Add documentation for Security Analytics plugin #1824

cwillum · 2022-11-06T00:50:59Z

Signed-off-by: cwillum cwmmoore@amazon.com

Description

Adds new documentation for Security Analytics.

Issues Resolved

New documentation for the new plugin Security Analytics

Documentation issue #939.

Security analytics MVP overview at GitHub: MVP #7.

Checklist

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and subject to the Developers Certificate of Origin.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

Signed-off-by: cwillum <cwmmoore@amazon.com>

Naarcha-AWS · 2022-11-07T19:17:04Z

Related to issue #939

Signed-off-by: cwillum <cwmmoore@amazon.com>

Naarcha-AWS

The config syntax needs to match the directory name. Fix that, and you'll be able to see your TOC.

Naarcha-AWS · 2022-11-09T20:55:15Z

_config.yml

@@ -40,6 +40,9 @@ collections:
  security-plugin:
    permalink: /:collection/:path/
    output: true
+  security-analytics-plugin:


Suggested change

security-analytics-plugin:

security-analytics:

Naarcha-AWS · 2022-11-09T20:55:25Z

_config.yml

@@ -91,6 +94,9 @@ just_the_docs:
    security-plugin:
      name: Security plugin
      nav_fold: true
+    security-analytics-plugin:


Suggested change

security-analytics-plugin:

security-analytics:

Signed-off-by: cwillum <cwmmoore@amazon.com>

cwillum · 2022-11-15T21:52:54Z

@here This PR has not been through technical review. Therefore, we will hold it back from the 2.4 release. Once all of the appropriate reviews have been taken care of, we can backport to 2.4.

hdhalter

Looks great! I haven't finished reviewing yet, but I'll get back to this later.

_security-analytics/index.md

_security-analytics/usage/findings.md

_security-analytics/usage/rules.md

_security-analytics/usage/alerts.md

Signed-off-by: Subhobrata Dey <sbcd90@gmail.com> Signed-off-by: Subhobrata Dey <sbcd90@gmail.com> Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>

Signed-off-by: cwillum <cwmmoore@amazon.com>

vagimeli

@cwillum Please see my edits and comments. Let me know if any clarifications are needed.

_security-analytics/api-tools/alert-finding-api.md

_security-analytics/api-tools/index.md

_security-analytics/api-tools/mappings-api.md

_security-analytics/usage/rules.md

_security-analytics/sec-analytics-config/detectors-config.md

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * Delete admin-api.md * Delete api-index.md * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics (#1901) Signed-off-by: Subhobrata Dey <sbcd90@gmail.com> Signed-off-by: Subhobrata Dey <sbcd90@gmail.com> Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> Signed-off-by: cwillum <cwmmoore@amazon.com> Signed-off-by: Subhobrata Dey <sbcd90@gmail.com> Co-authored-by: Subhobrata Dey <sbcd90@gmail.com> Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> (cherry picked from commit 605edd5)

* fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * Delete admin-api.md * Delete api-index.md * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics (#1901) Signed-off-by: Subhobrata Dey <sbcd90@gmail.com> Signed-off-by: Subhobrata Dey <sbcd90@gmail.com> Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> Signed-off-by: cwillum <cwmmoore@amazon.com> Signed-off-by: Subhobrata Dey <sbcd90@gmail.com> Co-authored-by: Subhobrata Dey <sbcd90@gmail.com> Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> (cherry picked from commit 605edd5) Co-authored-by: Chris Moore <107723039+cwillum@users.noreply.github.com>

fix#939-sec-analytics

d6d62a7

Signed-off-by: cwillum <cwmmoore@amazon.com>

cwillum added 2 - In progress Issue/PR: The issue or PR is in progress. v2.4.0 'Issues and PRs related to version v2.4.0' labels Nov 6, 2022

cwillum requested a review from a team as a code owner November 6, 2022 00:50

cwillum self-assigned this Nov 6, 2022

cwillum marked this pull request as draft November 6, 2022 00:51

cwillum and others added 8 commits November 6, 2022 10:03

fix#939-sec-analytics

0575152

Signed-off-by: cwillum <cwmmoore@amazon.com>

fix#939-sec-analytics

0ffa0ff

Signed-off-by: cwillum <cwmmoore@amazon.com>

fix#939-sec-analytics

98da82d

Signed-off-by: cwillum <cwmmoore@amazon.com>

fix#939-sec-analytics

ea56467

Signed-off-by: cwillum <cwmmoore@amazon.com>

fix#939-sec-analytics

969f853

Signed-off-by: cwillum <cwmmoore@amazon.com>

Delete admin-api.md

3defb77

Delete api-index.md

ba409ba

fix#939-sec-analytics

191cdef

Signed-off-by: cwillum <cwmmoore@amazon.com>

cwillum added 6 commits November 7, 2022 13:21

fix#939-sec-analytics

4e2856b

Signed-off-by: cwillum <cwmmoore@amazon.com>

fix#939-sec-analytics

7129719

Signed-off-by: cwillum <cwmmoore@amazon.com>

fix#939-sec-analytics

26ce32f

Signed-off-by: cwillum <cwmmoore@amazon.com>

fix#939-sec-analytics

68ebcc9

Signed-off-by: cwillum <cwmmoore@amazon.com>

fix#939-sec-analytics

8f23f93

Signed-off-by: cwillum <cwmmoore@amazon.com>

fix#939-sec-analytics

d7c782b

Signed-off-by: cwillum <cwmmoore@amazon.com>

Naarcha-AWS approved these changes Nov 9, 2022

View reviewed changes

Naarcha-AWS self-requested a review November 9, 2022 20:56

cwillum added 7 commits November 9, 2022 14:32

fix#939-sec-analytics

187212e

Signed-off-by: cwillum <cwmmoore@amazon.com>

fix#939-sec-analytics

6f04d16

Signed-off-by: cwillum <cwmmoore@amazon.com>

fix#939-sec-analytics

ec771ca

Signed-off-by: cwillum <cwmmoore@amazon.com>

fix#939-sec-analytics

382f7c1

Signed-off-by: cwillum <cwmmoore@amazon.com>

fix#939-sec-analytics

16d6d1f

Signed-off-by: cwillum <cwmmoore@amazon.com>

fix#939-sec-analytics

92bf3d9

Signed-off-by: cwillum <cwmmoore@amazon.com>

fix#939-sec-analytics

cc1f7cb

Signed-off-by: cwillum <cwmmoore@amazon.com>

cwillum added 5 commits November 14, 2022 14:11

fix#939-sec-analytics

a4e8cb5

Signed-off-by: cwillum <cwmmoore@amazon.com>

fix#939-sec-analytics

4ac28be

Signed-off-by: cwillum <cwmmoore@amazon.com>

fix#939-sec-analytics

a945f20

Signed-off-by: cwillum <cwmmoore@amazon.com>

fix#939-sec-analytics

dafddb7

Signed-off-by: cwillum <cwmmoore@amazon.com>

fix#939-sec-analytics

199532c

Signed-off-by: cwillum <cwmmoore@amazon.com>

cwillum removed the 2 - In progress Issue/PR: The issue or PR is in progress. label Nov 15, 2022

cwillum marked this pull request as ready for review November 15, 2022 16:15

fix#939-sec-analytics

af0ecde

Signed-off-by: cwillum <cwmmoore@amazon.com>

cwillum added the Needs SME Waiting on input from subject matter expert label Nov 15, 2022

Merge branch 'main' into fix#939-sec-analytics

2696548

cwillum added 2 - In progress Issue/PR: The issue or PR is in progress. 4 - Doc review PR: Doc review in progress labels Nov 17, 2022

cwillum requested a review from hdhalter November 17, 2022 01:51

hdhalter added 3 - Tech review PR: Tech review in progress and removed 2 - In progress Issue/PR: The issue or PR is in progress. labels Nov 17, 2022

hdhalter reviewed Nov 17, 2022

View reviewed changes

cwillum requested a review from vagimeli November 17, 2022 19:22

sbcd90 and others added 2 commits November 17, 2022 12:58

fix#939-sec-analytics (#1901)

1ad5daf

Signed-off-by: Subhobrata Dey <sbcd90@gmail.com> Signed-off-by: Subhobrata Dey <sbcd90@gmail.com> Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>

fix#939-sec-analytics

fcd5b21

Signed-off-by: cwillum <cwmmoore@amazon.com>

vagimeli approved these changes Nov 17, 2022

View reviewed changes

vagimeli reviewed Nov 17, 2022

View reviewed changes

_security-analytics/sec-analytics-config/detectors-config.md Outdated Show resolved Hide resolved

cwillum added 2 commits November 17, 2022 17:21

fix#939-sec-analytics

9bb4ae0

Signed-off-by: cwillum <cwmmoore@amazon.com>

fix#939-sec-analytics

7ae9d36

Signed-off-by: cwillum <cwmmoore@amazon.com>

cwillum merged commit 605edd5 into main Nov 18, 2022

cwillum added the backport 2.4 PR: Backport label for 2.4 label Nov 18, 2022

opensearch-trigger-bot bot mentioned this pull request Nov 18, 2022

[Backport 2.4] Add documentation for Security Analytics plugin #1984

Merged

Naarcha-AWS deleted the fix#939-sec-analytics branch December 13, 2022 20:28

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add documentation for Security Analytics plugin #1824

Add documentation for Security Analytics plugin #1824

cwillum commented Nov 6, 2022 •

edited

Loading

Naarcha-AWS commented Nov 7, 2022

Naarcha-AWS left a comment

Naarcha-AWS Nov 9, 2022

Naarcha-AWS Nov 9, 2022

cwillum commented Nov 15, 2022

hdhalter left a comment

vagimeli left a comment

Add documentation for Security Analytics plugin #1824

Add documentation for Security Analytics plugin #1824

Conversation

cwillum commented Nov 6, 2022 • edited Loading

Description

Issues Resolved

Checklist

Naarcha-AWS commented Nov 7, 2022

Naarcha-AWS left a comment

Choose a reason for hiding this comment

Naarcha-AWS Nov 9, 2022

Choose a reason for hiding this comment

Naarcha-AWS Nov 9, 2022

Choose a reason for hiding this comment

cwillum commented Nov 15, 2022

hdhalter left a comment

Choose a reason for hiding this comment

vagimeli left a comment

Choose a reason for hiding this comment

cwillum commented Nov 6, 2022 •

edited

Loading