-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security][Detections] Update ML Jobs group from SIEM to Security #69319
Comments
Pinging @elastic/siem (Team:SIEM) |
@randomuserid this is just one metadata field? |
Those are the tags in the second pic. The third pic is the recognizer. |
@blaklaybul this is the issue for the "siem" text. It appears in the job tags and what looks like text in the recognizer UI? |
@randomuserid thanks for letting me know - can you please provide us with the appropriate text when it is available? |
@spong is the replacement term "Security" |
@randomuserid -- @MikePaquette is verifying the replacement term and will let us know. |
@randomuserid & @blaklaybul -- Do you think we're good to remove the |
I'm happy to remove the |
Sounds good @blaklaybul! Can we coordinate this with the other ML Job updates (from @randomuserid) for 7.9? Also, @MikePaquette verified the replacement term as |
great! @peteharverson can we remove the @spong I'm catching up with @randomuserid tomorrow to discuss his new jobs list and what we can feasibly add to 7.9. |
@blaklaybul as discussed, I'll remove the
I will not change |
…71696) ## Summary Edits all references to 'SIEM' in the ML SIEM modules to 'Security'. The following parts of the configurations were edited: - Module titles - Module descriptions - Job descriptions - `siem` job group changed to `security` The `siem#/` portion of the custom URLs was also edited to `security/`. Also removes the 'beta' label from module and job descriptions. ![image](https://user-images.githubusercontent.com/7405507/87452224-dbe4fd00-c5f8-11ea-887b-89c47e3467d2.png) ![image (26)](https://user-images.githubusercontent.com/7405507/87452265-edc6a000-c5f8-11ea-94a8-e101126666fa.png) Part of #69319
…71696) (#71797) ## Summary Edits all references to 'SIEM' in the ML SIEM modules to 'Security'. The following parts of the configurations were edited: - Module titles - Module descriptions - Job descriptions - `siem` job group changed to `security` The `siem#/` portion of the custom URLs was also edited to `security/`. Also removes the 'beta' label from module and job descriptions. ![image](https://user-images.githubusercontent.com/7405507/87452224-dbe4fd00-c5f8-11ea-887b-89c47e3467d2.png) ![image (26)](https://user-images.githubusercontent.com/7405507/87452265-edc6a000-c5f8-11ea-94a8-e101126666fa.png) Part of #69319 Co-authored-by: Pete Harverson <[email protected]> Co-authored-by: Elastic Machine <[email protected]>
## Summary Resolves #69319 Updates `siem` grouping to `security`, and enables cloudtrail module, fixing mis-match between the newly updated modules (#71696). <p align="center"> <img width="500" src="https://user-images.githubusercontent.com/2946766/88444121-b6b27480-cdd8-11ea-886a-9b4cadbaede8.png" /> </p> <p align="center"> <img width="500" src="https://user-images.githubusercontent.com/2946766/88444181-16108480-cdd9-11ea-9fba-aff1e4c38da3.png" /> </p> Also updates all module icons to be consistent: Auditbeat (Before/After): <p align="center"> <img width="260" src="https://user-images.githubusercontent.com/2946766/88592057-9a9e1580-d01a-11ea-97bb-d1096a4ae85f.png" /><img width="300" src="https://user-images.githubusercontent.com/2946766/88592020-8b1ecc80-d01a-11ea-8f2d-aa5cba94924e.png" /> </p> Packetbeat (Before/After): <p align="center"> <img width="260" src="https://user-images.githubusercontent.com/2946766/88592205-e18c0b00-d01a-11ea-9553-9c87527c600b.png" /><img width="300" src="https://user-images.githubusercontent.com/2946766/88592270-f8caf880-d01a-11ea-94a8-5428d2c6ddea.png" /> </p> Winlogbeat (Before/After): <p align="center"> <img width="260" src="https://user-images.githubusercontent.com/2946766/88592286-fff20680-d01a-11ea-87dd-4150debc988c.png" /><img width="300" src="https://user-images.githubusercontent.com/2946766/88592351-2021c580-d01b-11ea-863f-efd26d0105ab.png" /> </p> - [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md) - [X] [Documentation](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#writing-documentation) was added for features that require explanation or tutorials - Working w/ @benskelker on updated ML Jobs & nomenclature
…73218) ## Summary Resolves elastic#69319 Updates `siem` grouping to `security`, and enables cloudtrail module, fixing mis-match between the newly updated modules (elastic#71696). <p align="center"> <img width="500" src="https://user-images.githubusercontent.com/2946766/88444121-b6b27480-cdd8-11ea-886a-9b4cadbaede8.png" /> </p> <p align="center"> <img width="500" src="https://user-images.githubusercontent.com/2946766/88444181-16108480-cdd9-11ea-9fba-aff1e4c38da3.png" /> </p> Also updates all module icons to be consistent: Auditbeat (Before/After): <p align="center"> <img width="260" src="https://user-images.githubusercontent.com/2946766/88592057-9a9e1580-d01a-11ea-97bb-d1096a4ae85f.png" /><img width="300" src="https://user-images.githubusercontent.com/2946766/88592020-8b1ecc80-d01a-11ea-8f2d-aa5cba94924e.png" /> </p> Packetbeat (Before/After): <p align="center"> <img width="260" src="https://user-images.githubusercontent.com/2946766/88592205-e18c0b00-d01a-11ea-9553-9c87527c600b.png" /><img width="300" src="https://user-images.githubusercontent.com/2946766/88592270-f8caf880-d01a-11ea-94a8-5428d2c6ddea.png" /> </p> Winlogbeat (Before/After): <p align="center"> <img width="260" src="https://user-images.githubusercontent.com/2946766/88592286-fff20680-d01a-11ea-87dd-4150debc988c.png" /><img width="300" src="https://user-images.githubusercontent.com/2946766/88592351-2021c580-d01b-11ea-863f-efd26d0105ab.png" /> </p> - [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md) - [X] [Documentation](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#writing-documentation) was added for features that require explanation or tutorials - Working w/ @benskelker on updated ML Jobs & nomenclature
…73218) ## Summary Resolves elastic#69319 Updates `siem` grouping to `security`, and enables cloudtrail module, fixing mis-match between the newly updated modules (elastic#71696). <p align="center"> <img width="500" src="https://user-images.githubusercontent.com/2946766/88444121-b6b27480-cdd8-11ea-886a-9b4cadbaede8.png" /> </p> <p align="center"> <img width="500" src="https://user-images.githubusercontent.com/2946766/88444181-16108480-cdd9-11ea-9fba-aff1e4c38da3.png" /> </p> Also updates all module icons to be consistent: Auditbeat (Before/After): <p align="center"> <img width="260" src="https://user-images.githubusercontent.com/2946766/88592057-9a9e1580-d01a-11ea-97bb-d1096a4ae85f.png" /><img width="300" src="https://user-images.githubusercontent.com/2946766/88592020-8b1ecc80-d01a-11ea-8f2d-aa5cba94924e.png" /> </p> Packetbeat (Before/After): <p align="center"> <img width="260" src="https://user-images.githubusercontent.com/2946766/88592205-e18c0b00-d01a-11ea-9553-9c87527c600b.png" /><img width="300" src="https://user-images.githubusercontent.com/2946766/88592270-f8caf880-d01a-11ea-94a8-5428d2c6ddea.png" /> </p> Winlogbeat (Before/After): <p align="center"> <img width="260" src="https://user-images.githubusercontent.com/2946766/88592286-fff20680-d01a-11ea-87dd-4150debc988c.png" /><img width="300" src="https://user-images.githubusercontent.com/2946766/88592351-2021c580-d01b-11ea-863f-efd26d0105ab.png" /> </p> - [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md) - [X] [Documentation](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#writing-documentation) was added for features that require explanation or tutorials - Working w/ @benskelker on updated ML Jobs & nomenclature
…73391) ## Summary Resolves #69319 Updates `siem` grouping to `security`, and enables cloudtrail module, fixing mis-match between the newly updated modules (#71696). <p align="center"> <img width="500" src="https://user-images.githubusercontent.com/2946766/88444121-b6b27480-cdd8-11ea-886a-9b4cadbaede8.png" /> </p> <p align="center"> <img width="500" src="https://user-images.githubusercontent.com/2946766/88444181-16108480-cdd9-11ea-9fba-aff1e4c38da3.png" /> </p> Also updates all module icons to be consistent: Auditbeat (Before/After): <p align="center"> <img width="260" src="https://user-images.githubusercontent.com/2946766/88592057-9a9e1580-d01a-11ea-97bb-d1096a4ae85f.png" /><img width="300" src="https://user-images.githubusercontent.com/2946766/88592020-8b1ecc80-d01a-11ea-8f2d-aa5cba94924e.png" /> </p> Packetbeat (Before/After): <p align="center"> <img width="260" src="https://user-images.githubusercontent.com/2946766/88592205-e18c0b00-d01a-11ea-9553-9c87527c600b.png" /><img width="300" src="https://user-images.githubusercontent.com/2946766/88592270-f8caf880-d01a-11ea-94a8-5428d2c6ddea.png" /> </p> Winlogbeat (Before/After): <p align="center"> <img width="260" src="https://user-images.githubusercontent.com/2946766/88592286-fff20680-d01a-11ea-87dd-4150debc988c.png" /><img width="300" src="https://user-images.githubusercontent.com/2946766/88592351-2021c580-d01b-11ea-863f-efd26d0105ab.png" /> </p> - [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md) - [X] [Documentation](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#writing-documentation) was added for features that require explanation or tutorials - Working w/ @benskelker on updated ML Jobs & nomenclature
…73390) ## Summary Resolves #69319 Updates `siem` grouping to `security`, and enables cloudtrail module, fixing mis-match between the newly updated modules (#71696). <p align="center"> <img width="500" src="https://user-images.githubusercontent.com/2946766/88444121-b6b27480-cdd8-11ea-886a-9b4cadbaede8.png" /> </p> <p align="center"> <img width="500" src="https://user-images.githubusercontent.com/2946766/88444181-16108480-cdd9-11ea-9fba-aff1e4c38da3.png" /> </p> Also updates all module icons to be consistent: Auditbeat (Before/After): <p align="center"> <img width="260" src="https://user-images.githubusercontent.com/2946766/88592057-9a9e1580-d01a-11ea-97bb-d1096a4ae85f.png" /><img width="300" src="https://user-images.githubusercontent.com/2946766/88592020-8b1ecc80-d01a-11ea-8f2d-aa5cba94924e.png" /> </p> Packetbeat (Before/After): <p align="center"> <img width="260" src="https://user-images.githubusercontent.com/2946766/88592205-e18c0b00-d01a-11ea-9553-9c87527c600b.png" /><img width="300" src="https://user-images.githubusercontent.com/2946766/88592270-f8caf880-d01a-11ea-94a8-5428d2c6ddea.png" /> </p> Winlogbeat (Before/After): <p align="center"> <img width="260" src="https://user-images.githubusercontent.com/2946766/88592286-fff20680-d01a-11ea-87dd-4150debc988c.png" /><img width="300" src="https://user-images.githubusercontent.com/2946766/88592351-2021c580-d01b-11ea-863f-efd26d0105ab.png" /> </p> - [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md) - [X] [Documentation](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#writing-documentation) was added for features that require explanation or tutorials - Working w/ @benskelker on updated ML Jobs & nomenclature
## Summary This PR makes the following updates to our pre-built Security ML jobs: - Adds user-friendly names to our pre-built Anomaly Detection jobs. These will be displayed in the Anomalies tab on the new Entity Analytics page in the Security App instead of job IDs. - Fixes formatting - One job was missing the `security` job group which is required to display jobs in the Security App. Added that as well. - Changed the names of two modules: `siem_cloudtrail` -> `security_cloudtrail` and `siem_packetbeat` -> `security_packetbeat`. This should have happened a while ago per [this](#69319) issue. ## Side effects - Any QA tests that reference the `siem_cloudtrail` and `siem_packetbeat` modules will need to be changed to reference the new modules instead - Any references to the siem modules in the Security App will need to be updated Co-authored-by: kibanamachine <[email protected]> Co-authored-by: Robert Oskamp <[email protected]>
With the recent rename of the
SIEM
plugin toSecurity Solution
(#67902), we'll also need to update allSIEM
references around our integration with ML.@MikePaquette will provide an update with the correct name (most likely just
Security
)This includes:
Creation of ML-based Rules:
ML Job Settings popover which references
Security
in copy, butSIEM
as the group name:The actual ML Jobs and their underlying template (as shown in the ML APP). This will need to be performed by the @elastic/security-intelligence-analytics team.
The text was updated successfully, but these errors were encountered: