From 40966f2521ab58db3f3e8819a56679db2f5296b5 Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Sat, 22 Mar 2025 14:38:13 -0400 Subject: [PATCH 1/4] First draft --- docs/detections/rules-ui-manage.asciidoc | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docs/detections/rules-ui-manage.asciidoc b/docs/detections/rules-ui-manage.asciidoc index 8043ccbf69..58b5cd8bd1 100644 --- a/docs/detections/rules-ui-manage.asciidoc +++ b/docs/detections/rules-ui-manage.asciidoc @@ -210,3 +210,14 @@ You can also check rules' related integrations in the *Installed Rules* and *Rul image::images/rules-table-related-integrations.png[Rules table with related integrations popup,75%] TIP: You can hide the *integrations* badge in the rules tables. To do this, turn off `securitySolution:showRelatedIntegrations` <>. + + +[float] +[[manage-rule-dac]] +=== Manage rules as code + +Utilize the https://dac-reference.readthedocs.io/en/latest/dac_concept_and_workflows.html[Detection-as-Code] (DaC) principles to externally manage your detection rules. + +The {{elastic-sec}} Labs team uses the https://github.com/elastic/detection-rules[detection-rules] repo to develop, test, and release {{elastic-sec}}'s https://github.com/elastic/detection-rules/tree/main/rules[prebuilt rules]. The repo provides DaC features and allows you to customize settings to simplify the setup for managing user rules with the DaCe pipeline. + +To get started, refer to the https://github.com/elastic/detection-rules/blob/main/README.md#detections-as-code-dac[DaC documentation]. \ No newline at end of file From 8c1c311222346d69d41fa0ca081aaad56c687aae Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Tue, 25 Mar 2025 16:11:23 -0400 Subject: [PATCH 2/4] Moved locations --- docs/detections/detection-engine-intro.asciidoc | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/docs/detections/detection-engine-intro.asciidoc b/docs/detections/detection-engine-intro.asciidoc index 5607e31dab..d59ce37be2 100644 --- a/docs/detections/detection-engine-intro.asciidoc +++ b/docs/detections/detection-engine-intro.asciidoc @@ -116,4 +116,14 @@ setting is not enabled in the `elasticsearch.yml` file. For more information, re [[detections-logsdb-index-mode]] == Using logsdb index mode -To learn how your rules and alerts are affected by using the {ref}/logs-data-stream.html[logsdb index mode], refer to <>. \ No newline at end of file +To learn how your rules and alerts are affected by using the {ref}/logs-data-stream.html[logsdb index mode], refer to <>. + +[discrete] +[[manage-rule-dac]] +=== Manage rules as code + +Utilize the https://dac-reference.readthedocs.io/en/latest/dac_concept_and_workflows.html[Detection-as-Code] (DaC) principles to externally manage your detection rules. + +The {{elastic-sec}} Labs team uses the https://github.com/elastic/detection-rules[detection-rules] repo to develop, test, and release {elastic-sec}'s https://github.com/elastic/detection-rules/tree/main/rules[prebuilt rules]. The repo provides DaC features and allows you to customize settings to simplify the setup for managing user rules with the DaCe pipeline. + +To get started, refer to the https://github.com/elastic/detection-rules/blob/main/README.md#detections-as-code-dac[DaC documentation]. \ No newline at end of file From 13f17b057bf3cba25971f2210f55c25ac25b4324 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Thu, 27 Mar 2025 09:53:29 -0400 Subject: [PATCH 3/4] Update docs/detections/detection-engine-intro.asciidoc --- docs/detections/detection-engine-intro.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/detections/detection-engine-intro.asciidoc b/docs/detections/detection-engine-intro.asciidoc index d59ce37be2..54303d1f5c 100644 --- a/docs/detections/detection-engine-intro.asciidoc +++ b/docs/detections/detection-engine-intro.asciidoc @@ -124,6 +124,6 @@ To learn how your rules and alerts are affected by using the {ref}/logs-data-str Utilize the https://dac-reference.readthedocs.io/en/latest/dac_concept_and_workflows.html[Detection-as-Code] (DaC) principles to externally manage your detection rules. -The {{elastic-sec}} Labs team uses the https://github.com/elastic/detection-rules[detection-rules] repo to develop, test, and release {elastic-sec}'s https://github.com/elastic/detection-rules/tree/main/rules[prebuilt rules]. The repo provides DaC features and allows you to customize settings to simplify the setup for managing user rules with the DaCe pipeline. +The {elastic-sec} Labs team uses the https://github.com/elastic/detection-rules[detection-rules] repo to develop, test, and release {elastic-sec}'s https://github.com/elastic/detection-rules/tree/main/rules[prebuilt rules]. The repo provides DaC features and allows you to customize settings to simplify the setup for managing user rules with the DaCe pipeline. To get started, refer to the https://github.com/elastic/detection-rules/blob/main/README.md#detections-as-code-dac[DaC documentation]. \ No newline at end of file From c57e14621a52dd65ed5fec72ddba5a1739a55e67 Mon Sep 17 00:00:00 2001 From: Kseniia Ignatovych <40713348+approksiu@users.noreply.github.com> Date: Thu, 27 Mar 2025 21:21:13 +0100 Subject: [PATCH 4/4] Update docs/detections/detection-engine-intro.asciidoc Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> --- docs/detections/detection-engine-intro.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/detections/detection-engine-intro.asciidoc b/docs/detections/detection-engine-intro.asciidoc index 54303d1f5c..3c5f59304c 100644 --- a/docs/detections/detection-engine-intro.asciidoc +++ b/docs/detections/detection-engine-intro.asciidoc @@ -124,6 +124,6 @@ To learn how your rules and alerts are affected by using the {ref}/logs-data-str Utilize the https://dac-reference.readthedocs.io/en/latest/dac_concept_and_workflows.html[Detection-as-Code] (DaC) principles to externally manage your detection rules. -The {elastic-sec} Labs team uses the https://github.com/elastic/detection-rules[detection-rules] repo to develop, test, and release {elastic-sec}'s https://github.com/elastic/detection-rules/tree/main/rules[prebuilt rules]. The repo provides DaC features and allows you to customize settings to simplify the setup for managing user rules with the DaCe pipeline. +The {elastic-sec} Labs team uses the https://github.com/elastic/detection-rules[detection-rules] repo to develop, test, and release {elastic-sec}'s <>. The repo provides DaC features and allows you to customize settings to simplify the setup for managing user rules with the DaCe pipeline. To get started, refer to the https://github.com/elastic/detection-rules/blob/main/README.md#detections-as-code-dac[DaC documentation]. \ No newline at end of file