[8.5] [DOCS] Reason statement shown in alert rendered view (backport #…

…2540) (#2597) Co-authored-by: Benjamin Ironside Goldstein <[email protected]> Co-authored-by: Joe Peeples <[email protected]> Co-authored-by: nastasha-solomon <[email protected]>
elastic · Oct 18, 2022 · dc78a2c · dc78a2c
1 parent 19ddcc1
commit dc78a2c
Show file tree

Hide file tree

Showing 5 changed files with 7 additions and 3 deletions.
diff --git a/docs/detections/alerts-ui-manage.asciidoc b/docs/detections/alerts-ui-manage.asciidoc
@@ -59,7 +59,7 @@ Use the view options drop-down in the upper-right of the Alerts table to control
 [role="screenshot"]
 image::images/event-rendered-view.png[Alerts table with the Event rendered view enabled]
 
-TIP: If you're in the grid view, you can still view the event rendering for a specific alert by clicking the link in the *Event Summary* column, if a link is available. Some events do not have event renderings.
+TIP: When using grid view, you can view alert-rendered reason statements and event renderings for specific alerts by clicking the expand icon in the *Reason* column. Some events do not have event renderings.
 
 [float]
 [[alert-actions]]

diff --git a/docs/detections/alerts-view-details.asciidoc b/docs/detections/alerts-view-details.asciidoc
@@ -14,7 +14,7 @@ The alert details flyout contains these informational tabs:
 * *JSON*: The alert data in JSON format.
 
 [role="screenshot"]
-image::images/alert-details-flyout.png[Alert details flyout]
+image::images/alert-details-flyout.png[Alert details flyout, 90%]
 
 [discrete]
 [[alert-details-overview]]
@@ -26,7 +26,11 @@ The *Overview* tab contains these features:
 
 * *Summary*: Displays general details such as the alert's status, severity, risk score, and a link to the detection rule that produced the alert.
 
-* *Reason statement*: Provides a description of what generated the alert and provides general alert details. You can use this to understand the alert's origin and determine if the alert is relevant to your investigation.
+* *Alert-rendered reason statement*: Provides alert details in a logically-arranged format. Shows high-level details, including the alert severity (`kibana.alert.severity`) and the rule that generated the alert (`kibana.alert.rule.name`). Fields are interactive, hover over one to access the available actions.
+
+* *Event renderer*: Displays relevant event details to provide context for the alert, such as file paths or process arguments. Shows alert details in a human-readable format. Fields are interactive; hover over to access the available actions.
++
+NOTE: The event renderer only displays if an event renderer exists for the alert type.
 
 * *Highlighted fields*: Surfaces the most relevant fields for the alert type. Use this to inform your triage efforts as you investigate the alert.
 

diff --git a/docs/detections/images/alert-details-flyout.png b/docs/detections/images/alert-details-flyout.png
diff --git a/docs/detections/images/event-rendered-view.png b/docs/detections/images/event-rendered-view.png
diff --git a/docs/detections/images/insights-section.png b/docs/detections/images/insights-section.png