IDH port scan detection doesn't work

[scient7]

Hello.

I've encountered a problem. After enabling the portscan_x_enabled option in administration->configuration->idh->opencanary->config
I don't receive any alerts in security onion when scanning IDH ports with nmap (without options, just "nmap idh_node_ip"). At the same time, I receive notifications from ssh, ftp and other services when I try to interact with idh
After some googling I came across this discussion (#11875) which recommends importing a playbook to receive a port scan alert. Could you answer a few questions regarding this?

1. Is it true that after enabling the portscan_x_enabled option in the security onion menu, I will still not receive port scan alerts without importing a playbook?
2. Can this playbook be downloaded somewhere, or will I have to write it myself?
3. If it needs to be written, what event code should I use for alerts? (from the playbooks already written I see that some event codes are used for alerts)
4. Can I view port scanning attempts on the idh node itself in the logs?

Thank you very much.

[defensivedepth]

Verify that the logs are being generated as expected - you can view them in Hunt.

[scient7]

Thank you for answer.

Then i try "event.dataset: idh" in Hunt, I don't get any results.
Then i try "event.module: opencanary" I only see my attempts to interact with idh on ports 80 and 22, nothing else

Does this mean that something is not working correctly for me?