Security Alerts using EQL

Native Security Alerts using EQL syntax

There is a native security alerts based on eql in elasticsearch, but after installing ror plugin i’ve missed possibilty to edit the existing rules or create new ones. Am i doing something wrong?

Elasticsearch && Kibana version 8.7
ROR version 1.48

Hello @ahmetzyanov thanks for reaching out and welcome to ROR forum :slight_smile:

In order to prioritize your request, are you a member of an organisation that is an ROR Enterprise/ ROR PRO subscriber?

Thank you for the fast answer!
No, my organisation is not a ROR subscriber

1 Like

There’s a screenshot of the rule

And there’s a screenshot of inactive “Edit” button

The ROR plugin is typically used to provide read-only access to Elasticsearch for specific use cases, such as allowing external systems to query data without modifying it. However, this restriction can impact your ability to edit or create security rules in Elasticsearch.