[Serverless]: Security – Create a detection rule #6154

natasha-moore-elastic · 2024-11-13T13:12:32Z

Elastic Security

The section on machine learning rules goes before the custom query rules section, but in the UI, the custom query rule type comes first.
The Timeline template field at the end of the define rule section isn’t described for any of the rules.
"Before you create rules, create Timeline templates so they can be selected here." – Timeline templates should link to https://www.elastic.co/guide/en/serverless/current/security-timeline-templates-ui.html. It’s also unclear from the screenshot and surrounding text where exactly Timeline templates can be selected. Does this refer to the Timeline template field at the end of the define rule section?
"You can use saved queries and queries from saved Timelines (Import query from saved Timeline) as rule conditions." – I don’t see the saved queries icon in the UI.
"Continue onto setting up alert notifications" – should link to the Set up rule actions (optional) section.
"Project settings → Management → Connectors" – should be Project settings → Stack Management → Connectors.
"Select the Show Elasticsearch Serverless requests, ran during rule executions option" – In the UI, the option is called Show Elasticsearch requests, ran during rule executions.

georgewallace transferred this issue from elastic/docs-content Nov 13, 2024

nastasha-solomon self-assigned this Nov 13, 2024

nastasha-solomon added bug Something isn't working Docset: Serverless Issues for Serverless Security labels Nov 13, 2024

jmikell821 assigned benironside and unassigned nastasha-solomon Nov 19, 2024

jmikell821 added Team: Threat Hunting Formerly Data Visibility Team: Detection Engine labels Nov 19, 2024

Provide feedback