[DOCS-7851] Update Cloud SIEM Investigate Security Signals for new panel design #23984
Conversation
Preview links (active after the
|
Made a few edits to align with some changes to the side panel since this draft was first written.
maycmlee
added
editorial review
| - `Under Review`: During an active investigation, change the triage status to `Under Review`. From the `Under Review` state, you can move the status to `Archived` or `Open` as needed. | ||
| - `Archived`: When the detection that caused the signal has been resolved, update the status to `Archived`. When a signal is archived, you can give a reason and description for future reference. If an archived issue resurfaces, or if further investigation is necessary, the status can be changed back to `Open`. All signals are locked 30 days after they have been created.</ul> | ||
| b. Click **Assign Signal** to assign a signal to yourself or another Datadog user. | ||
| c. Under **Take Action**, you can create a case, declare an incident, edit suppressions, or run workflows. Creating a case automatically assigns the signal to you and sets the triage status to `Under Review`. |
There was a problem hiding this comment.
Something is wrong with the formatting of this item. It appears inline after b. instead of on its own line.
There was a problem hiding this comment.
Thanks for catching that! Fixed it.
| {{< img src="security/security_monitoring/investigate_security_signals/bulk_actions.png" alt="The Signal Explorer showing the bulk action option" style="width:45%;" >}} | ||
| {{< img src="security/security_monitoring/investigate_security_signals/bulk_actions2.png" alt="The Signal Explorers showing the bulk action option" style="width:55%;" >}} | ||
|
|
||
| ### Run Workflow automation |
There was a problem hiding this comment.
The product is called Workflow Automation. If this heading refers to the product, it should say "Run Workflow Automation." If you're talking about a workflow as a concept instead of the product name, it should be "Run workflow automation"
There was a problem hiding this comment.
Thanks @urseberry for pointing this out! I was following what's in the UI, which is calling it Datadog Workflows. I'll let the PM know that it's actually Workflow Automation. For the docs, I updated the header and committed your suggestions so it's referred to as Workflow Automation.
|
|
||
| ## Investigate | ||
|
|
||
| A signal contains important information to determine whether a signal is malicious or not. Additionally, you can add a signal to a case in Case Management for further investigation. |
There was a problem hiding this comment.
Can you reword the first sentence to avoid repeating the word "signal?"
There was a problem hiding this comment.
Yes, reworded to say "..whether the threat detected is malicious.."
Co-authored-by: Ursula Chen <[email protected]>
…nel design (#23984) * updates * Update investigate_security_signals.md Made a few edits to align with some changes to the side panel since this draft was first written. * add image * edits * more edits * more small edits * Apply suggestions from code review Co-authored-by: Ursula Chen <[email protected]> * fix missing line break * change on where to click in the new side panel * update image --------- Co-authored-by: Jason Hunsberger <[email protected]> Co-authored-by: Ursula Chen <[email protected]>
What does this PR do? What is the motivation?
Updates the Cloud SIEM Investigate Security Signals for the new signal panel.
Adds a new image and updates a couple of the current images because the pop ups are small and hard to see.
DOCS-7851
Merge instructions
Do not merge.
Additional notes