Skip to content

Add ESQL for security section, threat hunt tutorial #1689

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 23 commits into from
Jun 20, 2025
Merged

Add ESQL for security section, threat hunt tutorial #1689

merged 23 commits into from
Jun 20, 2025

Conversation

leemthompo
Copy link
Contributor

@leemthompo leemthompo commented Jun 10, 2025
edited
Loading

@leemthompo leemthompo self-assigned this Jun 10, 2025
@github-actions GitHub Actions
Copy link

github-actions bot commented Jun 12, 2025
edited
Loading

🔍 Preview links for changed docs:

🔔 The preview site may take up to 3 minutes to finish building. These links will become live once it completes.

@leemthompo leemthompo marked this pull request as ready for review June 16, 2025 15:25
@leemthompo leemthompo requested review from a team as code owners June 16, 2025 15:25
natasha-moore-elastic
natasha-moore-elastic approved these changes Jun 19, 2025
View reviewed changes
Copy link
Contributor

@natasha-moore-elastic natasha-moore-elastic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left some minor comments, otherwise LGTM!

solutions/security/esql-for-security/esql-threat-hunting-tutorial.md

### Create core indices

First, create the core security indices for our threat hunting scenario:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it be helpful to add an API Reference link to the APIs that are used here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Normally I'm game for richly linking but here this might be an unnecessary ejector seat TBH, but I could be convinced otherwise :)

Ideally we'd have a file upload friendly option for the data-loading TBH and we might revisit this going forward. In meantime API calls are the most lightweight option.

leemthompo
leemthompo commented Jun 19, 2025
View reviewed changes
@leemthompo leemthompo enabled auto-merge (squash) June 20, 2025 11:07
@leemthompo leemthompo merged commit 0376adc into main Jun 20, 2025
6 of 7 checks passed
@leemthompo leemthompo deleted the leemthompo/esql-threat-hunting-tutorial branch June 20, 2025 11:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@natasha-moore-elastic natasha-moore-elastic natasha-moore-elastic approved these changes

@jamesspi jamesspi Awaiting requested review from jamesspi

@paulewing paulewing Awaiting requested review from paulewing

@tylerperk tylerperk Awaiting requested review from tylerperk

Assignees

@leemthompo leemthompo

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@leemthompo @natasha-moore-elastic