[ESS][8.14] Alert suppression docs for EQL (non-seq) and new term rule types #5057
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
A documentation preview will be available soon. Request a new doc build by commenting
If your PR continues to fail for an unknown reason, the doc build pipeline may be broken. Elastic employees can check the pipeline status here. |
|
This pull request does not have a backport label. Could you fix it @nastasha-solomon? 🙏
NOTE: |
nastasha-solomon
commented
Apr 5, 2024
nastasha-solomon
added
Team: Detection Engine
Priority: High
nastasha-solomon
changed the title
rylnd
previously approved these changes
Apr 11, 2024
vitaliidm
previously approved these changes
Apr 12, 2024
Co-authored-by: Ryland Herrick <ryalnd@gmail.com>
Ref suppression docs in steps for creating new terms and eql rules
benironside
previously approved these changes
Apr 24, 2024
Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com>
Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com>
Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com>
Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com>
Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com>
vitaliidm
added a commit
to elastic/kibana
that referenced
this pull request
Apr 26, 2024
…re flags for new terms and EQL rules (#181345) ## Summary removes alert suppression feature flags for new terms and EQL rules tech doc tickets for reference: - elastic/staging-serverless-security-docs#321 - elastic/security-docs#5057
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Apr 26, 2024
…re flags for new terms and EQL rules (elastic#181345) ## Summary removes alert suppression feature flags for new terms and EQL rules tech doc tickets for reference: - elastic/staging-serverless-security-docs#321 - elastic/security-docs#5057 (cherry picked from commit b29a27e)
kibanamachine
referenced
this pull request
in elastic/kibana
Apr 26, 2024
…n feature flags for new terms and EQL rules (#181345) (#181873) # Backport This will backport the following commits from `main` to `8.14`: - [[Security Solution][Detection Engine] removes alert suppression feature flags for new terms and EQL rules (#181345)](#181345) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Vitalii Dmyterko","email":"92328789+vitaliidm@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-04-26T15:11:05Z","message":"[Security Solution][Detection Engine] removes alert suppression feature flags for new terms and EQL rules (#181345)\n\n## Summary\r\n\r\nremoves alert suppression feature flags for new terms and EQL rules\r\n\r\n\r\ntech doc tickets for reference: \r\n- https://github.com/elastic/staging-serverless-security-docs/pull/321\r\n- https://github.com/elastic/security-docs/pull/5057","sha":"b29a27ebf0090247e4273e2bd281c2d025a281b0","branchLabelMapping":{"^v8.15.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Detections and Resp","Team: SecuritySolution","backport:prev-minor","Team:Detection Engine","v8.15.0"],"title":"[Security Solution][Detection Engine] removes alert suppression feature flags for new terms and EQL rules","number":181345,"url":"https://github.com/elastic/kibana/pull/181345","mergeCommit":{"message":"[Security Solution][Detection Engine] removes alert suppression feature flags for new terms and EQL rules (#181345)\n\n## Summary\r\n\r\nremoves alert suppression feature flags for new terms and EQL rules\r\n\r\n\r\ntech doc tickets for reference: \r\n- https://github.com/elastic/staging-serverless-security-docs/pull/321\r\n- https://github.com/elastic/security-docs/pull/5057","sha":"b29a27ebf0090247e4273e2bd281c2d025a281b0"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.15.0","branchLabelMappingKey":"^v8.15.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/181345","number":181345,"mergeCommit":{"message":"[Security Solution][Detection Engine] removes alert suppression feature flags for new terms and EQL rules (#181345)\n\n## Summary\r\n\r\nremoves alert suppression feature flags for new terms and EQL rules\r\n\r\n\r\ntech doc tickets for reference: \r\n- https://github.com/elastic/staging-serverless-security-docs/pull/321\r\n- https://github.com/elastic/security-docs/pull/5057","sha":"b29a27ebf0090247e4273e2bd281c2d025a281b0"}}]}] BACKPORT--> Co-authored-by: Vitalii Dmyterko <92328789+vitaliidm@users.noreply.github.com>
mergify bot
pushed a commit
that referenced
this pull request
Apr 30, 2024
…e types (#5057) * Update alert-suppression.asciidoc * Update docs/detections/alert-suppression.asciidoc * Adding more to draft * Minor typo * Aligning with Serverless docs * Update docs/detections/alert-suppression.asciidoc Co-authored-by: Ryland Herrick <ryalnd@gmail.com> * Update docs/detections/api/rules/rules-api-create.asciidoc * Updating update api * Fixed formatting error * Ben's input pt 1 * Ref suppression docs Ref suppression docs in steps for creating new terms and eql rules * Re-adding content to avoid conflict * Update docs/detections/api/rules/rules-api-create.asciidoc * Updating titles * Vitalii's input * ben's input * Update docs/detections/api/rules/rules-api-update.asciidoc Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> * Update docs/detections/api/rules/rules-api-create.asciidoc Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> * Update docs/detections/alert-suppression.asciidoc Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> * Update docs/detections/api/rules/rules-api-create.asciidoc Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> * Update docs/detections/api/rules/rules-api-update.asciidoc Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> --------- Co-authored-by: Ryland Herrick <ryalnd@gmail.com> Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> (cherry picked from commit 2fd85dd)
nastasha-solomon
added a commit
that referenced
this pull request
Apr 30, 2024
…erm rule types (backport #5057) (#5142) * Update alert-suppression.asciidoc * Update docs/detections/alert-suppression.asciidoc * Adding more to draft * Minor typo * Aligning with Serverless docs * Update docs/detections/alert-suppression.asciidoc Co-authored-by: Ryland Herrick <ryalnd@gmail.com> * Update docs/detections/api/rules/rules-api-create.asciidoc * Updating update api * Fixed formatting error * Ben's input pt 1 * Ref suppression docs Ref suppression docs in steps for creating new terms and eql rules * Re-adding content to avoid conflict * Update docs/detections/api/rules/rules-api-create.asciidoc * Updating titles * Vitalii's input * ben's input * Update docs/detections/api/rules/rules-api-update.asciidoc Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> * Update docs/detections/api/rules/rules-api-create.asciidoc Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> * Update docs/detections/alert-suppression.asciidoc Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> * Update docs/detections/api/rules/rules-api-create.asciidoc Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> * Update docs/detections/api/rules/rules-api-update.asciidoc Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> --------- Co-authored-by: Ryland Herrick <ryalnd@gmail.com> Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> (cherry picked from commit 2fd85dd) Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Contributes to #4977 and #5030
Previews:
Twin serverless PR: https://github.com/elastic/staging-serverless-security-docs/pull/321