Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DOCS] Detections team 7.13 release #650

Closed
dontcallmesherryli opened this issue Apr 27, 2021 · 4 comments
Closed

[DOCS] Detections team 7.13 release #650

dontcallmesherryli opened this issue Apr 27, 2021 · 4 comments
Assignees
@jmikell821
Labels
documentation Improvements or additions to documentation Team: Docs v7.13.0

Comments

@dontcallmesherryli
Copy link

dontcallmesherryli commented Apr 27, 2021
edited
Loading

Description

The only feature that will show up in 7.13 from the Detections team is the Out Of Cycle Rules update. The feature is still under "Beta" label.

Pre-built rules from Elastic can now be updated outside of Elastic releases, which means users will always be armed with the latest and the greatest of the pre-built rules.

To activate this capability, user just has to visit the fleet page or the endpoint package page. And that is it.

Acceptance Test Criteria

In the documentation for Pre-built rules page, please add a note that users wishing to have out of cycle rules update should visit the Fleet page to activate that feature.

Notes

  • Add the "Team:Docs" label to new issues.
  • Be sure to add the version number label.
  • Be sure to add any necessary screenshots for clarity.
  • Include any conditions or caveats that may affect customers.
@dontcallmesherryli dontcallmesherryli added documentation Improvements or additions to documentation Team: Docs labels Apr 27, 2021
@dontcallmesherryli
Copy link
Author

dontcallmesherryli commented Apr 28, 2021
edited
Loading

@jmikell821 updated the AC to specify where to put the docs

Acceptance Test Criteria

In the documentation for Pre-built rules page, please add a note that users wishing to have out of cycle rules update should visit the Fleet page to activate that feature.

@dontcallmesherryli
Copy link
Author

dontcallmesherryli commented Apr 29, 2021
edited
Loading

prebuilt rule reference page needs:

If rules are updated between now and 7.14 release (right now it's 7.13), then the rule version belong to the current release - 7.13.

Pre-built rule update page is needed - shows the history of all pre-built rule updates.

Blurb for the pre-built rule reference page about the new feature:

"Pre-built rules can now update out of regular release schedule, visit the Fleet Integrations page to add the 'Prebuilt Security Detection Rules' integration to enable the feature."

Requirements out of Protections meeting:

  1. Ross to reverse last PR to make users manually go into fleet and select "install integration". This is more in line with Beta status of the feature.
  2. For 7.13, single source of truth is needed for pre-built rules reference; every time rule package updates, updates are shown in change log of rules between versions; within integration page, "for change log, go to this URL" point URL to change log between versions.

@rw-access
Copy link
Contributor

rw-access commented Apr 29, 2021
edited
Loading

  • Pre-built rule reference (rules that came with the stack)
    • Adobe Hijack .... (all of the versions of the rule)
  • Pre-built rule updates
    • Update # 1 (summary of all the changes with links)
    • Update # 2 (summary of all the changes with links)
    • Update # 3 (summary of all the changes with links)

@jmikell821
Copy link
Contributor

Merged #666.

@jmikell821 jmikell821 mentioned this issue May 25, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jmikell821 jmikell821

Labels
documentation Improvements or additions to documentation Team: Docs v7.13.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@MikePaquette @rw-access @dontcallmesherryli @jmikell821