-
Notifications
You must be signed in to change notification settings - Fork 107
[Onboarding] SIEM guide #2017
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
[Onboarding] SIEM guide #2017
Conversation
I'm loving it! One suggestion: I would put the substeps inside a |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Left some minor, mostly formatting suggestions – overall looks great!
solutions/security/get-started/get-started-endpoint-security.md
Outdated
Show resolved
Hide resolved
solutions/security/get-started/get-started-endpoint-security.md
Outdated
Show resolved
Hide resolved
solutions/security/get-started/get-started-endpoint-security.md
Outdated
Show resolved
Hide resolved
solutions/security/get-started/get-started-endpoint-security.md
Outdated
Show resolved
Hide resolved
solutions/security/get-started/get-started-endpoint-security.md
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like a great start! Added suggestions for the rules section.
1. On the Get Started page, scroll down to the **Configure rules and alerts** section. | ||
2. At the top of the page, click **Add Elastic rules**. The badge next to it shows the number of prebuilt rules available for installation. | ||
|
||
The next pages displays the list of rules. Click on a rule name to view its details before you install it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could we add here a screenshot with the details of the rule that the user wants to install?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would move the rule details into the next step - makes sense to first find some relevant rules, and then look at the details. Rules previee contain information about Related integrations and we show if those are installed and Setup guide provides additional information about prerequisites.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@approksiu I don't see the rule preview option for the out-of-box SIEM rules. But I'll add the sentence about viewing the details in the next step.
To learn how to view and manage all detection rules, refer to [Manage detection rules](/solutions/security/detect-and-alert/manage-detection-rules.md). | ||
:::: | ||
|
||
::::{step} Visualize and examine alert details |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Part of me feels like this might be more appropriate under "Next steps" since all of the initial environment setup is complete. I also noticed that event analyzer is mentioned in step 3 here and later under "Next steps" here. If you decide to keep step 3 under the "Prerequisites" section, maybe remove the event analyzer mention from "Next steps"?
Contributes to https://github.com/elastic/docs-projects/issues/513.
Previews: