Skip to content

[ESS][8.18] Updating customized prebuilt rules #6568

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 50 commits into from
Mar 25, 2025
Merged

[ESS][8.18] Updating customized prebuilt rules #6568

merged 50 commits into from
Mar 25, 2025

Conversation

nastasha-solomon
Copy link
Contributor

@nastasha-solomon nastasha-solomon commented Mar 3, 2025
edited
Loading

Description

Partially addresses #5061 by providing docs for updating customized prebuilt rules. Docs for editing prebuilt rules and exporting/importing prebuilt rules are at #6563.

Twin 9.0 and Serverless PR: elastic/docs-content#904

Previews

@nastasha-solomon nastasha-solomon added Team: Detections/Response Detections and Response Priority: High Issues that are time-sensitive and/or are of high customer importance Effort: Medium Issues that take moderate but not substantial time to complete Docset: ESS Issues that apply to docs in the Stack release v8.18.0 labels Mar 3, 2025
@nastasha-solomon nastasha-solomon self-assigned this Mar 3, 2025
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 3, 2025

A documentation preview will be available soon.

Request a new doc build by commenting
  • Rebuild this PR: run docs-build
  • Rebuild this PR and all Elastic docs: run docs-build rebuild

run docs-build is much faster than run docs-build rebuild. A rebuild should only be needed in rare situations.

If your PR continues to fail for an unknown reason, the doc build pipeline may be broken. Elastic employees can check the pipeline status here.

@nastasha-solomon nastasha-solomon marked this pull request as ready for review March 5, 2025 22:18
@nastasha-solomon nastasha-solomon requested a review from a team as a code owner March 5, 2025 22:18
@banderror banderror requested review from xcrzx and maximpn March 6, 2025 09:25
xcrzx
xcrzx reviewed Mar 6, 2025
View reviewed changes
approksiu
approksiu reviewed Mar 6, 2025
View reviewed changes
dplumlee
dplumlee reviewed Mar 6, 2025
View reviewed changes
banderror
banderror reviewed Mar 20, 2025
View reviewed changes
Copy link
Contributor

@banderror banderror left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM @nastasha-solomon, just some nits and one suggestion.

banderror
banderror approved these changes Mar 24, 2025
View reviewed changes
Copy link
Contributor

@banderror banderror left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @nastasha-solomon, LGTM!

@mergify mergify bot mentioned this pull request Mar 24, 2025
Merged
@nastasha-solomon nastasha-solomon mentioned this pull request Mar 24, 2025
Merged
natasha-moore-elastic
natasha-moore-elastic approved these changes Mar 25, 2025
View reviewed changes
Copy link
Contributor

@natasha-moore-elastic natasha-moore-elastic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very clear and detailed explanation of a complex process! 🚀

nastasha-solomon and others added 4 commits March 25, 2025 11:58
@nastasha-solomon @natasha-moore-elastic
Update docs/detections/prebuilt-rules-management.asciidoc
02756f0 
Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>
@nastasha-solomon
column headings
2bd30b5
@nastasha-solomon
table syntax
0b6faab
@nastasha-solomon
spacing or newlines?
817895a
nastasha-solomon added a commit to elastic/docs-content that referenced this pull request Mar 25, 2025
@nastasha-solomon
[9.0 & Serverless] Updating customized prebuilt rules (#904)
f73eda0 
### Description
Partially addresses elastic/security-docs#5061
by providing docs for updating customized prebuilt rules. See twin 8.18
PR (elastic/security-docs#6568) for a breakdown
of changes.

### Previews

- [Install and manage Elastic prebuilt
rules](https://docs-v3-preview.elastic.dev/elastic/docs-content/pull/904/solutions/security/detect-and-alert/install-manage-elastic-prebuilt-rules)
- [Select and duplicate prebuilt
rules](https://docs-v3-preview.elastic.dev/elastic/docs-content/pull/904/solutions/security/detect-and-alert/install-manage-elastic-prebuilt-rules#select-all-prebuilt-rules)
- [Update Elastic prebuilt
rules](https://docs-v3-preview.elastic.dev/elastic/docs-content/pull/904/solutions/security/detect-and-alert/install-manage-elastic-prebuilt-rules#update-prebuilt-rules)
- [Update modified and unmodified Elastic prebuilt
rules](https://docs-v3-preview.elastic.dev/elastic/docs-content/pull/904/solutions/security/detect-and-alert/prebuilt-rules-update-modified-unmodified)
@nastasha-solomon nastasha-solomon merged commit 370656a into 8.x Mar 25, 2025
4 checks passed
mergify bot pushed a commit that referenced this pull request Mar 25, 2025
@nastasha-solomon @nikitaindik
@banderror @natasha-moore-elastic @mergify
[ESS][8.18] Updating customized prebuilt rules (#6568)
7ce335d 
* First draft

* More edits

* Added statuses table

* Revisions to update section

* Refreshed screenshot

* Change image size

* rewords a few sentences

* final edits

* remove s

* updates to statuses

* Address feedback

* Fix headings

* Update image name

* update other image name

* Re-adds notes

* Missing details

* Typos

* Adds term definitions

* form match

* More edits

* the ref isn't reffing

* Update docs/detections/prebuilt-rules-management.asciidoc

Co-authored-by: Nikita Indik <mail@nikitaindik.com>

* Updates image

* Nikita's feedback

* Update docs/detections/prebuilt-rules-management.asciidoc

* Update docs/detections/prebuilt-rules-update-modified-unmodified.asciidoc

* Davis' feedback

* Update docs/detections/prebuilt-rules-update-modified-unmodified.asciidoc

* Update docs/detections/prebuilt-rules-management.asciidoc

Co-authored-by: Georgii Gorbachev <banderror@gmail.com>

* Remove outdated text

* Georgii's feedback

* Minor editorial fixes (word choice and grammar)

* Update docs/detections/prebuilt-rules-management.asciidoc

Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>

* column headings

* table syntax

* spacing or newlines?

* this table is cursed

---------

Co-authored-by: Nikita Indik <mail@nikitaindik.com>
Co-authored-by: Georgii Gorbachev <banderror@gmail.com>
Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>
(cherry picked from commit 370656a)
@mergify mergify bot mentioned this pull request Mar 25, 2025
Merged
@nastasha-solomon nastasha-solomon deleted the issue-5061-update branch March 25, 2025 18:56
nastasha-solomon added a commit that referenced this pull request Mar 25, 2025
@mergify @nastasha-solomon
[ESS][8.18] Updating customized prebuilt rules (#6568) (#6666)
e09b646 
* First draft

* More edits

* Added statuses table

* Revisions to update section

* Refreshed screenshot

* Change image size

* rewords a few sentences

* final edits

* remove s

* updates to statuses

* Address feedback

* Fix headings

* Update image name

* update other image name

* Re-adds notes

* Missing details

* Typos

* Adds term definitions

* form match

* More edits

* the ref isn't reffing

* Update docs/detections/prebuilt-rules-management.asciidoc

Co-authored-by: Nikita Indik <mail@nikitaindik.com>

* Updates image

* Nikita's feedback

* Update docs/detections/prebuilt-rules-management.asciidoc

* Update docs/detections/prebuilt-rules-update-modified-unmodified.asciidoc

* Davis' feedback

* Update docs/detections/prebuilt-rules-update-modified-unmodified.asciidoc

* Update docs/detections/prebuilt-rules-management.asciidoc

Co-authored-by: Georgii Gorbachev <banderror@gmail.com>

* Remove outdated text

* Georgii's feedback

* Minor editorial fixes (word choice and grammar)

* Update docs/detections/prebuilt-rules-management.asciidoc

Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>

* column headings

* table syntax

* spacing or newlines?

* this table is cursed

---------

Co-authored-by: Nikita Indik <mail@nikitaindik.com>
Co-authored-by: Georgii Gorbachev <banderror@gmail.com>
Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>
(cherry picked from commit 370656a)

Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com>
@nastasha-solomon nastasha-solomon mentioned this pull request Apr 2, 2025
Closed
25 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xcrzx xcrzx xcrzx left review comments

@banderror banderror banderror approved these changes

@natasha-moore-elastic natasha-moore-elastic natasha-moore-elastic approved these changes

@nikitaindik nikitaindik nikitaindik approved these changes

@approksiu approksiu approksiu approved these changes

@dplumlee dplumlee dplumlee approved these changes

@benironside benironside benironside approved these changes

@maximpn maximpn Awaiting requested review from maximpn

Assignees

@nastasha-solomon nastasha-solomon

Labels
Docset: ESS Issues that apply to docs in the Stack release Effort: Medium Issues that take moderate but not substantial time to complete Priority: High Issues that are time-sensitive and/or are of high customer importance Team: Detections/Response Detections and Response v8.18.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@nastasha-solomon @xcrzx @banderror @nikitaindik @approksiu @dplumlee @benironside @natasha-moore-elastic