From addd11bd2e37cd9819a356c5fc011f4423c417b4 Mon Sep 17 00:00:00 2001 From: Simplychee Date: Tue, 26 Sep 2023 13:26:52 +0300 Subject: [PATCH] old docs changes --- .../cloud-siem/security-rules/manage-security-rules.md | 4 ++++ docs/user-guide/data-hub/log-parsing/default-parsing.md | 1 + .../log-management/log-alerts/alerts-event-management.md | 2 +- 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/docs/user-guide/cloud-siem/security-rules/manage-security-rules.md b/docs/user-guide/cloud-siem/security-rules/manage-security-rules.md index b13f43bd..076c1bd7 100644 --- a/docs/user-guide/cloud-siem/security-rules/manage-security-rules.md +++ b/docs/user-guide/cloud-siem/security-rules/manage-security-rules.md @@ -49,6 +49,10 @@ click **Preview in OpenSearch Dashboards** to open OpenSearch Dashboards Discove #### Using group-by (order matters!) +:::crucial Important +Alerts won't trigger if the field added to the Group-by doesn't exist in the logs. The logs must include both the field you have in group-by and the field you use in your query/filter to trigger the alert. +::: + You have the option to apply **group by** operators to up to 3 fields. If you use this option, the rule will return the aggregated results. The order of group-by fields matters. Results are grouped in the order in which the group-by fields are added. (The fields are shown from first to last from Left-To-Right.) diff --git a/docs/user-guide/data-hub/log-parsing/default-parsing.md b/docs/user-guide/data-hub/log-parsing/default-parsing.md index d8607701..5ced6c1f 100644 --- a/docs/user-guide/data-hub/log-parsing/default-parsing.md +++ b/docs/user-guide/data-hub/log-parsing/default-parsing.md @@ -25,6 +25,7 @@ This table shows the log types that Logz.io parses automatically. | Alcide kAudit | `alcide-kaudit` | ✖️ Auto-parsed as part of platform integration. | | Apache access | `apache`, `apache_access`, `apache-access` | ✔ | | Auditd | `auditd` | ✔ | +| Avast | `avast` | ✔ | | AWS CloudFront | `cloudfront` | ✔ | | AWS CloudTrail | `cloudtrail` | ✔ | | AWS ELB | `elb` | ✔ | diff --git a/docs/user-guide/log-management/log-alerts/alerts-event-management.md b/docs/user-guide/log-management/log-alerts/alerts-event-management.md index 522af503..1f6e0f62 100644 --- a/docs/user-guide/log-management/log-alerts/alerts-event-management.md +++ b/docs/user-guide/log-management/log-alerts/alerts-event-management.md @@ -28,7 +28,7 @@ The information that is provided for each event triggered is summarized in the t |Count| The number of grouped events included in the entry | |Assigned to| Team member handling event investigation and resolution | |Status|Investigation stage of the triggered event: **- New:** A triggered event that has not been assigned **- Assigned:** Investigation pending **- In Progress:** The assigned handler is investigating the event **- Waiting for response:** Investigation on hold pending reply from external stakeholders **- False positive:** Investigation verified that the detected activity is benign **- Resolved:** Investigation complete | -|Last triggered| Date and time the alert was last triggered | +|Last triggered| Date and time of the most recent occurrence of this event within the past 3 days | |Comment| Additional information added by investigators: Use this field to include handling priority information and any information relevant to the investigation| |Updated|Date of latest changes made to the event and which user made the changes|