Skip to content

[Onboarding] SIEM guide #2017

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

[Onboarding] SIEM guide #2017

wants to merge 9 commits into from
+399 −0

Conversation

jmikell821
Copy link
Contributor

@jmikell821 jmikell821 commented Jul 3, 2025
edited
Loading

@jmikell821 jmikell821 self-assigned this Jul 3, 2025
@jmikell821 jmikell821 requested review from a team as code owners July 3, 2025 04:20
@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 3, 2025
edited
Loading

🔍 Preview links for changed docs

@jmikell821 jmikell821 requested a review from a team July 3, 2025 04:39
@theletterf
Copy link
Contributor

I'm loving it! One suggestion: I would put the substeps inside a dropdown directive to reduce cognitive load and make the procedure look leaner.

natasha-moore-elastic
natasha-moore-elastic reviewed Jul 4, 2025
View reviewed changes
Copy link
Contributor

@natasha-moore-elastic natasha-moore-elastic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left some minor, mostly formatting suggestions – overall looks great!

approksiu
approksiu reviewed Jul 7, 2025
View reviewed changes
Copy link

@approksiu approksiu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like a great start! Added suggestions for the rules section.

solutions/security/get-started/get-started-detect-with-siem.md Outdated
1. On the Get Started page, scroll down to the **Configure rules and alerts** section.
2. At the top of the page, click **Add Elastic rules**. The badge next to it shows the number of prebuilt rules available for installation.

The next pages displays the list of rules. Click on a rule name to view its details before you install it.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we add here a screenshot with the details of the rule that the user wants to install?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would move the rule details into the next step - makes sense to first find some relevant rules, and then look at the details. Rules previee contain information about Related integrations and we show if those are installed and Setup guide provides additional information about prerequisites.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@approksiu I don't see the rule preview option for the out-of-box SIEM rules. But I'll add the sentence about viewing the details in the next step.

nastasha-solomon
nastasha-solomon reviewed Jul 7, 2025
View reviewed changes
solutions/security/get-started/get-started-detect-with-siem.md Outdated
To learn how to view and manage all detection rules, refer to [Manage detection rules](/solutions/security/detect-and-alert/manage-detection-rules.md).
::::

::::{step} Visualize and examine alert details
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Part of me feels like this might be more appropriate under "Next steps" since all of the initial environment setup is complete. I also noticed that event analyzer is mentioned in step 3 here and later under "Next steps" here. If you decide to keep step 3 under the "Prerequisites" section, maybe remove the event analyzer mention from "Next steps"?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@approksiu approksiu approksiu left review comments

@nastasha-solomon nastasha-solomon nastasha-solomon left review comments

@natasha-moore-elastic natasha-moore-elastic natasha-moore-elastic left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@jmikell821 jmikell821

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@jmikell821 @theletterf @approksiu @nastasha-solomon @natasha-moore-elastic