Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DOC] Rule fields Override and Rule Building blocks #60

Closed
dontcallmesherryli opened this issue Jul 8, 2020 · 1 comment · Fixed by #70 or #73
Closed

[DOC] Rule fields Override and Rule Building blocks #60

dontcallmesherryli opened this issue Jul 8, 2020 · 1 comment · Fixed by #70 or #73
Assignees
@benskelker @jmikell821
Labels
Team: Docs v7.9.0 Features in the 7.9 Release

Comments

@dontcallmesherryli
Copy link

dontcallmesherryli commented Jul 8, 2020
edited
Loading

Description

**Meta issue: ** elastic/kibana#65941

User has the ability to map source fields to values of severity and risk score when they create a detection rule.

image

In advanced settings for rules creation, user also has the ability to override Rule Name and Timestamp, as well as check that the rule is a Building Block.
image (47)

Acceptance Test Criteria

Documentation is required to instruct user to use Severity and Risk score override if they wish to use certain fields to map their rule severity and risk score to.

Use case example: User is using a data source where he wants to use a field called Priority Ranking (with the values of 1, 2, 3, 4, 5 as rank) is used for the SIEM Detection Rule Severity. He would select Priority Ranking as source field, and map severity value 1 to Critical, 2 to High, and so on. Now the user can use the source data to standardize into the SIEM severity mapping.

Notes

  • Add the "Team:Docs" label to new issues.
  • Be sure to add any necessary screenshots for clarity.
  • Include any conditions or caveats that may affect customers.
@dontcallmesherryli dontcallmesherryli added Team: Docs v7.9.0 Features in the 7.9 Release labels Jul 8, 2020
@dontcallmesherryli dontcallmesherryli changed the title [DOC] Rule Severity and Risk Score Override [DOC] Rule fields Override and Rule Building blocks Jul 8, 2020
@benskelker benskelker self-assigned this Jul 14, 2020
@narcher7 narcher7 mentioned this issue Jul 15, 2020
Closed
@benskelker
Copy link
Contributor

benskelker commented Jul 21, 2020
edited
Loading

Related API PR: #70
Related issue: #71

Related UI PR: #73

This was linked to pull requests Jul 26, 2020
[Docs]Updates detections API #70
Merged
[Docs]Detections and Alerts UI #73
Merged
@benskelker benskelker reopened this Jul 26, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@benskelker benskelker

@jmikell821 jmikell821

Labels
Team: Docs v7.9.0 Features in the 7.9 Release
Projects
None yet
Milestone
No milestone
3 participants
@dontcallmesherryli @benskelker @jmikell821