ElasAlert: Rule Mismatch Error After Upgrading to Security Onion 2.4.120

[abcd123chamara]

Hello everyone,

I recently upgraded Security Onion from version 2.4.11 to 2.4.120. After the upgrade, everything seemed to be working fine, but I wasn't seeing any alerts. To address this, I enabled all detection rules, and now I am seeing an error in the Detections section:

🔹 ElasAlert: Rule Mismatch Error

Here is my current setup:
✅ Distributed deployment with Search, Forward, and Receiver nodes, all connected to the Manager node
✅ All detection rules enabled

I’d really appreciate any guidance on how to resolve this ElasAlert: Rule Mismatch issue. Has anyone encountered this before? What troubleshooting steps should I follow to get the alerts working correctly?

Thanks in advance for your help! 🙌

[dougburks]

everything seemed to be working fine, but I wasn't seeing any alerts.

What kind of alerts were you seeing before that you're no longer seeing?

I am seeing an error in the Detections section:
ElasAlert: Rule Mismatch Error

From https://docs.securityonion.net/en/2.4/detections.html#rule-engine-status:
Rule Mismatch: An integrity check process detected a mismatch between the deployed rules and the enabled rules. The SOC log will note the specific mismatched rules.