From 736c92cbaeadf0942bc093bd2a82fe7a59ebc641 Mon Sep 17 00:00:00 2001 From: Ben Skelker <54019610+benskelker@users.noreply.github.com> Date: Mon, 10 Feb 2020 22:28:57 +0200 Subject: [PATCH] siem 7.6 updates (#57262) --- docs/management/advanced-options.asciidoc | 6 ++++-- docs/siem/index.asciidoc | 3 ++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/docs/management/advanced-options.asciidoc b/docs/management/advanced-options.asciidoc index 03c680da8fc1bf..7682be877a8180 100644 --- a/docs/management/advanced-options.asciidoc +++ b/docs/management/advanced-options.asciidoc @@ -218,8 +218,10 @@ might increase the search time. This setting is off by default. Users must opt-i [horizontal] `siem:defaultAnomalyScore`:: The threshold above which Machine Learning job anomalies are displayed in the SIEM app. `siem:defaultIndex`:: A comma-delimited list of Elasticsearch indices from which the SIEM app collects events. -`siem:enableNewsFeed`:: Enables the News feed -`siem:newsFeedUrl`:: News feed content will be retrieved from this URL +`siem:enableNewsFeed`:: Enables the security news feed on the SIEM *Overview* +page. +`siem:newsFeedUrl`:: The URL from which the security news feed content is +retrieved. `siem:refreshIntervalDefaults`:: The default refresh interval for the SIEM time filter, in milliseconds. `siem:timeDefaults`:: The default period of time in the SIEM time filter. diff --git a/docs/siem/index.asciidoc b/docs/siem/index.asciidoc index f56baf6abdc2eb..a15d860d76775b 100644 --- a/docs/siem/index.asciidoc +++ b/docs/siem/index.asciidoc @@ -33,7 +33,8 @@ https://www.elastic.co/products/beats/packetbeat[{packetbeat}] send security events and other data to Elasticsearch. The default index patterns for SIEM events are `auditbeat-*`, `winlogbeat-*`, -`filebeat-*`, `endgame-*`, and `packetbeat-*``. You can change the default index patterns in +`filebeat-*`, `packetbeat-*`, `endgame-*`, and `apm-*-transaction*`. You can +change the default index patterns in *Kibana > Management > Advanced Settings > siem:defaultIndex*. [float]