[Docs]Security docs 7.9 updates #75156
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
benskelker
added
release_note:skip
benskelker
requested review from
KOTungseth,
gchaps and
karenzone
and removed request for
karenzone
benskelker
changed the title
gchaps
reviewed
Aug 17, 2020
docs/siem/index.asciidoc
Outdated
| `filebeat-*`, `packetbeat-*`, `endgame-*`, `logs-*`, and `apm-*-transaction*`. You can | ||
| change the default index patterns in | ||
| *Kibana > Management > Advanced Settings > siem:defaultIndex*. | ||
| *Kibana > Stack Management > Advanced Settings > securitySolution:defaultIndex*. |
Contributor
There was a problem hiding this comment.
How about changing to something like this:
To change the default pattern patterns, go to Stack Management > Advanced Settings and then find the securitySolution:defaultIndex setting.
docs/siem/machine-learning.asciidoc
Outdated
| as the `Entity` itself, or any of the associated `Influencers`. | ||
| Machine Learning functionality is available throughout Elastic Security. You can | ||
| view the details of detected anomalies in the `Anomalies` table widget | ||
| shown on the Hosts, Network and associated Details pages. you can drag and drop |
Contributor
There was a problem hiding this comment.
Suggested change
| shown on the Hosts, Network and associated Details pages. you can drag and drop | |
| shown on the Hosts, Network and associated Details pages. You can drag and drop |
docs/siem/siem-ui.asciidoc
Outdated
| [role="xpack"] | ||
| [[siem-ui]] | ||
| == Using the SIEM UI | ||
| == Using Elastic Security UI |
Contributor
There was a problem hiding this comment.
Suggested change
| == Using Elastic Security UI | |
| == Using Elastic Security |
docs/siem/siem-ui.asciidoc
Outdated
|
|
||
| The Hosts view provides key metrics regarding host-related security events, and | ||
| The Hosts page provides key metrics regarding host-related security events, and | ||
| data tables and widgets that let you interact with the Timeline Event Viewer. |
Contributor
There was a problem hiding this comment.
Can you rewrite without "widgets". Are these charts?
docs/siem/siem-ui.asciidoc
Outdated
| Guide for information on managing detection rules and signals via the UI | ||
| or the Detections API. | ||
| See {security-guide}/detection-engine-overview.html[Detections] for information | ||
| on managing detection rules and alerts via the UI or the Detections API. |
Contributor
There was a problem hiding this comment.
How about removing "via the UI or the Detections API."
docs/siem/siem-ui.asciidoc
Outdated
|
|
||
| An analyst notices a suspicious user ID that warrants further investigation, and | ||
| clicks a url that links to the SIEM app. | ||
| clicks a url that links to Elastic Security. |
Contributor
There was a problem hiding this comment.
Suggested change
| clicks a url that links to Elastic Security. | |
| clicks a URL that links to Elastic Security. |
docs/siem/siem-ui.asciidoc
Outdated
| clicks a url that links to the SIEM app. | ||
| clicks a url that links to Elastic Security. | ||
|
|
||
| The analyst uses the tables, widgets, and filtering and search capabilities in |
Contributor
There was a problem hiding this comment.
be more specific than widget.
| `siem:ipReputationLinks`:: A JSON array containing links for verifying the reputation of an IP address. The links are displayed on | ||
| {security-guide}/siem-ui-overview.html#network-ui[IP detail] pages. | ||
| `siem:enableNewsFeed`:: Enables the security news feed on the SIEM *Overview* | ||
| `securitySolution:defaultAnomalyScore`:: The threshold above which Machine Learning job anomalies are displayed in the Security app. |
Contributor
There was a problem hiding this comment.
Should Security app be changed to Elastic Security in this section?
Contributor
Author
There was a problem hiding this comment.
The UI name in Kibana is Security, so guess not.
| [[machine-learning]] | ||
| == Anomaly Detection with Machine Learning | ||
|
|
||
| For *{ess-trial}[Free Trial]* |
Contributor
There was a problem hiding this comment.
Free trial > Free trial
Platinum License > Platinum subscription
| For *{ess-trial}[Free Trial]* | ||
| and *https://www.elastic.co/subscriptions[Platinum License]* deployments, | ||
| Machine Learning functionality is available throughout the SIEM app. You can | ||
| view the details of detected anomalies within the `Anomalies` table widget |
Contributor
There was a problem hiding this comment.
table widgets > tables
Should Details be lower case?
This was referenced Aug 18, 2020
benskelker
added a commit
to benskelker/kibana
that referenced
this pull request
Aug 18, 2020
* security docs 7.9 updates * terminology * updates advanced settings * terminology * corrections
benskelker
added a commit
that referenced
this pull request
Aug 18, 2020
benskelker
added a commit
that referenced
this pull request
Aug 18, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Updates and renames the SIEM section in the Kibana docs.
Elastic Security preview
Advanced settings preview
[skip-ci]