[Docs]7.7 SIEM doc updates #63951
Merged
[Docs]7.7 SIEM doc updates #63951
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
benskelker
added
release_note:skip
|
@andrew-goldstein can you review the advanced settings update? Thanks |
10 tasks
gchaps
reviewed
Apr 20, 2020
| @@ -217,6 +217,9 @@ might increase the search time. This setting is off by default. Users must opt-i | |||
| [horizontal] | |||
| `siem:defaultAnomalyScore`:: The threshold above which Machine Learning job anomalies are displayed in the SIEM app. | |||
| `siem:defaultIndex`:: A comma-delimited list of Elasticsearch indices from which the SIEM app collects events. | |||
| `siem:ipReputationLinks`:: A JSON array containing links for verifying an IP | |||
| address’s reputation. The links are displayed on | |||
There was a problem hiding this comment.
IP address's reputation > the reputation of an IP address?
docs/siem/siem-ui.asciidoc
Outdated
| @@ -50,6 +50,22 @@ or the Detections API. | |||
| [role="screenshot"] | |||
| image::siem/images/detections-ui.png[] | |||
|
|
|||
| [float] | |||
| [[cases-ui]] | |||
| === Cases (Beta) | |||
There was a problem hiding this comment.
suggest removing Beta from the title and using this in the first line:
beta:[] Cases are used to open...
That way, you will get a definition of what it means for a feature to be in beta. If you do that, you'll also have to make the change for Detections earlier in the page.
If you keep beta in the title, we use beta (lower case b)
docs/siem/siem-ui.asciidoc
Outdated
| [[cases-ui]] | ||
| === Cases (Beta) | ||
|
|
||
| Cases are used to open and track security issues directly in the {siem-app}. |
There was a problem hiding this comment.
We try to avoid using the word app in the Kibana docs and use the name alone, in this case, SIEM.
docs/siem/siem-ui.asciidoc
Outdated
| === Cases (Beta) | ||
|
|
||
| Cases are used to open and track security issues directly in the {siem-app}. | ||
| They list the original reporter and all users who contribute to a case |
docs/siem/siem-ui.asciidoc
Outdated
|
|
||
| Cases are used to open and track security issues directly in the {siem-app}. | ||
| They list the original reporter and all users who contribute to a case | ||
| (`participants`). Case comments support markdown syntax, and allow linking to |
|
@gchaps |
gchaps
approved these changes
Apr 20, 2020
docs/siem/siem-ui.asciidoc
Outdated
| [[cases-ui]] | ||
| === Cases (beta) | ||
|
|
||
| Cases are used to open and track security issues directly in the SIEM. |
docs/siem/siem-ui.asciidoc
Outdated
| [[cases-ui]] | ||
| === Cases (beta) | ||
|
|
||
| Cases are used to open and track security issues directly in the SIEM. |
docs/siem/siem-ui.asciidoc
Outdated
| Cases list the original reporter and all users who contribute to a case | ||
| (`participants`). Case comments support Markdown syntax, and allow linking to | ||
| saved Timelines. Additionally, you can send cases to external systems from | ||
| within the {siem-app} (currently ServiceNow). |
There was a problem hiding this comment.
should also replace {siem-app} here with SIEM.
andrew-goldstein
approved these changes
Apr 21, 2020
This was referenced Apr 21, 2020
benskelker
added a commit
to benskelker/kibana
that referenced
this pull request
Apr 21, 2020
* SIEM section doc updates * corrections * more corrections
benskelker
added a commit
to benskelker/kibana
that referenced
this pull request
Apr 21, 2020
* SIEM section doc updates * corrections * more corrections
benskelker
added a commit
that referenced
this pull request
Apr 21, 2020
benskelker
added a commit
that referenced
this pull request
Apr 21, 2020
gmmorris
added a commit
to gmmorris/kibana
that referenced
this pull request
Apr 22, 2020
* master: (29 commits) [Dashboard] Deangularize navbar, attempt nr. 2 (elastic#61611) refactor action filter creation utils (elastic#62969) Refresh index pattern list before redirecting (elastic#63329) [APM]fixing custom link unit tests (elastic#64045) [Ingest] EPM & Fleet are enabled when Ingest is enabled (elastic#64103) [Alerting] Fixed bug with no possibility to edit the index name after adding (elastic#64033) [Maps] Map settings: min and max zoom (elastic#63714) [kbn-storybook] Use raw loader for text files (elastic#64108) [EPM] /packages/{package} endpoint to support upgrades (elastic#63629) [SIEM] New Platform Saved Objects Registration (elastic#64029) [Endpoint] Hook to handle events needing navigation via Router (elastic#63863) Fixed small issue in clone functionality (elastic#64085) [Endpoint]EMT-146: use ingest agent for status info (elastic#63921) [SIEM] Server NP Followup (elastic#64010) Register uiSettings on New Platform (elastic#64015) [Reporting] Integration polling config with client code (elastic#63754) [Docs]7.7 SIEM doc updates (elastic#63951) [SIEM] [Cases] Tags suggestions (elastic#63878) Include datasource UUID in agent config yaml, adjust overflow height of yaml view (elastic#64027) [DOCS] Add file size setting for Data Visualizer (elastic#64006) ...
gmmorris
added a commit
to gmmorris/kibana
that referenced
this pull request
Apr 22, 2020
…ana into task-manager/cancel-logging * 'task-manager/cancel-logging' of github.com:gmmorris/kibana: (28 commits) [Dashboard] Deangularize navbar, attempt nr. 2 (elastic#61611) refactor action filter creation utils (elastic#62969) Refresh index pattern list before redirecting (elastic#63329) [APM]fixing custom link unit tests (elastic#64045) [Ingest] EPM & Fleet are enabled when Ingest is enabled (elastic#64103) [Alerting] Fixed bug with no possibility to edit the index name after adding (elastic#64033) [Maps] Map settings: min and max zoom (elastic#63714) [kbn-storybook] Use raw loader for text files (elastic#64108) [EPM] /packages/{package} endpoint to support upgrades (elastic#63629) [SIEM] New Platform Saved Objects Registration (elastic#64029) [Endpoint] Hook to handle events needing navigation via Router (elastic#63863) Fixed small issue in clone functionality (elastic#64085) [Endpoint]EMT-146: use ingest agent for status info (elastic#63921) [SIEM] Server NP Followup (elastic#64010) Register uiSettings on New Platform (elastic#64015) [Reporting] Integration polling config with client code (elastic#63754) [Docs]7.7 SIEM doc updates (elastic#63951) [SIEM] [Cases] Tags suggestions (elastic#63878) Include datasource UUID in agent config yaml, adjust overflow height of yaml view (elastic#64027) [DOCS] Add file size setting for Data Visualizer (elastic#64006) ...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Updates the SIEM section of the Kibana docs for 7.7.
Checklist
Delete any items that are not applicable to this PR.
[skip-ci]