Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DOCS]: Unified Detection Alerts View #54

Closed
dontcallmesherryli opened this issue Jul 6, 2020 · 3 comments
Closed

[DOCS]: Unified Detection Alerts View #54

dontcallmesherryli opened this issue Jul 6, 2020 · 3 comments
Assignees
@benskelker @jmikell821
Labels
Team: Docs v7.9.0 Features in the 7.9 Release

Comments

@dontcallmesherryli
Copy link

dontcallmesherryli commented Jul 6, 2020
edited
Loading

Description

Meta Issue: https://github.com/elastic/endpoint-app-team/issues/372
Link to Mocks https://www.figma.com/file/LsjbVEOGXX4iPHqoqQL8mc/Endpoint-Screens-and-Components?node-id=1269%3A125098

As an analyst, I want to be able to view all alerts on a page and search/filter/sort fields in the Detection Alerts view. As a user, I want to have a single unified place to see all alerts coming from Elastic Endpoints, 3rd party logs, and detection engine created so that I can have a holistic and uniformed triage process for all of my alerts.

Acceptance Test Criteria

Documentation required to point out following changes to the Detection Alert page in 7.9:

  1. Open, In Progress, and Closed Alerts filters on alert list
  2. Action overflow menu ([SIEM][Timeline] Add ability for timeline actions to overflow after specified count kibana#65945)
    1. Actins not in overflow - Investigate in Timeline, Analyze Event
    2. Action in overflow - Mark In Progress, Close selected, Add Exceptions, Add Endpoint Exception, Edit Actions
  3. Signals now called Detection Alerts ([SIEM][Timeline] Rename Signals table to Alerts kibana#65944)
  4. Remove External Alerts tabs
  5. Toast success and failed messages on status change of alerts to closed, in progress, reopen ([SIEM][Exceptions] Add success/error toast component on alert state change kibana#67406)
  6. Sticky column preferences - Columns and row rendered preferences are stored per-user base (https://github.com/elastic/siem-team/issues/589)

Notes

  • Add the "Team:Docs" label to new issues.
  • Be sure to add any necessary screenshots for clarity.
  • Include any conditions or caveats that may affect customers.
@dontcallmesherryli dontcallmesherryli added the v7.9.0 Features in the 7.9 Release label Jul 6, 2020
@benskelker benskelker self-assigned this Jul 14, 2020
@narcher7 narcher7 mentioned this issue Jul 15, 2020
Closed
@dontcallmesherryli
Copy link
Author

@benskelker we need to add the ability for users to go full screen mode in the alert page, as well as in the timeline.

@benskelker
Copy link
Contributor

Hi @dontcallmesherryli, @jmikell821

As all event and alert tables in the app can be viewed in full screen, let's also add this to over overview/UI stuff. I'll include it as a tip in the Managing alerts section.

@benskelker
Copy link
Contributor

Documented as part of #73

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@benskelker benskelker

@jmikell821 jmikell821

Labels
Team: Docs v7.9.0 Features in the 7.9 Release
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dontcallmesherryli @benskelker @jmikell821