Skip to content

[Onboarding] SIEM guide #2017

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

[Onboarding] SIEM guide #2017

wants to merge 9 commits into from

Conversation

jmikell821
Copy link
Contributor

@jmikell821 jmikell821 commented Jul 3, 2025

Copy link

github-actions bot commented Jul 3, 2025

@jmikell821 jmikell821 requested a review from a team July 3, 2025 04:39
@theletterf
Copy link
Contributor

I'm loving it! One suggestion: I would put the substeps inside a dropdown directive to reduce cognitive load and make the procedure look leaner.

Copy link
Contributor

@natasha-moore-elastic natasha-moore-elastic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left some minor, mostly formatting suggestions – overall looks great!

Copy link

@approksiu approksiu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like a great start! Added suggestions for the rules section.

1. On the Get Started page, scroll down to the **Configure rules and alerts** section.
2. At the top of the page, click **Add Elastic rules**. The badge next to it shows the number of prebuilt rules available for installation.

The next pages displays the list of rules. Click on a rule name to view its details before you install it.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we add here a screenshot with the details of the rule that the user wants to install?

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would move the rule details into the next step - makes sense to first find some relevant rules, and then look at the details. Rules previee contain information about Related integrations and we show if those are installed and Setup guide provides additional information about prerequisites.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@approksiu I don't see the rule preview option for the out-of-box SIEM rules. But I'll add the sentence about viewing the details in the next step.

To learn how to view and manage all detection rules, refer to [Manage detection rules](/solutions/security/detect-and-alert/manage-detection-rules.md).
::::

::::{step} Visualize and examine alert details
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Part of me feels like this might be more appropriate under "Next steps" since all of the initial environment setup is complete. I also noticed that event analyzer is mentioned in step 3 here and later under "Next steps" here. If you decide to keep step 3 under the "Prerequisites" section, maybe remove the event analyzer mention from "Next steps"?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants