diff --git a/docs/advanced-entity-analytics/images/hosts-hr-data.png b/docs/advanced-entity-analytics/images/hosts-hr-data.png index 47965c68cf..a578265942 100644 Binary files a/docs/advanced-entity-analytics/images/hosts-hr-data.png and b/docs/advanced-entity-analytics/images/hosts-hr-data.png differ diff --git a/docs/advanced-entity-analytics/images/hosts-hr-level.png b/docs/advanced-entity-analytics/images/hosts-hr-level.png index dabd3be939..b73d347653 100644 Binary files a/docs/advanced-entity-analytics/images/hosts-hr-level.png and b/docs/advanced-entity-analytics/images/hosts-hr-level.png differ diff --git a/docs/getting-started/images/network-ui.png b/docs/getting-started/images/network-ui.png index d506f928c7..558bb31b80 100644 Binary files a/docs/getting-started/images/network-ui.png and b/docs/getting-started/images/network-ui.png differ diff --git a/docs/getting-started/images/users/users-page.png b/docs/getting-started/images/users/users-page.png index adcd0f5ab8..c7028ebbd7 100644 Binary files a/docs/getting-started/images/users/users-page.png and b/docs/getting-started/images/users/users-page.png differ diff --git a/docs/getting-started/network-page-overview.asciidoc b/docs/getting-started/network-page-overview.asciidoc index a66d398bca..bacbe431c7 100644 --- a/docs/getting-started/network-page-overview.asciidoc +++ b/docs/getting-started/network-page-overview.asciidoc @@ -1,7 +1,7 @@ [[network-page-overview]] = Network page -The Network page provides key network activity metrics in an interactive map, and network event tables that enable interaction with the Timeline. You can drag and drop items of interest from the Network view to Timeline for further investigation. +The Network page provides key network activity metrics in an interactive map, and network event tables that enable interaction with Timeline. You can drag and drop items of interest from the Network view to Timeline for further investigation. [role="screenshot"] image::images/network-ui.png[] @@ -42,13 +42,13 @@ Interactive widgets let you drill down for deeper insights: There are also tabs for viewing and investigating specific types of data: +* *Events*: All network events. To display alerts received from external monitoring tools, scroll down to the events table and select *Show only external alerts* on the right. * *Flows*: Source and destination IP addresses and countries. * *DNS*: DNS network queries. * *HTTP*: Received HTTP requests (HTTP requests for applications using {apm-app-ref}/apm-getting-started.html[Elastic APM] are monitored by default). * *TLS*: Handshake details. * *Anomalies*: Anomalies discovered by <>. -* *Events*: All network events. To display alerts received from external monitoring tools, scroll down to the events table and select *Show only external alerts* on the right. The Events table includes inline actions and several customization options. To learn more about what you can do with the data in these tables, refer to <>. diff --git a/docs/getting-started/users-page.asciidoc b/docs/getting-started/users-page.asciidoc index 66ab3ae783..d759c96726 100644 --- a/docs/getting-started/users-page.asciidoc +++ b/docs/getting-started/users-page.asciidoc @@ -20,10 +20,10 @@ TIP: Hover inside a KPI chart to display the actions menu (*...*), where you can Beneath the KPI charts are data tables, which are useful for viewing and investigating specific types of data. Select the relevant tab to view the following details: +* *Events*: Ingested events that contain the `user.name` field. You can stack by the `event.action`, `event.dataset`, or `event.module` field. To display alerts received from external monitoring tools, scroll down to the Events table and select *Show only external alerts* on the right. * *All users*: A chronological list of unique user names, when they were last active, and the associated domains. * *Authentications*: A chronological list of user authentication events and associated details, such as the number of successes and failures, and the host name of the last successful destination. * *Anomalies*: Unusual activity discovered by machine learning jobs that contain user data. -* *Events*: Ingested events that contain the `user.name` field. You can stack by the `event.action`, `event.dataset`, or `event.module` field. To display alerts received from external monitoring tools, scroll down to the Events table and select *Show only external alerts* on the right. * *User risk*: The latest recorded user risk score for each user, and its user risk classification. This feature requires a https://www.elastic.co/pricing[Platinum subscription] or higher and must be enabled to display the data. Click *Enable* on the *User risk* tab to get started. To learn more, refer to our <>. The Events table includes inline actions and several customization options. To learn more about what you can do with the data in these tables, refer to <>. diff --git a/docs/management/hosts/hosts-overview.asciidoc b/docs/management/hosts/hosts-overview.asciidoc index fa3e2c24f8..3a9224439d 100644 --- a/docs/management/hosts/hosts-overview.asciidoc +++ b/docs/management/hosts/hosts-overview.asciidoc @@ -22,10 +22,10 @@ TIP: Hover inside a KPI chart to display the actions menu (*...*), where you can Beneath the KPI charts are data tables, categorized by individual tabs, which are useful for viewing and investigating specific types of data. Select the relevant tab to view the following data: +* *Events*: All host events. To display alerts received from external monitoring tools, scroll down to the Events table and select *Show only external alerts* on the right. * *All hosts*: High-level host details. * *Uncommon processes*: Uncommon processes running on hosts. * *Anomalies*: Anomalies discovered by machine learning jobs. -* *Events*: All host events. To display alerts received from external monitoring tools, scroll down to the Events table and select *Show only external alerts* on the right. * *Host risk*: The latest recorded host risk score for each host, and its host risk classification. This feature requires a https://www.elastic.co/pricing[Platinum subscription] or higher and must be enabled to display the data. Click *Enable* on the *Host risk* tab to get started. To learn more, refer to our <>. * *Sessions*: Linux process events that you can open in <>, an investigation tool that allows you to examine Linux process data at a hierarchal level. diff --git a/docs/management/hosts/images/hosts-ov-pg.png b/docs/management/hosts/images/hosts-ov-pg.png index 55a7b7d3d4..c234836f1c 100644 Binary files a/docs/management/hosts/images/hosts-ov-pg.png and b/docs/management/hosts/images/hosts-ov-pg.png differ