Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add details for the new Security: Host module to OOTB ML jobs doc #2909

Merged
merged 7 commits into from
Jan 29, 2025
Merged

Add details for the new Security: Host module to OOTB ML jobs doc #2909

merged 7 commits into from
Jan 29, 2025

Conversation

sodhikirti07
Copy link
Contributor

@sodhikirti07 sodhikirti07 commented Jan 21, 2025
edited
Loading

Description

This PR updates the documentation with details about the new Security: Host module introduced to the prebuilt ML jobs in 8.18.0. Note that this doc change is for the 8.18 release.

Related Issues:

@github-actions GitHub Actions
Copy link

A documentation preview will be available soon.

Request a new doc build by commenting
  • Rebuild this PR: run docs-build
  • Rebuild this PR and all Elastic docs: run docs-build rebuild

run docs-build is much faster than run docs-build rebuild. A rebuild should only be needed in rare situations.

If your PR continues to fail for an unknown reason, the doc build pipeline may be broken. Elastic employees can check the pipeline status here.

@mergify Mergify
Copy link
Contributor

mergify bot commented Jan 21, 2025

This pull request does not have a backport label. Could you fix it @sodhikirti07? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

  • backport-/d./d is the label to automatically backport to the /d./d branch. /d is the digit
    NOTE: backport-skip has been added to this pull request.

@mergify mergify bot added the backport-skip Skip automated backport with mergify label Jan 21, 2025
susan-shu-c
susan-shu-c reviewed Jan 21, 2025
View reviewed changes
docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-siem.asciidoc Outdated

|low_count_events_for_a_host_name
|Looks for a sudden drop in host based traffic. This can be due to a range of security issues, such as a compromised system, a failed service, or a network misconfiguration.
|https://github.com/elastic/kibana/blob/{branch}/x-pack/plugins/ml/server/models/data_recognizer/modules/security_host/ml/low_count_events_for_a_host_name.json[image:images/link.svg[A link icon]]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The preview looks good, but the links to GitHub are broken:

https://stack-docs_bk_2909.docs-preview.app.elstc.co/guide/en/security/master/prebuilt-ml-jobs.html#security-host-jobs
Screenshot 2025-01-21 at 12 21 42 PM
Screenshot 2025-01-21 at 12 23 36 PM

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The links are broken for other modules as well. I believe this might be because the branch here points to 8.18 or a similar version.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

True, very odd yeah! In the preview site, when I selected 8.17 the links worked. So I guess we can take it with a grain of salt - but let's check back when it's merged/deployed

susan-shu-c
susan-shu-c previously approved these changes Jan 21, 2025
View reviewed changes
@sodhikirti07 sodhikirti07 marked this pull request as ready for review January 22, 2025 15:53
@sodhikirti07 sodhikirti07 requested a review from a team as a code owner January 22, 2025 15:53
@sodhikirti07
Copy link
Contributor Author

@elastic/mlr-docs Could someone from the docs team review this PR? It’s aimed for 8.18 and needs to be merged by January 29.

szabosteve
szabosteve previously approved these changes Jan 28, 2025
View reviewed changes
Copy link
Contributor

@szabosteve szabosteve left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, I suggested to change the URLs. It seems that the x-pack folder structure has changed after 8.17.

docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-siem.asciidoc Outdated Show resolved Hide resolved
docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-siem.asciidoc Outdated Show resolved Hide resolved
docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-siem.asciidoc Outdated Show resolved Hide resolved
docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-siem.asciidoc Outdated Show resolved Hide resolved
docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-siem.asciidoc Outdated Show resolved Hide resolved
@sodhikirti07 sodhikirti07 dismissed stale reviews from szabosteve and susan-shu-c via a8c38b2 January 28, 2025 16:03
szabosteve
szabosteve previously approved these changes Jan 28, 2025
View reviewed changes
Copy link
Contributor

@szabosteve szabosteve left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@szabosteve szabosteve added v9.0 v8.18 backport-8.18 Automated backport with mergify labels Jan 28, 2025
@mergify mergify bot removed the backport-skip Skip automated backport with mergify label Jan 28, 2025
@szabosteve
Copy link
Contributor

@sodhikirti07 I've added the v8.18 and backport-8.18 labels to the PR based on the text in the PR description. So the changes will be backported to 8.18. Please let me know if this is not necessary and if I misinterpreted the description. Thank you!

@sodhikirti07
Copy link
Contributor Author

I've added the v8.18 and backport-8.18 labels to the PR based on the text in the PR description. So the changes will be backported to 8.18.

@szabosteve Thank you! The update is targeted for 8.18.

susan-shu-c
susan-shu-c previously approved these changes Jan 28, 2025
View reviewed changes
@sodhikirti07 sodhikirti07 dismissed stale reviews from susan-shu-c and szabosteve via 3f68dd8 January 28, 2025 19:38
@sodhikirti07
Copy link
Contributor Author

@lcawl Can someone else from your team can approve this PR? @szabosteve might be offline now. I committed a small change.

@sodhikirti07 sodhikirti07 merged commit 16da319 into main Jan 29, 2025
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@szabosteve szabosteve szabosteve approved these changes

@jmcarlock jmcarlock Awaiting requested review from jmcarlock

@dhru42 dhru42 Awaiting requested review from dhru42

@susan-shu-c susan-shu-c Awaiting requested review from susan-shu-c

Assignees
No one assigned
Labels
backport-8.18 Automated backport with mergify v8.18 v9.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sodhikirti07 @szabosteve @susan-shu-c