I've watched the new video at least four times. Super excited about the Detections module release. Great job!!!!

awesome, just as i imagined it in my head! i will look forward to the update, sheesh this will shorten the tuning process by a lot. Thanks to the SO Team!!!

Huge quality of life upgrade thank you I'm really looking forward to updating

Wow, this is a great improvement for tuning. Can't wait to give it a try!

Wow, nice works Security Onion Team!! This will be a much better work flow

This really is a great new feature. Can't wait to try it out.

Oh this will be very useful. Cool feature indeed, thank you!! Two things: 1. Any possibility of adding an optional Elastic Defend/Predefined Rules integration to that Detections menu? Currently it is buried in Kibana and requires some additional digging to add the Predefined Rule integration, then unhide the Security tab Kibana Spaces? 2. Any chance of upgrading the OSquery Manager to the Velociraptor platform to integrate that amazing tool's DFIR capabilities with the SOC/Elastic Agent?

Love it

Is it possible to revert changes through history? Is there a rule validator in the Signarutre field? Will the syntax color highlighting appear?

I can't wait to upgrade! Is there an estimated release date? Great job team!

Is there an in place upgrade option available?

I do not see a way to change severity by one click, or to suppress alert temporarily, or to automatically get IP etc from alert. So it looks as a good step but it is ONLY a FIRST STEP. For example,. we reclassify events in Zabbix all the time, we set up timed reclassifications often, we may need to update a GROUP of Detection rules at once. Idea is great but it looks as very first implementation yet. (Of course I can clone the rule, then change severity in the cloned rule and disable original rule. but why to do it so complicated? or we want to suppress all alerts 'traffic with ... group' whch we do by re: expression today - it's not implemented yet (looks this way) and there are 50+ IP groups and about 10 alerts per group... so what disable can do by single re: rule, detection will require 100 updates (looks like this).