Chris Moore 605edd5ac3
Add documentation for Security Analytics plugin (#1824)
* fix#939-sec-analytics

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#939-sec-analytics

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#939-sec-analytics

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#939-sec-analytics

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#939-sec-analytics

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#939-sec-analytics

Signed-off-by: cwillum <cwmmoore@amazon.com>

* Delete admin-api.md

* Delete api-index.md

* fix#939-sec-analytics

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#939-sec-analytics

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#939-sec-analytics

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#939-sec-analytics

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#939-sec-analytics

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#939-sec-analytics

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#939-sec-analytics

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#939-sec-analytics

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#939-sec-analytics

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#939-sec-analytics

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#939-sec-analytics

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#939-sec-analytics

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#939-sec-analytics

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#939-sec-analytics

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#939-sec-analytics

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#939-sec-analytics

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#939-sec-analytics

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#939-sec-analytics

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#939-sec-analytics

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#939-sec-analytics

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#939-sec-analytics

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#939-sec-analytics

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#939-sec-analytics

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#939-sec-analytics

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#939-sec-analytics

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#939-sec-analytics

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#939-sec-analytics

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#939-sec-analytics

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#939-sec-analytics (#1901)

Signed-off-by: Subhobrata Dey <sbcd90@gmail.com>

Signed-off-by: Subhobrata Dey <sbcd90@gmail.com>
Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>

* fix#939-sec-analytics

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#939-sec-analytics

Signed-off-by: cwillum <cwmmoore@amazon.com>

Signed-off-by: cwillum <cwmmoore@amazon.com>
Signed-off-by: Subhobrata Dey <sbcd90@gmail.com>
Co-authored-by: Subhobrata Dey <sbcd90@gmail.com>
Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
2022-11-18 10:19:06 -08:00

1.5 KiB

layout, title, nav_order, has_children, has_toc, redirect_from
layout title nav_order has_children has_toc redirect_from
default Setting up Security Analytics 10 true false
/security-analytics/sec-analytics-config/

Setting up Security Analytics

Before Security Analytics can begin generating findings and sending alerts, administrators must create detectors and make log data available to the system. Once detectors are able to generate findings, you can fine-tune your alerts to focus on specific areas of interest. The following steps outline the basic workflow for setting up components in Security Analytics.

  1. Create security detectors and alerts, and ingest log data. See Creating detectors for details.
  2. Inspect findings generated from detector output and create any additional alerts.
  3. If desired, create custom rules by duplicating and then modifying pre-packaged rules. See Creating a rule by duplication for details.

Navigate to Security Analytics

  1. To get started, select the top menu on the Dashboards home page and then select Security Analytics. The Overview page for Security Analytics is displayed.
  2. From the options on the left side of the page, select Detectors to begin creating a detector.
Navigating to create a detector page