[Security][Quality] Improve docs for Security detections and alerts#5253
Draft
nastasha-solomon wants to merge 2 commits intomainfrom
Draft
[Security][Quality] Improve docs for Security detections and alerts#5253nastasha-solomon wants to merge 2 commits intomainfrom
nastasha-solomon wants to merge 2 commits intomainfrom
Conversation
Contributor
Vale Linting ResultsSummary: 12 warnings, 41 suggestions found
|
| File | Line | Rule | Message |
|---|---|---|---|
| solutions/security/detect-and-alert/custom-query.md | 62 | Elastic.Latinisms | Latin terms and abbreviations are a common source of confusion. Use 'using' instead of 'via'. |
| solutions/security/detect-and-alert/custom-query.md | 79 | Elastic.Latinisms | Latin terms and abbreviations are a common source of confusion. Use 'using' instead of 'via'. |
| solutions/security/detect-and-alert/custom-query.md | 81 | Elastic.Latinisms | Latin terms and abbreviations are a common source of confusion. Use 'using' instead of 'via'. |
| solutions/security/detect-and-alert/esql.md | 23 | Elastic.DontUse | Don't use '...'. |
| solutions/security/detect-and-alert/esql.md | 44 | Elastic.DontUse | Don't use '...'. |
| solutions/security/detect-and-alert/esql.md | 109 | Elastic.DontUse | Don't use '...'. |
| solutions/security/detect-and-alert/install-manage-prebuilt-rules.md | 106 | Elastic.DontUse | Don't use 'Note that'. |
| solutions/security/detect-and-alert/reduce-noise-and-false-positives.md | 37 | Elastic.QuotesPunctuation | Put punctuation outside the quotation marks. |
| solutions/security/detect-and-alert/reduce-noise-and-false-positives.md | 47 | Elastic.QuotesPunctuation | Put punctuation outside the quotation marks. |
| solutions/security/detect-and-alert/reduce-noise-and-false-positives.md | 57 | Elastic.QuotesPunctuation | Put punctuation outside the quotation marks. |
| solutions/security/detect-and-alert/reduce-noise-and-false-positives.md | 67 | Elastic.QuotesPunctuation | Put punctuation outside the quotation marks. |
| troubleshoot/security/detection-rules.md | 165 | Elastic.DontUse | Don't use 'note that'. |
💡 Suggestions (41)
| File | Line | Rule | Message |
|---|---|---|---|
| solutions/security/detect-and-alert/before-you-begin.md | 25 | Elastic.WordChoice | Consider using 'can, might' instead of 'may', unless the term is in the UI. |
| solutions/security/detect-and-alert/choose-the-right-rule-type.md | 23 | Elastic.Ellipses | In general, don't use an ellipsis. |
| solutions/security/detect-and-alert/choose-the-right-rule-type.md | 35 | Elastic.Wordiness | Consider using 'to' instead of 'in order to'. |
| solutions/security/detect-and-alert/choose-the-right-rule-type.md | 91 | Elastic.WordChoice | Consider using 'refer to (if it's a document), view (if it's a UI element)' instead of 'see', unless the term is in the UI. |
| solutions/security/detect-and-alert/custom-query.md | 22 | Elastic.WordChoice | Consider using 'efficient, basic' instead of 'simple', unless the term is in the UI. |
| solutions/security/detect-and-alert/custom-query.md | 77 | Elastic.WordChoice | Consider using 'refer to (if it's a document), view (if it's a UI element)' instead of 'See', unless the term is in the UI. |
| solutions/security/detect-and-alert/eql.md | 89 | Elastic.WordChoice | Consider using 'refer to (if it's a document), view (if it's a UI element)' instead of 'See', unless the term is in the UI. |
| solutions/security/detect-and-alert/esql.md | 23 | Elastic.Ellipses | In general, don't use an ellipsis. |
| solutions/security/detect-and-alert/esql.md | 44 | Elastic.Ellipses | In general, don't use an ellipsis. |
| solutions/security/detect-and-alert/esql.md | 56 | Elastic.WordChoice | Consider using 'can, might' instead of 'may', unless the term is in the UI. |
| solutions/security/detect-and-alert/esql.md | 98 | Elastic.WordChoice | Consider using 'refer to (if it's a document), view (if it's a UI element)' instead of 'See', unless the term is in the UI. |
| solutions/security/detect-and-alert/esql.md | 109 | Elastic.Ellipses | In general, don't use an ellipsis. |
| solutions/security/detect-and-alert/indicator-match.md | 72 | Elastic.WordChoice | Consider using 'refer to (if it's a document), view (if it's a UI element)' instead of 'See', unless the term is in the UI. |
| solutions/security/detect-and-alert/install-manage-prebuilt-rules.md | 81 | Elastic.Semicolons | Use semicolons judiciously. |
| solutions/security/detect-and-alert/install-manage-prebuilt-rules.md | 121 | Elastic.Versions | Use 'or earlier' instead of 'or lower' when referring to versions. |
| solutions/security/detect-and-alert/machine-learning.md | 82 | Elastic.WordChoice | Consider using 'refer to (if it's a document), view (if it's a UI element)' instead of 'See', unless the term is in the UI. |
| solutions/security/detect-and-alert/mitre-attack-coverage.md | 79 | Elastic.WordChoice | Consider using 'deactivated, deselected, hidden, turned off, unavailable' instead of 'disabled', unless the term is in the UI. |
| solutions/security/detect-and-alert/new-terms.md | 50 | Elastic.WordChoice | Consider using 'can, might' instead of 'may', unless the term is in the UI. |
| solutions/security/detect-and-alert/new-terms.md | 70 | Elastic.WordChoice | Consider using 'refer to (if it's a document), view (if it's a UI element)' instead of 'See', unless the term is in the UI. |
| solutions/security/detect-and-alert/prebuilt-rules.md | 14 | Elastic.WordChoice | Consider using 'refer to (if it's a document), view (if it's a UI element)' instead of 'see', unless the term is in the UI. |
| solutions/security/detect-and-alert/reduce-noise-and-false-positives.md | 47 | Elastic.FirstPerson | Use caution when using first-person pronouns such as 'my.' |
| solutions/security/detect-and-alert/reduce-noise-and-false-positives.md | 90 | Elastic.Wordiness | Consider using 'all' instead of 'all of '. |
| solutions/security/detect-and-alert/reduce-noise-and-false-positives.md | 102 | Elastic.WordChoice | Consider using 'can, might' instead of 'may', unless the term is in the UI. |
| solutions/security/detect-and-alert/reduce-noise-and-false-positives.md | 102 | Elastic.WordChoice | Consider using 'can, might' instead of 'may', unless the term is in the UI. |
| solutions/security/detect-and-alert/rule-settings-reference.md | 79 | Elastic.WordChoice | Consider using 'can, might' instead of 'may', unless the term is in the UI. |
| solutions/security/detect-and-alert/rule-settings-reference.md | 109 | Elastic.WordChoice | Consider using 'refer to (if it's a document), view (if it's a UI element)' instead of 'See', unless the term is in the UI. |
| solutions/security/detect-and-alert/rule-settings-reference.md | 126 | Elastic.WordChoice | Consider using 'refer to (if it's a document), view (if it's a UI element)' instead of 'see', unless the term is in the UI. |
| solutions/security/detect-and-alert/rule-settings-reference.md | 162 | Elastic.WordChoice | Consider using 'refer to (if it's a document), view (if it's a UI element)' instead of 'see', unless the term is in the UI. |
| solutions/security/detect-and-alert/rule-settings-reference.md | 200 | Elastic.WordChoice | Consider using 'refer to (if it's a document), view (if it's a UI element)' instead of 'see', unless the term is in the UI. |
| solutions/security/detect-and-alert/rule-settings-reference.md | 202 | Elastic.WordChoice | Consider using 'run, start' instead of 'execute', unless the term is in the UI. |
| solutions/security/detect-and-alert/rule-settings-reference.md | 281 | Elastic.WordChoice | Consider using 'refer to (if it's a document), view (if it's a UI element)' instead of 'see', unless the term is in the UI. |
| solutions/security/detect-and-alert/rule-settings-reference.md | 291 | Elastic.Wordiness | Consider using 'because' instead of 'since'. |
| solutions/security/detect-and-alert/rule-types.md | 18 | Elastic.Ellipses | In general, don't use an ellipsis. |
| solutions/security/detect-and-alert/set-rule-data-sources.md | 40 | Elastic.WordChoice | Consider using 'can, might' instead of 'may', unless the term is in the UI. |
| solutions/security/detect-and-alert/set-rule-data-sources.md | 48 | Elastic.WordChoice | Consider using 'can, might' instead of 'may', unless the term is in the UI. |
| solutions/security/detect-and-alert/threshold.md | 70 | Elastic.WordChoice | Consider using 'refer to (if it's a document), view (if it's a UI element)' instead of 'See', unless the term is in the UI. |
| solutions/security/detect-and-alert/tune-detection-rules.md | 12 | Elastic.Clone | Use cloning only when referring to cloning a GitHub repository or creating a copy that is linked to the original. Often confused with 'copy' and 'duplicate'. |
| solutions/security/detect-and-alert/update-prebuilt-rules.md | 22 | Elastic.Versions | Use 'or earlier' instead of 'or lower' when referring to versions. |
| solutions/security/detect-and-alert/using-the-rule-builder.md | 28 | Elastic.WordChoice | Consider using 'refer to (if it's a document), view (if it's a UI element)' instead of 'see', unless the term is in the UI. |
| solutions/security/detect-and-alert/validate-and-test-rules.md | 50 | Elastic.WordChoice | Consider using 'can, might' instead of 'may', unless the term is in the UI. |
| troubleshoot/security/detection-rules.md | 165 | Elastic.WordChoice | Consider using 'refer to (if it's a document), view (if it's a UI element)' instead of 'see', unless the term is in the UI. |
The Vale linter checks documentation changes against the Elastic Docs style guide.
To use Vale locally or report issues, refer to Elastic style guide for Vale.
Contributor
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes https://github.com/elastic/docs-content-internal/issues/797
Restructures the Detections and alerts section to reduce duplication, improve navigation, and give each page a clear purpose.
Key changes
Separated rule type content from shared settings
Created individual configuration guides for each rule type and a dedicated reference page for shared rule settings. The current documentation structure embeds UI-specific procedural steps inside conceptual and reference content, meaning any UI change requires touching multiple pages simultaneously. The proposed structure moves conceptual content, UI procedures, and field reference content to separate pages, so UI changes touch only the procedural pages.
Created decision guides for impt rule features
Turned stubs into navigational hub pages
New pages requiring technical accuracy review
Rule type pages
custom-query.mdeql.mdthreshold.mdindicator-match.mdnew-terms.mdesql.mdmachine-learning.mdReference, decision guides, and rewritten/newly-written pages
rule-settings-reference.mdchoose-the-right-rule-type.mdreduce-noise-and-false-positives.mdwrite-investigation-guides.mdset-rule-data-sources.mdusing-the-api.mdvalidate-and-test-rules.mdHub pages (lower risk, spot-check)
before-you-begin.md,prebuilt-rules.md,create-a-detection-rule.md,advanced-data-source-configuration.md,detections-reference.md,rule-types.md,mitre-attack-coverage.mdGenerative AI disclosure
Cursor, Claude