Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Request][8.14] improved ES|QL investigation (highlighted) fields #5182

Merged
merged 30 commits into from
May 20, 2024
Merged

[Request][8.14] improved ES|QL investigation (highlighted) fields #5182

merged 30 commits into from
May 20, 2024

Conversation

nastasha-solomon
Copy link
Contributor

@nastasha-solomon nastasha-solomon commented May 8, 2024
edited
Loading

Contributes to #5054

Preview:
Made several updates to the Create an ES|QL rule section:

  • Updated the explanations for the fields that are returned by aggregating and non-aggregating queries.
  • Added definitions and examples of new fields that can be created for either query type.
  • Updated the limitations section so it no longer shows that new fields can't be added to a rule's custom highlighted fields.
  • Created a new, short section about adding new fields to a rule's custom highlighted fields.

Twin Serverless PR: https://github.com/elastic/staging-serverless-security-docs/pull/349

@nastasha-solomon nastasha-solomon added Feature: Rules Team: Detection Engine Priority: High Issues that are time-sensitive and/or are of high customer importance Effort: Small Issues that can be resolved quickly v8.14.0 Feature: ES|QL labels May 8, 2024
@nastasha-solomon nastasha-solomon self-assigned this May 8, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented May 8, 2024

A documentation preview will be available soon.

Request a new doc build by commenting
  • Rebuild this PR: run docs-build
  • Rebuild this PR and all Elastic docs: run docs-build rebuild

run docs-build is much faster than run docs-build rebuild. A rebuild should only be needed in rare situations.

If your PR continues to fail for an unknown reason, the doc build pipeline may be broken. Elastic employees can check the pipeline status here.

@nastasha-solomon nastasha-solomon requested a review from vitaliidm May 9, 2024 02:57
vitaliidm
vitaliidm reviewed May 9, 2024
View reviewed changes
docs/detections/rules-ui-create.asciidoc Outdated Show resolved Hide resolved
docs/detections/rules-ui-create.asciidoc Outdated Show resolved Hide resolved
@nastasha-solomon nastasha-solomon mentioned this pull request May 10, 2024
Closed
vitaliidm
vitaliidm reviewed May 13, 2024
View reviewed changes
docs/detections/rules-ui-create.asciidoc Outdated Show resolved Hide resolved
docs/detections/rules-ui-create.asciidoc Outdated Show resolved Hide resolved
benironside
benironside reviewed May 14, 2024
View reviewed changes
Copy link
Contributor

@benironside benironside left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work on this very nuanced topic. Left a few suggestions for your consideration, hope they're helpful!

docs/detections/rules-ui-create.asciidoc Outdated Show resolved Hide resolved
docs/detections/rules-ui-create.asciidoc Outdated Show resolved Hide resolved
docs/detections/rules-ui-create.asciidoc Show resolved Hide resolved
docs/detections/rules-ui-create.asciidoc Outdated Show resolved Hide resolved
docs/detections/rules-ui-create.asciidoc Outdated Show resolved Hide resolved
docs/detections/rules-ui-create.asciidoc Outdated Show resolved Hide resolved
nastasha-solomon and others added 5 commits May 14, 2024 16:32
@nastasha-solomon
Merge branch 'main' into issue-5054-improved-esql-investigation
08631d6
@nastasha-solomon @benironside
Update docs/detections/rules-ui-create.asciidoc
23d529a 
Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com>
@nastasha-solomon @benironside
Update docs/detections/rules-ui-create.asciidoc
47fb98e 
Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com>
@nastasha-solomon @benironside
Update docs/detections/rules-ui-create.asciidoc
b52728c 
Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com>
@nastasha-solomon @benironside
Update docs/detections/rules-ui-create.asciidoc
fbdc6dc 
Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com>
@nastasha-solomon nastasha-solomon changed the title [Request] improved ES|QL investigation(highlighted) fields [Request][8.14] improved ES|QL investigation (highlighted) fields May 14, 2024
vitaliidm
vitaliidm previously approved these changes May 16, 2024
View reviewed changes
@nastasha-solomon nastasha-solomon mentioned this pull request May 16, 2024
Closed
22 tasks
@nastasha-solomon nastasha-solomon merged commit 9bb14b7 into main May 20, 2024
3 checks passed
mergify bot pushed a commit that referenced this pull request May 20, 2024
@nastasha-solomon @mergify
[Request][8.14] improved ES|QL investigation (highlighted) fields (#5182
e6fb869 
)

* First draft

* Additional information

* Small edits

* Part of Vitalii's feedback

* Re-orged info

* Re-adding into sen

* Update docs/detections/rules-ui-create.asciidoc

* Update docs/detections/rules-ui-create.asciidoc

* Draft of Vitalii's input

* Update docs/detections/rules-ui-create.asciidoc

* Expanding definition for new fields

* Update docs/detections/rules-ui-create.asciidoc

* Update docs/detections/rules-ui-create.asciidoc

* Update docs/detections/rules-ui-create.asciidoc

Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com>

* Update docs/detections/rules-ui-create.asciidoc

Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com>

* Update docs/detections/rules-ui-create.asciidoc

Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com>

* Update docs/detections/rules-ui-create.asciidoc

Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com>

* Update docs/detections/rules-ui-create.asciidoc

* Update docs/detections/rules-ui-create.asciidoc

* Update docs/detections/rules-ui-create.asciidoc

---------

Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com>
(cherry picked from commit 9bb14b7)
@mergify mergify bot mentioned this pull request May 20, 2024
Merged
nastasha-solomon added a commit that referenced this pull request May 20, 2024
@mergify @nastasha-solomon
[8.14] [Request][8.14] improved ES|QL investigation (highlighted) fie…
f50bd40 
…lds (backport #5182) (#5235)

* First draft

* Additional information

* Small edits

* Part of Vitalii's feedback

* Re-orged info

* Re-adding into sen

* Update docs/detections/rules-ui-create.asciidoc

* Update docs/detections/rules-ui-create.asciidoc

* Draft of Vitalii's input

* Update docs/detections/rules-ui-create.asciidoc

* Expanding definition for new fields

* Update docs/detections/rules-ui-create.asciidoc

* Update docs/detections/rules-ui-create.asciidoc

* Update docs/detections/rules-ui-create.asciidoc

Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com>

* Update docs/detections/rules-ui-create.asciidoc

Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com>

* Update docs/detections/rules-ui-create.asciidoc

Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com>

* Update docs/detections/rules-ui-create.asciidoc

Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com>

* Update docs/detections/rules-ui-create.asciidoc

* Update docs/detections/rules-ui-create.asciidoc

* Update docs/detections/rules-ui-create.asciidoc

---------

Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com>
(cherry picked from commit 9bb14b7)

Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@benironside benironside benironside approved these changes

@vitaliidm vitaliidm vitaliidm left review comments

Assignees

@nastasha-solomon nastasha-solomon

Labels
Effort: Small Issues that can be resolved quickly Feature: ES|QL Feature: Rules Priority: High Issues that are time-sensitive and/or are of high customer importance Team: Detection Engine v8.14.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@nastasha-solomon @benironside @vitaliidm