iSharkFly-Docs
/
opensearch-docs-cn
mirror of https://github.com/iSharkFly-Docs/opensearch-docs-cn
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add documentation to provide a link from detector creation to detection rule creation in using rules docs (#4829) 

* fix#4828 link to detection rule creation

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#4828 link to detection rule creation

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#4828 link to detection rule creation

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#4828 link to detection rule creation

Signed-off-by: cwillum <cwmmoore@amazon.com>

---------

Signed-off-by: cwillum <cwmmoore@amazon.com>
This commit is contained in:
Chris Moore 2023-08-17 17:22:04 -07:00 committed by GitHub
parent 8f91f1a49b
commit b9b21e1e30
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
_security-analytics/sec-analytics-config/detectors-config.md
View File

@ -21,7 +21,12 @@ You can define a new detector by naming the detector, selecting a data source an
When multiple data sources are selected, the logs must be of the same type. We recommend creating separate detectors for different log types. When multiple data sources are selected, the logs must be of the same type. We recommend creating separate detectors for different log types.
{: .note } {: .note }
1. In the **Log types and rules** section, select the log type for the data source. The system automatically populates the Sigma security rules associated with the log type. The following image shows the number of associated rules populated in the **Detection rules** section. 1. In the **Log types and rules** section, select the log type for the data source. The system automatically populates the Sigma security rules associated with the log type.
For information about creating your own detection rules, see [Creating detection rules]({{site.url}}{{site.baseurl}}/security-analytics/usage/rules/#creating-detection-rules).
{: .note }
The following image shows the number of associated rules populated in the **Detection rules** section.
<img src="{{site.url}}{{site.baseurl}}/images/Security/detector_rules.png" alt="Selecting threat detector type to auto-populate rules" width="85%"> <img src="{{site.url}}{{site.baseurl}}/images/Security/detector_rules.png" alt="Selecting threat detector type to auto-populate rules" width="85%">

2
_security-analytics/usage/rules.md
View File

@ -34,7 +34,7 @@ In Visual view, rule details are arranged in fields, and the links are active. S
* To copy the rule, select the copy icon in the upper-right corner of the rule. To quickly create a new, customized rule, you can paste the rule into the YAML editor and make any modifications before saving it. See [Customizing rules](#customizing-rules) for more information. * To copy the rule, select the copy icon in the upper-right corner of the rule. To quickly create a new, customized rule, you can paste the rule into the YAML editor and make any modifications before saving it. See [Customizing rules](#customizing-rules) for more information.
--- ---
## Creating rules ## Creating detection rules
There are multiple ways to create rules on the **Detection rules** page. These methods include manually creating a custom rule, importing a rule, and duplicating an existing rule to customize it. The following sections discuss these methods in detail. There are multiple ways to create rules on the **Detection rules** page. These methods include manually creating a custom rule, importing a rule, and duplicating an existing rule to customize it. The following sections discuss these methods in detail.