[DOCS] Add new EQL search configuration options #2061
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
joepeeples
added
Team: Docs
Team: Detections/Response
joepeeples
requested review from
marshallmain,
nastasha-solomon,
jmikell821,
benironside and
e40pud
benironside
reviewed
Jun 15, 2022
|
LGTM! thank you! |
e40pud
approved these changes
Jun 16, 2022
jmikell821
reviewed
Jun 22, 2022
|
Hi @joepeeples , We tested the linked docs and found that all the docs are correctly updated as per the latest UI. So we are good to go ahead and merge the changes. Screenshots:
Create rule API | Optional fields for event correlation rules
Update rule API | Optional fields for EQL rules
Hence, we are marking this ticket as 'QA validated'. Thanks! |
ghost
added
QA:Validated
mergify bot
pushed a commit
that referenced
this pull request
Jun 23, 2022
* Update eql-rule-query-example.png * Update procedure for creating EQL rule * Update API docs: create rule, update rule * Align minor phrasing * Explain timestamp_field & timestamp_override * Updates based on review feedback (cherry picked from commit 3f2f653)
joepeeples
added a commit
that referenced
this pull request
Jun 23, 2022
* Update eql-rule-query-example.png * Update procedure for creating EQL rule * Update API docs: create rule, update rule * Align minor phrasing * Explain timestamp_field & timestamp_override * Updates based on review feedback (cherry picked from commit 3f2f653) Co-authored-by: Joe Peeples <[email protected]>
benironside
pushed a commit
that referenced
this pull request
Jun 24, 2022
* Update eql-rule-query-example.png * Update procedure for creating EQL rule * Update API docs: create rule, update rule * Align minor phrasing * Explain timestamp_field & timestamp_override * Updates based on review feedback
benironside
added a commit
that referenced
this pull request
Jun 28, 2022
* First draft * Add placeholder for instructions for self-hosted * updates formatting * updates format and image size * Updates formatting and annotates screenshots * updates to the main intro and some terms here and there * [DOCS] Revise workaround for aggregated fields in threshold rules (#2074) * Remove workaround from create rule docs * Restore admonition, with revisions from Madison * [DOCS][8.3] Updates "Endpoint Security" to "Endpoint and Cloud Security" screenshots (#2075) * Updates screenshots and replaces the old name with the new name. * Updates text, fixes image names * Update docs/getting-started/install-endpoint.asciidoc Co-authored-by: Joe Peeples <[email protected]> * Update docs/getting-started/install-endpoint.asciidoc Co-authored-by: Joe Peeples <[email protected]> * Fix bugs found by QA Co-authored-by: Joe Peeples <[email protected]> * Add example response section (#2084) * [DOCS] Add new EQL search configuration options (#2061) * Update eql-rule-query-example.png * Update procedure for creating EQL rule * Update API docs: create rule, update rule * Align minor phrasing * Explain timestamp_field & timestamp_override * Updates based on review feedback * [DOCS] Adds warning about exceptions requiring mappings (#2110) * Move callout about endpoint exceptions to more appropriate section This not was previously at the top-level exceptions section, when it really only applies when adding to the Endpoint rule. * Add note about mappings being required for exceptions Wording is subject to change; just throwing something at the wall for now. * Apply suggestions from code review Co-authored-by: nastasha-solomon <[email protected]> Co-authored-by: nastasha-solomon <[email protected]> * [DOCS] Removed ref to Stack GS (#2128) * Minor edits to Tin's work * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <[email protected]> * Matches order of sections to order they're mentioned in the intro * Changes bullets to numbers * Update docs/experimental-features/experimental-features-intro.asciidoc Co-authored-by: Joe Peeples <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Joe Peeples <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Joe Peeples <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Janeen Mikell-Straughn <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Janeen Mikell-Straughn <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Janeen Mikell-Straughn <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Janeen Mikell-Straughn <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Joe Peeples <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Janeen Mikell-Straughn <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Janeen Mikell-Straughn <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Janeen Mikell-Straughn <[email protected]> * Update docs/experimental-features/experimental-features-intro.asciidoc * Incorporate Joe's and Janeen's feedback * fixes build error * troubleshoots build error * troubleshoots build error * troubleshoots build erors Co-authored-by: Joe Peeples <[email protected]> Co-authored-by: Ryland Herrick <[email protected]> Co-authored-by: nastasha-solomon <[email protected]> Co-authored-by: debadair <[email protected]> Co-authored-by: Janeen Mikell-Straughn <[email protected]>
mergify bot
pushed a commit
that referenced
this pull request
Jun 28, 2022
* First draft * Add placeholder for instructions for self-hosted * updates formatting * updates format and image size * Updates formatting and annotates screenshots * updates to the main intro and some terms here and there * [DOCS] Revise workaround for aggregated fields in threshold rules (#2074) * Remove workaround from create rule docs * Restore admonition, with revisions from Madison * [DOCS][8.3] Updates "Endpoint Security" to "Endpoint and Cloud Security" screenshots (#2075) * Updates screenshots and replaces the old name with the new name. * Updates text, fixes image names * Update docs/getting-started/install-endpoint.asciidoc Co-authored-by: Joe Peeples <[email protected]> * Update docs/getting-started/install-endpoint.asciidoc Co-authored-by: Joe Peeples <[email protected]> * Fix bugs found by QA Co-authored-by: Joe Peeples <[email protected]> * Add example response section (#2084) * [DOCS] Add new EQL search configuration options (#2061) * Update eql-rule-query-example.png * Update procedure for creating EQL rule * Update API docs: create rule, update rule * Align minor phrasing * Explain timestamp_field & timestamp_override * Updates based on review feedback * [DOCS] Adds warning about exceptions requiring mappings (#2110) * Move callout about endpoint exceptions to more appropriate section This not was previously at the top-level exceptions section, when it really only applies when adding to the Endpoint rule. * Add note about mappings being required for exceptions Wording is subject to change; just throwing something at the wall for now. * Apply suggestions from code review Co-authored-by: nastasha-solomon <[email protected]> Co-authored-by: nastasha-solomon <[email protected]> * [DOCS] Removed ref to Stack GS (#2128) * Minor edits to Tin's work * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <[email protected]> * Matches order of sections to order they're mentioned in the intro * Changes bullets to numbers * Update docs/experimental-features/experimental-features-intro.asciidoc Co-authored-by: Joe Peeples <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Joe Peeples <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Joe Peeples <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Janeen Mikell-Straughn <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Janeen Mikell-Straughn <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Janeen Mikell-Straughn <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Janeen Mikell-Straughn <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Joe Peeples <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Janeen Mikell-Straughn <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Janeen Mikell-Straughn <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Janeen Mikell-Straughn <[email protected]> * Update docs/experimental-features/experimental-features-intro.asciidoc * Incorporate Joe's and Janeen's feedback * fixes build error * troubleshoots build error * troubleshoots build error * troubleshoots build erors Co-authored-by: Joe Peeples <[email protected]> Co-authored-by: Ryland Herrick <[email protected]> Co-authored-by: nastasha-solomon <[email protected]> Co-authored-by: debadair <[email protected]> Co-authored-by: Janeen Mikell-Straughn <[email protected]> (cherry picked from commit edeecb9)
benironside
added a commit
that referenced
this pull request
Jun 28, 2022
* First draft * Add placeholder for instructions for self-hosted * updates formatting * updates format and image size * Updates formatting and annotates screenshots * updates to the main intro and some terms here and there * [DOCS] Revise workaround for aggregated fields in threshold rules (#2074) * Remove workaround from create rule docs * Restore admonition, with revisions from Madison * [DOCS][8.3] Updates "Endpoint Security" to "Endpoint and Cloud Security" screenshots (#2075) * Updates screenshots and replaces the old name with the new name. * Updates text, fixes image names * Update docs/getting-started/install-endpoint.asciidoc Co-authored-by: Joe Peeples <[email protected]> * Update docs/getting-started/install-endpoint.asciidoc Co-authored-by: Joe Peeples <[email protected]> * Fix bugs found by QA Co-authored-by: Joe Peeples <[email protected]> * Add example response section (#2084) * [DOCS] Add new EQL search configuration options (#2061) * Update eql-rule-query-example.png * Update procedure for creating EQL rule * Update API docs: create rule, update rule * Align minor phrasing * Explain timestamp_field & timestamp_override * Updates based on review feedback * [DOCS] Adds warning about exceptions requiring mappings (#2110) * Move callout about endpoint exceptions to more appropriate section This not was previously at the top-level exceptions section, when it really only applies when adding to the Endpoint rule. * Add note about mappings being required for exceptions Wording is subject to change; just throwing something at the wall for now. * Apply suggestions from code review Co-authored-by: nastasha-solomon <[email protected]> Co-authored-by: nastasha-solomon <[email protected]> * [DOCS] Removed ref to Stack GS (#2128) * Minor edits to Tin's work * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <[email protected]> * Matches order of sections to order they're mentioned in the intro * Changes bullets to numbers * Update docs/experimental-features/experimental-features-intro.asciidoc Co-authored-by: Joe Peeples <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Joe Peeples <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Joe Peeples <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Janeen Mikell-Straughn <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Janeen Mikell-Straughn <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Janeen Mikell-Straughn <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Janeen Mikell-Straughn <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Joe Peeples <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Janeen Mikell-Straughn <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Janeen Mikell-Straughn <[email protected]> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Janeen Mikell-Straughn <[email protected]> * Update docs/experimental-features/experimental-features-intro.asciidoc * Incorporate Joe's and Janeen's feedback * fixes build error * troubleshoots build error * troubleshoots build error * troubleshoots build erors Co-authored-by: Joe Peeples <[email protected]> Co-authored-by: Ryland Herrick <[email protected]> Co-authored-by: nastasha-solomon <[email protected]> Co-authored-by: debadair <[email protected]> Co-authored-by: Janeen Mikell-Straughn <[email protected]> (cherry picked from commit edeecb9) Co-authored-by: Benjamin Ironside Goldstein <[email protected]>
acorretti
pushed a commit
that referenced
this pull request
Nov 19, 2024
* Update eql-rule-query-example.png * Update procedure for creating EQL rule * Update API docs: create rule, update rule * Align minor phrasing * Explain timestamp_field & timestamp_override * Updates based on review feedback
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Resolves #2018.
Previews: