Replies: 1 comment 1 reply
-
|
Do you have custom Sigma rules created? Are ingesting windows events using the Elastic Agent? Are the agents showing as 'Healthy'? In SOC -> Detections if you run a 'Full Update' for ElastAlert does the status change? https://docs.securityonion.net/en/2.4/detections.html#options You can also click on the 'Sync Failed' and it will take you to Hunt with any relevant logs. Are there any errors shown for specific rules? |
Beta Was this translation helpful? Give feedback.
-
|
Custom sigma rules not created. If saw logs, then problems how in screen upper |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hello everyone
I ran into a problem that Windows events are not coming.
During the diagnostics, I found out that ElastAlert is not syncing with me.
During the execution of the docker logs so-elastalert command, an error was detected:
"InsecureRequestWarning: Unverified HTTPS request is being made to host 'ukm-ssec-master'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
warnings.warn("
I went to read the referenced documentation. I don't really understand what to do in it...
I already have Python3 installed.
Help me solve the problem, please
Beta Was this translation helpful? Give feedback.
All reactions