From 70ffd200f6d41fc14905470bbd2ba8b034d08033 Mon Sep 17 00:00:00 2001 From: Arianna Laudazzi Date: Fri, 17 Oct 2025 14:02:24 +0200 Subject: [PATCH] Add step 4 to complete the procedure --- solutions/security/ai/attack-discovery.md | 1 + 1 file changed, 1 insertion(+) diff --git a/solutions/security/ai/attack-discovery.md b/solutions/security/ai/attack-discovery.md index d3b257a869..2323b5ae6b 100644 --- a/solutions/security/ai/attack-discovery.md +++ b/solutions/security/ai/attack-discovery.md @@ -54,6 +54,7 @@ Attack Discovery is designed for use with alerts based on data that complies wit 1. Select an alert with some of the non-ECS fields you want to analyze, and go to its details flyout. From here, use the **Ask AI Assistant** button to open AI Assistant. 2. At the bottom of the chat window, the alert's information appears. Click **Edit** to open the anonymization window to this alert's fields. 3. Search for and select the non-ECS fields you want Attack Discovery to analyze. Set them to **Allowed**. +4. Check the `Update presets` box to add the allowed fields to the space's default anonymization settings. The selected fields can now be analyzed the next time you run Attack Discovery. :::