Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DOCS] Osquery enhancements to the Alerts table and alert details flyout #2087

Merged
merged 21 commits into from
Jun 27, 2022
Merged

[DOCS] Osquery enhancements to the Alerts table and alert details flyout #2087

merged 21 commits into from
Jun 27, 2022

Conversation

nastasha-solomon
Copy link
Contributor

@nastasha-solomon nastasha-solomon commented Jun 21, 2022
edited
Loading

Fixes #2060 and #2103.

Made a few updates:

  • Updated step 1 to show that users can now run Osquery from the more actions menu.
  • Updated step 7 to account for the new options to investigate Osquery results in Timeline options
  • Refreshed the screenshot under step 8

Preview here.

@nastasha-solomon nastasha-solomon self-assigned this Jun 21, 2022
@nastasha-solomon nastasha-solomon changed the title [DOCS] New option to add Osquery results to a timeline investigation [DOCS] Osquery enhancements to the Alerts table and alert details flyout Jun 22, 2022
@nastasha-solomon nastasha-solomon marked this pull request as ready for review June 22, 2022 17:53
melissaburpo
melissaburpo approved these changes Jun 22, 2022
View reviewed changes
Copy link
Contributor

@melissaburpo melissaburpo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great, thanks @nastasha-solomon!

joepeeples
joepeeples reviewed Jun 22, 2022
View reviewed changes
Copy link
Contributor

@joepeeples joepeeples left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few suggestions, thanks!

docs/detections/alerts-run-osquery.asciidoc Outdated Show resolved Hide resolved
docs/detections/alerts-run-osquery.asciidoc Show resolved Hide resolved
docs/detections/alerts-run-osquery.asciidoc Outdated Show resolved Hide resolved
@nastasha-solomon nastasha-solomon linked an issue Jun 22, 2022 that may be closed by this pull request
[DOCS] New option to "Run Osquery" from the Alert context menu #2103
Closed
tomsonpl
tomsonpl approved these changes Jun 23, 2022
View reviewed changes
Copy link

@tomsonpl tomsonpl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

jmikell821
jmikell821 reviewed Jun 23, 2022
View reviewed changes
Copy link
Contributor

@jmikell821 jmikell821 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only have two small nits - LGTM! 👍

docs/detections/alerts-run-osquery.asciidoc Show resolved Hide resolved
docs/detections/alerts-run-osquery.asciidoc Show resolved Hide resolved
docs/detections/alerts-run-osquery.asciidoc Outdated Show resolved Hide resolved
@jmikell821 jmikell821 added the readyforQA PRs that are ready for QA review. label Jun 23, 2022
@ghost
Copy link

ghost commented Jun 24, 2022

Hi @jmikell821

Thanks for all the updates.
We have validated the Kibana documentation with reference to this PR and here is our observation on same.

🟢 User is now available to run the Osquery from the more actions menu as mentioned on the Step-1 in the documentation.

🔴 In the Step-3 the Screenshot of the Run Osquery is incorrect .

Actual Result

actual

Expected Result

expected

🟢 The Result format under Run Osquery is shown same as mentioned in the Step 7 where account for the new options to
investigate Osquery results in Timeline options is visible.

🔴 There is no Step-8 is mentioned in the documentation related to screenshot.

Screenshot

5

We will be revalidating this PR once the above issue get Fixed.

Thanks!

@nastasha-solomon nastasha-solomon mentioned this pull request Jun 24, 2022
Closed
15 tasks
@nastasha-solomon
Copy link
Contributor Author

Hi @akanshachoudhary-qasource thanks for checking this! I updated the screenshot under step 3 and verified with @tomsonpl that it was the correct one. Please take a look when you have a chance.

Also, would you mind elaborating on the eighth step that you said is missing? After users run the query, there's a number of things they can do with the results so I left the task open-ended to convey that.

@ghost
Copy link

ghost commented Jun 27, 2022

Hi @nastasha-solomon

Thanks for the update.
we have validated the Documentation PR and all the changes made are good to go and complete ✔️

Please find the below observations

Hi @akanshachoudhary-qasource thanks for checking this! I updated the screenshot under step 3 and verified with @tomsonpl that it was the correct one. Please take a look when you have a chance.

  • Required Screenshot is updated with respect to current UI of Kibana v8.3.0
    1

Also, would you mind elaborating on the eighth step that you said is missing? After users run the query, there's a number of things they can do with the results so I left the task open-ended to convey that.

Apologies for the confusion, in first comment of this ticket, it is mentioned

  • Refreshed the screenshot under step 8

and we thought there must be a Step-8 in documentation and we mentioned the same as there is no Step-8 on the Documentation.

Hence we are adding QA:Validated tag to it.

Thanks!

@ghost ghost added QA:Validated Issue has been Validated by QA Team and removed readyforQA PRs that are ready for QA review. labels Jun 27, 2022
@nastasha-solomon nastasha-solomon merged commit d032712 into main Jun 27, 2022
@nastasha-solomon nastasha-solomon deleted the issue-2060-osquery-timeline branch June 27, 2022 14:15
mergify bot pushed a commit that referenced this pull request Jun 27, 2022
@nastasha-solomon @mergify
[DOCS] Osquery enhancements to the Alerts table and alert details fly…
1ebf41e 
…out (#2087)

Co-authored-by: Joe Peeples <[email protected]>
Co-authored-by: Janeen Mikell-Straughn <[email protected]>
(cherry picked from commit d032712)
@mergify mergify bot mentioned this pull request Jun 27, 2022
Merged
nastasha-solomon added a commit that referenced this pull request Jun 27, 2022
@mergify @joepeeples
@jmikell821 @nastasha-solomon
[8.3] [DOCS] Osquery enhancements to the Alerts table and alert detai…
32fb299 
…ls flyout (backport #2087) (#2153)

Co-authored-by: Joe Peeples <[email protected]>
Co-authored-by: Janeen Mikell-Straughn <[email protected]>
Co-authored-by: nastasha-solomon <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joepeeples joepeeples joepeeples left review comments

@jmikell821 jmikell821 jmikell821 left review comments

@benironside benironside benironside approved these changes

@tomsonpl tomsonpl tomsonpl approved these changes

@melissaburpo melissaburpo melissaburpo approved these changes

Assignees

@nastasha-solomon nastasha-solomon

Labels
Feature: Osquery QA:Validated Issue has been Validated by QA Team Team: Docs v8.3.0
Projects
None yet
Milestone
No milestone
6 participants
@nastasha-solomon @melissaburpo @tomsonpl @jmikell821 @joepeeples @benironside