[Onboarding] SIEM guide #2017
Open
[Onboarding] SIEM guide #2017
+227
−0
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
🔍 Preview links for changed docs |
|
I'm loving it! One suggestion: I would put the substeps inside a |
|
|
||
| # {{elastic-sec}} quickstarts | ||
|
|
||
| Our quickstarts reduce your time-to-value by offering a fast path to learn about search strategies. |
There was a problem hiding this comment.
Should this say "security strategies" or something similar, instead of search?
|
|
||
| # Quickstart: Detect and respond to threats with SIEM | ||
|
|
||
| Elastic Security is a unified security solution that brings together SIEM, endpoint security, and cloud security into a single platform. This makes it easier to protect, investigate, and respond to security events from all areas within your environment. |
There was a problem hiding this comment.
Suggested change
| Elastic Security is a unified security solution that brings together SIEM, endpoint security, and cloud security into a single platform. This makes it easier to protect, investigate, and respond to security events from all areas within your environment. | |
| {{elastic-sec}} is a unified security solution that brings together SIEM, endpoint security, and cloud security into a single platform. This makes it easier to protect, investigate, and respond to security events from all areas within your environment. |
| ::: | ||
| :::: | ||
|
|
||
| ::::{step} Add Elastic detection prebuilt rules |
There was a problem hiding this comment.
Suggested change
| ::::{step} Add Elastic detection prebuilt rules | |
| ::::{step} Add Elastic prebuilt detection rules |
|
|
||
| ::::{step} Add Elastic detection prebuilt rules | ||
|
|
||
| Detection rules allow you to proactively monitor your environment by searching for source events, matches, sequences, or machine learning job anomaly results that meet their criteria. When a rule’s criteria are met, {{elastic-sec}} generates an alert. While you can create your own rules tailored for your environment, Elastic ships out-of-the-box prebuilt rules that you can install. |
There was a problem hiding this comment.
Suggested change
| Detection rules allow you to proactively monitor your environment by searching for source events, matches, sequences, or machine learning job anomaly results that meet their criteria. When a rule’s criteria are met, {{elastic-sec}} generates an alert. While you can create your own rules tailored for your environment, Elastic ships out-of-the-box prebuilt rules that you can install. | |
| Detection rules allow you to proactively monitor your environment by searching for source events, matches, sequences, or {{ml}} job anomaly results that meet their criteria. When a rule’s criteria are met, {{elastic-sec}} generates an alert. While you can create your own rules tailored for your environment, Elastic ships out-of-the-box prebuilt rules that you can install. |
|
|
||
| To install and enable Elastic's prebuilt detection rules: | ||
| 1. On the Get Started page, scroll down to the **Configure rules and alerts** section. | ||
| 2. At the top of the page, click **Add Elastic rules**. The badge next to it shows the number of prebuilt rules available for installation. |
There was a problem hiding this comment.
I think we might be missing a step between 1 and 2. Step 1 said to scroll down to the Configure rules and alerts section on the Get Started page, but step 2 seems to be describing the Rules page.
|
|
||
| # Quickstart: Secure my hosts with endpoint security | ||
|
|
||
| In this guide below, you’ll learn how to use {{elastic-sec}} to protect your hosts from malware, ransomware, and other threats. |
There was a problem hiding this comment.
Suggested change
| In this guide below, you’ll learn how to use {{elastic-sec}} to protect your hosts from malware, ransomware, and other threats. | |
| In this guide, you’ll learn how to use {{elastic-sec}} to protect your hosts from malware, ransomware, and other threats. |
|
|
||
| 1. On the Get started home page, in the **Ingest your data** section, select **Elastic Defend**, then click **Add Elastic Defend**. | ||
| 2. On the next page that says, "Ready to add your first integration?", click **Add integration only (skip agent installation)**. The integration configuration page appears. | ||
| 3. Give the Elastic Defend integration a name and optional description. |
There was a problem hiding this comment.
Suggested change
| 3. Give the Elastic Defend integration a name and optional description. | |
| 3. Give the {{elastic-defend}} integration a name and optional description. |
| 2. Ensure that the **Enroll in {{fleet}}** option is selected. {{elastic-defend}} cannot be integrated with {{agent}} in standalone mode. | ||
| 3. Select the appropriate platform or operating system for the host on which you're installing the agent, then copy the provided commands. | ||
| 4. On the host, open a command-line interface and navigate to the directory where you want to install {{agent}}. Paste and run the commands from {{fleet}} to download, extract, enroll, and start {{agent}}. | ||
| 5. (Optional) Return to the **Add agen**t flyout, and observe the **Confirm agent enrollment** and **Confirm incoming data** steps automatically checking the host connection. It may take a few minutes for data to arrive in {{es}}. |
There was a problem hiding this comment.
Suggested change
| 5. (Optional) Return to the **Add agen**t flyout, and observe the **Confirm agent enrollment** and **Confirm incoming data** steps automatically checking the host connection. It may take a few minutes for data to arrive in {{es}}. | |
| 5. (Optional) Return to the **Add agent** flyout, and observe the **Confirm agent enrollment** and **Confirm incoming data** steps automatically checking the host connection. It may take a few minutes for data to arrive in {{es}}. |
|
|
||
| ::::{step} (Optional) Configure an integration policy for Elastic Defend | ||
|
|
||
| After you install the {{agent}} with {{elastic-defend}}, several endpoint protections — such as preventions against malware, ransomware, memory threats, and other malicious behavior are automatically enabled on protected hosts. However, you can update the policy configuration to meet your organization’s security needs. |
There was a problem hiding this comment.
Suggested change
| After you install the {{agent}} with {{elastic-defend}}, several endpoint protections — such as preventions against malware, ransomware, memory threats, and other malicious behavior are automatically enabled on protected hosts. However, you can update the policy configuration to meet your organization’s security needs. | |
| After you install the {{agent}} with {{elastic-defend}}, several endpoint protections—such as preventions against malware, ransomware, memory threats, and other malicious behavior are automatically enabled on protected hosts. However, you can update the policy configuration to meet your organization’s security needs. |
|
|
||
| :::::{stepper} | ||
|
|
||
| ::::{step} Add the Elastic Defend integration |
There was a problem hiding this comment.
Just checking if all of these steps are meant to be prerequisites?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Contributes to https://github.com/elastic/docs-projects/issues/513.
Previews:
NOT READY FOR PRIME TIME JUST YET.