diff --git a/docs/detections/alerts-ui-manage.asciidoc b/docs/detections/alerts-ui-manage.asciidoc index e9af95bc9f..3d35d01815 100644 --- a/docs/detections/alerts-ui-manage.asciidoc +++ b/docs/detections/alerts-ui-manage.asciidoc @@ -59,7 +59,7 @@ Use the view options drop-down in the upper-right of the Alerts table to control [role="screenshot"] image::images/event-rendered-view.png[Alerts table with the Event rendered view enabled] -TIP: If you're in the grid view, you can still view the event rendering for a specific alert by clicking the link in the *Event Summary* column, if a link is available. Some events do not have event renderings. +TIP: When using grid view, you can view alert-rendered reason statements and event renderings for specific alerts by clicking the expand icon in the *Reason* column. Some events do not have event renderings. [float] [[alert-actions]] diff --git a/docs/detections/alerts-view-details.asciidoc b/docs/detections/alerts-view-details.asciidoc index 1642a25e04..93a17d8e9c 100644 --- a/docs/detections/alerts-view-details.asciidoc +++ b/docs/detections/alerts-view-details.asciidoc @@ -14,7 +14,7 @@ The alert details flyout contains these informational tabs: * *JSON*: The alert data in JSON format. [role="screenshot"] -image::images/alert-details-flyout.png[Alert details flyout] +image::images/alert-details-flyout.png[Alert details flyout, 90%] [discrete] [[alert-details-overview]] @@ -26,7 +26,11 @@ The *Overview* tab contains these features: * *Summary*: Displays general details such as the alert's status, severity, risk score, and a link to the detection rule that produced the alert. -* *Reason statement*: Provides a description of what generated the alert and provides general alert details. You can use this to understand the alert's origin and determine if the alert is relevant to your investigation. +* *Alert-rendered reason statement*: Provides alert details in a logically-arranged format. Shows high-level details, including the alert severity (`kibana.alert.severity`) and the rule that generated the alert (`kibana.alert.rule.name`). Fields are interactive, hover over one to access the available actions. + +* *Event renderer*: Displays relevant event details to provide context for the alert, such as file paths or process arguments. Shows alert details in a human-readable format. Fields are interactive; hover over to access the available actions. ++ +NOTE: The event renderer only displays if an event renderer exists for the alert type. * *Highlighted fields*: Surfaces the most relevant fields for the alert type. Use this to inform your triage efforts as you investigate the alert. diff --git a/docs/detections/images/alert-details-flyout.png b/docs/detections/images/alert-details-flyout.png index 096f0410b6..670eebcce9 100644 Binary files a/docs/detections/images/alert-details-flyout.png and b/docs/detections/images/alert-details-flyout.png differ diff --git a/docs/detections/images/event-rendered-view.png b/docs/detections/images/event-rendered-view.png index 018d1cbf03..079f75c701 100644 Binary files a/docs/detections/images/event-rendered-view.png and b/docs/detections/images/event-rendered-view.png differ diff --git a/docs/detections/images/insights-section.png b/docs/detections/images/insights-section.png index 7acc410143..5bb89c4321 100644 Binary files a/docs/detections/images/insights-section.png and b/docs/detections/images/insights-section.png differ