'Kibana Alerts aknowlidge-store-delete

Could you please help me with alerts in Kibana coming from Wazuh as FIM? I am successfully getting alerts from wazuh agents and showing it in Agent events.

But I am able only to check the alert. There is no button to aknowledge or delete seen alert. As I am new in wazuh monitoring, could you please let me know, how can I store or set aletrs as completed?

Thank you.

kibanawazuh


Solution 1:[1]

The problem is that the alerts are indexed and you can't remove them(you can remove the index). The alerts' purpose is not to be deleted, the alerts allow you to have an "activity history". I think it is good to have all the alerts during the time, even if you have solved or checked that alert.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 roronoasins

Related Questions

Kibana server is not ready yet

Kibana server is not ready yet

Any way(plugin) to parse kibana query syntax to elasticsearch api body?

Disable security on elastic and kibana

Kibana server is not ready yet - [security_exception] unable to authenticate user [elastic]

Unable to access Kibana behind NginX reverse proxy on Docker

Wildcard search in Kibana for string text in message field

Elasticsearch-Kibana docker-compose - Value of "elastic" is forbidden

Run ingress nginx as a reverse proxy for kibana with appid oauth2 provider

What is the best practice using KQL to filter desired attack signature over (web)logs?

Logging to elastic search with serilog and ILogger

aws open search not able to insert data

Draw tree Layout chart in vega

default username in Elastic cloud (kibana) and how to find a password

How to get sum of field1 for unique values of field2 in Kibana