Make sure we are searching all clusters when running rules

2025-12-08 02:02:50 +01:00 · 2020-07-24 22:04:30 +00:00
parent 6c9c60b8dd
commit 3ac9f1800b
2 changed files with 2 additions and 2 deletions
--- a/salt/elastalert/files/rules/so/suricata_thehive.yaml
+++ b/salt/elastalert/files/rules/so/suricata_thehive.yaml
@@ -9,7 +9,7 @@ es_host: {{es}}
 es_port: 9200
 name: Suricata-Alert
 type: frequency
-index: "so-ids-*"
+index: "*:so-ids-*"
 num_events: 1
 timeframe:
    minutes: 10
--- a/salt/elastalert/files/rules/so/wazuh_thehive.yaml
+++ b/salt/elastalert/files/rules/so/wazuh_thehive.yaml
@@ -9,7 +9,7 @@ es_host: {{es}}
 es_port: 9200
 name: Wazuh-Alert
 type: frequency
-index: "so-ossec-*"
+index: "*:so-ossec-*"
 num_events: 1
 timeframe:
    minutes: 10