Card #374 · Elastic (Elasticsearch / Kibana)
Security Detection Rules failing to generate alerts
Users are experiencing issues where security detection and indicator match rules do not generate alerts despite correct configurations. Some users encounter 'Forbidden' errors, while others suspect license limitations in self-managed clusters.
Pain score
0.15/ 1.00 · weighted product of four components
Reach0.32distinct authors (log-normalized)
Recency1.00freshness decay, half-life months
Engagement1.00upvotes + comments, normalized
Monetization0.50willingness-to-pay cues in evidence
§ Evidence — 4 verified quotes
I am not getting any alerts from this.
Error: Forbidden at Fetch.fetchResponse 15_detectionruleerror
Rule runs successfully (no visible errors) No alerts are generated
Do Indicator Match rules require a higher license tier (e.g., Trial / Platinum) to generate alerts?
Comments are a Pro feature — join the conversation, share what you've shipped, hear what others are building.
Upgrade to Pro