From c6657a0098f0d23e1859a1375500d864fb9756c3 Mon Sep 17 00:00:00 2001 From: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Thu, 6 Oct 2022 16:26:37 -0400 Subject: [PATCH] [DOCS] Feature flag enabled by default for feature that displays alerts in the process tree (#2538) (cherry picked from commit 4f49cab134305e1f36b85fde5f1bb98b7835daec) --- docs/detections/visual-event-analyzer.asciidoc | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/docs/detections/visual-event-analyzer.asciidoc b/docs/detections/visual-event-analyzer.asciidoc index c112457b3c..0695f9a15d 100644 --- a/docs/detections/visual-event-analyzer.asciidoc +++ b/docs/detections/visual-event-analyzer.asciidoc @@ -120,14 +120,11 @@ image::images/event-details.png[] NOTE: In {stack} versions 7.10.0 and newer, there is no limit to the number of events that can be associated with a process. However, in {stack} versions 7.9.0 and earlier, each process is limited to only 100 events. +If you have a https://www.elastic.co/pricing[Platinum or Enterprise subscription], you can also examine alerts associated with events. + To examine alerts associated with the event, select the alert pill (*_x_ alert*). The left pane lists the total number of associated alerts, and alerts are ordered from oldest to newest. Each alert shows the type of event that produced it (`event.category`), the event timestamp (`@timestamp`), and rule that generated the alert (`kibana.alert.rule.name`). Click on the rule name to open the alert's details. In the example screenshot below, five alerts were generated by the analyzed event (`lsass.exe`). The left pane displays the associated alerts and basic information about each one. -preview::[] - -NOTE: Displaying alerts in the process tree is a https://www.elastic.co/pricing[Platinum or Enterprise subscription] feature. In addition, to display it in {elastic-sec} you must add the following feature flag to the `kibana.yml` file: -`xpack.securitySolution.enableExperimental: ['insightsRelatedAlertsByProcessAncestry']` - [role="screenshot"] image::images/alert-pill.png[]