我的弹性搜索未使用弹性代理显示任何数据

tag-icon tag-icon elasticsearch kibana
我的弹性搜索未使用弹性代理显示任何数据

令人惊讶的是,我的具有基本许可证的 elastic 版本 7.15 安装了 fleet 服务器,然后使用 elastic-endpoint 和 windows 集成配置了 windows-policy。已启用所有规则;但是我没有看到任何日志安全应用程序。我专门使用 feet 服务器来注册代理并收集 windows 日志。已在我的域控制器和 ADC 上添加了 windows 代理,但仍然看不到任何日志。

知道为什么吗?另外,我在 kibana.log 中持续看到以下日志。

{"type":"log","@timestamp":"2021-10-07T22:43:49+05:30","tags":["info","plugins","securitySolution"],"pid":1102,"message":"[+] Finished indexing 0  signals searched between date ranges [\n  {\n    \"to\": \"2021-10-07T17:13:49.667Z\",\n    \"from\": \"2021-10-07T17:04:49.667Z\",\n    \"maxSignals\": 100\n  }\n] name: \"SystemKey Access via Command Line\" id: \"c2c1fbc1-229f-11ec-803f-17c1b2345c64\" rule id: \"d75991f2-b989-419d-b797-ac1e54ec2d61\" signals index: \".siem-signals-default\""}
{"type":"log","@timestamp":"2021-10-07T22:43:49+05:30","tags":["error","plugins","securitySolution"],"pid":1102,"message":"An error occurred during rule execution: message: \"index_not_found_exception: [verification_exception] Reason: Found 1 problem\nline -1:-1: Unknown index [*,-*]\" name: \"Clearing Windows Event Logs\" id: \"c2c1fbd5-229f-11ec-803f-17c1b2345c64\" rule id: \"d331bbe2-6db4-4941-80a5-8270db72eb61\" signals index: \".siem-signals-default\""}
 {"type":"log","@timestamp":"2021-10-07T23:21:53+05:30","tags":["error","plugins","securitySolution"],"pid":10188,"message":"An error occurred during rule execution: message: \"index_not_found_exception: [verification_exception] Reason: Found 1 problem\nline -1:-1: Unknown index [*,-*]\" name: \"Suspicious PrintSpooler Service Executable File Creation\" id: \"c2c2710c-229f-11ec-803f-17c1b2345c64\" rule id: \"5bb4a95d-5a08-48eb-80db-4c3a63ec78a8\" signals index: \".siem-signals-default\""}
{"type":"log","@timestamp":"2021-10-07T23:21:53+05:30","tags":["error","plugins","securitySolution"],"pid":10188,"message":"An error occurred during rule execution: message: \"index_not_found_exception: [verification_exception] Reason: Found 1 problem\nline -1:-1: Unknown index [*,-*]\" name: \"Unusual File Creation - Alternate Data Stream\" id: \"c2c41eb3-229f-11ec-803f-17c1b2345c64\" rule id: \"71bccb61-e19b-452f-b104-79a60e546a95\" signals index: \".siem-signals-default\""}
{"type":"log","@timestamp":"2021-10-07T23:21:53+05:30","tags":["error","plugins","securitySolution"],"pid":10188,"message":"An error occurred during rule execution: message: \"index_not_found_exception: [verification_exception] Reason: Found 1 problem\nline -1:-1: Unknown index [*,-*]\" name: \"Persistence via WMI Standard Registry Provider\" id: \"c2c445ba-229f-11ec-803f-17c1b2345c64\" rule id: \"70d12c9c-0dbd-4a1a-bc44-1467502c9cf6\" signals index: \".siem-signals-default\""}
{"type":"log","@timestamp":"2021-10-07T23:21:53+05:30","tags":["error","plugins","securitySolution"],"pid":10188,"message":"An error occurred during rule execution: message: \"index_not_found_exception: [verification_exception] Reason: Found 1 problem\nline -1:-1: Unknown index [*,-*]\" name: \"Microsoft Exchange Worker Spawning Suspicious Processes\" id: \"c2c445b7-229f-11ec-803f-17c1b2345c64\" rule id: \"f81ee52c-297e-46d9-9205-07e66931df26\" signals index: \".siem-signals-default\""}
{"type":"log","@timestamp":"2021-10-07T23:21:53+05:30","tags":["error","plugins","securitySolution"],"pid":10188,"message":"An error occurred during rule execution: message: \"index_not_found_exception: [verification_exception] Reason: Found 1 problem\nline -1:-1: Unknown index [*,-*]\" name: \"Persistence via Microsoft Outlook VBA\" id: \"c2c3345f-229f-11ec-803f-17c1b2345c64\" rule id: \"397945f3-d39a-4e6f-8bcb-9656c2031438\" signals index: \".siem-signals-default\""}
{"type":"log","@timestamp":"2021-10-07T23:21:53+05:30","tags":["error","plugins","securitySolution"],"pid":10188,"message":"An error occurred during rule execution: message: \"index_not_found_exception: [verification_exception] Reason: Found 1 problem\nline -1:-1: Unknown index [*,-*]\" name: \"Persistence via KDE AutoStart Script or Desktop File Modification\" id: \"c2c3f7a8-229f-11ec-803f-17c1b2345c64\" rule id: \"e3e904b3-0a8e-4e68-86a8-977a163e21d3\" signals index: \".siem-signals-default\""}
{"type":"log","@timestamp":"2021-10-07T23:21:53+05:30","tags":["error","plugins","securitySolution"],"pid":10188,"message":"An error occurred during rule execution: message: \"index_not_found_exception: [verification_exception] Reason: Found 1 problem\nline -1:-1: Unknown index [*,-*]\" name: \"Installation of Security Support Provider\" id: \"c2c3344f-229f-11ec-803f-17c1b2345c64\" rule id: \"e86da94d-e54b-4fb5-b96c-cecff87e8787\" signals index: \".siem-signals-default\""}

相关内容