Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Request] Visualizations in alert flyout - technical preview + advanced setting #5878

Open
3 tasks done
christineweng opened this issue Oct 1, 2024 · 1 comment · May be fixed by #5963
Open
3 tasks done

[Request] Visualizations in alert flyout - technical preview + advanced setting #5878

christineweng opened this issue Oct 1, 2024 · 1 comment · May be fixed by #5963
Assignees
@christineweng @nastasha-solomon
Labels
Docset: ESS Issues that apply to docs in the Stack release Docset: Serverless Issues for Serverless Security Effort: Medium Issues that take moderate but not substantial time to complete Feature: Alerts Priority: High Issues that are time-sensitive and/or are of high customer importance Team: Threat Hunting Formerly Data Visibility v8.16.0

Comments

@christineweng
Copy link

christineweng commented Oct 1, 2024
edited by nastasha-solomon
Loading

Description

We are introducing a new feature in 8.16 under technical preview with an advanced setting. When the securitySolution:enableVisualizationsInFlyout setting is on, user can access analyzer graph and session viewer in a new section called Visualize in the alert and event flyout.

Image

Image

  • As of October 1, 2024, the feature has been merged in main. However, the advanced setting is only available in ESS
  • Plan to add the setting to Serverless on or before feature freeze (Oct 15)
  • Currently the setting is default to false. But subject to change based on PM feedback

Background & resources

Which documentation set does this change impact?

ESS

  • Configure advanced settings: Create a new section for the securitySolution:enableVisualizationsInFlyout advanced setting. Place it after the "Exclude cold and frozen tier data from analyzer queries" section.
  • View alert details | Visualizations: Add a subsection that describes the Visualization tab. Note that the tab only appears if the securitySolution:enableVisualizationsInFlyout advanced setting is turned on. Name the new section "Expanded visualizations view".
  • Visual event analyzer: Revise step 3 to show where event analyzer can be accessed. For example, "Event analyzer is accessible from the Hosts, Alerts, and Timelines pages, as well as the alert details flyout if the securitySolution:enableVisualizationsInFlyout advanced setting is turned on.

Serverless

  • Same changes

ESS release

8.16

Serverless release

The week of October 28, 2024

Feature differences

No difference

API docs impact

N/A

Prerequisites, privileges, feature flags

Advanced setting securitySolution:enableVisualizationsInFlyout must be enabled
@nastasha-solomon nastasha-solomon added Team: Threat Hunting Formerly Data Visibility Feature: Alerts Priority: High Issues that are time-sensitive and/or are of high customer importance Effort: Medium Issues that take moderate but not substantial time to complete Docset: Serverless Issues for Serverless Security Docset: ESS Issues that apply to docs in the Stack release v8.16.0 labels Oct 3, 2024
@nastasha-solomon
Copy link
Contributor

Assigning this task to the next sprint (Sprint 22) since the current sprint is already full.

@nastasha-solomon nastasha-solomon linked a pull request Oct 20, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@christineweng christineweng

@nastasha-solomon nastasha-solomon

Labels
Docset: ESS Issues that apply to docs in the Stack release Docset: Serverless Issues for Serverless Security Effort: Medium Issues that take moderate but not substantial time to complete Feature: Alerts Priority: High Issues that are time-sensitive and/or are of high customer importance Team: Threat Hunting Formerly Data Visibility v8.16.0
Projects
None yet
Milestone
No milestone
2 participants
@christineweng @nastasha-solomon