Hello,
I have a machine running Ubuntu 22.04. I have installed HELK with option 4. Everything is working fine.
I want to explore writing queries using EQL. I want to write queries to check if a sequence of events occurred.
I suppose this is available on a normal ELK stack under the Security-> Detect-> Alert/ Rules.
How do I do it with a HELK installation? On the Kibana screen, I dont see the Security option under Management at all.
Or is there some other option available, using KSQL or other tools?
Hello, I have a machine running Ubuntu 22.04. I have installed HELK with option 4. Everything is working fine.
I want to explore writing queries using EQL. I want to write queries to check if a sequence of events occurred. I suppose this is available on a normal ELK stack under the Security-> Detect-> Alert/ Rules.
How do I do it with a HELK installation? On the Kibana screen, I dont see the Security option under Management at all.
Or is there some other option available, using KSQL or other tools?
Thanks in anticipation Raja