Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DOCS-7866 added Simple rule creator for CSM Threats #23100

Merged
merged 5 commits into from
May 16, 2024
Merged

DOCS-7866 added Simple rule creator for CSM Threats #23100

merged 5 commits into from
May 16, 2024

Conversation

michaelcretzman
Copy link
Contributor

DOCS-7866

What does this PR do? What is the motivation?

Updates CSM custom rule creation with new Simple rule creator feature.

Merge instructions

Please DO NOT merge after reviewing. Still waiting on whether this is beta or GA.

Additional notes

Updated menu title for another topic:

  • Creating Custom Agent Rules > Creating Agent rule expressions

@michaelcretzman michaelcretzman added Do Not Merge Just do not merge this PR :) security Content changed in the security folder labels May 9, 2024
@michaelcretzman michaelcretzman requested a review from a team as a code owner May 9, 2024 19:39
@michaelcretzman michaelcretzman changed the title DOCS-7866 added Simple rule creator DOCS-7866 added Simple rule creator for CSM Threats May 9, 2024
@github-actions github-actions bot added Architecture Everything related to the Doc backend Images Images are added/removed with this PR labels May 9, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 9, 2024

Preview links (active after the build_preview check completes)

Modified Files

@michaelcretzman michaelcretzman added changelog/no-changelog and removed Do Not Merge Just do not merge this PR :) labels May 10, 2024
@aliciascott
Copy link
Contributor

Editorial card: https://datadoghq.atlassian.net/browse/DOCS-7922

@aliciascott aliciascott added the editorial review Waiting on a more in-depth review label May 10, 2024
jhgilbert
jhgilbert approved these changes May 14, 2024
View reviewed changes
Copy link
Contributor

@jhgilbert jhgilbert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved with some suggestions, thanks!

config/_default/menus/main.en.yaml Outdated Show resolved Hide resolved
content/en/security/threats/workload_security_rules/_index.md Outdated Show resolved Hide resolved
content/en/security/threats/workload_security_rules/custom_rules.md Outdated Show resolved Hide resolved
content/en/security/threats/workload_security_rules/custom_rules.md Outdated Show resolved Hide resolved
content/en/security/threats/workload_security_rules/custom_rules.md Outdated Show resolved Hide resolved
content/en/security/threats/workload_security_rules/custom_rules.md Outdated Show resolved Hide resolved
content/en/security/threats/workload_security_rules/custom_rules.md Outdated Show resolved Hide resolved
content/en/security/threats/workload_security_rules/custom_rules.md Outdated Show resolved Hide resolved
content/en/security/threats/workload_security_rules/custom_rules.md Outdated Show resolved Hide resolved
content/en/security/threats/workload_security_rules/custom_rules.md Outdated Show resolved Hide resolved
@michaelcretzman @jhgilbert
Apply suggestions from code review
6f947f4 
incorporating peer edits

Co-authored-by: Jen Gilbert <[email protected]>
@michaelcretzman michaelcretzman self-assigned this May 15, 2024
@paragbaxi
Copy link
Contributor

approved
comments below

Using this tool is faster than the advanced method of creating the Agent and detection rules separately.

love it

In Agent Configuration or Threat Detection Rules

you are on top of it

To detect unauthorized changes to files, select File integrity monitoring (FIM).
To track and analyze system software processes for malicious behavior or policy violations, select Process activity monitoring.
Enter the file/process names or paths to monitor.

this is good. I wonder if clarifying that a rule can only be a fim or process is needed
something like

To monitor your resource effectively, you have the option to choose between two detection types:
To detect unauthorized changes to files, select File integrity monitoring (FIM).
To track and analyze system software processes for malicious behavior or policy violations, select Process activity monitoring.
Enter the file/process names or paths to monitor.

could just be an unnecessary change
i'll leave it up to you

  1. Select Create <> Rules.

should we clarify that NUMBER is populated by the system, or would the user already get that with the <<>>.
again, it's understandable as is

@michaelcretzman michaelcretzman merged commit aaf1a4d into master May 16, 2024
13 checks passed
@michaelcretzman michaelcretzman deleted the mcretzman/DOCS-7866-cust-rule-wizard branch May 16, 2024 19:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jhgilbert jhgilbert jhgilbert approved these changes

Assignees

@michaelcretzman michaelcretzman

Labels
Architecture Everything related to the Doc backend editorial review Waiting on a more in-depth review Images Images are added/removed with this PR security Content changed in the security folder
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@michaelcretzman @aliciascott @paragbaxi @jhgilbert