Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[DOCS] Threat Matching Rules for 7.10 #264

Closed
dontcallmesherryli opened this issue Sep 29, 2020 · 1 comment
Closed

[DOCS] Threat Matching Rules for 7.10 #264

dontcallmesherryli opened this issue Sep 29, 2020 · 1 comment
Assignees

Comments

@dontcallmesherryli
Copy link

dontcallmesherryli commented Sep 29, 2020

Description

META: https://github.com/elastic/security-team/issues/20
Mock: https://www.figma.com/file/RicL36qDX8MjRTDL3CmrCr/Rules-7.10?node-id=206%3A0

Threat Matching rules would be introduced for 7.10, giving users the ability to match fields across Kibana indexes with Threat Intel Index that users uploaded into their stack.

Acceptance Test Criteria

Documentation is needed for Threat Matching rule type.
Creation of Threat Matching Rule:

  1. Go to Detections tab > Manage Detection Rules
  2. Click on Create A New Rule
  3. Select Threat Matching rule type
  4. Enter necessary fields:
    1. Add the index patterns you are matching
    2. Type in query to narrow down your search
    3. Add the threat intel index you want to use in the match
    4. Type in query to narrow down threat intel index search
    5. Select the fields from the index patterns and threat intel index you want to receive alerts on when matched
  5. Complete rest of rules creation steps.

Viewing Threat Matching Rule in Detections page:
User will receive 1 alert per rule that produced 1 match.

Notes

  • Add the "Team:Docs" label to new issues.
  • Be sure to add the version number label.
  • Be sure to add any necessary screenshots for clarity.
  • Include any conditions or caveats that may affect customers.
@jmikell821
Copy link
Contributor

PR #336 merged.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

4 participants