[DOCS] Detection engine wildcard exceptions #2212
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
joepeeples
added
Team: Docs
Team: Detections/Response
joepeeples
requested review from
benironside,
jmikell821,
marshallmain,
nastasha-solomon and
peluja1012
benironside
reviewed
Aug 4, 2022
Contributor
benironside
left a comment
benironside
left a comment
There was a problem hiding this comment.
Looks great overall, left some minor suggestions.
docs/detections/api/exceptions/api-create-exception-item.asciidoc
Outdated
Show resolved
Hide resolved
| * `is` | `is not` — Must be an exact match of the defined value. | ||
| * `is one of` | `is not one of` — Matches any of the defined values. | ||
| * `exists` | `does not exist` — The defined field exists. | ||
| * `is in list` | `is not in list` — Matches values in a value list. |
Contributor
There was a problem hiding this comment.
Suggested change
| * `is in list` | `is not in list` — Matches values in a value list. | |
| * `is in list` | `is not in list` — Matches values in a list. |
Contributor
Author
There was a problem hiding this comment.
I think this needs to remain "value list" to be consistent with other usage in the topic and also in the UI (the button on the Rules page is labeled "Import value lists".)
joepeeples
changed the title
Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com>
marshallmain
approved these changes
Aug 8, 2022
Contributor
marshallmain
left a comment
marshallmain
left a comment
There was a problem hiding this comment.
Wildcard info all looks correct to me 👍
nastasha-solomon
approved these changes
Aug 12, 2022
Contributor
nastasha-solomon
left a comment
nastasha-solomon
left a comment
There was a problem hiding this comment.
LGTM! I left two small edits that are suggestions, not fixes. Feel free to take em or leave em :)
jmikell821
approved these changes
Aug 15, 2022
Contributor
jmikell821
left a comment
jmikell821
left a comment
There was a problem hiding this comment.
Reviewed suggested feedback and new edits, all LGTM, thanks! 👍
|
Hi @joepeeples, We have reviewed the shared preview links and observed that all changes are present 🟢 Screenshots:
Create exception item | Request body | entries schema
Hence we are adding the "QA: Validated" label to it. Thanks!! |
ghost
added
QA:Validated
mergify bot
pushed a commit
that referenced
this pull request
Aug 18, 2022
* Add `matches`, revise condition steps * Various edits * Update API, other adjustments * Consolidate stacked admonitions * Revise ableist language * Revise for new grouped navigation UI * Apply suggestions from Ben's review Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> * Apply suggestions from review Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> (cherry picked from commit 3b44ecf)
nastasha-solomon
pushed a commit
to nastasha-solomon/security-docs
that referenced
this pull request
Sep 19, 2022
) * Add `matches`, revise condition steps * Various edits * Update API, other adjustments * Consolidate stacked admonitions * Revise ableist language * Revise for new grouped navigation UI * Apply suggestions from Ben's review Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> * Apply suggestions from review Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> (cherry picked from commit 3b44ecf) Co-authored-by: Joe Peeples <joe.peeples@elastic.co>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Resolves #2207.
Previews:
entriesschema