Merge branch 'main' into 4653-alert-defaultIndex-instructions

elastic · Jan 30, 2024 · 38eb1dc · 38eb1dc
2 parents c1bf4be + e57344d
commit 38eb1dc
Show file tree

Hide file tree

Showing 14 changed files with 23 additions and 34 deletions.
diff --git a/docs/advanced-entity-analytics/images/alerts-flyout-rs.png b/docs/advanced-entity-analytics/images/alerts-flyout-rs.png
diff --git a/docs/assistant/security-assistant.asciidoc b/docs/assistant/security-assistant.asciidoc
@@ -99,7 +99,7 @@ This opens the *Welcome* chat interface, where you can ask general questions abo
 You can also chat with AI Assistant from several particular pages in {elastic-sec} where you can easily send context-specific data and prompts to AI Assistant.
 
 * <<view-alert-details, Alert details>> or Event details flyout: Click *Chat* while viewing the details of an alert or event.
-* <<rules-ui-management, Rules page>>: Select one or more rules, then click the magic wand icon (🪄✨) at the top of the page next to the *Rules* title.
+* <<rules-ui-management, Rules page>>: Select one or more rules, then click the **Chat** button at the top right of the page.
 * <<data-quality-dash, Data Quality dashboard>>: Select the *Incompatible fields* tab, then click *Chat*. (This is only available for fields marked red, indicating they're incompatible).
 * <<timelines-ui, Timeline>>: Select the *Security Assistant* tab.
 

diff --git a/docs/detections/api/exceptions/exceptions-api-overview.asciidoc b/docs/detections/api/exceptions/exceptions-api-overview.asciidoc
@@ -37,19 +37,9 @@ entities:
 
 image::images/exceptions-logic.png[]
 
-IMPORTANT: Before you can create exceptions, you must create `.lists` and
-`.items` data streams for the {kib} space (see <<lists-index-api-overview>>).
-
 [float]
-=== Kibana role requirements
-
-To create list containers and items, the user role for the {kib} space must
-have:
-
-* `read` and `write` index privileges for the
-`.lists` and `.items` data streams (the system data stream used for storing exception lists).
-* {kib} space `All` privileges for the `Security` and `Saved Objects Management`
-features (see
-{kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges]).
+=== Exceptions requirements 
 
-See <<detections-permissions-section>> for a complete list of requirements.
+Before you start working with exceptions that use value lists, you must create the `.lists` and `.items` data streams for the relevant {kib} space. To learn how to do this, go to <<lists-index-api-overview>>. 
+
+Once these data streams are created, your role needs privileges to manage rules. Refer to <<enable-detections-ui>> for a complete list of requirements.
diff --git a/docs/detections/api/exceptions/lists-index-api-overview.asciidoc b/docs/detections/api/exceptions/lists-index-api-overview.asciidoc
@@ -6,7 +6,7 @@ and `.items` system data streams in the relevant
 {kibana-ref}/xpack-spaces.html[{kib} space].
 
 For information about the permissions and privileges required to create
-`.lists` and `.items` data streams, see <<enable-detections-ui>>.
+`.lists` and `.items` data streams, refer to <<enable-detections-ui>>.
 
 [discrete]
 === Create data stream

diff --git a/docs/detections/api/lists/lists-api-overview.asciidoc b/docs/detections/api/lists/lists-api-overview.asciidoc
@@ -54,19 +54,9 @@ Use an <<exceptions-api-create-exception-item, exception item>> to define the
 operator and associate it with an <<exceptions-api-create-container, exception container>>.
 You can then add the exception container to a rule's `exceptions_list` object.
 
-IMPORTANT: Before you can create lists, you must create `.lists` and `.items`
-data streams for the {kib} space (see <<lists-index-api-overview>>).
-
 [float]
-=== Kibana role requirements
-
-To create list containers and items, the user role for the {kib} space must
-have:
-
-* `read` and `write` index privileges for the
-`.lists` and `.items` data streams (the system data stream used for storing exception lists).
-* {kib} space `All` privileges for the `Security` and `Saved Objects Management`
-features (see
-{kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges]).
+=== Lists requirements 
 
-See <<detections-permissions-section>> for a complete list of requirements.
+Before you can start using lists, you must create the `.lists` and `.items` data streams for the relevant {kib} space. To learn how to do this, go to <<lists-index-api-overview>>. 
+
+Once these data streams are created, your role needs privileges to manage rules. Refer to <<enable-detections-ui>> for a complete list of requirements.
diff --git a/docs/detections/images/alert-details-flyout-preview-panel.gif b/docs/detections/images/alert-details-flyout-preview-panel.gif
diff --git a/docs/detections/images/alert-details-flyout-right-panel.png b/docs/detections/images/alert-details-flyout-right-panel.png
diff --git a/docs/detections/images/alert-flyout-assignees.png b/docs/detections/images/alert-flyout-assignees.png
diff --git a/docs/detections/images/expand-details-button.png b/docs/detections/images/expand-details-button.png
diff --git a/docs/detections/images/open-alert-details-flyout.gif b/docs/detections/images/open-alert-details-flyout.gif
diff --git a/docs/detections/images/suppressed-alerts-details.png b/docs/detections/images/suppressed-alerts-details.png
diff --git a/docs/experimental-features/images/score-in-flyout.png b/docs/experimental-features/images/score-in-flyout.png
diff --git a/docs/experimental-features/images/urs-score-flyout.png b/docs/experimental-features/images/urs-score-flyout.png
diff --git a/docs/getting-started/detections-req.asciidoc b/docs/getting-started/detections-req.asciidoc
@@ -12,8 +12,6 @@ deployments. If you're using an Elastic Cloud deployment, you only need to
 Additionally, there are some <<adv-list-settings, advanced settings>> used to
 configure {kib} <<value-lists-exceptions, value list>> upload limits.
 
-
-
 [discrete]
 [[detections-on-prem-requirements]]
 == Configure self-managed {stack} deployments
@@ -65,7 +63,6 @@ a|The `manage`, `write`,`read`, and `view_index_metadata` index privileges for t
 |{kib} space `All` privileges for the `Security` feature (refer to
 {kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges])
 
-
 |Enable the Detections feature in all Kibana spaces
 
 *NOTE*: To turn on the Detections feature, visit the Detections page for each appropriate Kibana space.
@@ -83,7 +80,6 @@ a|The `manage`, `write`,`read`, and `view_index_metadata` index privileges for t
 |{kib} space `All` privileges for the `Security` feature (refer to
 {kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges])
 
-
 | Preview rules
 |N/A
 a| The `read` privilege for the following indices:
@@ -130,6 +126,19 @@ a|The `maintenance`, `write`,`read`, and `view_index_metadata` index privileges
 |{kib} space `Read` privileges for the `Security` feature (refer to
 {kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges])
 
+|Create the `.lists` and `.items` data streams in your {kib} space
+
+**NOTE**: To initiate the process that creates the `.lists` and `.items` data streams, you must visit the Rules page for each appropriate {kib} space.
+
+|The `manage` privilege
+a| The `manage`, `write`,`read`, and `view_index_metadata` index privileges for the following data streams, where `<space-id>` is the {kib} space name:
+
+* `.lists-<space-id>`
+* `.items-<space-id>`
+
+|{kib} space `All` privileges for the `Security` and `Saved Objects Management`
+features (refer to {kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges])
+
 |==============================================
 
 Here is an example of a user who has the Detections feature enabled in all {kib} spaces: