From 42359c8150b0b8cab6d2fef0dddba825851041a0 Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Tue, 18 Mar 2025 17:02:03 -0400 Subject: [PATCH 1/5] First draft --- docs/detections/rules-cross-cluster-search.asciidoc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/detections/rules-cross-cluster-search.asciidoc b/docs/detections/rules-cross-cluster-search.asciidoc index 90c56d7e35..e8756bcd70 100644 --- a/docs/detections/rules-cross-cluster-search.asciidoc +++ b/docs/detections/rules-cross-cluster-search.asciidoc @@ -3,6 +3,12 @@ {ref}/modules-cross-cluster-search.html[Cross-cluster search] is an {es} feature that allows one cluster (the _local_ cluster) to query data in a separate cluster (the _remote_ cluster). {elastic-sec}'s detection rules can perform a cross-cluster search to query data in remote clusters. +.Requirements +[sidebar] +-- +Using cross-cluster search for {esql} rules requires an https://www.elastic.co/pricing[Enterprise subscription]. To learn more about the other requirements, refer to {ref}/modules-cross-cluster-search.html[Cross-cluster search prerequisites]. +-- + [discrete] [[set-up-ccs-rules]] === Set up cross-cluster search in detection rules From 389b9509f8a266e51061b0f59d7afb760d9d985b Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Tue, 18 Mar 2025 17:07:40 -0400 Subject: [PATCH 2/5] fix title --- docs/detections/rules-cross-cluster-search.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/detections/rules-cross-cluster-search.asciidoc b/docs/detections/rules-cross-cluster-search.asciidoc index e8756bcd70..1fe149e4e6 100644 --- a/docs/detections/rules-cross-cluster-search.asciidoc +++ b/docs/detections/rules-cross-cluster-search.asciidoc @@ -6,7 +6,7 @@ .Requirements [sidebar] -- -Using cross-cluster search for {esql} rules requires an https://www.elastic.co/pricing[Enterprise subscription]. To learn more about the other requirements, refer to {ref}/modules-cross-cluster-search.html[Cross-cluster search prerequisites]. +Using cross-cluster search for {esql} rules requires an https://www.elastic.co/pricing[Enterprise subscription]. To learn more about the other requirements, refer to {ref}/modules-cross-cluster-search.html[Search across clusters]. -- [discrete] From a4cf99e822dcfe89c9dd77cc256c3a027fb0f300 Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Tue, 18 Mar 2025 19:15:46 -0400 Subject: [PATCH 3/5] Tweaks --- docs/detections/rules-cross-cluster-search.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/detections/rules-cross-cluster-search.asciidoc b/docs/detections/rules-cross-cluster-search.asciidoc index 1fe149e4e6..1fb9c7acee 100644 --- a/docs/detections/rules-cross-cluster-search.asciidoc +++ b/docs/detections/rules-cross-cluster-search.asciidoc @@ -6,7 +6,7 @@ .Requirements [sidebar] -- -Using cross-cluster search for {esql} rules requires an https://www.elastic.co/pricing[Enterprise subscription]. To learn more about the other requirements, refer to {ref}/modules-cross-cluster-search.html[Search across clusters]. +Using cross-cluster search for {esql} rules requires an https://www.elastic.co/pricing[Enterprise subscription]. Refer to {ref}/modules-cross-cluster-search.html[Search across clusters] to learn more about cross-cluster search requirements. -- [discrete] From f09fba80216333b5b66e4429fcee0aad6fc01b4a Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Wed, 19 Mar 2025 11:17:51 -0400 Subject: [PATCH 4/5] List format --- docs/detections/rules-cross-cluster-search.asciidoc | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/detections/rules-cross-cluster-search.asciidoc b/docs/detections/rules-cross-cluster-search.asciidoc index 1fb9c7acee..af755ce3aa 100644 --- a/docs/detections/rules-cross-cluster-search.asciidoc +++ b/docs/detections/rules-cross-cluster-search.asciidoc @@ -6,7 +6,10 @@ .Requirements [sidebar] -- -Using cross-cluster search for {esql} rules requires an https://www.elastic.co/pricing[Enterprise subscription]. Refer to {ref}/modules-cross-cluster-search.html[Search across clusters] to learn more about cross-cluster search requirements. + +* To learn about the requirements for using cross-cluster search, refer to {ref}/modules-cross-cluster-search.html[Search across clusters]. +* Using cross-cluster search for {esql} rules requires an [Enterprise subscription](https://www.elastic.co/pricing). + -- [discrete] From 96d138bcbe3849dee073d134399cc3ebc5b88cb2 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Wed, 19 Mar 2025 12:02:19 -0400 Subject: [PATCH 5/5] Update docs/detections/rules-cross-cluster-search.asciidoc Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> --- docs/detections/rules-cross-cluster-search.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/detections/rules-cross-cluster-search.asciidoc b/docs/detections/rules-cross-cluster-search.asciidoc index af755ce3aa..b6a6cf3103 100644 --- a/docs/detections/rules-cross-cluster-search.asciidoc +++ b/docs/detections/rules-cross-cluster-search.asciidoc @@ -8,7 +8,7 @@ -- * To learn about the requirements for using cross-cluster search, refer to {ref}/modules-cross-cluster-search.html[Search across clusters]. -* Using cross-cluster search for {esql} rules requires an [Enterprise subscription](https://www.elastic.co/pricing). +* Using cross-cluster search for {esql} rules requires an (https://www.elastic.co/pricing)[Enterprise subscription]. --