Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DOCS] Timeline Updates in 7.9 #61

Closed
dontcallmesherryli opened this issue Jul 8, 2020 · 2 comments · Fixed by #84
Closed

[DOCS] Timeline Updates in 7.9 #61

dontcallmesherryli opened this issue Jul 8, 2020 · 2 comments · Fixed by #84
Assignees
@benskelker
Labels
Team: Docs v7.9.0 Features in the 7.9 Release

Comments

@dontcallmesherryli
Copy link

Description

Meta Issues: https://github.com/elastic/siem-team/issues/528 and elastic/kibana#68580

In 7.9, the Timeline feature will have the following updates:

  • User ability to add a Timeline to existing Case
  • Timeline Template

Acceptance Test Criteria

Docs are needed for the 2 enhancements to Timeline

User ability to add a Timeline to existing Case

User can add a Timeline to an existing Case now. Gif is included in issue ticket.

Timeline Template

User can create a new template or convert an existing timeline into a template to use for future investigations.

Workflow below helps show how timeline templates are created, and how they can be used for Detection Rules.
Timeline.Template.Workflow.1.pdf

Use case: When users open up alerts in the Timeline, it would be nice to have each of those Timeline pre-configured and populated with all the relevant fields in the relevant order. User can create templates which they can pre-configured fields and link them to the Detection Rule that will produce alert types that they want to use the Timeline Template for.

For example, if a user write a Detection Rule to seek out malicious file events in the environment, they would definitely want to see fields such as file name, file path, file size, username, and file hash. They can make a timeline template that has all of these fields set as the default view, and add it to the Detection Rule. When an alert is triggered on that rule, user opens up the alert in timeline, the timeline will show file name, file path, file size, username, and file hash fields on default.

Notes

  • Add the "Team:Docs" label to new issues.
  • Be sure to add any necessary screenshots for clarity.
  • Include any conditions or caveats that may affect customers.
@dontcallmesherryli dontcallmesherryli added Team: Docs v7.9.0 Features in the 7.9 Release labels Jul 8, 2020
@benskelker
Copy link
Contributor

benskelker commented Jul 14, 2020
edited
Loading

API PR: #50

@benskelker
Copy link
Contributor

benskelker commented Jul 14, 2020
edited
Loading

Related to: #19

@jmikell821 jmikell821 removed their assignment Jul 14, 2020
@narcher7 narcher7 mentioned this issue Jul 15, 2020
Closed
@benskelker benskelker linked a pull request Aug 3, 2020 that will close this issue
[Docs]Timeline and Template UI updates #84
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@benskelker benskelker

Labels
Team: Docs v7.9.0 Features in the 7.9 Release
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Docs]Timeline and Template UI updates benskelker/security-docs
3 participants
@dontcallmesherryli @benskelker @jmikell821