[SIEM][Detections] Updates text for severity and risk_score overrides #72244
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
MadameSheema
added
Team:SIEM
v8.0.0
release_note:skip
MadameSheema
requested review from
peluja1012,
rylnd,
dhurley14,
FrankHassanabad,
spong,
yctercero and
dontcallmesherryli
|
Pinging @elastic/siem (Team:SIEM) |
spong
reviewed
Jul 17, 2020
| @@ -51,7 +51,8 @@ export const SEVERITY_DESCRIPTION = i18n.translate( | |||
| export const SEVERITY_MAPPING_DESCRIPTION = i18n.translate( | |||
| 'xpack.securitySolution.alerts.severityMapping.mappingDescriptionLabel', | |||
| { | |||
| defaultMessage: 'Map a value from the source event to a specific severity.', | |||
| defaultMessage: | |||
| 'Override the default severity at left with a value derived from the source event.', | |||
There was a problem hiding this comment.
Not sure we need at left here since we say default severity and that's the label of the field to the left. @benskelker thoughts here?
Same for Risk Score above.
There was a problem hiding this comment.
Also, the with a value derived from the source event isn't entirely accurate here, as we're not using a value from the source event for the severity, but rather checking the equality of that value with what the user provides and then use the corresponding severity level from that row (e.g. low/medium/high/critical )
So for the below, if event.severity == 21 in the source event, we'll override the severity with low, not 21:
There was a problem hiding this comment.
@spong - yep, no need for at left.
Suggested text:
Use source event values to override the Default severity:
Use a source event value to override the Default risk score:
|
@elasticmachine merge upstream |
25 tasks
|
@elasticmachine merge upstream |
💚 Build SucceededBuild metricsasync chunks size
History
To update your PR or re-run it, just comment with: |
MadameSheema
added a commit
to MadameSheema/kibana
that referenced
this pull request
Jul 21, 2020
…elastic#72244) * updates severity mapping description text * updates risk score mapping description * updates default messages with the given suggestions Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
MadameSheema
added a commit
to MadameSheema/kibana
that referenced
this pull request
Jul 21, 2020
…elastic#72244) * updates severity mapping description text * updates risk score mapping description * updates default messages with the given suggestions Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
MadameSheema
added a commit
that referenced
this pull request
Jul 21, 2020
…#72244) (#72588) * updates severity mapping description text * updates risk score mapping description * updates default messages with the given suggestions Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
MadameSheema
added a commit
that referenced
this pull request
Jul 21, 2020
…#72244) (#72587) * updates severity mapping description text * updates risk score mapping description * updates default messages with the given suggestions Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
gmmorris
added a commit
to gmmorris/kibana
that referenced
this pull request
Jul 21, 2020
* master: (28 commits) allow some env settings for ingest manager (elastic#72544) Add inspector for VEGA (elastic#70941) chore(NA): fix grunt task for test:coverage (elastic#72539) Archive e2e test results in ES (elastic#72575) preserve 401 errors from new es client (elastic#71248) [SIEM][Detections] Updates text for severity and risk_score overrides (elastic#72244) fixing error occurences tooltip (elastic#72425) use KibanaClient interface instead of Client for new client interface (elastic#72388) [APM] Handle ML errors (elastic#72316) [Discover] Improve histogram tests (elastic#72235) [ftr/webdriver] retry on all errors, use Rx so that timers are canceled (elastic#72540) [pre-req] Move .storybook to storybook; standardize files (elastic#72384) [Security_Solution][Resolver][Bug]: Restore breadcrumb background (elastic#72538) [ML] Fix annotation detector linking & delayed_data(0) (elastic#72468) [Security Solution][Exceptions] - Make esTypes and subType available to index patterns (elastic#72336) [SIEM] Uses faster wait from testing-library and removes duplicate older wait idiom (elastic#72509) Fix long combo box items breaking out of flex item width (elastic#72512) [pipeline/commitStatus] update commit status in baseline-capture job (elastic#72366) [Security Solution][Resolver] Update the resolver element ref on scroll events if the position of the element has changed within the page (elastic#72461) [Maps] auto-fit to data bounds (elastic#72129) ...
gmmorris
added a commit
to gmmorris/kibana
that referenced
this pull request
Jul 21, 2020
…feature-privileges * alerting/consumer-based-rbac: (30 commits) removed uneeded tests expclude security wrapper in SO client passed to ActionsClient allow some env settings for ingest manager (elastic#72544) Add inspector for VEGA (elastic#70941) chore(NA): fix grunt task for test:coverage (elastic#72539) Archive e2e test results in ES (elastic#72575) preserve 401 errors from new es client (elastic#71248) [SIEM][Detections] Updates text for severity and risk_score overrides (elastic#72244) fixing error occurences tooltip (elastic#72425) use KibanaClient interface instead of Client for new client interface (elastic#72388) [APM] Handle ML errors (elastic#72316) [Discover] Improve histogram tests (elastic#72235) [ftr/webdriver] retry on all errors, use Rx so that timers are canceled (elastic#72540) [pre-req] Move .storybook to storybook; standardize files (elastic#72384) [Security_Solution][Resolver][Bug]: Restore breadcrumb background (elastic#72538) [ML] Fix annotation detector linking & delayed_data(0) (elastic#72468) [Security Solution][Exceptions] - Make esTypes and subType available to index patterns (elastic#72336) [SIEM] Uses faster wait from testing-library and removes duplicate older wait idiom (elastic#72509) Fix long combo box items breaking out of flex item width (elastic#72512) [pipeline/commitStatus] update commit status in baseline-capture job (elastic#72366) ...
MindyRS
added
the
Team: SecuritySolution
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
In this PR we are updating the text for severity and risk score override.