[DOCS] Blocklist #1811
Merged
[DOCS] Blocklist #1811
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
joepeeples
added
Team: Docs
Team: EDR Workflows
joepeeples
requested review from
jmikell821,
kevinlog,
nastasha-solomon,
benironside and
caitlinbetz
benironside
reviewed
Apr 7, 2022
|
|
||
| coming[8.2.0] | ||
|
|
||
| The blocklist allows you to prevent specified applications from running if you're certain they should never run in a host environment, extending the list of processes that {endpoint-sec} considers malicious. This is especially useful to ensure that known malicious processes aren't accidentally executed by an end user. |
There was a problem hiding this comment.
Suggested change
| The blocklist allows you to prevent specified applications from running if you're certain they should never run in a host environment, extending the list of processes that {endpoint-sec} considers malicious. This is especially useful to ensure that known malicious processes aren't accidentally executed by an end user. | |
| The blocklist allows you to prevent specified applications from running if you're certain they should never run in a host environment, extending the list of processes that {endpoint-sec} considers malicious. This is especially useful for ensuring that known malicious processes aren't accidentally executed by end users. |
There was a problem hiding this comment.
Not sure if the last sentence (the one I made suggestions on) is necessary, I think folks are pretty clear on the value of blocklisting and it extends beyond adding guardrails for users/insiders.
There was a problem hiding this comment.
I get what you mean, but I also like having a little extra explanation for the feature beyond the boilerplate description. @caitlinbetz, any thoughts? Or other use case info you think would be helpful here?
This combines @benironside's edits and other tweaks for consistency with similar wording:
Suggested change
| The blocklist allows you to prevent specified applications from running if you're certain they should never run in a host environment, extending the list of processes that {endpoint-sec} considers malicious. This is especially useful to ensure that known malicious processes aren't accidentally executed by an end user. | |
| The blocklist allows you to prevent specified applications from running on hosts, extending the list of processes that {endpoint-sec} considers malicious. This is especially useful for ensuring that known malicious processes aren't accidentally executed by end users. |
Co-authored-by: benironside <91905639+benironside@users.noreply.github.com> Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
Co-authored-by: benironside <91905639+benironside@users.noreply.github.com>
joepeeples
commented
Apr 7, 2022
Co-authored-by: benironside <91905639+benironside@users.noreply.github.com>
jmikell821
reviewed
Apr 11, 2022
Comment on lines
+11
to
+13
| In addition to configuring specific entries on the **Blocklist** page, you must also ensure that the blocklist is enabled on the {endpoint-sec} integration policy in the <<malware-protection, Malware protection settings>>. This setting is enabled by default. | ||
|
|
||
| You must have the built-in `superuser` role to access the blocklist. For more information, refer to {ref}/built-in-users.html[Built-in users]. |
There was a problem hiding this comment.
We talked about the possibility of putting the "block box" (can't think of the official term). Here's the syntax again just in case you want to try it.
.Title
*****
Text text
* Bullet
* Bullet
Text text text
*****
There was a problem hiding this comment.
Since most of the pages for endpoint management are so similar, I'd like to make this update in a separate issue that includes adding the prerequisites box consistently across all the pages. I was already thinking of creating this issue for general consistency fixes, so I think the prereqs box would fall nicely into that issue's scope.
Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com>
joepeeples
commented
Apr 11, 2022
kevinlog
reviewed
Apr 11, 2022
kevinlog
approved these changes
Apr 11, 2022
Co-authored-by: Kevin Logan <56395104+kevinlog@users.noreply.github.com>
caitlinbetz
approved these changes
Apr 12, 2022
mergify bot
pushed a commit
that referenced
this pull request
Apr 12, 2022
* Create new Blocklist page * Add Blocklist page to TOC * Add new Blocklist section on UI overview page for * Correction * Align description on UI overview page * Update config integration policy page, image * Add info about int policy to blocklist page * Add Blocklist to UI list * Adds prelim "coming" tag, some corrections * Correction * Add info about multiple values, lists * another. correction. * Apply first round of feedback Co-authored-by: benironside <91905639+benironside@users.noreply.github.com> Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> * Apply a few more feedback edits Co-authored-by: benironside <91905639+benironside@users.noreply.github.com> * Update docs/management/admin/blocklist.asciidoc * Update docs/management/admin/blocklist.asciidoc Co-authored-by: benironside <91905639+benironside@users.noreply.github.com> * Apply suggestions from Janeen's review Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com> * Rename actions menu (prev button) * Update docs/management/admin/blocklist.asciidoc * Update docs/getting-started/configure-integration-policy.asciidoc Co-authored-by: Kevin Logan <56395104+kevinlog@users.noreply.github.com> Co-authored-by: benironside <91905639+benironside@users.noreply.github.com> Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com> Co-authored-by: Kevin Logan <56395104+kevinlog@users.noreply.github.com> (cherry picked from commit 89b1455)
joepeeples
added a commit
that referenced
this pull request
Apr 12, 2022
* Create new Blocklist page * Add Blocklist page to TOC * Add new Blocklist section on UI overview page for * Correction * Align description on UI overview page * Update config integration policy page, image * Add info about int policy to blocklist page * Add Blocklist to UI list * Adds prelim "coming" tag, some corrections * Correction * Add info about multiple values, lists * another. correction. * Apply first round of feedback Co-authored-by: benironside <91905639+benironside@users.noreply.github.com> Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> * Apply a few more feedback edits Co-authored-by: benironside <91905639+benironside@users.noreply.github.com> * Update docs/management/admin/blocklist.asciidoc * Update docs/management/admin/blocklist.asciidoc Co-authored-by: benironside <91905639+benironside@users.noreply.github.com> * Apply suggestions from Janeen's review Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com> * Rename actions menu (prev button) * Update docs/management/admin/blocklist.asciidoc * Update docs/getting-started/configure-integration-policy.asciidoc Co-authored-by: Kevin Logan <56395104+kevinlog@users.noreply.github.com> Co-authored-by: benironside <91905639+benironside@users.noreply.github.com> Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com> Co-authored-by: Kevin Logan <56395104+kevinlog@users.noreply.github.com> (cherry picked from commit 89b1455) Co-authored-by: Joe Peeples <joe.peeples@elastic.co>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Resolves #1783.
Previews:
NOTE: We're trying to prioritize reviewing & merging this PR quickly, to resolve a docs link in elastic/kibana#128773 which is blocked until the new Blocklist page is live. If additional changes are needed closer to release, issue #1818 allows another opportunity.