Migrate detection alerts enriched with threat intelligenceedit

After upgrading to Elastic Stack version 7.15.x or newer from a release between 7.12.0 and 7.14.2, you need to migrate detection alerts enriched with threat intelligence data to ensure threat intelligence properly displays in Elastic Security.

To migrate detection alerts:

  1. Ensure that all detection rules are deactivated prior to upgrading your Elastic Stack.
  2. Upgrade Kibana. See Upgrade Kibana for more information.
  3. Visit the Overview or Alerts page in Elastic Security to update the detection alert indices.
  4. Migrate old alerts using the Detection Alerts Migration API.
  5. Reactivate all detection rules.

Deactivate all detection rulesedit

To deactivate all detection rules:

  1. Go to RulesDetection rules (SIEM).
  2. Click the Select all x rules option above the rules table.
  3. Click Bulk actionsDisable.

Reactivate all detection rulesedit

To reactivate all detection rules:

  1. Go to RulesDetection rules (SIEM).
  2. Click the Select all x rules option above the rules table.
  3. Click Bulk actionsEnable.