Skip to content

Commit be22d7d

Browse files
Apply suggestions from code review
Fixing more ref errors
1 parent e432deb commit be22d7d

File tree

3 files changed

+3
-3
lines changed

3 files changed

+3
-3
lines changed

solutions/security/detect-and-alert/about-detection-rules.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ You can create the following types of rules:
3636
* [**Indicator match**](/solutions/security/detect-and-alert/rule-types/indicator-match.md): Creates an alert when {{elastic-sec}} index field values match field values defined in the specified indicator index patterns. For example, you can create an indicator index for IP addresses and use this index to create an alert whenever an event’s `destination.ip` equals a value in the index. Indicator index field mappings should be [ECS-compliant](ecs://reference/index.md). For information on creating {{es}} indices and field types, see [Index some documents](/manage-data/ingest.md), [Create index API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-indices-create), and [Field data types](elasticsearch://reference/elasticsearch/mapping-reference/field-data-types.md). If you have indicators in a standard file format, such as CSV or JSON, you can also use the Machine Learning Data Visualizer to import your indicators into an indicator index. See [Explore the data in {{kib}}](/explore-analyze/machine-learning/anomaly-detection/ml-getting-started.md#sample-data-visualizer) and use the **Import Data** option to import your indicators.
3737

3838
::::{tip}
39-
You can also use value lists as the indicator match index. See [Use value lists with indicator match rules](solutions/security/detect-and-alert/rule-types/indicator-match.md#indicator-value-lists) at the end of this topic for more information.
39+
You can also use value lists as the indicator match index. See [Use value lists with indicator match rules](/solutions/security/detect-and-alert/rule-types/indicator-match.md#indicator-value-lists) at the end of this topic for more information.
4040
::::
4141

4242
* [**New terms**](/solutions/security/detect-and-alert/create-detection-rule.md#create-new-terms-rule): Generates an alert for each new term detected in source documents within a specified time range. You can also detect a combination of up to three new terms (for example, a `host.ip` and `host.id` that have never been observed together before).

solutions/security/detect-and-alert/create-manage-value-lists.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@ Value lists are lists of items with the same {{es}} [data type](elasticsearch://
2525
After creating value lists, you can use `is in list` and `is not in list` operators to [define exceptions](add-manage-exceptions.md).
2626

2727
::::{tip}
28-
You can also use a value list as the [indicator match index](solutions/security/detect-and-alert/rule-types/indicator-match.md#indicator-value-lists) when creating an indicator match rule.
28+
You can also use a value list as the [indicator match index](/solutions/security/detect-and-alert/rule-types/indicator-match.md#indicator-value-lists) when creating an indicator match rule.
2929
::::
3030

3131
## Create value lists [create-value-lists]

solutions/security/detect-and-alert/rule-types/custom-query.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -96,7 +96,7 @@ Custom query rules search for events matching a KQL or Lucene query and create a
9696
**Configuration**:
9797
* **Index patterns**: `packetbeat-*,logs-network-*`
9898
* **Custom query**:
99-
```kql
99+
```console
100100
host.name: (web-server-* OR dmz-*) AND network.direction: outbound AND NOT destination.ip: (10.0.0.0/8 OR 172.16.0.0/12 OR 192.168.0.0/16) AND NOT destination.port: (80 OR 443 OR 53 OR 123)
101101
```
102102

0 commit comments

Comments
 (0)