Skip to content

[8.18] Rule gaps and manual rule runs #6649

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 33 commits into from
Mar 28, 2025
Merged

[8.18] Rule gaps and manual rule runs #6649

merged 33 commits into from
Mar 28, 2025
+60 −28

Conversation

nastasha-solomon
Copy link
Contributor

@nastasha-solomon nastasha-solomon commented Mar 21, 2025
edited
Loading

Addresses #6493, elastic/docs-content#287, and elastic/docs-content#888 by providing 8.18 docs for rule gaps and updating docs for manual runs. Note that I also shifted some manual run content around for better flow or to provide more context where it was lacking.

Twin 9.0 and Serverless PR: elastic/docs-content#892

Previews:

  • Rule Monitoring tab: Refreshed the intro para and screenshot to show that you can find gap details on the Rule Monitoring tab. Also added a short para to the end of the section to elaborate.
  • Execution results tab: Since this section has evolved into an explanation of what's in the Execution results tab on the rule details page, I changed the section name from "Execution results" to "Execution results tab". I also moved content about the Execution log into its own sub-section titled "Execution log table".
    • Gaps table: New section that explains how to use the Gaps table to monitor and fill gaps.
    • Manual runs table: Made a few changes:
      • Removed instructions for accessing the Manual runs table. Since they were generally applicable to all of the tables within the Execution results tab, I provided general guidance to the Manual runs table (and all other tables on the tab) in the intro para for the "Execution results tab" section.
      • Elaborated on what manual runs were and linked to the instructions for starting manual runs to allow users a way to quickly access those steps.
      • Combined related actions and ideas in the list.
  • Manage detection rules | Run rules manually: Made the following changes:
    • Removed the beta tag since manual runs is GA'ing in 8.18. Also refreshed the image to show that the table no longer had a pre-release label.
    • Refreshed intro so it shows that you can manually run rules to fill gaps.
    • Moved a bit of content around at the end for better flow. Also updated the note to include the alert suppression known issue.

@nastasha-solomon nastasha-solomon self-assigned this Mar 21, 2025
@github-actions GitHub Actions
Copy link

A documentation preview will be available soon.

Request a new doc build by commenting
  • Rebuild this PR: run docs-build
  • Rebuild this PR and all Elastic docs: run docs-build rebuild

run docs-build is much faster than run docs-build rebuild. A rebuild should only be needed in rare situations.

If your PR continues to fail for an unknown reason, the doc build pipeline may be broken. Elastic employees can check the pipeline status here.

@nastasha-solomon nastasha-solomon added Feature: Rules Team: Detection Engine Docset: ESS Issues that apply to docs in the Stack release Priority: High Issues that are time-sensitive and/or are of high customer importance Effort: Medium Issues that take moderate but not substantial time to complete labels Mar 21, 2025
@nastasha-solomon nastasha-solomon marked this pull request as ready for review March 23, 2025 18:06
@nastasha-solomon nastasha-solomon requested a review from a team as a code owner March 23, 2025 18:06
@nastasha-solomon nastasha-solomon mentioned this pull request Mar 24, 2025
Merged
natasha-moore-elastic
natasha-moore-elastic approved these changes Mar 24, 2025
View reviewed changes
Copy link
Contributor

@natasha-moore-elastic natasha-moore-elastic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left a few optional suggestions, otherwise LGTM!

nastasha-solomon and others added 3 commits March 24, 2025 09:02
@nastasha-solomon @natasha-moore-elastic
Update docs/detections/rules-ui-monitor.asciidoc
6076706 
Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>
@nastasha-solomon @natasha-moore-elastic
Update docs/detections/rules-ui-monitor.asciidoc
1edc175 
Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>
@nastasha-solomon @natasha-moore-elastic
Update docs/detections/rules-ui-monitor.asciidoc
b8d2aed 
Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>
@nkhristinin nkhristinin self-requested a review March 25, 2025 13:50
approksiu
approksiu reviewed Mar 27, 2025
View reviewed changes
approksiu
approksiu reviewed Mar 27, 2025
View reviewed changes
approksiu
approksiu approved these changes Mar 27, 2025
View reviewed changes
Copy link
Contributor

@approksiu approksiu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, left one note about time-dependency for unfilled gaps duration.

approksiu
approksiu reviewed Mar 27, 2025
View reviewed changes
@nastasha-solomon nastasha-solomon merged commit edf1ec0 into 8.x Mar 28, 2025
4 checks passed
mergify bot pushed a commit that referenced this pull request Mar 28, 2025
@nastasha-solomon @natasha-moore-elastic @mergify
[8.18] Rule gaps and manual rule runs (#6649)
c319363 
* First draft

* Formatting

* Some deduping

* Revisions

* New images

* image updates

* Minor edits

* em dash

* Moved more content around

* Tweak

* Grammar fix

* Missing space

* Update docs/detections/rules-ui-monitor.asciidoc

Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>

* Update docs/detections/rules-ui-monitor.asciidoc

Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>

* Update docs/detections/rules-ui-monitor.asciidoc

Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>

* Update docs/detections/rules-ui-monitor.asciidoc

* Update docs/detections/rules-ui-manage.asciidoc

* Update docs/detections/rules-ui-monitor.asciidoc

* Feedback from technical review

* Update docs/detections/rules-ui-monitor.asciidoc

* Update docs/detections/rules-ui-manage.asciidoc

* Kseniia's feedback

* One more change

* revert changes

* uppercase

* Table name

---------

Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>
(cherry picked from commit edf1ec0)
@mergify mergify bot mentioned this pull request Mar 28, 2025
Merged
nastasha-solomon added a commit to elastic/docs-content that referenced this pull request Mar 28, 2025
@nastasha-solomon @natasha-moore-elastic
[9.0 & Serverless] Rule gaps and manual rule runs (#892)
d0e3a58 
Contributes to elastic/security-docs#6493,
#287, and
#888 by providing 9.0 and
Serverless docs for rule gaps and updating docs for manual runs. See
twin 8.18 PR (elastic/security-docs#6649) for a
breakdown of changes.

**NOTE:** This PR also contains minor fixes to other Serverless pages to
remove errors like double spaces.

Previews:

- [Rule Monitoring
tab](https://docs-v3-preview.elastic.dev/elastic/docs-content/pull/892/solutions/security/detect-and-alert/monitor-rule-executions)
- [Execution results
tab](https://docs-v3-preview.elastic.dev/elastic/docs-content/pull/892/solutions/security/detect-and-alert/monitor-rule-executions#rule-execution-logs)
- [Gaps
table](https://docs-v3-preview.elastic.dev/elastic/docs-content/pull/892/solutions/security/detect-and-alert/monitor-rule-executions#gaps-table)
- [Manual runs
table](https://docs-v3-preview.elastic.dev/elastic/docs-content/pull/892/solutions/security/detect-and-alert/monitor-rule-executions#manual-runs-table)
- [Manage detection rules | Run rules
manually](https://docs-v3-preview.elastic.dev/elastic/docs-content/pull/892/solutions/security/detect-and-alert/manage-detection-rules#manually-run-rules)

---------

Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>
@nastasha-solomon nastasha-solomon deleted the issue-287-6493-gaps-manul-runs branch March 28, 2025 17:03
nastasha-solomon added a commit that referenced this pull request Mar 29, 2025
@mergify @nastasha-solomon
[8.18] Rule gaps and manual rule runs (#6649) (#6688)
2298290 
* First draft

* Formatting

* Some deduping

* Revisions

* New images

* image updates

* Minor edits

* em dash

* Moved more content around

* Tweak

* Grammar fix

* Missing space

* Update docs/detections/rules-ui-monitor.asciidoc

Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>

* Update docs/detections/rules-ui-monitor.asciidoc

Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>

* Update docs/detections/rules-ui-monitor.asciidoc

Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>

* Update docs/detections/rules-ui-monitor.asciidoc

* Update docs/detections/rules-ui-manage.asciidoc

* Update docs/detections/rules-ui-monitor.asciidoc

* Feedback from technical review

* Update docs/detections/rules-ui-monitor.asciidoc

* Update docs/detections/rules-ui-manage.asciidoc

* Kseniia's feedback

* One more change

* revert changes

* uppercase

* Table name

---------

Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>
(cherry picked from commit edf1ec0)

Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com>
@nastasha-solomon nastasha-solomon mentioned this pull request Apr 4, 2025
Closed
25 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nkhristinin nkhristinin nkhristinin approved these changes

@approksiu approksiu approksiu approved these changes

@natasha-moore-elastic natasha-moore-elastic natasha-moore-elastic approved these changes

Assignees

@nastasha-solomon nastasha-solomon

Labels
Docset: ESS Issues that apply to docs in the Stack release Effort: Medium Issues that take moderate but not substantial time to complete Feature: Rules Priority: High Issues that are time-sensitive and/or are of high customer importance Team: Detection Engine v8.18.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@nastasha-solomon @nkhristinin @approksiu @natasha-moore-elastic