[DOCS] CTI enhancements to the Overview page and Alert details pane #808
Conversation
nastasha-solomon
added
the
Team: Security Platform
nastasha-solomon
requested review from
jmikell821,
ecezalp,
rylnd and
joepeeples
| ** `source (threat.indicator.provider)` | ||
| ** `first_seen` | ||
| ** `last_seen` | ||
| * *Summary*: Shows an aggregated view of alert details, plus two types of threat intelligence data: indicator rule enrichments and investigation time enrichments. |
There was a problem hiding this comment.
I remember @shimonmodi mentioning that we shouldn't use these phrases (indicator match enrichments and investigation time enrichments), but I am not entirely sure exactly what we agreed on instead - we might want to check with @shimonmodi and @devonakerr.
There was a problem hiding this comment.
For context, here is the latest copy for those pages: elastic/kibana#105701
| ** `source (threat.indicator.provider)` | ||
| ** `first_seen` | ||
| ** `last_seen` | ||
| * *Summary*: Shows an aggregated view of alert details, plus two types of threat intelligence data: indicator rule enrichments and investigation time enrichments. |
There was a problem hiding this comment.
For context, here is the latest copy for those pages: elastic/kibana#105701
|
Hi Team, I'm having a bit of trouble following the latest state of things. Can we find 30-min Wednesday to huddle to nail this all down in a call? @joepeeples check out our Writing Style Guide, which covers the treatment of open source and so much more :-). All, the rule type we're referencing is the "Indicator Match" rule type. I'm noticing that we're using "Indicator rule" throughout, which is inconsistent and confusing. (See below) On Friday, Shimon and I discussed some preferred terminology for the two representations on the alert details flyout as follows:
Could someone attempt to reconcile these terms with the docs above? Thanks!! |
|
Thanks for joining in, @MikePaquette! In my initial draft, I was working from the assumption that the customer-facing terms that'd be used to describe CTI data would eventually be formalized and so I was using "indicator match enrichments" and "investigation time enrichments" as placeholders. Just from hearing discussions about this topic, and viewing yesterday's CTI Roadmap Sync meeting, it sounds as though this topic will continue to be an ongoing discussion--and might even continue past 7.14. To accommodate for this, I've removed all references to "indicator match enrichments" and "investigation time enrichments" in the new draft. I've also revised a good portion of it to mainly focus on describing what CTI details are, where users can find them, and how they're produced. All this said, I'd be happy to incorporate any agreed-upon terminology if it helps to further explain this feature or is required for the feature docs. I really just need some guidance on how to effectively frame this feature in-lieu of formal terms. |
There was a problem hiding this comment.
@nastasha-solomon to avoid confusion and our eyes crossing, let's divide this into chunks. Merge this feedback in, then I'll review starting from the Table tab section.
There was a problem hiding this comment.
Small comment, then slight adjustment to the "Change an alert's status" section:
To view alerts with other statuses, click In progress or Closed.
Change to:
To filter alerts that are In progress or Closed, select the appropriate status in the upper-right corner of the Alerts table.
To change alert statuses, do one of the following:
Change to:
To change an alert's status, do one of the following:
Co-authored-by: Ryland Herrick <[email protected]>
Co-authored-by: Ryland Herrick <[email protected]>
Co-authored-by: Ryland Herrick <[email protected]>
…lastic#808) * First draft. * Revised content for new card on overview page and updated screenshots. * Removed cross reference to beats topic. * Revisions to the security-ui topic. * Draft for alert details pane. * Minor rewording and styling changes. * Incorported notes from chat with Ece. * Minor rewording. * Nav updates. * Incorporated review feedback. * Fixed header issue. * Fixed formatting issues. * Minor changes. * Incorporating editorial and technical comments. * Fixed typo. * Fixed typo. * Adding new image. * Added Janeen's comments. * Additional edits. * Update docs/getting-started/security-ui.asciidoc Co-authored-by: Ryland Herrick <[email protected]> * Update docs/getting-started/security-ui.asciidoc Co-authored-by: Ryland Herrick <[email protected]> * Update docs/getting-started/security-ui.asciidoc Co-authored-by: Ryland Herrick <[email protected]> * Incorporating final comments from Joe. Co-authored-by: Ryland Herrick <[email protected]>
…lastic#808) * First draft. * Revised content for new card on overview page and updated screenshots. * Removed cross reference to beats topic. * Revisions to the security-ui topic. * Draft for alert details pane. * Minor rewording and styling changes. * Incorported notes from chat with Ece. * Minor rewording. * Nav updates. * Incorporated review feedback. * Fixed header issue. * Fixed formatting issues. * Minor changes. * Incorporating editorial and technical comments. * Fixed typo. * Fixed typo. * Adding new image. * Added Janeen's comments. * Additional edits. * Update docs/getting-started/security-ui.asciidoc Co-authored-by: Ryland Herrick <[email protected]> * Update docs/getting-started/security-ui.asciidoc Co-authored-by: Ryland Herrick <[email protected]> * Update docs/getting-started/security-ui.asciidoc Co-authored-by: Ryland Herrick <[email protected]> * Incorporating final comments from Joe. Co-authored-by: Ryland Herrick <[email protected]>
…808) (#850) * First draft. * Revised content for new card on overview page and updated screenshots. * Removed cross reference to beats topic. * Revisions to the security-ui topic. * Draft for alert details pane. * Minor rewording and styling changes. * Incorported notes from chat with Ece. * Minor rewording. * Nav updates. * Incorporated review feedback. * Fixed header issue. * Fixed formatting issues. * Minor changes. * Incorporating editorial and technical comments. * Fixed typo. * Fixed typo. * Adding new image. * Added Janeen's comments. * Additional edits. * Update docs/getting-started/security-ui.asciidoc Co-authored-by: Ryland Herrick <[email protected]> * Update docs/getting-started/security-ui.asciidoc Co-authored-by: Ryland Herrick <[email protected]> * Update docs/getting-started/security-ui.asciidoc Co-authored-by: Ryland Herrick <[email protected]> * Incorporating final comments from Joe. Co-authored-by: Ryland Herrick <[email protected]> Co-authored-by: Ryland Herrick <[email protected]>
…808) (#849) * First draft. * Revised content for new card on overview page and updated screenshots. * Removed cross reference to beats topic. * Revisions to the security-ui topic. * Draft for alert details pane. * Minor rewording and styling changes. * Incorported notes from chat with Ece. * Minor rewording. * Nav updates. * Incorporated review feedback. * Fixed header issue. * Fixed formatting issues. * Minor changes. * Incorporating editorial and technical comments. * Fixed typo. * Fixed typo. * Adding new image. * Added Janeen's comments. * Additional edits. * Update docs/getting-started/security-ui.asciidoc Co-authored-by: Ryland Herrick <[email protected]> * Update docs/getting-started/security-ui.asciidoc Co-authored-by: Ryland Herrick <[email protected]> * Update docs/getting-started/security-ui.asciidoc Co-authored-by: Ryland Herrick <[email protected]> * Incorporating final comments from Joe. Co-authored-by: Ryland Herrick <[email protected]> Co-authored-by: Ryland Herrick <[email protected]>
Addresses #773 and #797.