[DOCS] Response console, actions history updates #2536
Conversation
joepeeples
added
Team: Docs
Team: EDR Workflows
|
Documentation previews: |
Empty placeholder for now
|
@elasticmachine run elasticsearch-ci/docs |
joepeeples
requested review from
benironside,
caitlinbetz,
jmikell821,
kevinlog and
nastasha-solomon
joepeeples
changed the title
|
haven't done a full review yet, but I super love the requirements section. Gracefully designed, concise, and relevant. 👏 |
nastasha-solomon
left a comment
nastasha-solomon
left a comment
There was a problem hiding this comment.
Left a handful of suggestions that you can take or leave. :) Good job overall!
Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
|
|
||
| You can use this panel to build commands with less typing. Click the add icon (image:images/add-command-icon.png[Add icon,17,17]) to add a command to the input area, enter any additional parameters or a comment, then press *Return* to run the command. | ||
|
|
||
| If the endpoint is running an older version of {agent}, some response actions may not be supported, as indicated by an informational icon and tooltip. {fleet-guide}/upgrade-elastic-agent.html[Upgrade {agent}] on the endpoint to add support for the latest response actions. |
There was a problem hiding this comment.
@joepeeples while this will be true in 8.6, this functionality was not released in 8.5. If the user has an Endpoint that is older than 8.4 the Responder option in the menu will be disabled with a message to upgrade.
Here is a screenshot of what users will see in 8.5.
|
@joepeeples it mostly LGTM! I saw one area where we reference a not yet released feature of the Response Console. Apologies if I caused any confusion anywhere as some point. Let me know if you have any questions. |
|
Follow-up on comment above: #2536 (comment) Note (mostly) to self: I'll revise this section and screenshot in this PR, which will merge to main (aka 8.6.0) and backport to v8.5.0. I also created docs issue #2575 for 8.6.0, so I can update main/8.6.0 separately. There's probably some kind of Git wizardry to do this all in one swoop, but opting to keep it simple. Also AFAIK the feature hasn't actually been re-enabled yet, per https://github.com/elastic/security-team/issues/5161, so I can follow up on my docs issue once the feature itself has merged. |
@kevinlog No worries, I just missed the follow-up PR where the feature was disabled for 8.5. See my comment above for what I'm doing; for this PR I've just removed the paragraph and image; we already say at the top of the page that Agent must be 8.4 or later, and the tooltip in the UI is very clear too. |
Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com>
|
Hi @joepeeples, We have tested this PR for the reference docs attached in comparison to the latest 8.5.0 BC build received and below our observations for the same: Issue reported:
We will test this PR once again after the related bug is closed. Thank you!! |
* Rename "actions log" to "response actions history" * Add new page for response actions history Empty placeholder for now * Update existing screenshots * Big draft - Add all content for new response actions history page - Revise existing actions history sections - Consolidate details into one location, instead of maintaining three nearly identical sections * Assorted edits, and aligning host/endpoint terms * Rename images, minor edits * Explain unsupported response actions * Add superuser requirement, try out sidebar * Minor reformat * Apply suggestions from Nastasha's review Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> * Add link to Agent/Fleet upgrade docs * Remove command indicator (pushed back to 8.6) * Update docs/management/admin/host-isolation-ov.asciidoc Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> * Update images with default text in search field Resolves #2588 Resolves #2589 Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> (cherry picked from commit d050b6e)
* Rename "actions log" to "response actions history" * Add new page for response actions history Empty placeholder for now * Update existing screenshots * Big draft - Add all content for new response actions history page - Revise existing actions history sections - Consolidate details into one location, instead of maintaining three nearly identical sections * Assorted edits, and aligning host/endpoint terms * Rename images, minor edits * Explain unsupported response actions * Add superuser requirement, try out sidebar * Minor reformat * Apply suggestions from Nastasha's review Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> * Add link to Agent/Fleet upgrade docs * Remove command indicator (pushed back to 8.6) * Update docs/management/admin/host-isolation-ov.asciidoc Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> * Update images with default text in search field Resolves #2588 Resolves #2589 Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> (cherry picked from commit d050b6e) Co-authored-by: Joe Peeples <joe.peeples@elastic.co>
Related issues:
Previews:
Bonus!
For the Endpoint response actions page, I tried a possible design for a dedicated "Requirements" callout section (using the Asciidoc sidebar syntax).
@jmikell821 @nastasha-solomon @benironside: What do you think? We've talked about adding something like this throughout the docs, so if we like this (or any iteration of it, we can tweak it), I can open an issue to update other pages with similar requirements info.