Skip to content

Commit

Permalink
[Docs]7.7 SIEM doc updates (#63951) (#64089)
Browse files Browse the repository at this point in the history
* SIEM section doc updates

* corrections

* more corrections
  • Loading branch information
benskelker authored Apr 21, 2020
1 parent 58aa4da commit ee4fa9f
Show file tree
Hide file tree
Showing 3 changed files with 19 additions and 1 deletion.
2 changes: 2 additions & 0 deletions docs/management/advanced-options.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -218,6 +218,8 @@ might increase the search time. This setting is off by default. Users must opt-i
[horizontal]
`siem:defaultAnomalyScore`:: The threshold above which Machine Learning job anomalies are displayed in the SIEM app.
`siem:defaultIndex`:: A comma-delimited list of Elasticsearch indices from which the SIEM app collects events.
`siem:ipReputationLinks`:: A JSON array containing links for verifying the reputation of an IP address. The links are displayed on
{siem-guide}/siem-ui-overview.html#network-ui[IP detail] pages.
`siem:enableNewsFeed`:: Enables the security news feed on the SIEM *Overview*
page.
`siem:newsFeedUrl`:: The URL from which the security news feed content is
Expand Down
Binary file added docs/siem/images/cases-ui.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
18 changes: 17 additions & 1 deletion docs/siem/siem-ui.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ image::siem/images/network-ui.png[]

[float]
[[detections-ui]]
=== Detections (Beta)
=== Detections (beta)

The Detections feature automatically searches for threats and creates
signals when they are detected. Signal detection rules define the conditions
Expand All @@ -50,6 +50,22 @@ or the Detections API.
[role="screenshot"]
image::siem/images/detections-ui.png[]

[float]
[[cases-ui]]
=== Cases (beta)

Cases are used to open and track security issues directly in SIEM.
Cases list the original reporter and all users who contribute to a case
(`participants`). Case comments support Markdown syntax, and allow linking to
saved Timelines. Additionally, you can send cases to external systems from
within SIEM (currently ServiceNow).

For information about opening, updating, and closing cases, see
{siem-guide}/cases-overview.html[Cases] in the SIEM Guide.

[role="screenshot"]
image::siem/images/cases-ui.png[]

[float]
[[timelines-ui]]
=== Timeline
Expand Down

0 comments on commit ee4fa9f

Please sign in to comment.