From 6478dad14f71f64196461a73101fd8b5b147072e Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Tue, 18 Mar 2025 17:25:04 -0400 Subject: [PATCH 1/6] First draft --- .../cross-cluster-search-detection-rules.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/solutions/security/detect-and-alert/cross-cluster-search-detection-rules.md b/solutions/security/detect-and-alert/cross-cluster-search-detection-rules.md index 12cc10cd2c..5dcd757332 100644 --- a/solutions/security/detect-and-alert/cross-cluster-search-detection-rules.md +++ b/solutions/security/detect-and-alert/cross-cluster-search-detection-rules.md @@ -9,6 +9,12 @@ applies_to: [Cross-cluster search](../../search/cross-cluster-search.md) is an {{es}} feature that allows one cluster (the *local* cluster) to query data in a separate cluster (the *remote* cluster). {{elastic-sec}}'s detection rules can perform a cross-cluster search to query data in remote clusters. +::::{admonition} Requirements +* In {{stack}}, using cross-cluster search for {esql} rules requires an [Enterprise subscription](https://www.elastic.co/pricing). +% * In serverless, behavioral detection integrations require the Security Analytics Complete [project feature](/deploy-manage/deploy/elastic-cloud/project-settings.md). +* To learn more about the requirements for using cross-cluster search, refer to [Cross-cluster search](../../search/cross-cluster-search.md). + +:::: ## Set up cross-cluster search in detection rules [set-up-ccs-rules] From ad0faaa3bb229997e24c99d5b84d579327f58468 Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Tue, 18 Mar 2025 19:13:29 -0400 Subject: [PATCH 2/6] Fixed var --- .../detect-and-alert/cross-cluster-search-detection-rules.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/solutions/security/detect-and-alert/cross-cluster-search-detection-rules.md b/solutions/security/detect-and-alert/cross-cluster-search-detection-rules.md index 5dcd757332..65fe5de546 100644 --- a/solutions/security/detect-and-alert/cross-cluster-search-detection-rules.md +++ b/solutions/security/detect-and-alert/cross-cluster-search-detection-rules.md @@ -10,7 +10,7 @@ applies_to: [Cross-cluster search](../../search/cross-cluster-search.md) is an {{es}} feature that allows one cluster (the *local* cluster) to query data in a separate cluster (the *remote* cluster). {{elastic-sec}}'s detection rules can perform a cross-cluster search to query data in remote clusters. ::::{admonition} Requirements -* In {{stack}}, using cross-cluster search for {esql} rules requires an [Enterprise subscription](https://www.elastic.co/pricing). +* In {{stack}}, using cross-cluster search for ((esql)) rules requires an [Enterprise subscription](https://www.elastic.co/pricing). % * In serverless, behavioral detection integrations require the Security Analytics Complete [project feature](/deploy-manage/deploy/elastic-cloud/project-settings.md). * To learn more about the requirements for using cross-cluster search, refer to [Cross-cluster search](../../search/cross-cluster-search.md). From 956f819c282a82e5c8304f341a029c84333a65f6 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Tue, 18 Mar 2025 22:51:08 -0400 Subject: [PATCH 3/6] Update solutions/security/detect-and-alert/cross-cluster-search-detection-rules.md --- .../detect-and-alert/cross-cluster-search-detection-rules.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/solutions/security/detect-and-alert/cross-cluster-search-detection-rules.md b/solutions/security/detect-and-alert/cross-cluster-search-detection-rules.md index 65fe5de546..8945922fe0 100644 --- a/solutions/security/detect-and-alert/cross-cluster-search-detection-rules.md +++ b/solutions/security/detect-and-alert/cross-cluster-search-detection-rules.md @@ -10,7 +10,7 @@ applies_to: [Cross-cluster search](../../search/cross-cluster-search.md) is an {{es}} feature that allows one cluster (the *local* cluster) to query data in a separate cluster (the *remote* cluster). {{elastic-sec}}'s detection rules can perform a cross-cluster search to query data in remote clusters. ::::{admonition} Requirements -* In {{stack}}, using cross-cluster search for ((esql)) rules requires an [Enterprise subscription](https://www.elastic.co/pricing). +* In {{stack}}, using cross-cluster search for {{esql}} rules requires an [Enterprise subscription](https://www.elastic.co/pricing). % * In serverless, behavioral detection integrations require the Security Analytics Complete [project feature](/deploy-manage/deploy/elastic-cloud/project-settings.md). * To learn more about the requirements for using cross-cluster search, refer to [Cross-cluster search](../../search/cross-cluster-search.md). From ab4da37a9fb3bdf041c679fc0788308cf07c322e Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Wed, 19 Mar 2025 11:06:46 -0400 Subject: [PATCH 4/6] Update solutions/security/detect-and-alert/cross-cluster-search-detection-rules.md --- .../detect-and-alert/cross-cluster-search-detection-rules.md | 1 - 1 file changed, 1 deletion(-) diff --git a/solutions/security/detect-and-alert/cross-cluster-search-detection-rules.md b/solutions/security/detect-and-alert/cross-cluster-search-detection-rules.md index 8945922fe0..95d87207d1 100644 --- a/solutions/security/detect-and-alert/cross-cluster-search-detection-rules.md +++ b/solutions/security/detect-and-alert/cross-cluster-search-detection-rules.md @@ -11,7 +11,6 @@ applies_to: ::::{admonition} Requirements * In {{stack}}, using cross-cluster search for {{esql}} rules requires an [Enterprise subscription](https://www.elastic.co/pricing). -% * In serverless, behavioral detection integrations require the Security Analytics Complete [project feature](/deploy-manage/deploy/elastic-cloud/project-settings.md). * To learn more about the requirements for using cross-cluster search, refer to [Cross-cluster search](../../search/cross-cluster-search.md). :::: From 76755df68816277bebf14ddb24f3cbf5aae17e39 Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Wed, 19 Mar 2025 11:08:11 -0400 Subject: [PATCH 5/6] fix --- .../detect-and-alert/cross-cluster-search-detection-rules.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/solutions/security/detect-and-alert/cross-cluster-search-detection-rules.md b/solutions/security/detect-and-alert/cross-cluster-search-detection-rules.md index 95d87207d1..e4f392ce4d 100644 --- a/solutions/security/detect-and-alert/cross-cluster-search-detection-rules.md +++ b/solutions/security/detect-and-alert/cross-cluster-search-detection-rules.md @@ -10,8 +10,7 @@ applies_to: [Cross-cluster search](../../search/cross-cluster-search.md) is an {{es}} feature that allows one cluster (the *local* cluster) to query data in a separate cluster (the *remote* cluster). {{elastic-sec}}'s detection rules can perform a cross-cluster search to query data in remote clusters. ::::{admonition} Requirements -* In {{stack}}, using cross-cluster search for {{esql}} rules requires an [Enterprise subscription](https://www.elastic.co/pricing). -* To learn more about the requirements for using cross-cluster search, refer to [Cross-cluster search](../../search/cross-cluster-search.md). +In {{stack}}, using cross-cluster search for {{esql}} rules requires an [Enterprise subscription](https://www.elastic.co/pricing). To learn more about the requirements for using cross-cluster search in the {{stack}}, refer to [Cross-cluster search](../../search/cross-cluster-search.md). :::: From dad90e19dfb4faedf07134aac3bfa68734436061 Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Wed, 19 Mar 2025 11:15:47 -0400 Subject: [PATCH 6/6] list format --- .../detect-and-alert/cross-cluster-search-detection-rules.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/solutions/security/detect-and-alert/cross-cluster-search-detection-rules.md b/solutions/security/detect-and-alert/cross-cluster-search-detection-rules.md index e4f392ce4d..9b44670efb 100644 --- a/solutions/security/detect-and-alert/cross-cluster-search-detection-rules.md +++ b/solutions/security/detect-and-alert/cross-cluster-search-detection-rules.md @@ -10,7 +10,8 @@ applies_to: [Cross-cluster search](../../search/cross-cluster-search.md) is an {{es}} feature that allows one cluster (the *local* cluster) to query data in a separate cluster (the *remote* cluster). {{elastic-sec}}'s detection rules can perform a cross-cluster search to query data in remote clusters. ::::{admonition} Requirements -In {{stack}}, using cross-cluster search for {{esql}} rules requires an [Enterprise subscription](https://www.elastic.co/pricing). To learn more about the requirements for using cross-cluster search in the {{stack}}, refer to [Cross-cluster search](../../search/cross-cluster-search.md). +* To learn about the requirements for using cross-cluster search in the {{stack}}, refer to [Cross-cluster search](../../search/cross-cluster-search.md). +* Using cross-cluster search for {{esql}} rules in the {{stack}} requires an [Enterprise subscription](https://www.elastic.co/pricing). ::::