-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hiding building block rules in "Security/Overview" #99841
Comments
@jmikell821 I think this belongs in https://github.com/elastic/security-docs, but since I don't have write access there, I can't transfer it across. |
Hi @tvernum - thanks for passing along. This, however, is an enhancement/feature request for Elastic Security as opposed to a documentation issue, so I'm going to transfer this to Kibana and tag the Detections & Response team. |
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
Pinging @elastic/security-solution (Team: SecuritySolution) |
Hi @srikwit. First of all, thank you for your suggestions! Hiding building block alerts on the Security Overview page is addressed in this bugfix: #105611 I'm not sure about adding the corresponding filter on the Security Overview page though. To my mind, users are able to navigate from Overview to Alerts and have all the slice-and-dice functionality in the Alerts table there. Filters applied to the Alerts table are synchronised with the Alerts Trend histogram. This way we could have finer grained controls on the Alerts page and leave the Overview page much lighter, giving just the overview of the whole system as the name stands for. Any thoughts from the UX side would be appreciated @yiyangliu9286. |
@banderror Thanks for tagging! Re: the information that has shared via bugfix: #105611, if there's other technical consideration around the implementation for adding a filter on the Security Overview page in the future; maybe a quick UX fix for now would be giving users the context on where they would find and view the building block alerts once they have the filter turned on in the Alerts table (wanted to let them know these alerts show only in the Alerts table but not the Overview page). An Info
|
@yiyangliu9286 Yeah, this was the intended original design for conveying how building block alerts are shown within the Alerts/Timeline tables. Was added as part of #79049. This is probably worth revisiting along with other markers (like the yellow left border signifying an event of kind:alert) and where/what the appropriate legend is for users to make this association, so any thoughts you have here would be greatly appreciated 🙂 |
Dear Team,
As per the docs at "https://www.elastic.co/guide/en/security/current/building-block-rule.html":
Create building-block rules when you do not want to see their generated alerts in the UI.
However, this feature is only allowed in the detections tab but not in the Overview tab. Due to this the alerts visualization generated from building blocks can overwhelm other critical alerts.
Requesting you to add the following filter for the Overview page:

The text was updated successfully, but these errors were encountered: