From c9836abdf13554afe8c8c0a6feb0220efe98234b Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Thu, 27 Feb 2025 17:13:14 -0800 Subject: [PATCH 1/2] Finishes dashboard section --- .../security-dashboards-overview.md | 18 --- .../serverless/security-data-quality-dash.md | 113 ------------------ .../security-detection-response-dashboard.md | 30 ----- .../serverless/security-overview-dashboard.md | 64 ---------- .../security-rule-monitoring-dashboard.md | 61 ---------- raw-migrated-files/toc.yml | 5 - solutions/security/dashboards.md | 7 -- .../dashboards/data-quality-dashboard.md | 21 +--- .../detection-response-dashboard.md | 9 +- .../detection-rule-monitoring-dashboard.md | 7 -- .../security/dashboards/overview-dashboard.md | 7 -- 11 files changed, 7 insertions(+), 335 deletions(-) delete mode 100644 raw-migrated-files/docs-content/serverless/security-dashboards-overview.md delete mode 100644 raw-migrated-files/docs-content/serverless/security-data-quality-dash.md delete mode 100644 raw-migrated-files/docs-content/serverless/security-detection-response-dashboard.md delete mode 100644 raw-migrated-files/docs-content/serverless/security-overview-dashboard.md delete mode 100644 raw-migrated-files/docs-content/serverless/security-rule-monitoring-dashboard.md diff --git a/raw-migrated-files/docs-content/serverless/security-dashboards-overview.md b/raw-migrated-files/docs-content/serverless/security-dashboards-overview.md deleted file mode 100644 index df23ab1db9..0000000000 --- a/raw-migrated-files/docs-content/serverless/security-dashboards-overview.md +++ /dev/null @@ -1,18 +0,0 @@ -# Dashboards [security-dashboards-overview] - -The {{security-app}}'s default dashboards provide useful visualizations of your security environment. To view them in {{elastic-sec}}, select **Dashboards** from the navigation menu. From the Dashboards page, you can access the default dashboards, as well as create and access custom dashboards. - -To create a new custom dashboard, click **Create Dashboard**. You can control which custom dashboards appear in the table: - -* Use the text search field to filter by name or description. -* Use the **Tags** menu to filter by tag. -* Click a custom dashboard’s tags to toggle filtering for each tag. - -To create a new tag or edit existing tags, open the **Tags** menu and click **Manage tags**. - -:::{image} ../../../images/serverless--dashboards-dashboards-landing-page.png -:alt: The dashboards landing page -:class: screenshot -::: - -Refer to documentation for the other {{elastic-sec}} dashboards to learn more about them. For more information about creating custom dashboards, refer to [Create your first dashboard](../../../explore-analyze/dashboards/create-dashboard-of-panels-with-web-server-data.md). diff --git a/raw-migrated-files/docs-content/serverless/security-data-quality-dash.md b/raw-migrated-files/docs-content/serverless/security-data-quality-dash.md deleted file mode 100644 index a1e3487c39..0000000000 --- a/raw-migrated-files/docs-content/serverless/security-data-quality-dash.md +++ /dev/null @@ -1,113 +0,0 @@ ---- -navigation_title: "Data Quality" ---- - -# Data Quality dashboard [security-data-quality-dash] - - -The Data Quality dashboard shows you whether your data is correctly mapped to the [Elastic Common Schema](asciidocalypse://docs/ecs/docs/reference/index.md) (ECS). Successful [mapping](../../../manage-data/data-store/mapping.md) enables you to search, visualize, and interact with your data throughout {{elastic-sec}}. - -:::{image} ../../../images/serverless--dashboards-data-qual-dash.png -:alt: The Data Quality dashboard -:class: screenshot -::: - -Use the Data Quality dashboard to: - -* Check one or multiple indices for unsuccessful mappings, to help you identify problems (the indices used by {{elastic-sec}} appear by default). -* View the number of documents stored in each of your indices. -* View detailed information about the fields in checked indices. -* Track unsuccessful mappings by creating a case or Markdown report based on data quality results. - -::::{admonition} Requirements -:class: note - -To use the Data Quality dashboard, you need the appropriate user role with the following privileges for each index you want to check: - -* `monitor` or `manage` -* `view_index_metadata` or `manage` (required for the [Get mapping API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-indices-get-mapping)) -* `read` (required for the [Search API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-search)) - -:::: - - - -## Check indices [data-quality-dash-check-indices] - -When you open the dashboard, data does not appear until you select indices to check. - -* **Check multiple indices**: To check all indices in the current data view, click **Check all** at the top of the dashboard. A progress indicator will appear. - -::::{important} -To customize which indices are checked when you click **Check all**, [change the current data view](../../../solutions/security/get-started/data-views-elastic-security.md). - -:::: - - -* **Check a single index**: To check a single index, click the **Check now** button under **Actions**. Checking a single index is faster than checking all indices. - - -## Visualize checked indices [security-data-quality-dash-visualize-checked-indices] - -The treemap that appears at the top of the dashboard shows the relative document count of your indices. The color of each index’s node refers to its status: - -* **Blue:** Not yet checked. -* **Green:** Checked, no incompatible fields found. -* **Red:** Checked, one or more incompatible fields found. - -Click a node in the treemap to expand the corresponding index. - - -## Learn more about checked index fields [security-data-quality-dash-learn-more-about-checked-index-fields] - -After an index is checked, a `Pass` or `Fail` status appears. `Fail` indicates mapping problems in an index. To view index check details, including which fields weren’t successfully mapped, click the **Check now** button under **Actions**. - -:::{image} ../../../images/serverless--dashboards-data-qual-dash-detail.png -:alt: An expanded index with some failed results in the Data Quality dashboard -:class: screenshot -::: - -The index check flyout provides more information about the status of fields in that index. Each of its tabs describe fields grouped by mapping status. - -::::{note} -Fields in the Same family category have the correct search behavior, but might have different storage or performance characteristics (for example, you can index strings to both text and keyword fields). To learn more, refer to [Field data types](asciidocalypse://docs/elasticsearch/docs/reference/elasticsearch/mapping-reference/field-data-types.md). - -:::: - - - -## View historical data quality results [security-data-quality-dash-view-historical-data-quality-results] - -You can review an index’s data quality history by clicking **View history** under **Actions***, or by clicking the ***History*** tab in the details flyout. You can filter the results by time and ***Pass** / **Fail** status. Click a historical check to expand it and view more details. - -:::{image} ../../../images/serverless-history-tab.png -:alt: An index's data quality history tab -:class: screenshot -::: - -::::{note} -Recent historical data includes the **Incompatible fields** and **Same family** views. Legacy historical data only includes the **Incompatible fields** view. - -:::: - - - -## Export data quality results [security-data-quality-dash-export-data-quality-results] - -You can share data quality results to help track your team’s remediation efforts. First, follow the instructions under [Check indices](../../../solutions/security/dashboards/data-quality-dashboard.md#data-quality-dash-check-indices) to generate results, then either: - -**Export results for all indices in the current data view**: - -1. At the top of the dashboard, under the **Check all** button, are two buttons that allow you to share results. Exported results include all the data which appears in the dashboard. -2. Click **Add to new case** to open a new [case](../../../solutions/security/investigate/cases.md). -3. Click **Copy to clipboard** to copy a Markdown report to your clipboard. - -**Export results for one index**: - -1. View details for a checked index by clicking the **Check now** button under **Actions**. -2. From the **Incompatible fields** tab, select **Add to new case** to open a new [case](../../../solutions/security/investigate/cases.md), or click **Copy to clipboard** to copy a Markdown report to your clipboard. - -::::{note} -For more information about how to fix mapping problems, refer to [Mapping](../../../manage-data/data-store/mapping.md). - -:::: diff --git a/raw-migrated-files/docs-content/serverless/security-detection-response-dashboard.md b/raw-migrated-files/docs-content/serverless/security-detection-response-dashboard.md deleted file mode 100644 index 0147bd8271..0000000000 --- a/raw-migrated-files/docs-content/serverless/security-detection-response-dashboard.md +++ /dev/null @@ -1,30 +0,0 @@ ---- -navigation_title: "Detection & Response" ---- - -# Detection & Response dashboard [security-detection-response-dashboard] - - -The Detection & Response dashboard provides focused visibility into the day-to-day operations of your security environment. It helps security operations managers and analysts quickly monitor recent and high priority detection alerts and cases, and identify the hosts and users associated with alerts. - -:::{image} ../../../images/serverless--detections-detection-response-dashboard.png -:alt: Overview of Detection & Response dashboard -:class: screenshot -::: - -Interact with various dashboard elements: - -* Use the date and time picker in the upper-right to specify a time range for displaying information on the dashboard. -* In sections that list alert counts, click a number to view the alerts on the Alerts page. Hover over the number and select **Investigate in timeline** (![Timeline](../../../images/serverless-timeline.svg "")) to open the alerts in Timeline. -* Click the name of a detection rule, case, host, or user to open its details page. - -The following sections are included: - -| | | -| --- | --- | -| Alerts | The total number of detection alerts generated within the time range, organized by status and severity. Select **View alerts** to open the Alerts page. | -| Cases | The total number of cases created within the time range, organized by status. Select **View cases** to open the Cases page. | -| Open alerts by rule | The top four detection rules with open alerts, organized by the severity and number of alerts for each rule. Select **View all open alerts** to open the Alerts page. | -| Recently created cases | The four most recently created cases. Select **View recent cases** to open the Cases page. | -| Hosts by alert severity | The hosts generating detection alerts within the time range, organized by the severity and number of alerts. Shows up to 100 hosts. | -| Users by alert severity | The users generating detection alerts within the time range, organized by the severity and number of alerts. Shows up to 100 users. | diff --git a/raw-migrated-files/docs-content/serverless/security-overview-dashboard.md b/raw-migrated-files/docs-content/serverless/security-overview-dashboard.md deleted file mode 100644 index 82e4710988..0000000000 --- a/raw-migrated-files/docs-content/serverless/security-overview-dashboard.md +++ /dev/null @@ -1,64 +0,0 @@ ---- -navigation_title: "Overview" ---- - -# Overview dashboard [security-overview-dashboard] - - -The Overview dashboard provides a high-level snapshot of alerts and events. It helps you assess overall system health and find anomalies that may require further investigation. - -:::{image} ../../../images/serverless--dashboards-overview-pg.png -:alt: Overview dashboard -:class: screenshot -::: - - -## Live feed [security-overview-dashboard-live-feed] - -The live feed on the Overview dashboard helps you quickly access recently created cases, favorited Timelines, and the latest {{elastic-sec}} news. - -::::{tip} -The **Security news** section provides the latest {{elastic-sec}} news to help you stay informed of new developments, learn about {{elastic-sec}} features, and more. - -:::: - - -:::{image} ../../../images/serverless--dashboards-live-feed-ov-page.png -:alt: Overview dashboard with live feed section highlighted -:class: screenshot -::: - - -## Histograms [security-overview-dashboard-histograms] - -Time-based histograms show the number of detections, alerts, and events that have occurred within the selected time range. To focus on a particular time, click and drag to select a time range, or choose a preset value. The **Stack by** menu lets you select which field is used to organize the data. For example, in the Alert trend histogram, stack by `kibana.alert.rule.name` to display alert counts by rule name within the specified time frame. - -Hover over histograms, graphs, and tables to display an **Inspect** button (![Inspect](../../../images/serverless-inspect.svg "")) or options menu (![More actions](../../../images/serverless-boxesHorizontal.svg "")). Click to inspect the visualization’s {{es}} queries, add it to a new or existing case, or open it in Lens for customization. - - -## Host and network events [security-overview-dashboard-host-and-network-events] - -View event and host counts grouped by data source, such as **Auditbeat** or **{{elastic-defend}}**. Expand a category to view specific counts of host or network events from the selected source. - -:::{image} ../../../images/serverless--getting-started-events-count.png -:alt: Host and network events on the Overview dashboard -:class: screenshot -::: - - -## Threat Intelligence [security-overview-dashboard-threat-intelligence] - -The Threat Intelligence view on the Overview dashboard provides streamlined threat intelligence data for threat detection and matching. - -The view shows the total number of ingested threat indicators, enabled threat intelligence sources, and ingested threat indicators per source. To learn more about the ingested indicator data, click **View indicators**. - -::::{note} -For more information about connecting to threat intelligence sources, visit [Enable threat intelligence integrations](../../../solutions/security/get-started/enable-threat-intelligence-integrations.md). - -:::: - - -:::{image} ../../../images/getting-started-threat-intelligence-view.png -:alt: Threat Intelligence view on the Overview dashboard -:class: screenshot -::: diff --git a/raw-migrated-files/docs-content/serverless/security-rule-monitoring-dashboard.md b/raw-migrated-files/docs-content/serverless/security-rule-monitoring-dashboard.md deleted file mode 100644 index 2686e23de8..0000000000 --- a/raw-migrated-files/docs-content/serverless/security-rule-monitoring-dashboard.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -navigation_title: "Detection rule monitoring" ---- - -# Detection rule monitoring dashboard [security-rule-monitoring-dashboard] - - -The Detection rule monitoring dashboard provides visualizations to help you monitor the overall health and performance of {{elastic-sec}}'s detection rules. Consult this dashboard for a high-level view of whether your rules are running successfully and how long they’re taking to run, search data, and create alerts. - -:::{image} ../../../images/serverless--dashboards-rule-monitoring-overview.png -:alt: Overview of Detection rule monitoring dashboard -:class: screenshot -::: - -::::{admonition} Requirements -:class: note - -To access this dashboard and its data, you must have the appropriate user role. - -:::: - - - -## Visualization data and types [rule-monitoring-visualizations] - -The dashboard presents a variety of information about your detection rules. Visualizations display and calculate data within the time range and filters selected at the top of the dashboard. - -The following visualizations are included: - -* **Rule KPIs (key performance indicators)**: The total number of rules enabled, how many times they collectively ran, and their response statuses. -* **Executions by rule type**: Rule executions over time, broken down by rule type. -* **Executions by status**: Rule executions over time, broken down by status. -* **Total rule execution duration**: How long rules take to run, from start to finish. -* **Rule schedule delay**: The delay between a rule’s scheduled start time and when it actually starts running. -* **Search/query duration**: How long rules take to query source indices or data views. -* **Indexing duration**: How long rules take to generate alerts and write them to the `.alerts-security.alerts-*` index. -* **Top 10 rules**: Lists of the overall slowest rules, most delayed rules, and rules with the most **Failed** and **Warning** response statuses. - - -## Visualization panel actions [rule-visualization-actions] - -Open a panel’s options menu (![More actions](../../../images/serverless-boxesHorizontal.svg "")) customize the panel or use its data for further analysis and investigation: - -* **Edit panel settings**: Customize the panel’s display settings. Options vary by visualization type. -* **Inspect**: Examine the panel’s underlying data and queries. -* **Explore data in Discover**: Open Discover with preloaded filters to display the panel’s data. -* **Maximize panel**: Expand the panel. -* **Download as CSV**: Download the panel’s data in a CSV file. -* **Copy to dashboard**: Copy the panel to an existing or new dashboard. -* **Add to existing case**: Add the panel to an existing case. -* **Add to new case**: Create a new case and add the panel to it. -* **Create anomaly detection job**: Create a {{ml}} anomaly detection job using the panel’s data. - - -## Clone and edit the dashboard [clone-edit-dashboard] - -To make persistent changes to the dashboard, you can clone the dashboard and edit the cloned copy, but your copy will not get updates from Elastic. - -1. Click **Edit**, then **Save as**. -2. On the **Save dashboard** dialog, enter a new **Title** for your cloned copy. -3. Make sure **Save as new dashboard** is selected, then click **Save**. You can now make additional changes and save them to your copy. diff --git a/raw-migrated-files/toc.yml b/raw-migrated-files/toc.yml index 9866403943..3bddecd9f6 100644 --- a/raw-migrated-files/toc.yml +++ b/raw-migrated-files/toc.yml @@ -213,10 +213,7 @@ toc: - file: docs-content/serverless/security-cspm-get-started.md - file: docs-content/serverless/security-cspm-security-posture-faq.md - file: docs-content/serverless/security-cspm.md - - file: docs-content/serverless/security-dashboards-overview.md - - file: docs-content/serverless/security-data-quality-dash.md - file: docs-content/serverless/security-detection-engine-overview.md - - file: docs-content/serverless/security-detection-response-dashboard.md - file: docs-content/serverless/security-detections-requirements.md - file: docs-content/serverless/security-endpoints-page.md - file: docs-content/serverless/security-environment-variable-capture.md @@ -228,7 +225,6 @@ toc: - file: docs-content/serverless/security-kspm.md - file: docs-content/serverless/security-llm-connector-guides.md - file: docs-content/serverless/security-llm-performance-matrix.md - - file: docs-content/serverless/security-overview-dashboard.md - file: docs-content/serverless/security-policies-page.md - file: docs-content/serverless/security-posture-faq.md - file: docs-content/serverless/security-posture-management.md @@ -239,7 +235,6 @@ toc: - file: docs-content/serverless/security-response-actions-config.md - file: docs-content/serverless/security-response-actions-history.md - file: docs-content/serverless/security-response-actions.md - - file: docs-content/serverless/security-rule-monitoring-dashboard.md - file: docs-content/serverless/security-rules-coverage.md - file: docs-content/serverless/security-rules-create.md - file: docs-content/serverless/security-rules-ui-management.md diff --git a/solutions/security/dashboards.md b/solutions/security/dashboards.md index 195d300ee1..ef5bd039db 100644 --- a/solutions/security/dashboards.md +++ b/solutions/security/dashboards.md @@ -6,13 +6,6 @@ mapped_urls: # Dashboards -% What needs to be done: Lift-and-shift - -% Use migrated content from existing pages that map to this page: - -% - [x] ./raw-migrated-files/security-docs/security/dashboards-overview.md -% - [ ] ./raw-migrated-files/docs-content/serverless/security-dashboards-overview.md - The {{security-app}}'s default dashboards provide useful visualizations of your security environment. To view them in {{elastic-sec}}, select **Dashboards** from the navigation menu. From the Dashboards page, you can access the default dashboards, as well as create and access custom dashboards. To create a new custom dashboard, click **Create Dashboard**. You can control which custom dashboards appear in the table: diff --git a/solutions/security/dashboards/data-quality-dashboard.md b/solutions/security/dashboards/data-quality-dashboard.md index 0cf9178750..44cd9c1fc5 100644 --- a/solutions/security/dashboards/data-quality-dashboard.md +++ b/solutions/security/dashboards/data-quality-dashboard.md @@ -6,17 +6,6 @@ mapped_urls: # Data Quality dashboard -% What needs to be done: Align serverless/stateful - -% Use migrated content from existing pages that map to this page: - -% - [x] ./raw-migrated-files/security-docs/security/data-quality-dash.md -% - [ ] ./raw-migrated-files/docs-content/serverless/security-data-quality-dash.md - -% Internal links rely on the following IDs being on this page (e.g. as a heading ID, paragraph ID, etc): - -$$$data-quality-dash-check-indices$$$ - The Data Quality dashboard shows you whether your data is correctly mapped to the [Elastic Common Schema](asciidocalypse://docs/ecs/docs/reference/index.md) (ECS). Successful [mapping](/manage-data/data-store/mapping.md) enables you to search, visualize, and interact with your data throughout {{elastic-sec}} and {{kib}}. :::{image} ../../../images/security-data-qual-dash.png @@ -27,12 +16,14 @@ The Data Quality dashboard shows you whether your data is correctly mapped to th Use the Data Quality dashboard to: * Check one or multiple indices for unsuccessful mappings, to help you identify problems (the indices used by {{elastic-sec}} appear by default). -* View the amount of data stored in each of your indices. +* View the amount of data and number of documents stored in each of your indices. * View detailed information about the fields in checked indices. * Track unsuccessful mappings by creating a case or Markdown report based on data quality results. + ::::{note} -The Data Quality dashboard doesn’t show data from cold or frozen [data tiers](/manage-data/lifecycle/data-tiers.md). It also doesn’t display data from remote clusters using cross-cluster search. To view data from another cluster, log in to that cluster’s {{kib}} instance. +* On {{serverless-short}} deployments, index `Size` data is not available. +* The Data Quality dashboard doesn’t show data from cold or frozen [data tiers](/manage-data/lifecycle/data-tiers.md). It also doesn’t display data from remote clusters using cross-cluster search. To view data from another cluster, log in to that cluster’s {{kib}} instance. :::: @@ -82,7 +73,7 @@ Click a node in the treemap to expand the corresponding index. ## Learn more about checked index fields [_learn_more_about_checked_index_fields] -After an index is checked, a **Pass** or **Fail*** status appears. ***Fail*** indicates mapping problems in an index. To view index check details, including which fields weren’t successfully mapped, click the ***Check now** button under **Actions**. +After an index is checked, a **Pass** or **Fail** status appears. **Fail** indicates mapping problems in an index. To view index check details, including which fields weren’t successfully mapped, click the **Check now** button under **Actions**. :::{image} ../../../images/security-data-qual-dash-detail.png :alt: An expanded index with some failed results in the Data Quality dashboard @@ -99,7 +90,7 @@ Fields in the **Same family** category have the correct search behavior, but mig ## View historical data quality results [_view_historical_data_quality_results] -You can review an index’s data quality history by clicking **View history** under **Actions***, or by clicking the ***History*** tab in the details flyout. You can filter the results by time and ***Pass** / **Fail** status. Click a historical check to expand it and view more details. +You can review an index’s data quality history by clicking **View history** under **Actions**, or by clicking the **History** tab in the details flyout. You can filter the results by time and **Pass** / **Fail** status. Click a historical check to expand it and view more details. :::{image} ../../../images/security-data-qual-dash-history.png :alt: The Data Quality dashboard diff --git a/solutions/security/dashboards/detection-response-dashboard.md b/solutions/security/dashboards/detection-response-dashboard.md index 91a47e8490..f7460ab393 100644 --- a/solutions/security/dashboards/detection-response-dashboard.md +++ b/solutions/security/dashboards/detection-response-dashboard.md @@ -6,13 +6,6 @@ mapped_urls: # Detection & Response dashboard -% What needs to be done: Lift-and-shift - -% Use migrated content from existing pages that map to this page: - -% - [x] ./raw-migrated-files/security-docs/security/detection-response-dashboard.md -% - [ ] ./raw-migrated-files/docs-content/serverless/security-detection-response-dashboard.md - The Detection & Response dashboard provides focused visibility into the day-to-day operations of your security environment. It helps security operations managers and analysts quickly monitor recent and high priority detection alerts and cases, and identify the hosts and users associated with alerts. :::{image} ../../../images/security-detection-response-dashboard.png @@ -23,7 +16,7 @@ The Detection & Response dashboard provides focused visibility into the day-to-d Interact with various dashboard elements: * Use the date and time picker in the upper-right to specify a time range for displaying information on the dashboard. -* In sections that list alert counts, click a number to view the alerts on the Alerts page. Hover over the number and select **Investigate in timeline** (![Investigate in timeline icon](../../../images/security-timeline-button-osquery.png "")) to open the alerts in Timeline. +* In sections that list alert counts, click a number to view the alerts on the Alerts page. Hover over the number and select **Investigate in timeline** (![Investigate in timeline icon](../../../images/security-timeline-button-osquery.png "title =50%")) to open the alerts in Timeline. * Click the name of a detection rule, case, host, or user to open its details page. The following sections are included: diff --git a/solutions/security/dashboards/detection-rule-monitoring-dashboard.md b/solutions/security/dashboards/detection-rule-monitoring-dashboard.md index 3121d900ad..3edde4f7f7 100644 --- a/solutions/security/dashboards/detection-rule-monitoring-dashboard.md +++ b/solutions/security/dashboards/detection-rule-monitoring-dashboard.md @@ -6,13 +6,6 @@ mapped_urls: # Detection rule monitoring dashboard -% What needs to be done: Align serverless/stateful - -% Use migrated content from existing pages that map to this page: - -% - [x] ./raw-migrated-files/security-docs/security/rule-monitoring-dashboard.md -% - [ ] ./raw-migrated-files/docs-content/serverless/security-rule-monitoring-dashboard.md - The Detection rule monitoring dashboard provides visualizations to help you monitor the overall health and performance of {{elastic-sec}}'s detection rules. Consult this dashboard for a high-level view of whether your rules are running successfully and how long they’re taking to run, search data, and create alerts. :::{image} ../../../images/security-rule-monitoring-overview.png diff --git a/solutions/security/dashboards/overview-dashboard.md b/solutions/security/dashboards/overview-dashboard.md index 8c256dc9ad..9f5f83e0cd 100644 --- a/solutions/security/dashboards/overview-dashboard.md +++ b/solutions/security/dashboards/overview-dashboard.md @@ -6,13 +6,6 @@ mapped_urls: # Overview dashboard -% What needs to be done: Lift-and-shift - -% Use migrated content from existing pages that map to this page: - -% - [x] ./raw-migrated-files/security-docs/security/overview-dashboard.md -% - [ ] ./raw-migrated-files/docs-content/serverless/security-overview-dashboard.md - The Overview dashboard provides a high-level snapshot of alerts and events. It helps you assess overall system health and find anomalies that may require further investigation. :::{image} ../../../images/security-overview-pg.png From df85630fa8b111346371d49c6d0bf1700ba3a949 Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> Date: Wed, 5 Mar 2025 09:37:20 -0800 Subject: [PATCH 2/2] Update solutions/security/dashboards/detection-response-dashboard.md Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> --- solutions/security/dashboards/detection-response-dashboard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/solutions/security/dashboards/detection-response-dashboard.md b/solutions/security/dashboards/detection-response-dashboard.md index f7460ab393..9734aa1722 100644 --- a/solutions/security/dashboards/detection-response-dashboard.md +++ b/solutions/security/dashboards/detection-response-dashboard.md @@ -16,7 +16,7 @@ The Detection & Response dashboard provides focused visibility into the day-to-d Interact with various dashboard elements: * Use the date and time picker in the upper-right to specify a time range for displaying information on the dashboard. -* In sections that list alert counts, click a number to view the alerts on the Alerts page. Hover over the number and select **Investigate in timeline** (![Investigate in timeline icon](../../../images/security-timeline-button-osquery.png "title =50%")) to open the alerts in Timeline. +* In sections that list alert counts, click a number to view the alerts on the Alerts page. Hover over the number and select **Investigate in timeline** (![Investigate in timeline icon](../../../images/security-timeline-button-osquery.png "title =20x20")) to open the alerts in Timeline. * Click the name of a detection rule, case, host, or user to open its details page. The following sections are included: