[DOCS]: Unified Detection Alerts View #54
Description
Description
Meta Issue: https://github.com/elastic/endpoint-app-team/issues/372
Link to Mocks https://www.figma.com/file/LsjbVEOGXX4iPHqoqQL8mc/Endpoint-Screens-and-Components?node-id=1269%3A125098
As an analyst, I want to be able to view all alerts on a page and search/filter/sort fields in the Detection Alerts view. As a user, I want to have a single unified place to see all alerts coming from Elastic Endpoints, 3rd party logs, and detection engine created so that I can have a holistic and uniformed triage process for all of my alerts.
Acceptance Test Criteria
Documentation required to point out following changes to the Detection Alert page in 7.9:
- Open, In Progress, and Closed Alerts filters on alert list
- Action overflow menu ([SIEM][Timeline] Add ability for timeline actions to overflow after specified count kibana#65945)
- Actins not in overflow - Investigate in Timeline, Analyze Event
- Action in overflow - Mark In Progress, Close selected, Add Exceptions, Add Endpoint Exception, Edit Actions
- Signals now called Detection Alerts ([SIEM][Timeline] Rename Signals table to Alerts kibana#65944)
- Remove External Alerts tabs
- Toast success and failed messages on status change of alerts to closed, in progress, reopen ([SIEM][Exceptions] Add success/error toast component on alert state change kibana#67406)
- Sticky column preferences - Columns and row rendered preferences are stored per-user base (https://github.com/elastic/siem-team/issues/589)
Notes
- Add the "Team:Docs" label to new issues.
- Be sure to add any necessary screenshots for clarity.
- Include any conditions or caveats that may affect customers.