Skip to content

[8.18] [8.18] Rule gaps and manual rule runs (backport #6649) #6688

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 29, 2025
Merged

[8.18] [8.18] Rule gaps and manual rule runs (backport #6649) #6688

merged 1 commit into from
Mar 29, 2025

Conversation

mergify[bot]
Copy link
Contributor

@mergify mergify bot commented Mar 28, 2025

Addresses #6493, elastic/docs-content#287, and elastic/docs-content#888 by providing 8.18 docs for rule gaps and updating docs for manual runs. Note that I also shifted some manual run content around for better flow or to provide more context where it was lacking.

Twin 9.0 and Serverless PR: elastic/docs-content#892

Previews:

  • Rule Monitoring tab: Refreshed the intro para and screenshot to show that you can find gap details on the Rule Monitoring tab. Also added a short para to the end of the section to elaborate.
  • Execution results tab: Since this section has evolved into an explanation of what's in the Execution results tab on the rule details page, I changed the section name from "Execution results" to "Execution results tab". I also moved content about the Execution log into its own sub-section titled "Execution log table".
    • Gaps table: New section that explains how to use the Gaps table to monitor and fill gaps.
    • Manual runs table: Made a few changes:
      • Removed instructions for accessing the Manual runs table. Since they were generally applicable to all of the tables within the Execution results tab, I provided general guidance to the Manual runs table (and all other tables on the tab) in the intro para for the "Execution results tab" section.
      • Elaborated on what manual runs were and linked to the instructions for starting manual runs to allow users a way to quickly access those steps.
      • Combined related actions and ideas in the list.
  • Manage detection rules | Run rules manually: Made the following changes:
    • Removed the beta tag since manual runs is GA'ing in 8.18. Also refreshed the image to show that the table no longer had a pre-release label.
    • Refreshed intro so it shows that you can manually run rules to fill gaps.
    • Moved a bit of content around at the end for better flow. Also updated the note to include the alert suppression known issue.
    This is an automatic backport of pull request [8.18] Rule gaps and manual rule runs #6649 done by [Mergify](https://mergify.com).

@nastasha-solomon @natasha-moore-elastic @mergify
[8.18] Rule gaps and manual rule runs (#6649)
c319363 
* First draft

* Formatting

* Some deduping

* Revisions

* New images

* image updates

* Minor edits

* em dash

* Moved more content around

* Tweak

* Grammar fix

* Missing space

* Update docs/detections/rules-ui-monitor.asciidoc

Co-authored-by: natasha-moore-elastic <[email protected]>

* Update docs/detections/rules-ui-monitor.asciidoc

Co-authored-by: natasha-moore-elastic <[email protected]>

* Update docs/detections/rules-ui-monitor.asciidoc

Co-authored-by: natasha-moore-elastic <[email protected]>

* Update docs/detections/rules-ui-monitor.asciidoc

* Update docs/detections/rules-ui-manage.asciidoc

* Update docs/detections/rules-ui-monitor.asciidoc

* Feedback from technical review

* Update docs/detections/rules-ui-monitor.asciidoc

* Update docs/detections/rules-ui-manage.asciidoc

* Kseniia's feedback

* One more change

* revert changes

* uppercase

* Table name

---------

Co-authored-by: natasha-moore-elastic <[email protected]>
(cherry picked from commit edf1ec0)
@mergify mergify bot added the backport label Mar 28, 2025
@mergify mergify bot requested a review from a team as a code owner March 28, 2025 16:25
@github-actions GitHub Actions
Copy link

A documentation preview will be available soon.

Request a new doc build by commenting
  • Rebuild this PR: run docs-build
  • Rebuild this PR and all Elastic docs: run docs-build rebuild

run docs-build is much faster than run docs-build rebuild. A rebuild should only be needed in rare situations.

If your PR continues to fail for an unknown reason, the doc build pipeline may be broken. Elastic employees can check the pipeline status here.

@nastasha-solomon nastasha-solomon merged commit 2298290 into 8.18 Mar 29, 2025
5 checks passed
@nastasha-solomon nastasha-solomon deleted the mergify/bp/8.18/pr-6649 branch March 29, 2025 11:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nastasha-solomon nastasha-solomon nastasha-solomon approved these changes

Assignees

@nastasha-solomon nastasha-solomon

Labels
backport
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@nastasha-solomon