-
Notifications
You must be signed in to change notification settings - Fork 180
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Request][Serverless][8.16] Visualizations in alert flyout - technical preview + advanced setting #5963
base: main
Are you sure you want to change the base?
Conversation
A documentation preview will be available soon. Request a new doc build by commenting
If your PR continues to fail for an unknown reason, the doc build pipeline may be broken. Elastic employees can check the pipeline status here. |
🚀 Built elastic-dot-co-docs-preview-docs successfully!
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! Thank you!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few minor suggestions, otherwise looks good!
[[expanded-visualizations-view]] | ||
=== Expanded visualizations view | ||
|
||
preview:[] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This ⬆️ renders as the inline [preview]
label, but the full banner might be more appropriate.
preview:[] | |
preview::[] |
@@ -124,10 +124,32 @@ image::images/visualizations-section-rp.png[Visualizations section of the Overvi | |||
|
|||
Click **Visualizations** to display the following previews: | |||
|
|||
* **Session view preview**: Shows a preview of <<session-view,session view>> data. Click **Session viewer preview** to open the **Session View** tab in Timeline. | |||
* **Session view preview**: Shows a preview of <<session-view,Session View>> data. Click **Session viewer preview** to open the **Session View** tab in Timeline. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this say Session viewer preview?
* **Session view preview**: Shows a preview of <<session-view,Session View>> data. Click **Session viewer preview** to open the **Session View** tab in Timeline. | |
* **Session viewer preview**: Shows a preview of <<session-view,Session View>> data. Click **Session viewer preview** to open the **Session View** tab in Timeline. |
To use the **Visualize** tab, you must turn on the `securitySolution:enableVisualizationsInFlyout` <<visualizations-in-flyout,advanced setting>>. | ||
-- | ||
|
||
The **Visualize** tab allows you to maintain the context of the Alerts table, while providing a more detailed view of alerts that you're investigating in the event analyzer or Session View. To open the tab, click **Session view preview** or **Analyzer preview** from the right panel. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same question about Session view/viewer preview
@@ -29,7 +29,9 @@ Or | |||
+ | |||
** `agent.type:"winlogbeat" and event.module: "sysmon" and process.entity_id : *` | |||
|
|||
. Events that can be visually analyzed are denoted by a cubical **Analyze event** icon. Select this option to open the event in the visual analyzer. Alternatively, open the alert details flyout, go to the Visualizations section, then click **Analyzer preview**. This opens the **Analyzer** tab in Timeline. | |||
. Events that can be visually analyzed are denoted by a cubical **Analyze event** icon. Select this option to open the event in the visual analyzer. The event analyzer is accessible from the Hosts, Alerts, and Timelines pages, as well as the alert details flyout. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
. Events that can be visually analyzed are denoted by a cubical **Analyze event** icon. Select this option to open the event in the visual analyzer. The event analyzer is accessible from the Hosts, Alerts, and Timelines pages, as well as the alert details flyout. | |
. Events that can be visually analyzed are denoted by a cubical **Analyze event** icon. Select this option to open the event in the visual analyzer. The event analyzer is accessible from the **Hosts**, **Alerts**, and **Timelines** pages, as well as the alert details flyout. |
[[visualizations-in-flyout]] | ||
== Access the event analyzer and session view from the event or alert details flyout | ||
|
||
preview:[] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
preview:[] | |
preview::[] |
@@ -113,6 +113,14 @@ The `securitySolution:enableAssetCriticality` setting determines whether asset c | |||
|
|||
Including data from cold and frozen {ref}/data-tiers.html[data tiers] in <<visual-event-analyzer, visual event analyzer>> queries may result in performance degradation. The `securitySolution:excludeColdAndFrozenTiersInAnalyzer` setting allows you to exclude this data from analyzer queries. This setting is turned off by default. | |||
|
|||
[discrete] | |||
[[visualizations-in-flyout]] | |||
== Access the event analyzer and session view from the event or alert details flyout |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
== Access the event analyzer and session view from the event or alert details flyout | |
== Access the event analyzer and Session View from the event or alert details flyout |
Fixes #5878
ESS:
securitySolution:enableVisualizationsInFlyout
advanced setting.securitySolution:enableVisualizationsInFlyout
advanced setting.Serverless: