Skip to content

Add missing step to the "How to add non-ECS fields to Attack Discovery" procedure #3524

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Oct 17, 2025
+1 −0
Merged

Add missing step to the "How to add non-ECS fields to Attack Discovery" procedure #3524

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
70ffd20
Add step 4 to complete the procedure
alaudazzi Oct 17, 2025
a4896e6
Merge branch 'main' into fix-3504
alaudazzi Oct 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions solutions/security/ai/attack-discovery.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ Attack Discovery is designed for use with alerts based on data that complies wit
1. Select an alert with some of the non-ECS fields you want to analyze, and go to its details flyout. From here, use the **Ask AI Assistant** button to open AI Assistant.
2. At the bottom of the chat window, the alert's information appears. Click **Edit** to open the anonymization window to this alert's fields.
3. Search for and select the non-ECS fields you want Attack Discovery to analyze. Set them to **Allowed**.
4. Check the `Update presets` box to add the allowed fields to the space's default anonymization settings.

The selected fields can now be analyzed the next time you run Attack Discovery.
:::
Expand Down