Migrate detection alerts enriched with threat intelligenceedit

After upgrading to Elastic Stack version 7.15.x from a release between 7.12.0 and 7.14.2, you need to migrate detection alerts enriched with threat intelligence data to ensure threat intelligence properly displays in Elastic Security.

To migrate detection alerts:

  1. Ensure that all detection rules are deactivated prior to upgrading your Elastic Stack.
  2. Upgrade Kibana. See Upgrade Kibana for more information.
  3. Visit the Overview or Alerts page in Elastic Security to update the .siem-signals* index.
  4. Migrate old alerts using the Detection Alerts Migration API.
  5. Reactivate all detection rules.

Deactivate all detection rulesedit

To deactivate all detection rules:

  1. Go to DetectRules.
  2. Click the Select All Rules button above the All rules table.
  3. Click Bulk actionsDeactivate selected.

Reactivate all detection rulesedit

To reactivate all detection rules:

  1. Go to DetectRules.
  2. Click the Select All Rules button above the All rules table.
  3. Click Bulk actionsActivate selected.