Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Documentation for filtering process descendants in Event Filters [Request] #5402

Closed
2 tasks done
gergoabraham opened this issue Jun 13, 2024 · 1 comment
Closed
2 tasks done

Documentation for filtering process descendants in Event Filters [Request] #5402

gergoabraham opened this issue Jun 13, 2024 · 1 comment
Assignees
@joepeeples
Labels
Docset: ESS Issues that apply to docs in the Stack release Docset: Serverless Issues for Serverless Security Feature: Elastic Defend Team: EDR Workflows Formerly Defend Workflows, Onboarding and Lifecycle Management v8.15.0

Comments

@gergoabraham
Copy link
Contributor

gergoabraham commented Jun 13, 2024
edited by joepeeples
Loading

Description

In the context of Security / Management / Event Filters, we're introducing a new option to not simply filter Events, but filter events from all descendants of a given process - while the events from the process itself are still ingested.

Expand below to see the new Events | Process Descendants button group on the screenshots.

image image

Background & resources

Which documentation set does this change impact?

ESS and serverless

ESS release

8.15

Serverless release

August - synced around 8.15 release

Feature differences

They're the same.

API docs impact

there should be no impact here

Prerequisites, privileges, feature flags

Feature flag on Kibana:
xpack.securitySolution.enableExperimental.filterProcessDescendantsForEventFiltersEnabled

Pull requests
Preview Give feedback
@joepeeples joepeeples self-assigned this Jun 13, 2024
@joepeeples joepeeples added Team: EDR Workflows Formerly Defend Workflows, Onboarding and Lifecycle Management Feature: Elastic Defend Docset: Serverless Issues for Serverless Security Docset: ESS Issues that apply to docs in the Stack release v8.15.0 labels Jun 13, 2024
@joepeeples
Copy link
Contributor

joepeeples commented Jul 17, 2024
edited
Loading

Important

Release timeline means we can merge ESS docs to main now, but for serverless docs we need to wait until shortly after 8.15.0 release to merge.

🤔 Maybe try a conditional feature flag? Or just separate PRs.

@joepeeples joepeeples changed the title [Request] Documentation for filtering process descendants in Event Filters Documentation for filtering process descendants in Event Filters [Request] Jul 17, 2024
@joepeeples joepeeples mentioned this issue Jul 30, 2024
Merged
@mergify mergify bot mentioned this issue Aug 6, 2024
Merged
@joepeeples joepeeples mentioned this issue Aug 7, 2024
Merged
@mergify mergify bot mentioned this issue Aug 13, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@joepeeples joepeeples

Labels
Docset: ESS Issues that apply to docs in the Stack release Docset: Serverless Issues for Serverless Security Feature: Elastic Defend Team: EDR Workflows Formerly Defend Workflows, Onboarding and Lifecycle Management v8.15.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gergoabraham @joepeeples