In 7.14 we are releasing a prototype capability for surfacing risky hosts from a user’s environment. SOC Analysts can leverage host-based contextualization while triaging associated security alerts and expedite their alert triaging processes.
List all the ATC of each action and its intended result.
For example: As a user, when [action (e.g., viewing, clicking, selecting, etc.)] I should [insert the expected result].
Notes
[x] - Add all appropriate labels to the issue, especially the version number label.
[x] - Be sure to add any necessary screenshots, code text, or console commands for clarity.
[x] - Include any conditions or caveats that may affect customers.
Docs PR is awaiting review in the detection-rules repo: It had all the Dev Tools commands to import the host risk score artifacts into Kibana. It also includes a note on edge cases that can arise from using host.name in the absence of host entities.
Also added the docs under the "Experimental" section in the official Elastic docs for 7.14.
Description
In 7.14 we are releasing a prototype capability for surfacing risky hosts from a user’s environment. SOC Analysts can leverage host-based contextualization while triaging associated security alerts and expedite their alert triaging processes.
related issue - https://github.com/elastic/security-team/issues/1199 Release Tracker - https://github.com/elastic/security-team/issues/1469
Acceptance Test Criteria (TBD)
List all the ATC of each action and its intended result. For example: As a user, when [action (e.g., viewing, clicking, selecting, etc.)] I should [insert the expected result].
Notes