, and Wazuh).

To be clear, 2.3 did not require you to use all 3 of those endpoint agents. The intention was that you would pick 1 of the 3. From https://docs.securityonion.net/en/2.3/host.html:
You can send logs to Security Onion via your choice of either osquery, Beats, Wazuh, or Syslog

2.4 is whole lot easier in enrolling endpoints through Fleet but I'm confused. I was under the impression that 2.4 would also include Elastic Security Detection Engine & the predefined rules running on top of the fleet agents etc? I installed 2.4, enrolled a few agents and tried to checkout the rules but alas, there doesn't seem to be a way to use/import the predefined ruleset but only an option to manually create rules?

From https://docs.securityonion.net/en/2.4/kibana.html#features:
You can enable or disable specific features by clicking the main menu in the upper left corner, then click Stack Management, then click Spaces, then click Default. For more information, please see https://www.elastic.co/guide/en/kibana/master/xpack-spaces.html#spaces-control-feature-visibility.