We are introducing a new feature in 8.16 under technical preview with an advanced setting. When the securitySolution:enableVisualizationsInFlyout setting is on, user can access analyzer graph and session viewer in a new section called Visualize in the alert and event flyout.
As of October 1, 2024, the feature has been merged in main. However, the advanced setting is only available in ESS
Plan to add the setting to Serverless on or before feature freeze (Oct 15)
Currently the setting is default to false. But subject to change based on PM feedback
Background & resources
PRs: All related PRs are listed in the issues below. Notable ones with releasenote:feature are:
[x] Configure advanced settings: Create a new section for the securitySolution:enableVisualizationsInFlyout advanced setting. Place it after the "Exclude cold and frozen tier data from analyzer queries" section.
[x] View alert details | Visualizations: Add a subsection that describes the Visualization tab. Note that the tab only appears if the securitySolution:enableVisualizationsInFlyout advanced setting is turned on. Name the new section "Expanded visualizations view".
[x] Visual event analyzer: Revise step 3 to show where event analyzer can be accessed. For example, "Event analyzer is accessible from the Hosts, Alerts, and Timelines pages, as well as the alert details flyout if the securitySolution:enableVisualizationsInFlyout advanced setting is turned on.
Serverless
Same changes
ESS release
8.16
Serverless release
The week of October 28, 2024
Feature differences
No difference
API docs impact
N/A
Prerequisites, privileges, feature flags
Advanced setting securitySolution:enableVisualizationsInFlyout must be enabled
Description
We are introducing a new feature in 8.16 under technical preview with an advanced setting. When the
securitySolution:enableVisualizationsInFlyout
setting is on, user can access analyzer graph and session viewer in a new section calledVisualize
in the alert and event flyout.Background & resources
releasenote:feature
are:Which documentation set does this change impact?
ESS
securitySolution:enableVisualizationsInFlyout
advanced setting. Place it after the "Exclude cold and frozen tier data from analyzer queries" section.securitySolution:enableVisualizationsInFlyout
advanced setting is turned on. Name the new section "Expanded visualizations view".securitySolution:enableVisualizationsInFlyout
advanced setting is turned on.Serverless
ESS release
8.16
Serverless release
The week of October 28, 2024
Feature differences
No difference
API docs impact
N/A
Prerequisites, privileges, feature flags
Advanced setting
securitySolution:enableVisualizationsInFlyout
must be enabled