Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DOCS]: Analyze Events Overview #33

Closed
jmikell821 opened this issue Jun 18, 2020 · 0 comments
Closed

[DOCS]: Analyze Events Overview #33

jmikell821 opened this issue Jun 18, 2020 · 0 comments
Assignees
@narcher7
Labels
Team: Docs v7.9.0 Features in the 7.9 Release

Comments

@jmikell821
Copy link
Contributor

jmikell821 commented Jun 18, 2020
edited by dontcallmesherryli
Loading

Description

Meta issue: https://github.com/elastic/endpoint-app-team/issues/68, https://github.com/elastic/endpoint-app-team/issues/475
Key contacts: James Brown, Rob Austin, Michael Olurunnisola, Sherry Li, Lindsey Poli.
Mock: https://www.figma.com/file/WxBmwHu1dDwi0Z1HWkBUrq/GAH-Workflows-%E2%80%94-Timeline?node-id=2%3A1

Update - Final naming of feature: no name, but the action is call "Analyze Event" in the action menu in Alert list and Timeline.

Create a comprehensive topic on all the timeline features, whose main feature is to view processes, spawned processes, and other details in a graphic visualization to show the analyst what led up to and occurred after an attempted attack.

Once the front and back-end are complete, let's add some GIFs to this topic. I think customers will be able to benefit from some visualization.

Acceptance Test Criteria

Documentation is needed to guide users to using the Analyze Event feature.

  1. User can see an event process tree with details on each events in a process of all endpoint alerts. User clicks on "Analyze Event" icon in Alert list (available only for endpoint alerts) to go into the the graphical view.
  2. User can see an event process tree of file and process events within a Timeline. User clicks on "Analyze Event" icon in Timeline cards to go to the graphical view.
  3. Within the Analyze Event feature, user can:
    • Zoom in and out of the graphic to see more event details
    • Open and close all event count drop downs to see number of events per process node
    • See time passed between each event node
    • Red color for Alert event node to focus users to the problem event
    • Left panel that allows users to drill down on information levels process, event type, single event, details on single event, with breadcrums to help users know where they are during their investigation of an alert.
    • Attach the URL of the rendered graphic view to a new or existing Case.

Notes

  • Add the "Team:Docs" label to new issues.
  • Be sure to add any necessary screenshots for clarity.
  • Include any conditions or caveats that may affect customers.
@jmikell821 jmikell821 added Team: Docs v7.9.0 Features in the 7.9 Release labels Jun 18, 2020
@narcher7 narcher7 mentioned this issue Jul 2, 2020
Closed
@dontcallmesherryli dontcallmesherryli changed the title [DOCS]: Graphical Timeline Overview [DOCS]: Analyze Evetns Overview Jul 7, 2020
@dontcallmesherryli dontcallmesherryli changed the title [DOCS]: Analyze Evetns Overview [DOCS]: Analyze Events Overview Jul 7, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@narcher7 narcher7

Labels
Team: Docs v7.9.0 Features in the 7.9 Release
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@narcher7 @jmikell821