Migrate detection alerts enriched with threat intelligence
editMigrate detection alerts enriched with threat intelligence
editAfter upgrading to Elastic Stack version 7.15.x or newer from a release between 7.12.0 and 7.14.2, you need to migrate detection alerts enriched with threat intelligence data to ensure threat intelligence properly displays in Elastic Security.
To migrate detection alerts:
- Ensure that all detection rules are deactivated prior to upgrading your Elastic Stack.
- Upgrade Kibana. See Upgrade Kibana for more information.
- Visit the Overview or Alerts page in Elastic Security to update the detection alert indices.
- Migrate old alerts using the Detection Alerts Migration API.
- Reactivate all detection rules.
Deactivate all detection rules
editTo deactivate all detection rules:
- Find Detection rules (SIEM) in the navigation menu or by using the global search field.
- Click the Select all x rules option above the rules table.
- Click Bulk actions → Disable.
Reactivate all detection rules
editTo reactivate all detection rules:
- Find Detection rules (SIEM) in the navigation menu or by using the global search field.
- Click the Select all x rules option above the rules table.
- Click Bulk actions → Enable.