It seems all pre-configured detection rules are inside of security-analytics jar file.
when you create/import a custom detection rule via UI or API, where is the file stored?
I’m running a opensearch in a docker and want to add my custom rules in there so when i start the opensearch, those rules are already there.
I was originally thinking like put them in a docker volume and mount it to a certain path like users config. /usr/share/opensearch/config/opensearch-security/users.yml
Rule api search (Search rule api)
req / res suggests that it is stored in indices not in file directory.
in which case, i don’t think it can be done; pre-loaded custom rules.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.