Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[DOCS-6880] Update Getting Started with Cloud SIEM with new SKU info #20973

Merged
merged 10 commits into from
Dec 12, 2023
Merged

[DOCS-6880] Update Getting Started with Cloud SIEM with new SKU info #20973

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
955f3be
update doc
maycmlee Dec 11, 2023
2e08dcd
Update content/en/getting_started/cloud_siem/_index.md
maycmlee Dec 11, 2023
1afd235
apply suggestions
maycmlee Dec 11, 2023
8213ffb
add link
maycmlee Dec 11, 2023
2c8949e
small edit
maycmlee Dec 11, 2023
b5a7826
fix alt text
maycmlee Dec 11, 2023
729d2d5
add info
maycmlee Dec 11, 2023
aac60ae
add links
maycmlee Dec 11, 2023
220a493
fix link
maycmlee Dec 11, 2023
5821972
apply suggestions
maycmlee Dec 12, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 24 additions & 2 deletions content/en/getting_started/cloud_siem/_index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,8 +63,30 @@
3. Select and configure [Content Packs][9], which provide out-of-the-box content for critical security log sources.
4. Select and configure [additional log sources][10] you want Cloud SIEM to analyze.
5. Click **Activate**. A custom Cloud SIEM log index (`cloud-siem-xxxx`) is created.
6. Navigate to the [Logs Indexes configuration][11] page.
7. Move the Cloud SIEM index to the top of the index list. Cloud SIEM analyzes all logs going into the Cloud SIEM index. You can configure the index to filter for specific log events. See the [Log Index documentation][12] for more information.

### Reorder the Cloud SIEM Index

Check warning on line 67 in content/en/getting_started/cloud_siem/_index.md

View workflow job for this annotation

GitHub Actions / vale

[vale] content/en/getting_started/cloud_siem/_index.md#L67 

[Datadog.headings] 'Reorder the Cloud SIEM Index' should use sentence-style capitalization.
Raw output 
{"message": "[Datadog.headings] 'Reorder the Cloud SIEM Index' should use sentence-style capitalization.", "location": {"path": "content/en/getting_started/cloud_siem/_index.md", "range": {"start": {"line": 67, "column": 5}}}, "severity": "WARNING"}

{{< img src="getting_started/cloud_siem/cloud-siem-setup-warning.png" alt="A yellow warning box saying Index Configuration needs attention" style="width:80%;">}}

If the Cloud SIEM setup page shows the warning "The Cloud SIEM index is not in the first position", do the following:

1. Click **Reorder index in Logs Configuration**.

2. Confirm the modal title says "Move cloud-siem-xxxx to..." and that the `cloud-siem-xxxx` text in the index column is light purple.

{{< img src="getting_started/cloud_siem/move-index-modal.png" alt="The Move cloud-siem-xxxx modal showing the cloud-siem-xxxx index in the last position in the list of indexes" style="width:60%;">}}

3. To select the new placement of your index, click the top line of the index where you want `cloud-siem-xxxx` to go. For example, if you want to make the `cloud-siem-xxxx` index the first index, click on the line above the current first index. The new position is highlighted with a thick blue line.

{{< img src="getting_started/cloud_siem/move-index-highlight.png" alt="The Move cloud-siem-xxxx modal showing a blue line at the tope of the first index" style="width:65%;">}}

4. The text confirms the position selected: "Select the new placement of your index: Position 1". Click **Move**.

5. Review the warning text and if you confirm the change, click **Reorder**.

6. Review the index order and confirm that the `cloud-siem-xxxx` index is where you want it. If you want to move the index, click the **Move to** icon and follow steps 3 to 5.

7. Navigate back to Cloud SIEM setup page.
maycmlee marked this conversation as resolved.
Show resolved Hide resolved
maycmlee marked this conversation as resolved.
Show resolved Hide resolved

## Phase 2: Signal exploration

Expand Down
Binary file added static/images/getting_started/cloud_siem/cloud-siem-setup-warning.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added static/images/getting_started/cloud_siem/move-index-highlight.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added static/images/getting_started/cloud_siem/move-index-modal.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading