edit defend advanced options wording #2157
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
🔍 Preview links for changed docs |
There was a problem hiding this comment.
Thanks for making the edits @ferullo! The descriptions are a lot clearer, and I'm definitely in favor of making the structure more parallel.
| : Added in 7.11.0. | ||
|
|
||
| *A supplied value will configure logging to syslog. Allowed values are `error`, `warning`, `info`, `debug`, and `trace`.* | ||
| * Write logs to syslog. Allowed values are `error`, `warning`, `info`, `debug`, and `trace`. Default: none.* |
There was a problem hiding this comment.
Suggested change
| * Write logs to syslog. Allowed values are `error`, `warning`, `info`, `debug`, and `trace`. Default: none.* | |
| *Write logs to syslog. Allowed values are `error`, `warning`, `info`, `debug`, and `trace`. Default: none.* |
| : Added in 8.19.0. | ||
|
|
||
| *If set to `true`, file events include file origin details: file.origin_url, file.origin_referrer_url, and file.Ext.windows.zone_identifier. These fields show the details of file's Mark of the Web. Default: `true`* | ||
| *When enabled (`true`), file events include `file.origin_url`, `file.origin_referrer_url`, and `file.Ext.windows.zone_identifier. These fields show the details of file's Mark of the Web. Default: `true`* |
There was a problem hiding this comment.
Suggested change
| *When enabled (`true`), file events include `file.origin_url`, `file.origin_referrer_url`, and `file.Ext.windows.zone_identifier. These fields show the details of file's Mark of the Web. Default: `true`* | |
| *Include `file.origin_url`, `file.origin_referrer_url`, and `file.Ext.windows.zone_identifier` in file events. These fields show the details of file's Mark of the Web. Default: `true`* |
| : Added in 8.19.0. | ||
|
|
||
| *Controls whether Microsoft-Windows-Security-Auditing ETW provider is enabled for security events collection. Set to `false` to disable the provider. Default: `true`.* | ||
| *Controls whether Microsoft-Windows-Security-Auditing ETW provider is enabled for security events collection. Set to `false` to disable the provider. Default: `true`.* |
There was a problem hiding this comment.
Suggested change
| *Controls whether Microsoft-Windows-Security-Auditing ETW provider is enabled for security events collection. Set to `false` to disable the provider. Default: `true`.* | |
| *Enable the Microsoft-Windows-Security-Auditing ETW provider for security events collection. Default: `true`.* |
| : Added in 8.16.0. | ||
|
|
||
| *Controls whether malware protection is applied to dev drives. Default: `false`.* | ||
| *Control whether malware protection is applied to dev drives. Default: `false`.* |
There was a problem hiding this comment.
Suggested change
| *Control whether malware protection is applied to dev drives. Default: `false`.* | |
| *Apply malware protection to dev drives. Default: `false`.* |
| : Added in 8.15.0. | ||
|
|
||
| *Controls whether the kernel reports loopback network events. Default: `true`.* | ||
| *Control whether loopback network events are reported. Default: `true`.* |
There was a problem hiding this comment.
Suggested change
| *Control whether loopback network events are reported. Default: `true`.* | |
| *Report loopback network events. Default: `true`.* |
| : Added in 8.9.0. | ||
|
|
||
| *Controls whether malware protection is applied to network drives. Default: `true`.* | ||
| *Control whether malware protection is applied to network drives. Default: `true`.* |
There was a problem hiding this comment.
Suggested change
| *Control whether malware protection is applied to network drives. Default: `true`.* | |
| *Apply malware protection to network drives. Default: `true`.* |
Co-authored-by: natasha-moore-elastic <[email protected]>
ferullo
commented
Jul 25, 2025
Co-authored-by: Daniel Ferullo <[email protected]>
LGTM! |
natasha-moore-elastic
approved these changes
Jul 28, 2025
|
@natasha-moore-elastic am I correct to assume it's ok for me to merge this? |
@ferullo, all good on my end! I'll go ahead and merge. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This edits the Defend advanced option wording with the following primary goals:
Originally we'd agreed to completely remove the italics portion on this page and make sure the Kibana tool tips were "short" with an expectation users turn to this more detailed documentation when needed. I tried, but was only as successful as what I'm proposing to merge in this PR (usually shorten the italics tool tip and always still show it on elastic.co).
Thoughts @natasha-moore-elastic @gabriellandau @roxana-gheorghe @nfritts @joe-desimone
Docs Preview as of July 28