You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: solutions/security/get-started/siem-migration.md
+8-8Lines changed: 8 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -68,7 +68,7 @@ The table's fields are as follows:
68
68
***Status:** The rule's translation status. Hover over the tooltip next to the column title for more information.
69
69
***Risk Score:** For Elastic authored rules, risk scores are predefined. For custom translated rules, risk scores are defined as follows:
70
70
* If the source rule has a field comparable to Elastic's risk score, we use that value.
71
-
* Otherwise, if the source rule has a field comparable to Elastic's rule severity field, we base the risk score on that value according to these [guidelines](/solutions/security/current/rules-ui-create.html#rule-ui-basic-params).
71
+
* Otherwise, if the source rule has a field comparable to Elastic's rule severity field, we base the risk score on that value according to these [guidelines](../security/rules-ui-create.html#rule-ui-basic-params).
72
72
* Otherwise, a default value is assigned.
73
73
***Rule severity:** For Elastic authored rules, severity scores are predefined. For custom translated rules, risk scores are based on the source rule's severity field. Splunk severity scores are translated to Elastic rule severity scores as follows:
74
74
@@ -88,17 +88,17 @@ The table's fields are as follows:
88
88
89
89
Once you're on the **Translated rules** page, to install any rules that were partially translated or not translated, you will need to edit them. Optionally, you can also edit custom rules that were successfully translated to finetune them.
90
90
91
-
::::{note}
92
-
You cannot edit Elastic authored rules using this interface, but after they are installed you can edit them from the [**Rules**](/solutions/security/detect-and-alert/about-detection-rules.html) page.
93
-
::::
91
+
:::{note}
92
+
You cannot edit Elastic authored rules using this interface, but after they are installed you can edit them from the [**Rules**](../security/detect-and-alert/about-detection-rules.html) page.
93
+
:::
94
94
95
-
### Edit a custom rule:
95
+
### Edit a custom rule
96
96
97
97
Click the rule's name to open the rule's details flyout to the **Translation** tab, which shows the source rule alongside the translated — or partially translated — Elastic version. You can update any part of the rule. When finished, click **Save**.
98
98
99
-
::::{note}
100
-
If you didn't onboard your data yet, you will likely encounter `Unknown index` or `Unknown column` errors while editing. You can ignore these and add your data later.
101
-
::::
99
+
::::{note}
100
+
If you haven't yet ingested your data, you will likely encounter `Unknown index` or `Unknown column` errors while editing. You can ignore these and add your data later.
0 commit comments