A newer version is available. For the latest information, see the
current release documentation.
Migrate detection alerts enriched with threat intelligence
editMigrate detection alerts enriched with threat intelligence
editAfter upgrading to Elastic Stack version 7.15.x from release versions 7.12.0 through 7.14.2, you need to migrate detection alerts enriched with threat intelligence data to ensure threat intelligence properly displays in Elastic Security.
To migrate detection alerts:
- Ensure that all detection rules are deactivated prior to upgrading your Elastic Stack.
- Upgrade Kibana. See Upgrade Kibana for more information.
-
Visit the Overview or Alerts page in Elastic Security to update the
.siem-signals*
index. - Migrate old alerts using the Detection Alerts Migration API.
- Reactivate all detection rules.
Deactivate all detection rules
editTo deactivate all detection rules:
- Go to Detect → Rules.
- Click the Select All Rules button above the All rules table.
- Click Bulk actions → Deactivate selected.
Reactivate all detection rules
editTo reactivate all detection rules:
- Go to Detect → Rules.
- Click the Select All Rules button above the All rules table.
- Click Bulk actions → Activate selected.