From 660ccfcf482f0ee590a66213451562df450b13a1 Mon Sep 17 00:00:00 2001 From: DonNateR <> Date: Tue, 23 Feb 2021 18:42:30 -0600 Subject: [PATCH] Add slight edits to the new section. --- docs/getting-started/detections-req.asciidoc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/getting-started/detections-req.asciidoc b/docs/getting-started/detections-req.asciidoc index 39d6011608..a20b99615d 100644 --- a/docs/getting-started/detections-req.asciidoc +++ b/docs/getting-started/detections-req.asciidoc @@ -73,13 +73,13 @@ image::images/sec-admin-user.png[] [[access-detections-ui]] == Access and use Detections -After enabling Detections, only users with these permission can view and use the -*Detections* page: +After enabling Detections, only users with these permission can view and use rules and alerts on *Detections* page: **All** These permissions are required for both rule and alert management: +* {kib} space with `All` privileges enabled for `Security`. * The `maintenance` permission for `.siem-signals-`. * The `read`, `write`, and `view_index_metadata` index privileges for all of these system indices: ** `.lists-` @@ -92,11 +92,11 @@ image::images/sec-user.png[] **Rule** -For rule management, make sure {kib} space with `All` privileges enabled for both `Security` and `Saved Objects Management` features. +For rule management, make sure {kib} space with `All` privileges is enabled for both `Security` and `Saved Objects Management` features. **Alert** -If you only want a user to be update the status of alerts but not rule, only {kib} space with `All` privileges enabled for `Security` is required. +If you only want a user to be update the status of alerts but not rule, only {kib} space with `All` privileges enabled for `Security` is required. [discrete]