From 48f21dbb435af3a741f3d1539d02f1d8eeec48a2 Mon Sep 17 00:00:00 2001 From: Joe Peeples Date: Fri, 29 Apr 2022 16:33:53 -0400 Subject: [PATCH 1/6] Rename actions button to actions menu --- docs/management/admin/event-filters.asciidoc | 4 ++-- docs/management/admin/host-isolation-exceptions.asciidoc | 4 ++-- docs/management/admin/trusted-apps.asciidoc | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/management/admin/event-filters.asciidoc b/docs/management/admin/event-filters.asciidoc index b457a98897..924e9c3147 100644 --- a/docs/management/admin/event-filters.asciidoc +++ b/docs/management/admin/event-filters.asciidoc @@ -77,7 +77,7 @@ You can individually configure each event filter. With a Platinum or Enterprise To edit an event filter: -. Click the actions button (*...*) for the event filter you want to edit, then select *Edit event filter*. +. Click the actions menu (*...*) for the event filter you want to edit, then select *Edit event filter*. . Modify details or conditions as needed. . Click *Update event filter*. @@ -88,5 +88,5 @@ You can delete an event filter, which removes it entirely from all {endpoint-sec To delete an event filter: -. Click the actions button (*...*) for the event filter you want to delete, then select *Delete event filter*. +. Click the actions menu (*...*) for the event filter you want to delete, then select *Delete event filter*. . On the dialog that opens, verify that you are removing the correct event filter, then click *Remove event filter*. A confirmation message is displayed. diff --git a/docs/management/admin/host-isolation-exceptions.asciidoc b/docs/management/admin/host-isolation-exceptions.asciidoc index 572f69d152..a9dad50699 100644 --- a/docs/management/admin/host-isolation-exceptions.asciidoc +++ b/docs/management/admin/host-isolation-exceptions.asciidoc @@ -42,7 +42,7 @@ You can individually configure each host isolation exception and change the poli To edit a host isolation exception: -. Click the actions button (**...**) for the exception you want to edit, then select **Edit Exception**. +. Click the actions menu (**...**) for the exception you want to edit, then select **Edit Exception**. . Modify details as needed. . Click **Edit Host isolation exception**. The newly modified exception appears at the top of the list. @@ -53,7 +53,7 @@ You can delete a host isolation exception, which removes it entirely from all {e To delete a host isolation exception: -. Click the actions button (**...**) for the exception you want to delete, then select **Delete Exception**. +. Click the actions menu (**...**) for the exception you want to delete, then select **Delete Exception**. . On the dialog that opens, verify that you are removing the correct host isolation exception, then click **Remove exception**. A confirmation message is displayed. diff --git a/docs/management/admin/trusted-apps.asciidoc b/docs/management/admin/trusted-apps.asciidoc index ecd73bcd1c..eabd08b2de 100644 --- a/docs/management/admin/trusted-apps.asciidoc +++ b/docs/management/admin/trusted-apps.asciidoc @@ -63,7 +63,7 @@ You can individually configure each trusted application. With a Platinum or Ente To edit a trusted application: -. Click the actions button (*...*​) for the trusted application you want to edit, then select *Edit trusted application*. +. Click the actions menu (*...*​) for the trusted application you want to edit, then select *Edit trusted application*. . Modify details as needed. . Click *Save*. @@ -74,5 +74,5 @@ You can delete a trusted application, which removes it entirely from all {endpoi To delete a trusted application: -. Click the actions button (*...*) for the trusted application you want to delete, then select *Delete trusted application*. +. Click the actions menu (*...*) for the trusted application you want to delete, then select *Delete trusted application*. . On the dialog that opens, verify that you are removing the correct application, then click *Delete*. A confirmation message is displayed. From fdc49c9e4e7bd9c207c1168e2da1db3349a8dc82 Mon Sep 17 00:00:00 2001 From: Joe Peeples Date: Fri, 29 Apr 2022 16:39:24 -0400 Subject: [PATCH 2/6] Rename button to menu in non-Endpoint topics Incidentally found these instances, so fixing them in this PR while we're at it --- docs/detections/detections-ui-exceptions.asciidoc | 4 ++-- docs/detections/rules-ui-monitor.asciidoc | 2 +- docs/troubleshooting/management/ts-management.asciidoc | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/detections/detections-ui-exceptions.asciidoc b/docs/detections/detections-ui-exceptions.asciidoc index 00b423dee2..331712e772 100644 --- a/docs/detections/detections-ui-exceptions.asciidoc +++ b/docs/detections/detections-ui-exceptions.asciidoc @@ -113,7 +113,7 @@ image::images/exception-histogram.png[Detail of Exceptions tab, 75%] * To add an exception from the Alerts table: .. Go to *Detect* -> *Alerts*. -.. Scroll down to the Alerts table, go to the alert you want to create an exception for, click the *More Actions* button (*...*), then select *Add rule exception*. +.. Scroll down to the Alerts table, go to the alert you want to create an exception for, click the *More Actions* menu (*...*), then select *Add rule exception*. The *Add Rule Exception* flyout opens (the example below was opened from the Alerts table): -- @@ -181,7 +181,7 @@ Additionally, to add an Endpoint exception to the Elastic {endpoint-sec} rule, t * To add an Endpoint exception from the Alerts table: .. Go to *Detect* -> *Alerts*. .. Scroll down to the Alerts table, and from an Elastic Security Endpoint -alert, click the *More actions* button (*...*), then select *Add Endpoint exception*. +alert, click the *More actions* menu (*...*), then select *Add Endpoint exception*. -- + The *Add Endpoint Exception* flyout opens, from either the rule details page or the Alerts table. diff --git a/docs/detections/rules-ui-monitor.asciidoc b/docs/detections/rules-ui-monitor.asciidoc index a00a39094b..b675bc4da1 100644 --- a/docs/detections/rules-ui-monitor.asciidoc +++ b/docs/detections/rules-ui-monitor.asciidoc @@ -73,7 +73,7 @@ You can also use Task Manager in {kib} to troubleshoot background tasks and proc If you see values in the Gaps column in the Rule Monitoring table or on the Rule details page for a small number of rules, you can increase those rules' -Additional look-back time (*Detect* -> *Rules* -> the rule's *All actions* button (*...*) -> *Edit rule settings* -> *Schedule* -> *Additional look-back time*). +Additional look-back time (*Detect* -> *Rules* -> the rule's *All actions* menu (*...*) -> *Edit rule settings* -> *Schedule* -> *Additional look-back time*). It's recommended to set the `Additional look-back time` to at least 1 minute. This ensures there are no missing alerts when a rule doesn't diff --git a/docs/troubleshooting/management/ts-management.asciidoc b/docs/troubleshooting/management/ts-management.asciidoc index cf2416b2fa..bfe60756f2 100644 --- a/docs/troubleshooting/management/ts-management.asciidoc +++ b/docs/troubleshooting/management/ts-management.asciidoc @@ -21,7 +21,7 @@ To restart a transform that’s not running: . Go to *Kibana* -> *Stack Management* -> *Data* -> *Transforms*. . Enter `endpoint.metadata` in the search box to find the transforms for {endpoint-sec}. -. Click the *Actions* button (*...*) and do one of the following for each transform, depending on the value in the *Status* column: +. Click the *Actions* menu (*...*) and do one of the following for each transform, depending on the value in the *Status* column: * `stopped`: Select *Start* to restart the transform. * `failed`: Select *Stop* to first stop the transform, and then select *Start* to restart it. + From 04951856909b6aad4ff93f6968cbe2d8711939c2 Mon Sep 17 00:00:00 2001 From: Joe Peeples Date: Fri, 29 Apr 2022 16:54:01 -0400 Subject: [PATCH 3/6] Revises endpoint procedures for consistency --- docs/management/admin/blocklist.asciidoc | 2 +- docs/management/admin/event-filters.asciidoc | 8 ++++---- docs/management/admin/host-isolation-exceptions.asciidoc | 8 ++++---- docs/management/admin/trusted-apps.asciidoc | 6 +++--- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/docs/management/admin/blocklist.asciidoc b/docs/management/admin/blocklist.asciidoc index 360352e9b8..193f1f27af 100644 --- a/docs/management/admin/blocklist.asciidoc +++ b/docs/management/admin/blocklist.asciidoc @@ -65,7 +65,7 @@ You can individually modify each blocklist entry. With a Platinum or Enterprise To edit a blocklist entry: -. Click the actions menu (*...*​) for the blocklist entry you want to edit, then select *Edit blocklist*. +. Click the actions menu (*...*) for the blocklist entry you want to edit, then select *Edit blocklist*. . Modify details as needed. . Click *Save*. diff --git a/docs/management/admin/event-filters.asciidoc b/docs/management/admin/event-filters.asciidoc index 924e9c3147..f167af05a6 100644 --- a/docs/management/admin/event-filters.asciidoc +++ b/docs/management/admin/event-filters.asciidoc @@ -65,7 +65,7 @@ NOTE: You can also select the `Per Policy` option without immediately assigning The **Event filters** list allows you to view and manage your endpoint event filters. To view the Event filters list, go to *Manage* -> *Event filters*. Event filters appear in reverse chronological order, with the most recently created at the top. Each filter has its own entry, which displays details such as the filter's name, operating system, date created, and conditions. -To refine the **Event filters** list, use the search bar to search by filter names, comments, and field values. +To refine the list, use the search bar to search by filter name, comments, and field values. [role="screenshot"] image::images/event-filters-list.png[] @@ -73,13 +73,13 @@ image::images/event-filters-list.png[] [discrete] [[edit-event-filter]] === Edit an event filter -You can individually configure each event filter. With a Platinum or Enterprise subscription, you can also change the policies applied to each filter. +You can individually modify each event filter. With a Platinum or Enterprise subscription, you can also change the policies that an event filter is assigned to. To edit an event filter: . Click the actions menu (*...*) for the event filter you want to edit, then select *Edit event filter*. . Modify details or conditions as needed. -. Click *Update event filter*. +. Click *Save*. [discrete] [[delete-event-filter]] @@ -89,4 +89,4 @@ You can delete an event filter, which removes it entirely from all {endpoint-sec To delete an event filter: . Click the actions menu (*...*) for the event filter you want to delete, then select *Delete event filter*. -. On the dialog that opens, verify that you are removing the correct event filter, then click *Remove event filter*. A confirmation message is displayed. +. On the dialog that opens, verify that you are removing the correct event filter, then click *Delete*. A confirmation message is displayed. diff --git a/docs/management/admin/host-isolation-exceptions.asciidoc b/docs/management/admin/host-isolation-exceptions.asciidoc index a9dad50699..4155ed08dd 100644 --- a/docs/management/admin/host-isolation-exceptions.asciidoc +++ b/docs/management/admin/host-isolation-exceptions.asciidoc @@ -30,7 +30,7 @@ NOTE: You can also select the `Per Policy` option without immediately assigning [[manage-host-isolation-exceptions]] == View and manage host isolation exceptions -The **Host isolation exceptions** list displays all the host isolation exceptions that have been configured for {elastic-sec}. To refine the **Host isolation exceptions** list, use the search bar to search by name, description, or IP address. +The **Host isolation exceptions** list displays all the host isolation exceptions that have been configured for {elastic-sec}. To refine the list, use the search bar to search by name, description, or IP address. [role="screenshot"] image::images/host-isolation-exceptions-ui.png[List of host isolation exceptions] @@ -38,13 +38,13 @@ image::images/host-isolation-exceptions-ui.png[List of host isolation exceptions [discrete] [[edit-host-isolation-exception]] === Edit a host isolation exception -You can individually configure each host isolation exception and change the policies applied to each host isolation exception. +You can individually modify each host isolation exception and change the policies that a host isolation exception is assigned to. To edit a host isolation exception: . Click the actions menu (**...**) for the exception you want to edit, then select **Edit Exception**. . Modify details as needed. -. Click **Edit Host isolation exception**. The newly modified exception appears at the top of the list. +. Click **Save**. The newly modified exception appears at the top of the list. [discrete] [[delete-host-isolation-exception]] @@ -54,6 +54,6 @@ You can delete a host isolation exception, which removes it entirely from all {e To delete a host isolation exception: . Click the actions menu (**...**) for the exception you want to delete, then select **Delete Exception**. -. On the dialog that opens, verify that you are removing the correct host isolation exception, then click **Remove exception**. A confirmation message is displayed. +. On the dialog that opens, verify that you are removing the correct host isolation exception, then click **Delete**. A confirmation message is displayed. diff --git a/docs/management/admin/trusted-apps.asciidoc b/docs/management/admin/trusted-apps.asciidoc index eabd08b2de..3353daa81f 100644 --- a/docs/management/admin/trusted-apps.asciidoc +++ b/docs/management/admin/trusted-apps.asciidoc @@ -51,7 +51,7 @@ NOTE: You can also select the `Per Policy` option without immediately assigning [[trusted-apps-list]] == View and manage trusted applications -The *Trusted applications* list displays all the trusted applications that have been added to the {security-app}. To refine the *Trusted applications* list, use the search bar to search by name, description, or a field value. +The *Trusted applications* list displays all the trusted applications that have been added to the {security-app}. To refine the list, use the search bar to search by name, description, or field values. [role="screenshot"] image::images/trusted-apps-list.png[] @@ -59,11 +59,11 @@ image::images/trusted-apps-list.png[] [discrete] [[edit-trusted-app]] === Edit a trusted application -You can individually configure each trusted application. With a Platinum or Enterprise subscription, you can also change the policies applied to a trusted application. +You can individually modify each trusted application. With a Platinum or Enterprise subscription, you can also change the policies that a trusted application is assigned to. To edit a trusted application: -. Click the actions menu (*...*​) for the trusted application you want to edit, then select *Edit trusted application*. +. Click the actions menu (*...*) for the trusted application you want to edit, then select *Edit trusted application*. . Modify details as needed. . Click *Save*. From 91cd5d138bae16e1acfe0d7fece503258ba5ef8e Mon Sep 17 00:00:00 2001 From: Joe Peeples Date: Fri, 29 Apr 2022 17:02:42 -0400 Subject: [PATCH 4/6] Edits for further alignment --- docs/management/admin/event-filters.asciidoc | 2 +- docs/management/admin/trusted-apps.asciidoc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/management/admin/event-filters.asciidoc b/docs/management/admin/event-filters.asciidoc index f167af05a6..83f5a9b103 100644 --- a/docs/management/admin/event-filters.asciidoc +++ b/docs/management/admin/event-filters.asciidoc @@ -65,7 +65,7 @@ NOTE: You can also select the `Per Policy` option without immediately assigning The **Event filters** list allows you to view and manage your endpoint event filters. To view the Event filters list, go to *Manage* -> *Event filters*. Event filters appear in reverse chronological order, with the most recently created at the top. Each filter has its own entry, which displays details such as the filter's name, operating system, date created, and conditions. -To refine the list, use the search bar to search by filter name, comments, and field values. +To refine the list, use the search bar to search by filter name, description, comments, or field value. [role="screenshot"] image::images/event-filters-list.png[] diff --git a/docs/management/admin/trusted-apps.asciidoc b/docs/management/admin/trusted-apps.asciidoc index 3353daa81f..c0b6787ed0 100644 --- a/docs/management/admin/trusted-apps.asciidoc +++ b/docs/management/admin/trusted-apps.asciidoc @@ -51,7 +51,7 @@ NOTE: You can also select the `Per Policy` option without immediately assigning [[trusted-apps-list]] == View and manage trusted applications -The *Trusted applications* list displays all the trusted applications that have been added to the {security-app}. To refine the list, use the search bar to search by name, description, or field values. +The *Trusted applications* list displays all the trusted applications that have been added to the {security-app}. To refine the list, use the search bar to search by name, description, or field value. [role="screenshot"] image::images/trusted-apps-list.png[] From 3c7f5934e122747f0cca2b10fe4b034af620cdce Mon Sep 17 00:00:00 2001 From: Joe Peeples Date: Mon, 2 May 2022 09:51:41 -0400 Subject: [PATCH 5/6] More edits, more alignment --- docs/management/admin/event-filters.asciidoc | 4 +--- docs/management/admin/host-isolation-exceptions.asciidoc | 2 +- docs/management/admin/trusted-apps.asciidoc | 2 +- 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/docs/management/admin/event-filters.asciidoc b/docs/management/admin/event-filters.asciidoc index 83f5a9b103..c1964245fe 100644 --- a/docs/management/admin/event-filters.asciidoc +++ b/docs/management/admin/event-filters.asciidoc @@ -63,9 +63,7 @@ NOTE: You can also select the `Per Policy` option without immediately assigning [discrete] == View and manage event filters -The **Event filters** list allows you to view and manage your endpoint event filters. To view the Event filters list, go to *Manage* -> *Event filters*. Event filters appear in reverse chronological order, with the most recently created at the top. Each filter has its own entry, which displays details such as the filter's name, operating system, date created, and conditions. - -To refine the list, use the search bar to search by filter name, description, comments, or field value. +The **Event filters** page displays all the event filters that have been added to the {security-app}. To refine the list, use the search bar to search by filter name, description, comments, or field value. [role="screenshot"] image::images/event-filters-list.png[] diff --git a/docs/management/admin/host-isolation-exceptions.asciidoc b/docs/management/admin/host-isolation-exceptions.asciidoc index 4155ed08dd..a269898908 100644 --- a/docs/management/admin/host-isolation-exceptions.asciidoc +++ b/docs/management/admin/host-isolation-exceptions.asciidoc @@ -30,7 +30,7 @@ NOTE: You can also select the `Per Policy` option without immediately assigning [[manage-host-isolation-exceptions]] == View and manage host isolation exceptions -The **Host isolation exceptions** list displays all the host isolation exceptions that have been configured for {elastic-sec}. To refine the list, use the search bar to search by name, description, or IP address. +The **Host isolation exceptions** page displays all the host isolation exceptions that have been configured for {elastic-sec}. To refine the list, use the search bar to search by name, description, or IP address. [role="screenshot"] image::images/host-isolation-exceptions-ui.png[List of host isolation exceptions] diff --git a/docs/management/admin/trusted-apps.asciidoc b/docs/management/admin/trusted-apps.asciidoc index c0b6787ed0..6258b39e40 100644 --- a/docs/management/admin/trusted-apps.asciidoc +++ b/docs/management/admin/trusted-apps.asciidoc @@ -51,7 +51,7 @@ NOTE: You can also select the `Per Policy` option without immediately assigning [[trusted-apps-list]] == View and manage trusted applications -The *Trusted applications* list displays all the trusted applications that have been added to the {security-app}. To refine the list, use the search bar to search by name, description, or field value. +The *Trusted applications* page displays all the trusted applications that have been added to the {security-app}. To refine the list, use the search bar to search by name, description, or field value. [role="screenshot"] image::images/trusted-apps-list.png[] From 17ca0b66953cfb904e95b26d36173f70306a49a5 Mon Sep 17 00:00:00 2001 From: Joe Peeples Date: Mon, 2 May 2022 11:05:20 -0400 Subject: [PATCH 6/6] Apply suggestions from Janeen's review Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com> --- docs/management/admin/event-filters.asciidoc | 2 +- docs/management/admin/host-isolation-exceptions.asciidoc | 2 +- docs/management/admin/trusted-apps.asciidoc | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/management/admin/event-filters.asciidoc b/docs/management/admin/event-filters.asciidoc index c1964245fe..0c507bc751 100644 --- a/docs/management/admin/event-filters.asciidoc +++ b/docs/management/admin/event-filters.asciidoc @@ -86,5 +86,5 @@ You can delete an event filter, which removes it entirely from all {endpoint-sec To delete an event filter: -. Click the actions menu (*...*) for the event filter you want to delete, then select *Delete event filter*. +. Click the actions menu (*...*) on the event filter you want to delete, then select *Delete event filter*. . On the dialog that opens, verify that you are removing the correct event filter, then click *Delete*. A confirmation message is displayed. diff --git a/docs/management/admin/host-isolation-exceptions.asciidoc b/docs/management/admin/host-isolation-exceptions.asciidoc index a269898908..612cb55a0f 100644 --- a/docs/management/admin/host-isolation-exceptions.asciidoc +++ b/docs/management/admin/host-isolation-exceptions.asciidoc @@ -53,7 +53,7 @@ You can delete a host isolation exception, which removes it entirely from all {e To delete a host isolation exception: -. Click the actions menu (**...**) for the exception you want to delete, then select **Delete Exception**. +. Click the actions menu (**...**) on the exception you want to delete, then select **Delete Exception**. . On the dialog that opens, verify that you are removing the correct host isolation exception, then click **Delete**. A confirmation message is displayed. diff --git a/docs/management/admin/trusted-apps.asciidoc b/docs/management/admin/trusted-apps.asciidoc index 6258b39e40..58c44e8087 100644 --- a/docs/management/admin/trusted-apps.asciidoc +++ b/docs/management/admin/trusted-apps.asciidoc @@ -63,7 +63,7 @@ You can individually modify each trusted application. With a Platinum or Enterpr To edit a trusted application: -. Click the actions menu (*...*) for the trusted application you want to edit, then select *Edit trusted application*. +. Click the actions menu (*...*) on the trusted application you want to edit, then select *Edit trusted application*. . Modify details as needed. . Click *Save*. @@ -74,5 +74,5 @@ You can delete a trusted application, which removes it entirely from all {endpoi To delete a trusted application: -. Click the actions menu (*...*) for the trusted application you want to delete, then select *Delete trusted application*. +. Click the actions menu (*...*) on the trusted application you want to delete, then select *Delete trusted application*. . On the dialog that opens, verify that you are removing the correct application, then click *Delete*. A confirmation message is displayed.