Updates to Entity Analytics Dashboard (#4345)

* Updates to Entity Analytics Dashboard * Update docs/dashboards/entity-dashboard.asciidoc Co-authored-by: Janeen Mikell Roberts <[email protected]> * Apply review feedback * Removes reduntant line * Removes redundant image --------- Co-authored-by: Janeen Mikell Roberts <[email protected]> (cherry picked from commit da7355c)
elastic · Dec 6, 2023 · 92a670a · 92a670a
1 parent 437f82c
commit 92a670a
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 17 deletions.
diff --git a/docs/dashboards/entity-dashboard.asciidoc b/docs/dashboards/entity-dashboard.asciidoc
@@ -9,16 +9,9 @@ The Entity Analytics dashboard provides a centralized view of emerging insider t
 --
 
 * A https://www.elastic.co/pricing/[Platinum subscription] or higher is required.
-* To display host and user risk scores, the host risk score and user risk score features must be enabled. You can do this directly from the dashboard by clicking the *Enable* button. For more information, refer to the <<enable-host-risk-score, Enable host risk score>> and <<deploy-user-risk-score, Enable user risk score>> instructions.
-* To display anomalies, you must {ml-docs}/ml-ad-run-jobs.html[install and run] the following machine learning jobs: 
-** Unusual Source IP for a User to Logon from (`auth_rare_source_ip_for_a_user`)
-** Unusual Login Activity (`suspicious_login_activity`)
-** DNS Tunneling (`packetbeat_dns_tunneling`)
-** Unusual Network Destination Domain Name (`packetbeat_rare_server_domain`)
-** Unusual DNS Activity (`packetbeat_rare_dns_question`)
-** Suspicious Powershell Script (`v3_windows_anomalous_script`)
---
+* To display host and user risk scores, you must <<turn-on-risk-engine, turn on the risk scoring engine>>.
 
+--
 
 The dashboard includes the following sections:
 
@@ -55,7 +48,7 @@ Interact with the table to filter data, view more details, and take action:
 * Click *View all* in the upper-right to display all host risk information on the Hosts page. 
 * Click the number link in the *Alerts* column to view the alerts on the Alerts page. Hover over the number and select *Investigate in timeline* (image:images/timeline-button-osquery.png[Investigate in timeline icon,20,20]) to launch Timeline with a query that includes the associated host name value.
 
-For more information about host risk scores, click the *Learn more* link in the table, or refer to <<host-risk-score>>. 
+For more information about host risk scores, refer to <<entity-risk-scoring>>. 
 
 [[entity-user-risk-scores]]
 [float]
@@ -74,22 +67,24 @@ Interact with the table to filter data, view more details, and take action:
 * Click *View all* in the upper-right to display all user risk information on the Users page. 
 * Click the number link in the *Alerts* column to view the alerts on the Alerts page. Hover over the number and select *Investigate in timeline* (image:images/timeline-button-osquery.png[Investigate in timeline icon,20,20]) to launch Timeline with a query that includes the associated user name value.
 
-For more information about user risk scores, click the *Learn more* link in the table, or refer to <<user-risk-score>>. 
+For more information about user risk scores, refer to <<entity-risk-scoring>>. 
 
 [[entity-anomalies]]
 [float]
 == Anomalies
 
-Anomalies identify suspicious or irregular behavior patterns. The Anomalies table displays the total number of host and user anomalies identified by six predefined {ml} jobs (named in the Anomaly name column). These jobs must be installed and running to provide anomaly data.   
+Anomaly detection jobs identify suspicious or irregular behavior patterns. The Anomalies table displays the total number of anomalies identified by these prebuilt {ml} jobs (named in the **Anomaly name** column).
 
-[role="screenshot"]
-image::images/anomalies-table.png[Anomalies table]
+.Requirements
+[sidebar]
+-- 
 
-If data is missing, click the *Run job* link next to a {ml} job to install and start the job. 
+To display anomaly results, you must {ml-docs}/ml-ad-run-jobs.html[install and run] one or more <<prebuilt-ml-jobs, prebuilt anomaly detection jobs>>. You cannot add custom anomaly detection jobs to the Entity Analytics dashboard.
 
-[role="screenshot"]
-image::images/run-job.png[Run a machine learning job]
+-- 
 
+[role="screenshot"]
+image::images/anomalies-table.png[Anomalies table]
 
 Interact with the table to view more details:
 

diff --git a/docs/dashboards/images/run-job.png b/docs/dashboards/images/run-job.png