Security Analytics enables users for detecting security threats on their security event log data. It will also allow them to modify/tailor the pre-packaged solution.
Apache License 2.0
72
stars
74
forks
source link
[BUG] Missing indices / datastreams in Configure logs scan #1329
What is the bug?
I only have access to security-auditlog-* indices in Select Index/Aliases in Configure logs scan
How can one reproduce the bug?
Steps to reproduce the behavior:
Go to 'Security Analytics --> Threat Intelligence --> Configure scan'
Click on 'Select Indexes/Aliases'
Datastreams and indices starting with '.' are not displayed
What is the expected behavior?
A clear and concise description of what you expected to happen.
What is your host/environment?
OS: Debian 12
Version 2.16 and 2.17
Plugins
Do you have any additional context?
It seems that there is an issue with Datastreams and Indices starting with . (so it's impossible to add indices created by datastreams)
It's recommended to use Aliases and Datastreams, but none of them are displayed in the dropdown list...
[Aliases](https://opensearch.org/docs/latest/im-plugin/index-alias) and [data streams](https://opensearch.org/docs/latest/im-plugin/data-streams/) are recommended for optimal threat intel scans.
What is the bug? I only have access to
security-auditlog-*
indices in Select Index/Aliases in Configure logs scanHow can one reproduce the bug? Steps to reproduce the behavior:
What is the expected behavior? A clear and concise description of what you expected to happen.
What is your host/environment?
Do you have any additional context? It seems that there is an issue with Datastreams and Indices starting with
.
(so it's impossible to add indices created by datastreams) It's recommended to use Aliases and Datastreams, but none of them are displayed in the dropdown list...[Aliases](https://opensearch.org/docs/latest/im-plugin/index-alias) and [data streams](https://opensearch.org/docs/latest/im-plugin/data-streams/) are recommended for optimal threat intel scans.