Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add documentation for detector rule creation updates #4499

Merged
merged 20 commits into from
Jul 20, 2023
Merged

Add documentation for detector rule creation updates #4499

merged 20 commits into from
Jul 20, 2023

Conversation

cwillum
Copy link
Contributor

@cwillum cwillum commented Jul 6, 2023
edited
Loading

Description

The detection rule creation UI was updated to be more intuitive for users. This requires update of text and screenshots.

Issues Resolved

Updated documentation based on previous description.

Fixes #4413

Checklist

  • By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and subject to the Developers Certificate of Origin.
    For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@cwillum cwillum added 2 - In progress Issue/PR: The issue or PR is in progress. release-notes PR: Include this PR in the automated release notes security-analytics v2.9.0 labels Jul 6, 2023
@cwillum cwillum self-assigned this Jul 6, 2023
cwillum added 16 commits July 6, 2023 13:16
@cwillum
fix#4413 detection rule updates
d487745 
Signed-off-by: cwillum <[email protected]>
@cwillum
fix#4413 detection rule updates
39c82de 
Signed-off-by: cwillum <[email protected]>
@cwillum
fix#4413 detection rule updates
8ca3cc4 
Signed-off-by: cwillum <[email protected]>
@cwillum
fix#4413 detection rule updates
75a4e75 
Signed-off-by: cwillum <[email protected]>
@cwillum
fix#4413 detection rule updates
36f795a 
Signed-off-by: cwillum <[email protected]>
@cwillum
fix#4413 detection rule updates
4e45c64 
Signed-off-by: cwillum <[email protected]>
@cwillum
fix#4413 detection rule updates
c1648c3 
Signed-off-by: cwillum <[email protected]>
@cwillum
fix#4413 detection rule updates
9154001 
Signed-off-by: cwillum <[email protected]>
@cwillum
fix#4413 detection rule updates
b6c0e82 
Signed-off-by: cwillum <[email protected]>
@cwillum
fix#4413 detection rule updates
31d2ebf 
Signed-off-by: cwillum <[email protected]>
@cwillum
fix#4413 detection rule updates
292bfb5 
Signed-off-by: cwillum <[email protected]>
@cwillum
fix#4413 detection rule updates
5f41651 
Signed-off-by: cwillum <[email protected]>
@cwillum
fix#4413 detection rule updates
16800ec 
Signed-off-by: cwillum <[email protected]>
@cwillum
fix#4413 detection rule updates
08c1488 
Signed-off-by: cwillum <[email protected]>
@cwillum
fix#4413 detection rule updates
ed83b44 
Signed-off-by: cwillum <[email protected]>
@cwillum
fix#4413 detection rule updates
6bc5dc2 
Signed-off-by: cwillum <[email protected]>
@cwillum cwillum added 3 - Tech review PR: Tech review in progress and removed 2 - In progress Issue/PR: The issue or PR is in progress. labels Jul 10, 2023
@cwillum
Copy link
Contributor Author

cwillum commented Jul 10, 2023

@amsiglan These are updates to detection rule creation. Could you have a look for technical accuracy when you find a chance? Thanks.

@cwillum cwillum added 4 - Doc review PR: Doc review in progress and removed 3 - Tech review PR: Tech review in progress labels Jul 17, 2023
hdhalter
hdhalter approved these changes Jul 17, 2023
View reviewed changes
Copy link
Contributor

@hdhalter hdhalter left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

_security-analytics/usage/rules.md Outdated Show resolved Hide resolved
@cwillum cwillum added 5 - Editorial review PR: Editorial review in progress and removed 4 - Doc review PR: Doc review in progress labels Jul 19, 2023
natebower
natebower reviewed Jul 19, 2023
View reviewed changes
Copy link
Collaborator

@natebower natebower left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@cwillum Please see my comments and changes and let me know if you have any questions. Thanks!

_security-analytics/index.md Outdated

Rules, or threat detection rules, define the conditional logic applied to ingested log data that allows the system to identify an event of interest. Security Analytics uses prepackaged, open source [Sigma rules](https://github.com/SigmaHQ/sigma) as a starting point for describing relevant log events. But with their inherently flexible format and easy portability, Sigma rules provide users of Security Analytics with options for importing and customizing the rules. You can take advantage of these options using either Dashboards or the API.
The security rules, or threat detection rules, define the conditional logic applied to ingested log data that allows the system to identify an event of interest. Security Analytics uses prepackaged, open source [Sigma rules](https://github.com/SigmaHQ/sigma) as a starting point for describing relevant log events. But with their inherently flexible format and easy portability, Sigma rules provide users of Security Analytics with options for importing and customizing the rules. You can take advantage of these options using either Dashboards or the API.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
The security rules, or threat detection rules, define the conditional logic applied to ingested log data that allows the system to identify an event of interest. Security Analytics uses prepackaged, open source [Sigma rules](https://github.com/SigmaHQ/sigma) as a starting point for describing relevant log events. But with their inherently flexible format and easy portability, Sigma rules provide users of Security Analytics with options for importing and customizing the rules. You can take advantage of these options using either Dashboards or the API.
The security rules, or threat detection rules, define the conditional logic applied to ingested log data that allows the system to identify an event of interest. Security Analytics uses prepackaged, open-source [Sigma rules](https://github.com/SigmaHQ/sigma) as a starting point for describing relevant log events. But with their inherently flexible format and easy portability, Sigma rules provide Security Analytics users with options for importing and customizing the rules. You can take advantage of these options using either OpenSearch Dashboards or the API.

_security-analytics/usage/index.md Outdated Show resolved Hide resolved
_security-analytics/usage/rules.md Outdated Show resolved Hide resolved
_security-analytics/usage/rules.md Outdated Show resolved Hide resolved
_security-analytics/usage/rules.md Outdated Show resolved Hide resolved
_security-analytics/usage/rules.md Outdated Show resolved Hide resolved
_security-analytics/usage/rules.md Outdated Show resolved Hide resolved
_security-analytics/usage/rules.md Show resolved Hide resolved
_security-analytics/usage/rules.md Outdated Show resolved Hide resolved
_security-analytics/usage/rules.md Outdated Show resolved Hide resolved
@cwillum cwillum merged commit 22fd96e into main Jul 20, 2023
harshavamsi pushed a commit to harshavamsi/documentation-website that referenced this pull request Oct 31, 2023
@cwillum @harshavamsi
Add documentation for detector rule creation updates (opensearch-proj…
ca845bb 
…ect#4499)

* fix#4413 detection rule updates

Signed-off-by: cwillum <[email protected]>

* fix#4413 detection rule updates

Signed-off-by: cwillum <[email protected]>

* fix#4413 detection rule updates

Signed-off-by: cwillum <[email protected]>

* fix#4413 detection rule updates

Signed-off-by: cwillum <[email protected]>

* fix#4413 detection rule updates

Signed-off-by: cwillum <[email protected]>

* fix#4413 detection rule updates

Signed-off-by: cwillum <[email protected]>

* fix#4413 detection rule updates

Signed-off-by: cwillum <[email protected]>

* fix#4413 detection rule updates

Signed-off-by: cwillum <[email protected]>

* fix#4413 detection rule updates

Signed-off-by: cwillum <[email protected]>

* fix#4413 detection rule updates

Signed-off-by: cwillum <[email protected]>

* fix#4413 detection rule updates

Signed-off-by: cwillum <[email protected]>

* fix#4413 detection rule updates

Signed-off-by: cwillum <[email protected]>

* fix#4413 detection rule updates

Signed-off-by: cwillum <[email protected]>

* fix#4413 detection rule updates

Signed-off-by: cwillum <[email protected]>

* fix#4413 detection rule updates

Signed-off-by: cwillum <[email protected]>

* fix#4413 detection rule updates

Signed-off-by: cwillum <[email protected]>

* fix#4413 detection rule updates

Signed-off-by: cwillum <[email protected]>

* fix#4413 detection rule updates

Signed-off-by: cwillum <[email protected]>

* fix#4413 detection rule updates

Signed-off-by: cwillum <[email protected]>

* fix#4413 detection rule updates

Signed-off-by: cwillum <[email protected]>

---------

Signed-off-by: cwillum <[email protected]>
vagimeli pushed a commit that referenced this pull request Dec 21, 2023
@cwillum @vagimeli
Add documentation for detector rule creation updates (#4499)
6eea7e8 
* fix#4413 detection rule updates

Signed-off-by: cwillum <[email protected]>

* fix#4413 detection rule updates

Signed-off-by: cwillum <[email protected]>

* fix#4413 detection rule updates

Signed-off-by: cwillum <[email protected]>

* fix#4413 detection rule updates

Signed-off-by: cwillum <[email protected]>

* fix#4413 detection rule updates

Signed-off-by: cwillum <[email protected]>

* fix#4413 detection rule updates

Signed-off-by: cwillum <[email protected]>

* fix#4413 detection rule updates

Signed-off-by: cwillum <[email protected]>

* fix#4413 detection rule updates

Signed-off-by: cwillum <[email protected]>

* fix#4413 detection rule updates

Signed-off-by: cwillum <[email protected]>

* fix#4413 detection rule updates

Signed-off-by: cwillum <[email protected]>

* fix#4413 detection rule updates

Signed-off-by: cwillum <[email protected]>

* fix#4413 detection rule updates

Signed-off-by: cwillum <[email protected]>

* fix#4413 detection rule updates

Signed-off-by: cwillum <[email protected]>

* fix#4413 detection rule updates

Signed-off-by: cwillum <[email protected]>

* fix#4413 detection rule updates

Signed-off-by: cwillum <[email protected]>

* fix#4413 detection rule updates

Signed-off-by: cwillum <[email protected]>

* fix#4413 detection rule updates

Signed-off-by: cwillum <[email protected]>

* fix#4413 detection rule updates

Signed-off-by: cwillum <[email protected]>

* fix#4413 detection rule updates

Signed-off-by: cwillum <[email protected]>

* fix#4413 detection rule updates

Signed-off-by: cwillum <[email protected]>

---------

Signed-off-by: cwillum <[email protected]>
@hdhalter hdhalter deleted the fix#4413-SecAna-rule-update branch March 28, 2024 21:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@natebower natebower natebower left review comments

@hdhalter hdhalter hdhalter approved these changes

@sbcd90 sbcd90 sbcd90 approved these changes

@kolchfa-aws kolchfa-aws Awaiting requested review from kolchfa-aws kolchfa-aws is a code owner

@Naarcha-AWS Naarcha-AWS Awaiting requested review from Naarcha-AWS Naarcha-AWS is a code owner

@vagimeli vagimeli Awaiting requested review from vagimeli

@ananzh ananzh Awaiting requested review from ananzh

@seanneumann seanneumann Awaiting requested review from seanneumann

@AMoo-Miki AMoo-Miki Awaiting requested review from AMoo-Miki AMoo-Miki is a code owner

Assignees

@cwillum cwillum

Labels
5 - Editorial review PR: Editorial review in progress release-notes PR: Include this PR in the automated release notes security-analytics v2.9.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[DOC] Update detection rule creation UI documentation in Security Analytics
4 participants
@cwillum @sbcd90 @natebower @hdhalter