Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Docs]7.7 SIEM doc updates #63951

Merged
merged 3 commits into from
Apr 21, 2020
Merged
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions docs/management/advanced-options.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -217,6 +217,8 @@ might increase the search time. This setting is off by default. Users must opt-i
[horizontal]
`siem:defaultAnomalyScore`:: The threshold above which Machine Learning job anomalies are displayed in the SIEM app.
`siem:defaultIndex`:: A comma-delimited list of Elasticsearch indices from which the SIEM app collects events.
`siem:ipReputationLinks`:: A JSON array containing links for verifying the reputation of an IP address. The links are displayed on
{siem-guide}/siem-ui-overview.html#network-ui[IP detail] pages.
`siem:enableNewsFeed`:: Enables the security news feed on the SIEM *Overview*
page.
`siem:newsFeedUrl`:: The URL from which the security news feed content is
Expand Down
Binary file added docs/siem/images/cases-ui.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
18 changes: 17 additions & 1 deletion docs/siem/siem-ui.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ image::siem/images/network-ui.png[]

[float]
[[detections-ui]]
=== Detections (Beta)
=== Detections (beta)

The Detections feature automatically searches for threats and creates
signals when they are detected. Signal detection rules define the conditions
Expand All @@ -50,6 +50,22 @@ or the Detections API.
[role="screenshot"]
image::siem/images/detections-ui.png[]

[float]
[[cases-ui]]
=== Cases (beta)

Cases are used to open and track security issues directly in the SIEM.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the SIEM > SIEM.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the SIEM > SIEM

Cases list the original reporter and all users who contribute to a case
(`participants`). Case comments support Markdown syntax, and allow linking to
saved Timelines. Additionally, you can send cases to external systems from
within the {siem-app} (currently ServiceNow).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should also replace {siem-app} here with SIEM.


For information about opening, updating, and closing cases, see
{siem-guide}/cases-overview.html[Cases] in the SIEM Guide.

[role="screenshot"]
image::siem/images/cases-ui.png[]

[float]
[[timelines-ui]]
=== Timeline
Expand Down