Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Docs][SIEM]Threat hunting ehancements #1039

Merged
merged 4 commits into from
May 11, 2020
Merged

[Docs][SIEM]Threat hunting ehancements #1039

merged 4 commits into from
May 11, 2020

Conversation

benskelker
Copy link
Contributor

@benskelker benskelker commented May 6, 2020
edited
Loading

Documents threat hunting UI interactions.

Preview

Resolves: #1026

@benskelker benskelker requested a review from spong May 6, 2020 10:22
andrew-goldstein
andrew-goldstein reviewed May 7, 2020
View reviewed changes
docs/en/siem/siem-ui.asciidoc Outdated
@@ -8,7 +8,31 @@ environment, and you can use the interactive UI to drill down into areas of
interest.

The *{kibana-ref}/kuery-query.html[{kib} Query Language (KQL)]* bar is available
throughout the {siem-app} for searching and filtering.
throughout the {siem-app} for searching and filtering. You can also click and
swipe histograms, which updates the global time filter.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can also click and swipe histograms, which updates the global time filter.

Would you be willing to consider describing this behavior ("brush selection" is the obscure technical term for it), like the following suggestion?

When histograms contain peaks or a time range containing interesting data, click on the chart, and while holding down the mouse or trackpad button, drag over the time range to select it, which updates the global time filter.

brush-selection-still

Consider including a still screenshot like the one above to illustrate the selection process.

Do we support animated gifs in docs? If so, perhaps we could include something like the following?

brush-selection-animated

Copy link
Contributor Author

@benskelker benskelker May 10, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated the text to describe what to do instead of how to do it, and the screenshot. I think it's ok now.
Technically, we can add gif animations. I need to check with other writers if it's ok to do so. Personally, I find them a bit distracting in docs.

andrew-goldstein
andrew-goldstein reviewed May 7, 2020
View reviewed changes
docs/en/siem/siem-ui.asciidoc Outdated
image::images/siem-click-swipe.png[]

TIP: All {siem-soln} histograms and graphs contain an **Inspect** button, so
you can examine data sources throughout the app.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

so you can examine data sources throughout the app.

Consider replacing "data sources" with "queries", e.g.:

so you can view the Elasticsearch queries that provide data for graphs throughout the app.

andrew-goldstein
andrew-goldstein approved these changes May 11, 2020
View reviewed changes
Copy link

@andrew-goldstein andrew-goldstein left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for documenting these enhancements @benskelker!
LGTM 🚀

@benskelker benskelker merged commit bf9a372 into elastic:master May 11, 2020
@benskelker benskelker deleted the threat-hunting-enhancements branch May 11, 2020 13:40
@benskelker benskelker mentioned this pull request May 11, 2020
Merged
benskelker added a commit to benskelker/stack-docs that referenced this pull request May 11, 2020
@benskelker
[Docs][SIEM]Threat hunting ehancements (elastic#1039)
52ef07c 
* threat hunting ehancements

* fixes typo

* minor edits

* corrections
benskelker added a commit to benskelker/stack-docs that referenced this pull request May 11, 2020
@benskelker
[Docs][SIEM]Threat hunting ehancements (elastic#1039)
e53f9a4 
* threat hunting ehancements

* fixes typo

* minor edits

* corrections
@benskelker benskelker mentioned this pull request May 11, 2020
Merged
benskelker added a commit that referenced this pull request May 11, 2020
@benskelker
[Docs][SIEM]Threat hunting ehancements (#1039) (#1054)
dd12b14 
* threat hunting ehancements

* fixes typo

* minor edits

* corrections
benskelker added a commit that referenced this pull request May 11, 2020
@benskelker
[Docs][SIEM]Threat hunting ehancements (#1039) (#1055)
8f993b2 
* threat hunting ehancements

* fixes typo

* minor edits

* corrections
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrew-goldstein andrew-goldstein andrew-goldstein approved these changes

@XavierM XavierM Awaiting requested review from XavierM

@MikePaquette MikePaquette Awaiting requested review from MikePaquette

@spong spong Awaiting requested review from spong

Assignees
No one assigned
Labels
v7.8.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Threat hunting enhancements
2 participants
@benskelker @andrew-goldstein