Skip to content

Commit bab8c28

Browse files
mergify[bot]dplumlee
mergify[bot]
and
dplumlee
authored
Updates setup guide field API docs (#5095) (#5103)
* updates create and update api docs * addresses comments --------- Co-authored-by: Joe Peeples <joe.peeples@elastic.co> (cherry picked from commit eb739ef) Co-authored-by: Davis Plumlee <56367316+dplumlee@users.noreply.github.com>
1 parent 4396df1 commit bab8c28

File tree

2 files changed

+25
-16
lines changed

2 files changed

+25
-16
lines changed

docs/detections/api/rules/rules-api-create.asciidoc

Lines changed: 19 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -348,6 +348,10 @@ relevant information about the rule. Defaults to an empty array.
348348
is converted from a third-party security solution. Automatically created when
349349
it is not provided.
350350

351+
|setup |String |Populates the rule's setup guide with instructions on rule
352+
prerequisites such as required integrations, configuration steps, and anything
353+
else needed for the rule to work correctly.
354+
351355
|tags |String[] |String array containing words and phrases to help categorize,
352356
filter, and search rules. Defaults to an empty array.
353357

@@ -914,6 +918,7 @@ POST api/detection_engine/rules
914918
"interval": "5m",
915919
"name": "Anomalous Linux network activity",
916920
"note": "Shut down the internet.",
921+
"setup": "This rule requires data coming in from Elastic Defend."
917922
"severity": "high",
918923
"tags": [
919924
"machine learning",
@@ -1178,10 +1183,10 @@ Example response for a query rule:
11781183
"language": "kuery",
11791184
"related_integrations": [], <1>
11801185
"required_fields": [], <1>
1181-
"setup": "" <1>
1186+
"setup": ""
11821187
}
11831188
--------------------------------------------------
1184-
<1> dev:[] These fields are under development and their usage may change: `related_integrations`, `required_fields`, and `setup`.
1189+
<1> dev:[] These fields are under development and their usage may change: `related_integrations` and `required_fields`.
11851190

11861191

11871192
Example response for a {ml} job rule:
@@ -1236,10 +1241,10 @@ Example response for a {ml} job rule:
12361241
"machine_learning_job_id": "linux_anomalous_network_activity_ecs",
12371242
"related_integrations": [], <1>
12381243
"required_fields": [], <1>
1239-
"setup": "" <1>
1244+
"setup": ""
12401245
}
12411246
--------------------------------------------------
1242-
<1> dev:[] These fields are under development and their usage may change: `related_integrations`, `required_fields`, and `setup`.
1247+
<1> dev:[] These fields are under development and their usage may change: `related_integrations` and `required_fields`.
12431248

12441249
Example response for a threshold rule:
12451250

@@ -1317,10 +1322,10 @@ Example response for a threshold rule:
13171322
},
13181323
"related_integrations": [], <1>
13191324
"required_fields": [], <1>
1320-
"setup": "" <1>
1325+
"setup": ""
13211326
}
13221327
--------------------------------------------------
1323-
<1> dev:[] These fields are under development and their usage may change: `related_integrations`, `required_fields`, and `setup`.
1328+
<1> dev:[] These fields are under development and their usage may change: `related_integrations` and `required_fields`.
13241329

13251330
Example response for an EQL rule:
13261331

@@ -1362,10 +1367,10 @@ Example response for an EQL rule:
13621367
"language": "eql",
13631368
"related_integrations": [], <1>
13641369
"required_fields": [], <1>
1365-
"setup": "" <1>
1370+
"setup": ""
13661371
}
13671372
--------------------------------------------------
1368-
<1> dev:[] These fields are under development and their usage may change: `related_integrations`, `required_fields`, and `setup`.
1373+
<1> dev:[] These fields are under development and their usage may change: `related_integrations` and `required_fields`.
13691374

13701375
Example response for an indicator match rule:
13711376

@@ -1434,10 +1439,10 @@ Example response for an indicator match rule:
14341439
],
14351440
"related_integrations": [], <1>
14361441
"required_fields": [], <1>
1437-
"setup": "" <1>
1442+
"setup": ""
14381443
}
14391444
--------------------------------------------------
1440-
<1> dev:[] These fields are under development and their usage may change: `related_integrations`, `required_fields`, and `setup`.
1445+
<1> dev:[] These fields are under development and their usage may change: `related_integrations` and `required_fields`.
14411446

14421447
Example response for a new terms rule:
14431448

@@ -1479,10 +1484,10 @@ Example response for a new terms rule:
14791484
"history_window_start": "now-30d",
14801485
"related_integrations": [], <1>
14811486
"required_fields": [], <1>
1482-
"setup": "" <1>
1487+
"setup": ""
14831488
}
14841489
--------------------------------------------------
1485-
<1> dev:[] These fields are under development and their usage may change: `related_integrations`, `required_fields`, and `setup`.
1490+
<1> dev:[] These fields are under development and their usage may change: `related_integrations` and `required_fields`.
14861491

14871492
Example response for an {esql} rule:
14881493

@@ -1519,10 +1524,10 @@ Example response for an {esql} rule:
15191524
"immutable": false,
15201525
"related_integrations": [], <1>
15211526
"required_fields": [], <1>
1522-
"setup": "", <1>
1527+
"setup": "",
15231528
"type": "esql",
15241529
"language": "esql",
15251530
"query": "from auditbeat-8.10.2 [metadata _id] | where process.parent.name == \"EXCEL.EXE\""
15261531
}
15271532
--------------------------------------------------
1528-
<1> dev:[] These fields are under development and their usage may change: `related_integrations`, `required_fields`, and `setup`.
1533+
<1> dev:[] These fields are under development and their usage may change: `related_integrations` and `required_fields`.

docs/detections/api/rules/rules-api-update.asciidoc

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -244,6 +244,10 @@ single execution. Defaults to `100`.
244244
|references |String[] |Array containing notes about or references to
245245
relevant information about the rule. Defaults to an empty array.
246246

247+
|setup |String |Populates the rule's setup guide with instructions on rule
248+
prerequisites such as required integrations, configuration steps, and anything
249+
else needed for the rule to work correctly.
250+
247251
|tags |String[] |String array containing words and phrases to help categorize,
248252
filter, and search rules. Defaults to an empty array.
249253

@@ -629,7 +633,7 @@ Example response:
629633
],
630634
"related_integrations": [], <1>
631635
"required_fields": [], <1>
632-
"setup": "", <1>
636+
"setup": "",
633637
"type": "query",
634638
"threat": [
635639
{
@@ -665,4 +669,4 @@ Example response:
665669
}
666670
--------------------------------------------------
667671

668-
<1> dev:[] These fields are under development and their usage or schema may change: `related_integrations`, `required_fields`, `setup`, and `execution_summary`.
672+
<1> dev:[] These fields are under development and their usage or schema may change: `related_integrations`, `required_fields`, and `execution_summary`.

0 commit comments

Comments
 (0)