[DOCS] Add new EQL search configuration options #2061
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
joepeeples
added
Team: Docs
Team: Detections/Response
joepeeples
requested review from
benironside,
e40pud,
jmikell821,
marshallmain and
nastasha-solomon
benironside
reviewed
Jun 15, 2022
Contributor
benironside
left a comment
benironside
left a comment
There was a problem hiding this comment.
LGTM, left one minor comment/question.
Contributor
|
LGTM! thank you! |
e40pud
approved these changes
Jun 16, 2022
Contributor
nastasha-solomon
left a comment
nastasha-solomon
left a comment
There was a problem hiding this comment.
Left one minor comment that applies to all other areas that mention ascending order. Otherwise, LGTM!
jmikell821
reviewed
Jun 22, 2022
Contributor
jmikell821
left a comment
jmikell821
left a comment
There was a problem hiding this comment.
Just added my two cents to what was already mentioned. LGTM though - thanks! 🎉
|
Hi @joepeeples , We tested the linked docs and found that all the docs are correctly updated as per the latest UI. So we are good to go ahead and merge the changes. Screenshots:
Create rule API | Optional fields for event correlation rules
Update rule API | Optional fields for EQL rules
Hence, we are marking this ticket as 'QA validated'. Thanks! |
ghost
added
QA:Validated
mergify bot
pushed a commit
that referenced
this pull request
Jun 23, 2022
* Update eql-rule-query-example.png * Update procedure for creating EQL rule * Update API docs: create rule, update rule * Align minor phrasing * Explain timestamp_field & timestamp_override * Updates based on review feedback (cherry picked from commit 3f2f653)
joepeeples
added a commit
that referenced
this pull request
Jun 23, 2022
* Update eql-rule-query-example.png * Update procedure for creating EQL rule * Update API docs: create rule, update rule * Align minor phrasing * Explain timestamp_field & timestamp_override * Updates based on review feedback (cherry picked from commit 3f2f653) Co-authored-by: Joe Peeples <joe.peeples@elastic.co>
benironside
pushed a commit
that referenced
this pull request
Jun 24, 2022
* Update eql-rule-query-example.png * Update procedure for creating EQL rule * Update API docs: create rule, update rule * Align minor phrasing * Explain timestamp_field & timestamp_override * Updates based on review feedback
benironside
added a commit
that referenced
this pull request
Jun 28, 2022
* First draft * Add placeholder for instructions for self-hosted * updates formatting * updates format and image size * Updates formatting and annotates screenshots * updates to the main intro and some terms here and there * [DOCS] Revise workaround for aggregated fields in threshold rules (#2074) * Remove workaround from create rule docs * Restore admonition, with revisions from Madison * [DOCS][8.3] Updates "Endpoint Security" to "Endpoint and Cloud Security" screenshots (#2075) * Updates screenshots and replaces the old name with the new name. * Updates text, fixes image names * Update docs/getting-started/install-endpoint.asciidoc Co-authored-by: Joe Peeples <joe.peeples@elastic.co> * Update docs/getting-started/install-endpoint.asciidoc Co-authored-by: Joe Peeples <joe.peeples@elastic.co> * Fix bugs found by QA Co-authored-by: Joe Peeples <joe.peeples@elastic.co> * Add example response section (#2084) * [DOCS] Add new EQL search configuration options (#2061) * Update eql-rule-query-example.png * Update procedure for creating EQL rule * Update API docs: create rule, update rule * Align minor phrasing * Explain timestamp_field & timestamp_override * Updates based on review feedback * [DOCS] Adds warning about exceptions requiring mappings (#2110) * Move callout about endpoint exceptions to more appropriate section This not was previously at the top-level exceptions section, when it really only applies when adding to the Endpoint rule. * Add note about mappings being required for exceptions Wording is subject to change; just throwing something at the wall for now. * Apply suggestions from code review Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> * [DOCS] Removed ref to Stack GS (#2128) * Minor edits to Tin's work * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> * Matches order of sections to order they're mentioned in the intro * Changes bullets to numbers * Update docs/experimental-features/experimental-features-intro.asciidoc Co-authored-by: Joe Peeples <joe.peeples@elastic.co> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Joe Peeples <joe.peeples@elastic.co> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Joe Peeples <joe.peeples@elastic.co> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Joe Peeples <joe.peeples@elastic.co> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com> * Update docs/experimental-features/experimental-features-intro.asciidoc * Incorporate Joe's and Janeen's feedback * fixes build error * troubleshoots build error * troubleshoots build error * troubleshoots build erors Co-authored-by: Joe Peeples <joe.peeples@elastic.co> Co-authored-by: Ryland Herrick <ryalnd@gmail.com> Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> Co-authored-by: debadair <debadair@elastic.co> Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com>
mergify bot
pushed a commit
that referenced
this pull request
Jun 28, 2022
* First draft * Add placeholder for instructions for self-hosted * updates formatting * updates format and image size * Updates formatting and annotates screenshots * updates to the main intro and some terms here and there * [DOCS] Revise workaround for aggregated fields in threshold rules (#2074) * Remove workaround from create rule docs * Restore admonition, with revisions from Madison * [DOCS][8.3] Updates "Endpoint Security" to "Endpoint and Cloud Security" screenshots (#2075) * Updates screenshots and replaces the old name with the new name. * Updates text, fixes image names * Update docs/getting-started/install-endpoint.asciidoc Co-authored-by: Joe Peeples <joe.peeples@elastic.co> * Update docs/getting-started/install-endpoint.asciidoc Co-authored-by: Joe Peeples <joe.peeples@elastic.co> * Fix bugs found by QA Co-authored-by: Joe Peeples <joe.peeples@elastic.co> * Add example response section (#2084) * [DOCS] Add new EQL search configuration options (#2061) * Update eql-rule-query-example.png * Update procedure for creating EQL rule * Update API docs: create rule, update rule * Align minor phrasing * Explain timestamp_field & timestamp_override * Updates based on review feedback * [DOCS] Adds warning about exceptions requiring mappings (#2110) * Move callout about endpoint exceptions to more appropriate section This not was previously at the top-level exceptions section, when it really only applies when adding to the Endpoint rule. * Add note about mappings being required for exceptions Wording is subject to change; just throwing something at the wall for now. * Apply suggestions from code review Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> * [DOCS] Removed ref to Stack GS (#2128) * Minor edits to Tin's work * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> * Matches order of sections to order they're mentioned in the intro * Changes bullets to numbers * Update docs/experimental-features/experimental-features-intro.asciidoc Co-authored-by: Joe Peeples <joe.peeples@elastic.co> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Joe Peeples <joe.peeples@elastic.co> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Joe Peeples <joe.peeples@elastic.co> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Joe Peeples <joe.peeples@elastic.co> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com> * Update docs/experimental-features/experimental-features-intro.asciidoc * Incorporate Joe's and Janeen's feedback * fixes build error * troubleshoots build error * troubleshoots build error * troubleshoots build erors Co-authored-by: Joe Peeples <joe.peeples@elastic.co> Co-authored-by: Ryland Herrick <ryalnd@gmail.com> Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> Co-authored-by: debadair <debadair@elastic.co> Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com> (cherry picked from commit edeecb9)
benironside
added a commit
that referenced
this pull request
Jun 28, 2022
* First draft * Add placeholder for instructions for self-hosted * updates formatting * updates format and image size * Updates formatting and annotates screenshots * updates to the main intro and some terms here and there * [DOCS] Revise workaround for aggregated fields in threshold rules (#2074) * Remove workaround from create rule docs * Restore admonition, with revisions from Madison * [DOCS][8.3] Updates "Endpoint Security" to "Endpoint and Cloud Security" screenshots (#2075) * Updates screenshots and replaces the old name with the new name. * Updates text, fixes image names * Update docs/getting-started/install-endpoint.asciidoc Co-authored-by: Joe Peeples <joe.peeples@elastic.co> * Update docs/getting-started/install-endpoint.asciidoc Co-authored-by: Joe Peeples <joe.peeples@elastic.co> * Fix bugs found by QA Co-authored-by: Joe Peeples <joe.peeples@elastic.co> * Add example response section (#2084) * [DOCS] Add new EQL search configuration options (#2061) * Update eql-rule-query-example.png * Update procedure for creating EQL rule * Update API docs: create rule, update rule * Align minor phrasing * Explain timestamp_field & timestamp_override * Updates based on review feedback * [DOCS] Adds warning about exceptions requiring mappings (#2110) * Move callout about endpoint exceptions to more appropriate section This not was previously at the top-level exceptions section, when it really only applies when adding to the Endpoint rule. * Add note about mappings being required for exceptions Wording is subject to change; just throwing something at the wall for now. * Apply suggestions from code review Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> * [DOCS] Removed ref to Stack GS (#2128) * Minor edits to Tin's work * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> * Matches order of sections to order they're mentioned in the intro * Changes bullets to numbers * Update docs/experimental-features/experimental-features-intro.asciidoc Co-authored-by: Joe Peeples <joe.peeples@elastic.co> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Joe Peeples <joe.peeples@elastic.co> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Joe Peeples <joe.peeples@elastic.co> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Joe Peeples <joe.peeples@elastic.co> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com> * Update docs/experimental-features/security-posture-management.asciidoc Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com> * Update docs/experimental-features/experimental-features-intro.asciidoc * Incorporate Joe's and Janeen's feedback * fixes build error * troubleshoots build error * troubleshoots build error * troubleshoots build erors Co-authored-by: Joe Peeples <joe.peeples@elastic.co> Co-authored-by: Ryland Herrick <ryalnd@gmail.com> Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> Co-authored-by: debadair <debadair@elastic.co> Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com> (cherry picked from commit edeecb9) Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com>
acorretti
pushed a commit
that referenced
this pull request
Nov 19, 2024
* Update eql-rule-query-example.png * Update procedure for creating EQL rule * Update API docs: create rule, update rule * Align minor phrasing * Explain timestamp_field & timestamp_override * Updates based on review feedback
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Resolves #2018.
Previews: