From df16ef90bec09c36c77ccc5aa2cafb867eff0a0b Mon Sep 17 00:00:00 2001 From: Colleen McGinnis Date: Wed, 9 Apr 2025 13:10:43 -0500 Subject: [PATCH 1/3] fix links to security-docs --- explore-analyze/alerts-cases/alerts/alerting-getting-started.md | 2 +- explore-analyze/alerts-cases/alerts/create-manage-rules.md | 2 +- explore-analyze/alerts-cases/alerts/rule-types.md | 2 +- solutions/security/detect-and-alert.md | 2 +- .../detect-and-alert/install-manage-elastic-prebuilt-rules.md | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/explore-analyze/alerts-cases/alerts/alerting-getting-started.md b/explore-analyze/alerts-cases/alerts/alerting-getting-started.md index 378614c419..a16090dbf8 100644 --- a/explore-analyze/alerts-cases/alerts/alerting-getting-started.md +++ b/explore-analyze/alerts-cases/alerts/alerting-getting-started.md @@ -7,7 +7,7 @@ navigation_title: Getting started with alerts # Getting started with alerting [alerting-getting-started] -Alerting enables you to define *rules*, which detect complex conditions within different {{kib}} apps and trigger actions when those conditions are met. Alerting is integrated with [**{{observability}}**](../../../solutions/observability/incident-management/alerting.md), [**Security**](security-docs://reference/prebuilt-rules/index.md), [**Maps**](../../../explore-analyze/alerts-cases/alerts/geo-alerting.md) and [**{{ml-app}}**](../../../explore-analyze/machine-learning/anomaly-detection/ml-configuring-alerts.md). It can be centrally managed from **{{stack-manage-app}}** and provides a set of built-in [connectors](../../../deploy-manage/manage-connectors.md) and [rules](../../../explore-analyze/alerts-cases/alerts/rule-types.md#stack-rules) for you to use. +Alerting enables you to define *rules*, which detect complex conditions within different {{kib}} apps and trigger actions when those conditions are met. Alerting is integrated with [**{{observability}}**](../../../solutions/observability/incident-management/alerting.md), [**Security**](detection-rules://index.md), [**Maps**](../../../explore-analyze/alerts-cases/alerts/geo-alerting.md) and [**{{ml-app}}**](../../../explore-analyze/machine-learning/anomaly-detection/ml-configuring-alerts.md). It can be centrally managed from **{{stack-manage-app}}** and provides a set of built-in [connectors](../../../deploy-manage/manage-connectors.md) and [rules](../../../explore-analyze/alerts-cases/alerts/rule-types.md#stack-rules) for you to use. :::{image} /explore-analyze/images/kibana-alerting-overview.png :alt: {{rules-ui}} UI diff --git a/explore-analyze/alerts-cases/alerts/create-manage-rules.md b/explore-analyze/alerts-cases/alerts/create-manage-rules.md index 64c4424d09..a2b236c92c 100644 --- a/explore-analyze/alerts-cases/alerts/create-manage-rules.md +++ b/explore-analyze/alerts-cases/alerts/create-manage-rules.md @@ -8,7 +8,7 @@ mapped_pages: # Create and manage rules [create-and-manage-rules] -The **{{stack-manage-app}}** > **{{rules-ui}}** UI provides a cross-app view of alerting. Different {{kib}} apps like [**{{observability}}**](../../../solutions/observability/incident-management/alerting.md), [**Security**](security-docs://reference/prebuilt-rules/index.md), [**Maps**](geo-alerting.md) and [**{{ml-app}}**](../../machine-learning/machine-learning-in-kibana.md) can offer their own rules. +The **{{stack-manage-app}}** > **{{rules-ui}}** UI provides a cross-app view of alerting. Different {{kib}} apps like [**{{observability}}**](../../../solutions/observability/incident-management/alerting.md), [**Security**](detection-rules://index.md), [**Maps**](geo-alerting.md) and [**{{ml-app}}**](../../machine-learning/machine-learning-in-kibana.md) can offer their own rules. You can find **Rules** in **Stack Management** > **Alerts and insights** > **Rules** in {{kib}} or by using the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md). diff --git a/explore-analyze/alerts-cases/alerts/rule-types.md b/explore-analyze/alerts-cases/alerts/rule-types.md index aaf793d855..9c8e3d98b2 100644 --- a/explore-analyze/alerts-cases/alerts/rule-types.md +++ b/explore-analyze/alerts-cases/alerts/rule-types.md @@ -41,7 +41,7 @@ If you create a rule in the {{observability}} app, its alerts are not visible in ## Security rules [security-rules] -Security rules detect suspicious source events with pre-built or custom rules and create alerts when a rule’s conditions are met. For more information, refer to [Security rules](security-docs://reference/prebuilt-rules/index.md). +Security rules detect suspicious source events with pre-built or custom rules and create alerts when a rule’s conditions are met. For more information, refer to [Security rules](detection-rules://index.md). ::::{note} Alerts associated with security rules are visible only in the {{security-app}}; they are not visible in **{{stack-manage-app}} > {{rules-ui}}**. diff --git a/solutions/security/detect-and-alert.md b/solutions/security/detect-and-alert.md index a972ce2ea5..1633260455 100644 --- a/solutions/security/detect-and-alert.md +++ b/solutions/security/detect-and-alert.md @@ -17,7 +17,7 @@ Use the detection engine to create and manage rules and view the alerts these ru :screenshot: ::: -In addition to creating [your own rules](/solutions/security/detect-and-alert/create-detection-rule.md), enable [Elastic prebuilt rules](/solutions/security/detect-and-alert/install-manage-elastic-prebuilt-rules.md#load-prebuilt-rules) to immediately start detecting suspicious activity. For detailed information on all the prebuilt rules, see the [Prebuilt rule reference](security-docs://reference/prebuilt-rules/index.md) section. Once the prebuilt rules are loaded and running, [Tune detection rules](/solutions/security/detect-and-alert/tune-detection-rules.md) and [Add and manage exceptions](/solutions/security/detect-and-alert/add-manage-exceptions.md) explain how to modify the rules to reduce false positives and get a better set of actionable alerts. You can also use exceptions and value lists when creating or modifying your own rules. +In addition to creating [your own rules](/solutions/security/detect-and-alert/create-detection-rule.md), enable [Elastic prebuilt rules](/solutions/security/detect-and-alert/install-manage-elastic-prebuilt-rules.md#load-prebuilt-rules) to immediately start detecting suspicious activity. For detailed information on all the prebuilt rules, see the [Prebuilt rule reference](detection-rules://index.md) section. Once the prebuilt rules are loaded and running, [Tune detection rules](/solutions/security/detect-and-alert/tune-detection-rules.md) and [Add and manage exceptions](/solutions/security/detect-and-alert/add-manage-exceptions.md) explain how to modify the rules to reduce false positives and get a better set of actionable alerts. You can also use exceptions and value lists when creating or modifying your own rules. There are several special prebuilt rules you need to know about: diff --git a/solutions/security/detect-and-alert/install-manage-elastic-prebuilt-rules.md b/solutions/security/detect-and-alert/install-manage-elastic-prebuilt-rules.md index cb252dd268..0e627aa90f 100644 --- a/solutions/security/detect-and-alert/install-manage-elastic-prebuilt-rules.md +++ b/solutions/security/detect-and-alert/install-manage-elastic-prebuilt-rules.md @@ -12,7 +12,7 @@ applies_to: # Install and manage Elastic prebuilt rules [security-prebuilt-rules-management] -Follow these guidelines to start using the {{security-app}}'s [prebuilt rules](security-docs://reference/prebuilt-rules/index.md), keep them updated, and make sure they have the data needed to run successfully. +Follow these guidelines to start using the {{security-app}}'s [prebuilt rules](detection-rules://index.md), keep them updated, and make sure they have the data needed to run successfully. * [Install and enable Elastic prebuilt rules](/solutions/security/detect-and-alert/install-manage-elastic-prebuilt-rules.md#load-prebuilt-rules) * [Prebuilt rule tags](/solutions/security/detect-and-alert/install-manage-elastic-prebuilt-rules.md#prebuilt-rule-tags) From b26102ba9b0d20b973c3de46dc198ab7b9881f2b Mon Sep 17 00:00:00 2001 From: Colleen McGinnis Date: Wed, 9 Apr 2025 13:11:26 -0500 Subject: [PATCH 2/3] update cross_links --- docset.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docset.yml b/docset.yml index 15aa524251..2804c04964 100644 --- a/docset.yml +++ b/docset.yml @@ -26,6 +26,7 @@ cross_links: - cloud - cloud-on-k8s - curator + - detection-rules - ecctl - ecs - ecs-dotnet @@ -54,7 +55,6 @@ cross_links: - logstash - logstash-docs-md - search-ui - - security-docs toc: - file: index.md From d62525ac8075723e1bef2867763f1ebffc39b586 Mon Sep 17 00:00:00 2001 From: Colleen McGinnis Date: Wed, 9 Apr 2025 13:18:07 -0500 Subject: [PATCH 3/3] fix elasticsearch link --- deploy-manage/deploy/self-managed/_snippets/first-node.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy-manage/deploy/self-managed/_snippets/first-node.md b/deploy-manage/deploy/self-managed/_snippets/first-node.md index dcaa51ea90..a7c3f60cee 100644 --- a/deploy-manage/deploy/self-managed/_snippets/first-node.md +++ b/deploy-manage/deploy/self-managed/_snippets/first-node.md @@ -12,7 +12,7 @@ Update the {{es}} configuration on this first node so that other hosts are able 3. By default, {{es}} runs on `localhost`. For {{es}} instances on other nodes to be able to join the cluster, you need to set up {{es}} to run on a routable, external IP address. - Uncomment the line `#network.host: 192.168.0.1` and replace the default address with `0.0.0.0`. The `0.0.0.0` setting enables {{es}} to listen for connections on all available network interfaces. In a production environment, you might want to [use a different value](elasticsearch:///reference/elasticsearch/configuration-reference/networking-settings.md#common-network-settings), such as a static IP address or a reference to a [network interface of the host](elasticsearch://reference/elasticsearch/configuration-reference/networking-settings.md#network-interface-values). + Uncomment the line `#network.host: 192.168.0.1` and replace the default address with `0.0.0.0`. The `0.0.0.0` setting enables {{es}} to listen for connections on all available network interfaces. In a production environment, you might want to [use a different value](elasticsearch://reference/elasticsearch/configuration-reference/networking-settings.md#common-network-settings), such as a static IP address or a reference to a [network interface of the host](elasticsearch://reference/elasticsearch/configuration-reference/networking-settings.md#network-interface-values). ```yaml network.host: 0.0.0.0