Skip to content

[DOCS] Explain requirement to create Endpoint exception #1428

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 10 commits into from
Jan 26, 2022

Conversation

joepeeples
Copy link
Contributor

@joepeeples joepeeples commented Jan 20, 2022

Resolves #1360.

Preview here. The main change is the added paragraph in the Important admonition (line 170), but I also tweaked some of the phrasing throughout the topic.

@joepeeples joepeeples added Team: Docs v8.0.0 Team: Endpoint Endpoint related issues Team: EDR Workflows Formerly Defend Workflows, Onboarding and Lifecycle Management v7.16.0 v7.17.0 v8.1.0 labels Jan 20, 2022
@joepeeples joepeeples self-assigned this Jan 20, 2022
@joepeeples joepeeples changed the title [DOCS] Explain requirement to create Endpoint Exception [DOCS] Explain requirement to create Endpoint exception Jan 20, 2022
from the Endpoint agent. Be careful not to unintentionally prevent some Endpoint
alerts.

Additionally, to add an Endpoint exception to the Elastic {endpoint-sec} rule, there must be at least one {endpoint-sec} alert generated in the system. For non-production use, you can trigger a test alert using malware emulation techniques or tools, such as the Anti Malware Testfile from the https://www.eicar.org/[European Institute for Computer Anti-Virus Research (EICAR)].
Copy link
Contributor Author

@joepeeples joepeeples Jan 20, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any thoughts on the EICAR testfile recommendation? It's mentioned in the originating bug PR & issue, but IMO it seems like a workaround for an edge case bug that we're mentioning in docs just in case someone encounters it. But on the other hand, it might still be a helpful testing strategy to recommend?

@joepeeples joepeeples marked this pull request as ready for review January 21, 2022 19:35
Copy link
Contributor

@benironside benironside left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, left a few comments, I hope they are helpful.

Copy link
Contributor

@kevinlog kevinlog left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks for the added explanation!

@joepeeples joepeeples merged commit 4491fc5 into main Jan 26, 2022
mergify bot pushed a commit that referenced this pull request Jan 26, 2022
* First draft

* Second draft

* Tighten up procedure

* Update detections-ui-exceptions.asciidoc

* Update detections-ui-exceptions.asciidoc

* Apply suggestions from Ben's review

Co-authored-by: benironside <[email protected]>

* Restructure procedure syntax

* Update docs/detections/detections-ui-exceptions.asciidoc

Co-authored-by: Janeen Mikell-Straughn <[email protected]>

Co-authored-by: benironside <[email protected]>
Co-authored-by: Janeen Mikell-Straughn <[email protected]>
(cherry picked from commit 4491fc5)
mergify bot pushed a commit that referenced this pull request Jan 26, 2022
* First draft

* Second draft

* Tighten up procedure

* Update detections-ui-exceptions.asciidoc

* Update detections-ui-exceptions.asciidoc

* Apply suggestions from Ben's review

Co-authored-by: benironside <[email protected]>

* Restructure procedure syntax

* Update docs/detections/detections-ui-exceptions.asciidoc

Co-authored-by: Janeen Mikell-Straughn <[email protected]>

Co-authored-by: benironside <[email protected]>
Co-authored-by: Janeen Mikell-Straughn <[email protected]>
(cherry picked from commit 4491fc5)
mergify bot pushed a commit that referenced this pull request Jan 26, 2022
* First draft

* Second draft

* Tighten up procedure

* Update detections-ui-exceptions.asciidoc

* Update detections-ui-exceptions.asciidoc

* Apply suggestions from Ben's review

Co-authored-by: benironside <[email protected]>

* Restructure procedure syntax

* Update docs/detections/detections-ui-exceptions.asciidoc

Co-authored-by: Janeen Mikell-Straughn <[email protected]>

Co-authored-by: benironside <[email protected]>
Co-authored-by: Janeen Mikell-Straughn <[email protected]>
(cherry picked from commit 4491fc5)
joepeeples added a commit that referenced this pull request Jan 26, 2022
* First draft

* Second draft

* Tighten up procedure

* Update detections-ui-exceptions.asciidoc

* Update detections-ui-exceptions.asciidoc

* Apply suggestions from Ben's review

Co-authored-by: benironside <[email protected]>

* Restructure procedure syntax

* Update docs/detections/detections-ui-exceptions.asciidoc

Co-authored-by: Janeen Mikell-Straughn <[email protected]>

Co-authored-by: benironside <[email protected]>
Co-authored-by: Janeen Mikell-Straughn <[email protected]>
(cherry picked from commit 4491fc5)

Co-authored-by: Joe Peeples <[email protected]>
joepeeples added a commit that referenced this pull request Jan 26, 2022
* First draft

* Second draft

* Tighten up procedure

* Update detections-ui-exceptions.asciidoc

* Update detections-ui-exceptions.asciidoc

* Apply suggestions from Ben's review

Co-authored-by: benironside <[email protected]>

* Restructure procedure syntax

* Update docs/detections/detections-ui-exceptions.asciidoc

Co-authored-by: Janeen Mikell-Straughn <[email protected]>

Co-authored-by: benironside <[email protected]>
Co-authored-by: Janeen Mikell-Straughn <[email protected]>
(cherry picked from commit 4491fc5)

Co-authored-by: Joe Peeples <[email protected]>
joepeeples added a commit that referenced this pull request Jan 26, 2022
* First draft

* Second draft

* Tighten up procedure

* Update detections-ui-exceptions.asciidoc

* Update detections-ui-exceptions.asciidoc

* Apply suggestions from Ben's review

Co-authored-by: benironside <[email protected]>

* Restructure procedure syntax

* Update docs/detections/detections-ui-exceptions.asciidoc

Co-authored-by: Janeen Mikell-Straughn <[email protected]>

Co-authored-by: benironside <[email protected]>
Co-authored-by: Janeen Mikell-Straughn <[email protected]>
(cherry picked from commit 4491fc5)

Co-authored-by: Joe Peeples <[email protected]>
@joepeeples joepeeples deleted the issue-1360-endpoint-exception-req branch January 26, 2022 21:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Team: Docs Team: EDR Workflows Formerly Defend Workflows, Onboarding and Lifecycle Management Team: Endpoint Endpoint related issues v7.16.0 v7.17.0 v8.0.0 v8.1.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[DOCS] Inform users that at least one Endpoint Security Alert is required to create an Endpoint Exception
5 participants