Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[7.14] Small formatting and internal ref fixes. (#1198) #1205

Merged
merged 1 commit into from
Nov 8, 2021
Merged

[7.14] Small formatting and internal ref fixes. (#1198) #1205

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 8 additions & 9 deletions docs/post-upgrade-req.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
[[post-upgrade-req]]
[role="xpack"]
= Enable process analyzer after an upgrade
== Enable analyze event feature after an upgrade

After upgrading from {stack} version 7.9.x to >= 7.10.x from a previous minor release (e.g., 7.8.x, etc.), you need to update `.siem-signals*` system index mappings to enable <<alerts-analyze-events, graphical representations of process relationships>>.
After upgrading from {stack} version 7.9.x from a previous minor release (7.8.x, etc.), you need to update `.siem-signals*` system index mappings to enable the <<visual-event-analyzer, analyze event feature>>, which shows graphical representations of process relationships.

NOTE: If you are upgrading from a minor release to {stack} version >= 7.11.0, there is now a <<signals-migration-api>> that you can use instead of the manual process described below.

Expand Down Expand Up @@ -113,11 +113,11 @@ The console output pane displays this text:

To disable all detection rules:

. Go to *Security* -> *Detections* -> *Manage detection rules*.
. Go to *Detections* -> *Manage detection rules*.
. Scroll to the bottom of the page.
. Click the `Rows per page` menu, and then select _300 rows_.
. Click the `Rows per page` menu, and then select *300 rows*.
. When the page reloads, select all the rules.
. Click _Bulk actions_ -> _Deactivate selected_.
. Click *Bulk actions* -> *Deactivate selected*.

[discrete]
[[copy-alerts]]
Expand Down Expand Up @@ -206,12 +206,11 @@ Foe each command, the console output pane displays this text:

Enabling detections rules automatically creates the new indices:

. Go to *Security* -> *Detections* -> *Manage detection rules*.
. Go to *Detections* -> *Manage detection rules*.
. Select the rules you want to activate.
. Click _Bulk actions_ -> _Activate selected_.
. Click *Bulk actions* -> *Activate selected*.
+
The selected rules are activated and the new index, index template, and ILM
policy are created.
The selected rules are activated and the new index, index template, and ILM policy are created.
. To verify the new index has been created:
.. Go to *Management* -> *Dev Tools*.
.. Run the following command:
Expand Down