Skip to content

[REQUEST]: Add docs for the rule execution summary added to the Rule Monitoring tab #1325

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
denar50 opened this issue Apr 30, 2025 · 0 comments
Open

[REQUEST]: Add docs for the rule execution summary added to the Rule Monitoring tab #1325

denar50 opened this issue Apr 30, 2025 · 0 comments
Assignees
@nastasha-solomon
Labels
documentation Improvements or additions to documentation Team:Security Issues owned by the Security Docs Team

Comments

@denar50
Copy link

denar50 commented Apr 30, 2025
edited
Loading

Description

We are introducing the following indicators for rule executions for a selected time range:

  • Success rate
  • Amount of successful, failed and warning outcomes for the last execution of each rule.

Example:
We have 3 rules called 'A', 'B' and 'C'. Each rule has been executed 10 times, for a total of 30 executions. Rule 'C' is always failing its execution, therefore out of those 30 executions, 10 were failures. Rule 'B' had warnings in its last execution.

Given these conditions we have the following summary displayed to the users:

  • Total execution success: 66% (20 successful / 30 total)
  • Last execution summary: Success: 2 (rules 'A' and 'B'), Failed: 1 ('C' is always failing), Warning: 1 ('B' had warnings)

The indicators are displayed in the Rule Monitoring tab in the Rules page as indicated in the images:

Image

Image

Resources

This feature is implemented in this PR: elastic/kibana#219630
The issue for the feature can be found here: https://github.com/elastic/security-team/issues/12148

Which documentation set does this change impact?

Elastic On-Prem and Cloud (all)

Feature differences

The feature is identical on all deployment methods.

What release is this request related to?

8.19/9.1

Serverless TBD

Collaboration model

The documentation team

Point of contact.

Main contact: @denar50 (author) / @nkhristinin

Stakeholders: @approksiu, @yctercero
@denar50 denar50 added documentation Improvements or additions to documentation Team:Security Issues owned by the Security Docs Team labels Apr 30, 2025
@github-actions github-actions bot added needs-team Issues pending triage by the Docs Team and removed needs-team Issues pending triage by the Docs Team labels Apr 30, 2025
@denar50 denar50 changed the title [REQUEST]: [REQUEST]: Add docs for the rule execution summary added to the Rule Monitoring tab Apr 30, 2025
@nastasha-solomon nastasha-solomon self-assigned this Apr 30, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nastasha-solomon nastasha-solomon

Labels
documentation Improvements or additions to documentation Team:Security Issues owned by the Security Docs Team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@denar50 @nastasha-solomon