Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide more details on how to start ML job to avoid ML detection rule execution failure #1160

Merged
merged 11 commits into from
Nov 16, 2021
Merged

Provide more details on how to start ML job to avoid ML detection rule execution failure #1160

merged 11 commits into from
Nov 16, 2021

Conversation

joepeeples
Copy link
Contributor

@joepeeples joepeeples commented Oct 14, 2021
edited
Loading

@joepeeples
First draft
7127dae 
* Adds to both rule creation and troubleshooting topics
* Adds new screenshots to highlight the correct feature to use
@joepeeples joepeeples added Team: Docs Team: Detections/Response Detections and Response edit Docs that need minor updates or revisions. v7.16.0 labels Oct 14, 2021
@joepeeples joepeeples self-assigned this Oct 14, 2021
@joepeeples joepeeples marked this pull request as ready for review October 18, 2021 20:28
@joepeeples joepeeples mentioned this pull request Oct 18, 2021
Closed
@joepeeples joepeeples requested a review from louisong October 18, 2021 20:53
lcawl
lcawl approved these changes Oct 19, 2021
View reviewed changes
Copy link
Contributor

@lcawl lcawl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

nastasha-solomon
nastasha-solomon approved these changes Oct 19, 2021
View reviewed changes
Copy link
Contributor

@nastasha-solomon nastasha-solomon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

jmikell821
jmikell821 reviewed Oct 21, 2021
View reviewed changes
Copy link
Contributor

@jmikell821 jmikell821 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One super small nit/comment. Let's backport this to 7.16, 7.15, 7.14.

joepeeples and others added 2 commits October 21, 2021 16:33
@joepeeples @jmikell821
Update docs/troubleshooting/detections/detection-rules.asciidoc
84f0c6f 
Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com>
@joepeeples
Merge branch 'main' into issue-1137-start-ML-job
e0d9f09
@cybersecdiva cybersecdiva self-requested a review October 27, 2021 13:42
spong
spong approved these changes Nov 1, 2021
View reviewed changes
Copy link
Member

@spong spong left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks for these clarifying additions @joepeeples.

Long-term it would be nice to make some UX enhancements to the Rule Creation/Details UI to allow for one-click enabling of the disabled jobs. I know we were hoping to add a shortcut link to auto-open the ML Job Settings UI with it filtered to the appropriate jobs, but we didn't get to that in initial dev. This is probably something we can track now as part of any changes around the ML Job Settings UI/Workflows here (https://github.com/elastic/security-team/issues/1912) -- till then though these doc updates will really help out, thanks! 🙂

@joepeeples
Copy link
Contributor Author

Thanks for the review and extra context, @spong! I'll follow #1912 to keep up with any UI developments in the future.

@jmikell821
Copy link
Contributor

@cybersecdiva we're waiting on your review so we can close this PR out. Thanks.

@joepeeples joepeeples merged commit b91a2a0 into main Nov 16, 2021
mergify bot pushed a commit that referenced this pull request Nov 16, 2021
@joepeeples
Provide more details on how to start ML job to avoid ML detection rul…
5aa71da 
…e execution failure (#1160)

* First draft

* Adds to both rule creation and troubleshooting topics
* Adds new screenshots to highlight the correct feature to use

* Update rule-start-ml-job.png

* Corrects name of custom query rule

* Update docs/troubleshooting/detections/detection-rules.asciidoc

Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com>

Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com>
(cherry picked from commit b91a2a0)
@mergify mergify bot mentioned this pull request Nov 16, 2021
Merged
mergify bot pushed a commit that referenced this pull request Nov 16, 2021
@joepeeples
Provide more details on how to start ML job to avoid ML detection rul…
991eac9 
…e execution failure (#1160)

* First draft

* Adds to both rule creation and troubleshooting topics
* Adds new screenshots to highlight the correct feature to use

* Update rule-start-ml-job.png

* Corrects name of custom query rule

* Update docs/troubleshooting/detections/detection-rules.asciidoc

Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com>

Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com>
(cherry picked from commit b91a2a0)
@mergify mergify bot mentioned this pull request Nov 16, 2021
Merged
mergify bot pushed a commit that referenced this pull request Nov 16, 2021
@joepeeples
Provide more details on how to start ML job to avoid ML detection rul…
060bff4 
…e execution failure (#1160)

* First draft

* Adds to both rule creation and troubleshooting topics
* Adds new screenshots to highlight the correct feature to use

* Update rule-start-ml-job.png

* Corrects name of custom query rule

* Update docs/troubleshooting/detections/detection-rules.asciidoc

Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com>

Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com>
(cherry picked from commit b91a2a0)
@mergify mergify bot mentioned this pull request Nov 16, 2021
Merged
mergify bot pushed a commit that referenced this pull request Nov 16, 2021
@joepeeples
Provide more details on how to start ML job to avoid ML detection rul…
fb4733c 
…e execution failure (#1160)

* First draft

* Adds to both rule creation and troubleshooting topics
* Adds new screenshots to highlight the correct feature to use

* Update rule-start-ml-job.png

* Corrects name of custom query rule

* Update docs/troubleshooting/detections/detection-rules.asciidoc

Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com>

Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com>
(cherry picked from commit b91a2a0)

# Conflicts:
#	docs/troubleshooting/detections/detection-rules.asciidoc
@mergify mergify bot mentioned this pull request Nov 16, 2021
Closed
joepeeples added a commit that referenced this pull request Nov 16, 2021
@mergify @joepeeples
[DOCS] [8.0] Provide more details on how to start ML job to avoid ML …
0085ef9 
…detection rule execution failure (#1160) (#1218)

* First draft

* Adds to both rule creation and troubleshooting topics
* Adds new screenshots to highlight the correct feature to use

* Update rule-start-ml-job.png

* Corrects name of custom query rule

* Update docs/troubleshooting/detections/detection-rules.asciidoc

Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com>

Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com>
(cherry picked from commit b91a2a0)

Co-authored-by: Joe Peeples <joe.peeples@elastic.co>
joepeeples added a commit that referenced this pull request Nov 16, 2021
@mergify @joepeeples
[DOCS] [7.16] Provide more details on how to start ML job to avoid ML…
798f6af 
… detection rule execution failure (#1160) (#1219)

* First draft

* Adds to both rule creation and troubleshooting topics
* Adds new screenshots to highlight the correct feature to use

* Update rule-start-ml-job.png

* Corrects name of custom query rule

* Update docs/troubleshooting/detections/detection-rules.asciidoc

Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com>

Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com>
(cherry picked from commit b91a2a0)

Co-authored-by: Joe Peeples <joe.peeples@elastic.co>
joepeeples added a commit that referenced this pull request Nov 16, 2021
@mergify @joepeeples
[DOCS] [7.15] Provide more details on how to start ML job to avoid ML…
d152608 
… detection rule execution failure (#1160) (#1220)

* First draft

* Adds to both rule creation and troubleshooting topics
* Adds new screenshots to highlight the correct feature to use

* Update rule-start-ml-job.png

* Corrects name of custom query rule

* Update docs/troubleshooting/detections/detection-rules.asciidoc

Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com>

Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com>
(cherry picked from commit b91a2a0)

Co-authored-by: Joe Peeples <joe.peeples@elastic.co>
joepeeples added a commit to joepeeples/security-docs that referenced this pull request Nov 16, 2021
@joepeeples
Provide more details on how to start ML job to avoid ML detection rul…
135e526 
…e execution failure (elastic#1160)

* First draft

* Adds to both rule creation and troubleshooting topics
* Adds new screenshots to highlight the correct feature to use

* Update rule-start-ml-job.png

* Corrects name of custom query rule

* Update docs/troubleshooting/detections/detection-rules.asciidoc

Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com>

Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com>
# Conflicts:
#	docs/troubleshooting/detections/detection-rules.asciidoc
@joepeeples joepeeples mentioned this pull request Nov 16, 2021
Merged
joepeeples added a commit that referenced this pull request Nov 16, 2021
@joepeeples
[DOCS] [7.14] Provide more details on how to start ML job to avoid ML…
30bfe05 
… detection rule execution failure (#1160) (#1222)

* Provide more details on how to start ML job to avoid ML detection rule execution failure (#1160)

* First draft

* Adds to both rule creation and troubleshooting topics
* Adds new screenshots to highlight the correct feature to use

* Update rule-start-ml-job.png

* Corrects name of custom query rule

* Update docs/troubleshooting/detections/detection-rules.asciidoc

Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com>

Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com>
# Conflicts:
#	docs/troubleshooting/detections/detection-rules.asciidoc

* Rearrange template-script and troubleshooting-intro
@joepeeples joepeeples deleted the issue-1137-start-ML-job branch November 16, 2021 22:31
@cybersecdiva
Copy link

cybersecdiva commented Nov 19, 2021
edited
Loading

@jmikell821 I provided feedback to @joepeeples and one addition I would make is to add a section if this does not resolve the user's issue to reach out to our community discuss.elastic.co or Elastic Community Slack channel (elasticstack.slack.com)
In addition, I will create an issue later on other specifics in security-docs that may be helpful if this is a failed step and does not resolve the user's issue, recommended next steps we can add for troubleshooting for the users as a verification ✅

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jmikell821 jmikell821 jmikell821 left review comments

@spong spong spong approved these changes

@lcawl lcawl lcawl approved these changes

@nastasha-solomon nastasha-solomon nastasha-solomon approved these changes

@louisong louisong Awaiting requested review from louisong

@cybersecdiva cybersecdiva Awaiting requested review from cybersecdiva

Assignees

@joepeeples joepeeples

Labels
edit Docs that need minor updates or revisions. Team: Detections/Response Detections and Response Team: Docs v7.14.0 v7.15.0 v7.16.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@joepeeples @jmikell821 @cybersecdiva @spong @lcawl @nastasha-solomon