It would, yes (that’s what I do at the moment) but you need to rebuild the alerts ui as stands to make that take effect. I expect we’ll get that fixed very shortly.
> On 28 Sep 2017, at 22:10, Laurens Vets <laur...@daemon.be> wrote: > > I didn't know that only the default sensors are shown. Thanks! > > Which brings me to my next question :) Would editing "export let INDEXES = > ['websphere', 'snort', 'asa', 'bro', 'yaf'];" in > metron/metron-interface/metron-alerts/src/app/utils/constants.ts be enough to > add support for another sensor right now? Or do other files need to be > changed as well to support another sensor? > > > On 2017-09-28 11:52, RaghuMitra Kandikonda wrote: >> Alerts UI shows all the records in the indexes for the following >> sensors 'websphere', 'snort', 'asa', 'bro', 'yaf'. It does not show >> records under .kibana as they are not the alerts generated by the >> system. Usually the index names for the sensors would have a sensor >> name prefix followed by timestamp Ex: snort_index_2017.09.28.18 >> -Raghu >> On Thu, Sep 28, 2017 at 11:08 PM, Laurens Vets <laur...@daemon.be> wrote: >>> Hello, >>> I've got the Alerts UI up and running. However, I do not see any alerts. I >>> can see events in Kibana with "is_alert" set to "true" and with a score as >>> well, but they do not show up in the Alerts UI. >>> How and where does the Alerts UI get actual alerts?
