old docs changes

logzio · Sep 26, 2023 · addd11b · addd11b
1 parent 39253bf
commit addd11b
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 1 deletion.
diff --git a/docs/user-guide/cloud-siem/security-rules/manage-security-rules.md b/docs/user-guide/cloud-siem/security-rules/manage-security-rules.md
@@ -49,6 +49,10 @@ click **Preview in OpenSearch Dashboards** to open OpenSearch Dashboards Discove
 
 #### Using group-by (order matters!)
 
+:::crucial Important
+Alerts won't trigger if the field added to the Group-by doesn't exist in the logs. The logs must include both the field you have in group-by and the field you use in your query/filter to trigger the alert. 
+:::
+
 You have the option to apply **group by** operators to up to 3 fields. If you use this option, the rule will return the aggregated results.
 
 The order of group-by fields matters. Results are grouped in the order in which the group-by fields are added. (The fields are shown from first to last from Left-To-Right.)

diff --git a/docs/user-guide/data-hub/log-parsing/default-parsing.md b/docs/user-guide/data-hub/log-parsing/default-parsing.md
@@ -25,6 +25,7 @@ This table shows the log types that Logz.io parses automatically.
 | Alcide kAudit         | `alcide-kaudit` | ✖️ Auto-parsed as part of platform integration. |
 | Apache access         | `apache`, `apache_access`, `apache-access` | ✔ |
 | Auditd                | `auditd`                                   | ✔ |
+| Avast                 | `avast`                                    | ✔ |
 | AWS CloudFront        | `cloudfront`                               | ✔ |
 | AWS CloudTrail        | `cloudtrail`                               | ✔ |
 | AWS ELB               | `elb`                                      | ✔ |

diff --git a/docs/user-guide/log-management/log-alerts/alerts-event-management.md b/docs/user-guide/log-management/log-alerts/alerts-event-management.md
@@ -28,7 +28,7 @@ The information that is provided for each event triggered is summarized in the t
 |Count| The number of grouped events included in the entry |
 |Assigned to| Team member handling event investigation and resolution |
 |Status|Investigation stage of the triggered event:    **- New:** A triggered event that has not been assigned **- Assigned:** Investigation pending **- In Progress:** The assigned handler is investigating the event **- Waiting for response:** Investigation on hold pending reply from external stakeholders  **- False positive:**  Investigation verified that the detected activity is benign  **- Resolved:** Investigation complete |
-|Last triggered| Date and time the alert was last triggered |
+|Last triggered| Date and time of the most recent occurrence of this event within the past 3 days |
 |Comment| Additional information added by investigators:  Use this field to include handling priority information and any information relevant to the investigation|
 |Updated|Date of latest changes made to the event and which user made the changes|