Configuration Logging - Rules and Alerts #14488
Replies: 1 comment 2 replies
-
|
I may not make myself clear at my question. Simply if I enable or disable a rule at Kibana, a log should be updated somewhere! That doesn't happen so my question is how to fix that if there is a way? |
Beta Was this translation helpful? Give feedback.
2 replies
-
|
What is a Kibana rule? Can you share a screenshot or a list of steps to get to the rules that you're disabling, so we're sure we're talking about the same thing? |
Beta Was this translation helpful? Give feedback.
-
|
Are you talking about SIEM Detection rules in the Security section of Kibana? |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Version
2.4.70
Installation Method
Security Onion ISO image
Description
other (please provide detail below)
Installation Type
Distributed
Location
airgap
Hardware Specs
Meets minimum requirements
CPU
8
RAM
32
Storage for /
1T
Storage for /nsm
1T
Network Traffic Collection
span port
Network Traffic Speeds
1Gbps to 10Gbps
Status
Yes, all services on all nodes are running OK
Salt Status
No, there are no failures
Logs
No, there are no additional clues
Detail
Hello there, I would like to know at what file I can see configuration logs for Kibana rules and alerts (I am not talking about Sigma rules). I cannot find any logs for enabling or disabling Kibana rules. Please advise if there is any further config that should be done at the administration - configuration section to enable that?
Guidelines
Beta Was this translation helpful? Give feedback.
All reactions