From 3f7b87ea777efa0b92e2f2d107c81cbeb20d6b89 Mon Sep 17 00:00:00 2001 From: Ben Skelker <54019610+benskelker@users.noreply.github.com> Date: Wed, 1 Apr 2020 09:35:41 +0300 Subject: [PATCH] [Docs][SIEM]General doc improvements (#957) * adds kib to request urls * adds cross-cluster search links --- docs/en/siem/index-api-overview.asciidoc | 6 ++-- docs/en/siem/installation.asciidoc | 10 +++++++ docs/en/siem/privileges-api-overview.asciidoc | 2 +- docs/en/siem/rules-api-bulk-actions.asciidoc | 8 ++--- docs/en/siem/rules-api-create.asciidoc | 2 +- docs/en/siem/rules-api-delete.asciidoc | 2 +- docs/en/siem/rules-api-export.asciidoc | 2 +- docs/en/siem/rules-api-find.asciidoc | 2 +- docs/en/siem/rules-api-get.asciidoc | 2 +- docs/en/siem/rules-api-import.asciidoc | 2 +- docs/en/siem/rules-api-overview.asciidoc | 30 +++++++++++-------- docs/en/siem/rules-api-prebuilt.asciidoc | 4 +-- docs/en/siem/rules-api-update.asciidoc | 4 +-- docs/en/siem/signals-api-overview.asciidoc | 4 +-- docs/en/siem/tags-api-overview.asciidoc | 2 +- 15 files changed, 48 insertions(+), 34 deletions(-) diff --git a/docs/en/siem/index-api-overview.asciidoc b/docs/en/siem/index-api-overview.asciidoc index 5ed3618f8..1368d54b7 100644 --- a/docs/en/siem/index-api-overview.asciidoc +++ b/docs/en/siem/index-api-overview.asciidoc @@ -44,7 +44,7 @@ Creates a signal index. The naming convention for the index is ===== Request URL -`POST /api/detection_engine/index` +`POST :/api/detection_engine/index` ====== Example request @@ -67,7 +67,7 @@ Gets the signal index name if it exists. ===== Request URL -`GET /api/detection_engine/index` +`GET :/api/detection_engine/index` ====== Example request @@ -114,7 +114,7 @@ Deletes the signal index. ===== Request URL -`DELETE /api/detection_engine/index` +`DELETE :/api/detection_engine/index` ====== Example request diff --git a/docs/en/siem/installation.asciidoc b/docs/en/siem/installation.asciidoc index 595a516c1..e7456be8b 100644 --- a/docs/en/siem/installation.asciidoc +++ b/docs/en/siem/installation.asciidoc @@ -20,6 +20,16 @@ Elastic Cloud. The {es} Service is available on both AWS and GCP. Service for free]. ============== +For information on how to perform cross-cluster searches on {siem-soln} +indices, see: + +* {ref}/modules-cross-cluster-search.html[Search across cluster] +(for on-premises {stack} deployments) +* {cloud}/ec-enable-ccs.html[Enable cross-cluster search] (for hosted deployments) + +[float] +=== Ingest data + To ingest data, you can use: * *{beats}* shippers (version 7.x or later) installed for each system you want diff --git a/docs/en/siem/privileges-api-overview.asciidoc b/docs/en/siem/privileges-api-overview.asciidoc index a9660e145..9ff604cfe 100644 --- a/docs/en/siem/privileges-api-overview.asciidoc +++ b/docs/en/siem/privileges-api-overview.asciidoc @@ -14,7 +14,7 @@ Returns user privileges for the {kib} space. ===== Request URL -`GET /api/detection_engine/privileges` +`GET :/api/detection_engine/privileges` ====== Example requests diff --git a/docs/en/siem/rules-api-bulk-actions.asciidoc b/docs/en/siem/rules-api-bulk-actions.asciidoc index 3f5f3ce77..47f3f9f97 100644 --- a/docs/en/siem/rules-api-bulk-actions.asciidoc +++ b/docs/en/siem/rules-api-bulk-actions.asciidoc @@ -10,7 +10,7 @@ Creates new rules. ===== Request URL -`POST /api/detection_engine/rules/_bulk_create` +`POST :/api/detection_engine/rules/_bulk_create` ===== Request body @@ -82,7 +82,7 @@ Deletes multiple rules. ===== Request URL -`DELETE /api/detection_engine/rules/_bulk_delete` +`DELETE :/api/detection_engine/rules/_bulk_delete` ===== Request body @@ -124,9 +124,9 @@ You can use `PUT` or `PATCH` methods to bulk update rules, where: ===== Request URL -`PUT /api/detection_engine/rules/_bulk_update` +`PUT :/api/detection_engine/rules/_bulk_update` -`PATCH /api/detection_engine/rules/_bulk_update` +`PATCH :/api/detection_engine/rules/_bulk_update` ===== Request body diff --git a/docs/en/siem/rules-api-create.asciidoc b/docs/en/siem/rules-api-create.asciidoc index 0a089474f..d8ee1a4b4 100644 --- a/docs/en/siem/rules-api-create.asciidoc +++ b/docs/en/siem/rules-api-create.asciidoc @@ -5,7 +5,7 @@ Creates a new signal detection rule. ==== Request URL -`POST /api/detection_engine/rules` +`POST :/api/detection_engine/rules` ==== Request body diff --git a/docs/en/siem/rules-api-delete.asciidoc b/docs/en/siem/rules-api-delete.asciidoc index b30cd6826..811a77219 100644 --- a/docs/en/siem/rules-api-delete.asciidoc +++ b/docs/en/siem/rules-api-delete.asciidoc @@ -5,7 +5,7 @@ Deletes a single rule using the `rule_id` or `id` field. ==== Request URL -`DELETE /api/detection_engine/rules` +`DELETE :/api/detection_engine/rules` ===== URL query parameters diff --git a/docs/en/siem/rules-api-export.asciidoc b/docs/en/siem/rules-api-export.asciidoc index 5f230259e..e874c7258 100644 --- a/docs/en/siem/rules-api-export.asciidoc +++ b/docs/en/siem/rules-api-export.asciidoc @@ -7,7 +7,7 @@ NOTE: You cannot export prepackaged rules. ==== Request URL -`POST /api/detection_engine/rules/_export` +`POST :/api/detection_engine/rules/_export` ===== URL query parameters diff --git a/docs/en/siem/rules-api-find.asciidoc b/docs/en/siem/rules-api-find.asciidoc index aaae10887..0e7ccd159 100644 --- a/docs/en/siem/rules-api-find.asciidoc +++ b/docs/en/siem/rules-api-find.asciidoc @@ -5,7 +5,7 @@ Retrieves a paginated subset of signal detection rules. By default, the first pa ==== Request URL -`GET /api/detection_engine/rules/_find` +`GET :/api/detection_engine/rules/_find` ===== URL query parameters diff --git a/docs/en/siem/rules-api-get.asciidoc b/docs/en/siem/rules-api-get.asciidoc index 92719d6f4..ca62df54b 100644 --- a/docs/en/siem/rules-api-get.asciidoc +++ b/docs/en/siem/rules-api-get.asciidoc @@ -5,7 +5,7 @@ Retrieves a single rule using the `rule_id` or `id` field. ==== Request URL -`GET /api/detection_engine/rules` +`GET :/api/detection_engine/rules` ===== URL query parameters diff --git a/docs/en/siem/rules-api-import.asciidoc b/docs/en/siem/rules-api-import.asciidoc index bd3e646a7..f376d5ad1 100644 --- a/docs/en/siem/rules-api-import.asciidoc +++ b/docs/en/siem/rules-api-import.asciidoc @@ -5,7 +5,7 @@ Imports rules from an ndjson file. ==== Request URL -`POST /api/detection_engine/rules/_import` +`POST :/api/detection_engine/rules/_import` The request must include: diff --git a/docs/en/siem/rules-api-overview.asciidoc b/docs/en/siem/rules-api-overview.asciidoc index 5eed81728..ecd162929 100644 --- a/docs/en/siem/rules-api-overview.asciidoc +++ b/docs/en/siem/rules-api-overview.asciidoc @@ -12,20 +12,24 @@ and alerts, see <>. The API has these endpoints: -* `/api/detection_engine/rules` - Signal detection rules CRUD -functions -* `/api/detection_engine/index` - Signal index operations -* `/api/detection_engine/tags` - Aggregates and returns rule tags -* `/api/detection_engine/_import` - Imports rules from an ndjson -file -* `/api/detection_engine/_export` - Exports rules to an ndjson file -* `/api/detection_engine/privileges` - Returns the user's +* `:/api/detection_engine/rules` - Signal detection rules +CRUD functions +* `:/api/detection_engine/index` - Signal index operations +* `:/api/detection_engine/tags` - Aggregates and returns +rule tags +* `:/api/detection_engine/_import` - Imports rules from an +ndjson file +* `:/api/detection_engine/_export` - Exports rules to an +ndjson file +* `:/api/detection_engine/privileges` - Returns the user's {kib} space and signal index permissions, and whether the user is authenticated -* `/api/detection_engine/signals` - Aggregates, queries, and +* `:/api/detection_engine/signals` - Aggregates, queries, and returns signals, and updates their statuses -* `/api/detection_engine/prepackaged` - Loads and retrieves the status of Elastic <> +* `:/api/detection_engine/prepackaged` - Loads and retrieves +the status of Elastic <> -Where `` is the URL and port number of your Kibana instance. +Where `` is the host name and `` is the port of your {kib} +instance. NOTE: In dev mode, the Kibana server runs behind a proxy which adds a random path component to its URL. @@ -38,7 +42,7 @@ how to work with and disable the random path component. If you are making calls to a {kib} space *other than* the `Default` space, the space identifier is part of the endpoint's URL: -`/s//api/detection_engine/rules` +`:/s//api/detection_engine/rules` Where `` is the URL identifier for the space. @@ -79,6 +83,6 @@ from the {kib} `siem` space: [source,js] -------------------------------------------------- -curl -X GET "/s/siem/api/detection_engine/rules/_find" +curl -X GET ":/s/siem/api/detection_engine/rules/_find" -H 'kbn-xsrf: kibana' -u : -------------------------------------------------- \ No newline at end of file diff --git a/docs/en/siem/rules-api-prebuilt.asciidoc b/docs/en/siem/rules-api-prebuilt.asciidoc index 98da31a08..190b4ebb6 100644 --- a/docs/en/siem/rules-api-prebuilt.asciidoc +++ b/docs/en/siem/rules-api-prebuilt.asciidoc @@ -13,7 +13,7 @@ NOTE: By default, all loaded prebuilt rules are disabled. ===== Request URL -`PUT /api/detection_engine/rules/prepackaged` +`PUT :/api/detection_engine/rules/prepackaged` ====== Example request @@ -48,7 +48,7 @@ Returns rule statuses. ===== Request URL -`GET /api/detection_engine/rules/prepackaged/_status` +`GET :/api/detection_engine/rules/prepackaged/_status` ====== Example request diff --git a/docs/en/siem/rules-api-update.asciidoc b/docs/en/siem/rules-api-update.asciidoc index 8216e32f5..be47a6009 100644 --- a/docs/en/siem/rules-api-update.asciidoc +++ b/docs/en/siem/rules-api-update.asciidoc @@ -10,9 +10,9 @@ You can use `PUT` or `PATCH` methods to update rules, where: ==== Request URL -`PUT /api/detection_engine/rules` +`PUT :/api/detection_engine/rules` -`PATCH /api/detection_engine/rules` +`PATCH :/api/detection_engine/rules` ==== Request body diff --git a/docs/en/siem/signals-api-overview.asciidoc b/docs/en/siem/signals-api-overview.asciidoc index 9362a0f6a..ee7414cda 100644 --- a/docs/en/siem/signals-api-overview.asciidoc +++ b/docs/en/siem/signals-api-overview.asciidoc @@ -16,7 +16,7 @@ Aggregates and returns signals. ===== Request URL -`POST /api/detection_engine/signals/search` +`POST :/api/detection_engine/signals/search` ===== Request body @@ -116,7 +116,7 @@ Sets the status of one or more signals. ===== Request URL -`POST /api/detection_engine/signals/status` +`POST :/api/detection_engine/signals/status` ===== Request body diff --git a/docs/en/siem/tags-api-overview.asciidoc b/docs/en/siem/tags-api-overview.asciidoc index 5efa5b69d..e46ead02b 100644 --- a/docs/en/siem/tags-api-overview.asciidoc +++ b/docs/en/siem/tags-api-overview.asciidoc @@ -10,7 +10,7 @@ Aggregates and returns all unique tags from all rules. ===== Request URL -`GET /api/detection_engine/tags` +`GET :/api/detection_engine/tags` ====== Example request