[8.13][cloud] CNVM Findings page enhancements (#4937) (#4986)

* Updates CNVM Findings page, related pages * adds note about group ordinality * minor change, align titles * bugfix * updates c/kspm image * incorporates Paulo's review * Update docs/cloud-native-security/cspm-findings.asciidoc Co-authored-by: Nastasha Solomon <[email protected]> * Update docs/cloud-native-security/cspm-findings.asciidoc Co-authored-by: Nastasha Solomon <[email protected]> * Update docs/cloud-native-security/kspm-findings.asciidoc Co-authored-by: Nastasha Solomon <[email protected]> * Update docs/cloud-native-security/kspm-findings.asciidoc Co-authored-by: Nastasha Solomon <[email protected]> * Update docs/cloud-native-security/vuln-management-findings.asciidoc Co-authored-by: Nastasha Solomon <[email protected]> * Update docs/cloud-native-security/vuln-management-findings.asciidoc Co-authored-by: Nastasha Solomon <[email protected]> * Update docs/cloud-native-security/vuln-management-findings.asciidoc Co-authored-by: Nastasha Solomon <[email protected]> * Update docs/cloud-native-security/vuln-management-findings.asciidoc Co-authored-by: Nastasha Solomon <[email protected]> * incorporates Joe's and Nat's reviews * Update docs/cloud-native-security/cspm-findings.asciidoc Co-authored-by: Janeen Mikell Roberts <[email protected]> * Update docs/cloud-native-security/kspm-findings.asciidoc Co-authored-by: Janeen Mikell Roberts <[email protected]> * incorporates Janeen's feedback --------- Co-authored-by: Nastasha Solomon <[email protected]> Co-authored-by: Janeen Mikell Roberts <[email protected]> (cherry picked from commit 067355f) Co-authored-by: Benjamin Ironside Goldstein <[email protected]>
elastic · Mar 25, 2024 · 949c013 · 949c013
1 parent 5f419a0
commit 949c013
Show file tree

Hide file tree

Showing 6 changed files with 51 additions and 34 deletions.
diff --git a/docs/cloud-native-security/cspm-findings.asciidoc b/docs/cloud-native-security/cspm-findings.asciidoc
@@ -1,7 +1,7 @@
 [[cspm-findings-page]]
 = Findings page
 
-The Findings page displays the configuration risks identified by the <<cspm,CSPM>> and <<kspm,KSPM>> integrations.
+The **Misconfigurations** tab on the Findings page displays the configuration risks identified by the <<cspm,CSPM>> and <<kspm,KSPM>> integrations.
 
 [role="screenshot"]
 image::images/findings-page.png[Findings page]
@@ -21,26 +21,28 @@ By default, the Findings page lists all findings, without grouping or filtering.
 [discrete]
 === Group findings 
 
-. Click **Group findings by:** to open a list of fields by which you can group findings. Select one of the suggested group-by fields, or click **Custom field** to choose your own group-by field. 
-. When grouping is turned on, click a group to expand it and examine all findings within that group.
-. To turn off grouping, click **Group findings by:** and select **None**.
+Click **Group findings by** to group your data by a field. Select one of the suggested fields or **Custom field** to choose your own. You can select up to three group fields at once.
+. When grouping is turned on, click a group to expand it and examine all sub-groups or findings within that group.
+. To turn off grouping, click **Group findings by** and select **None**.
+
+NOTE: Multiple groupings apply to your data in the order you selected them. For example, if you first select **Cloud account**, then select **Resource**, the top-level grouping will be based on **Cloud account**, and its subordinate grouping will be based on **Resource**. 
 
 
 [discrete]
 [[cspm-findings-page-filter-findings]]
 === Filter findings
 You can filter findings data in two ways:
 
-* *The KQL search bar*: For example, search for `result.evaluation : failed` to view all failed findings.
+* *KQL search bar*: For example, search for `result.evaluation : failed` to view all failed findings.
 * *In-table value filters*: Hover over a finding to display available inline actions. Use the Filter In (plus) and Filter Out (minus) buttons.
 
 [discrete]
 [[cspm-customize-the-findings-table]]
 === Customize the Findings table
-Use the toolbar buttons in the upper-left of the Findings table to customize the columns you want displayed:
+You can use the toolbar buttons in the upper-left of the Findings table to select which columns appear:
 
 * **Columns**: Select the left-to-right order in which columns appear.
-* **Sort fields** or **_n_ fields sorted**: Sort the table by one or more columns, or turn sorting off.
+* **Sort fields** : Sort the table by one or more columns, or turn sorting off.
 * **Fields**: Select which fields to display for each finding. Selected fields appear in the table and the **Columns** menu.
 
 TIP: You can also click a column's name to open a menu that allows you to perform multiple actions on the column. 

diff --git a/docs/cloud-native-security/images/cnvm-findings-grouped.png b/docs/cloud-native-security/images/cnvm-findings-grouped.png
diff --git a/docs/cloud-native-security/images/cnvm-findings-page.png b/docs/cloud-native-security/images/cnvm-findings-page.png
diff --git a/docs/cloud-native-security/images/findings-page.png b/docs/cloud-native-security/images/findings-page.png
diff --git a/docs/cloud-native-security/kspm-findings.asciidoc b/docs/cloud-native-security/kspm-findings.asciidoc
@@ -1,7 +1,7 @@
 [[findings-page]]
 = Findings page
 
-The Findings page displays the configuration risks identified by the <<cspm,CSPM>> and <<kspm,KSPM>> integrations.
+The **Misconfigurations** tab on the Findings page displays the configuration risks identified by the <<cspm,CSPM>> and <<kspm,KSPM>> integrations.
 
 [role="screenshot"]
 image::images/findings-page.png[Findings page]
@@ -12,7 +12,6 @@ image::images/findings-page.png[Findings page]
 
 KSPM findings indicate whether a given resource passed or failed evaluation against a specific security guideline. Each finding includes metadata about the resource evaluated and the security guideline used to evaluate it. Each finding's result (`pass` or `fail`) indicates whether a particular part of your infrastructure meets a security guideline.
 
-
 [discrete]
 [[findings-page-group-filter]]
 == Group and filter findings
@@ -21,25 +20,27 @@ By default, the Findings page lists all findings, without grouping or filtering.
 [discrete]
 === Group findings
 
-. Click **Group findings by:** to open a list of fields by which you can group findings. Select one of the suggested group-by fields, or click **Custom field** to choose your own group-by field. 
-. When grouping is turned on, click a group to expand it and examine all findings within that group.
-. To turn off grouping, click **Group findings by:** and select **None**.
+. Click **Group findings by** to group your data by a field. Select one of the suggested fields or **Custom field** to choose your own. You can select up to three group fields at once.
+. When grouping is turned on, click a group to expand it and examine all sub-groups or findings within that group.
+. To turn off grouping, click **Group findings by** and select **None**.
+
+NOTE: Multiple groupings apply to your data in the order you selected them. For example, if you first select **Kubernetes cluster**, then select **Resource**, the top-level grouping will be based on **Kubernetes cluster**, and its subordinate grouping will be based on **Resource**. 
 
 [discrete]
 [[findings-page-filter-findings]]
 === Filter findings
 You can filter findings data in two ways:
 
-* *The KQL search bar*: For example, search for `result.evaluation : failed` to view all failed findings.
+* *KQL search bar*: For example, search for `result.evaluation : failed` to view all failed findings.
 * *In-table value filters*: Hover over a finding to display available inline actions. Use the Filter In (plus) and Filter Out (minus) buttons.
 
 [discrete]
 [[kspm-customize-the-findings-table]]
 === Customize the Findings table
-Use the toolbar buttons in the upper-left of the Findings table to customize the columns you want displayed:
+You can use the toolbar buttons in the upper-left of the Findings table to select which columns appear:
 
 * **Columns**: Select the left-to-right order in which columns appear.
-* **Sort fields** or **_n_ fields sorted**: Sort the table by one or more columns, or turn sorting off.
+* **Sort fields**: Sort the table by one or more columns, or turn sorting off.
 * **Fields**: Select which fields to display for each finding. Selected fields appear in the table and the **Columns** menu.
 
 TIP: You can also click a column's name to open a menu that allows you to perform multiple actions on the column. 

diff --git a/docs/cloud-native-security/vuln-management-findings.asciidoc b/docs/cloud-native-security/vuln-management-findings.asciidoc
@@ -1,32 +1,54 @@
 [[vuln-management-findings]]
-= Findings
+= Findings page
 
-The vulnerabilities findings page displays the vulnerabilities detected by the <<vuln-management-overview, CNVM integration>>. CNVM findings include metadata such as the CVE identifier, CVSS score, severity, affected package, and fix version if available, as well as information about impacted systems.
+The **Vulnerabilities** tab on the Findings page displays the vulnerabilities detected by the <<vuln-management-overview, CNVM integration>>. 
 
-To help you prioritize remediation efforts, you can filter and sort your findings based on these fields.
+image::images/cnvm-findings-page.png[The Vulnerabilities tab of the Findings page]
 
-Clicking on a finding provides a detailed description of the vulnerability, and any available remediation information.
+[discrete]
+[[cnvm-what-are-findings]]
+== What are CNVM findings?
 
+CNVM findings represent security vulnerabilities detected in your cloud. They include metadata such as the CVE identifier, CVSS score, severity, affected package, and fix version if available, as well as information about impacted systems.
 
-image::images/cnvm-findings-page.png[The Vulnerabilities tab of the Findings page]
+Clicking on a finding provides a detailed description of the vulnerability, and any available remediation information.
 
 
 [discrete]
 [[vuln-findings-grouping]]
-== Group, sort, and filter findings
+== Group and filter findings
+
+To help you prioritize remediation efforts, you can organize findings in various ways.
+
+[discrete]
+=== Group findings
+
+Click **Group vulnerabilities by** to group your data by a field. Select one of the suggested fields or **Custom field** to choose your own. You can select up to three group fields at once.
+. When grouping is turned on, click a group to expand it and examine all sub-groups or findings within that group.
+. To turn off grouping, click **Group vulnerabilities by:** and select **None**.
 
-You can group your data by resource by selecting *Resource* from the *Group by* menu. When data is grouped by resource, you can click on the name of a virtual machine to view all vulnerabilities that were found on it.
+NOTE: Multiple groupings apply to your data in the order you selected them. For example, if you first select **Cloud account**, then select **Resource**, the top-level grouping will be based on **Cloud account**, and its subordinate grouping will be based on **Resource**, as demonstrated in the following screenshot:
 
 image::images/cnvm-findings-grouped.png[The Vulnerabilities tab of the Findings page]
 
+[discrete]
+[[cnvm-filter-findings]]
+=== Filter findings
+You can filter the data in two ways:
 
-When *Group by* is set to *None*, you can sort the Findings table by clicking the column headings or the *Sort fields* button to the upper left of the table. When sorting is active, the *Sort fields* button changes to *X fields sorted* (where _X_ is the number of fields sorting your data), and can be used to modify or clear sorting.
+* *KQL search bar*: For example, search for `vulnerability.severity : "HIGH"` to view high severity vulnerabilities.
+* *In-table value filters*: Hover over a finding to display available inline actions. Use the **Filter In** (plus) and **Filter Out** (minus) buttons.
 
-Independent of grouping, you can filter data in two ways:
+[discrete]
+[[cnvm-customize-the-findings-table]]
+=== Customize the Findings table
+When grouping is turned off, you can use the toolbar buttons in the upper-left of the Findings table to select which columns appear:
 
-- *The KQL search bar*: Use this to filter your findings. For example, search for `vulnerability.id : CVE-2019-00001` to view all findings related to a particular vulnerability.
+* **Columns**: Select the left-to-right order in which columns appear.
+* **Sort fields**: Sort the table by one or more columns, or turn sorting off.
+* **Fields**: Select which fields to display for each finding. Selected fields appear in the table and the **Columns** menu.
 
-- *In-table value filters*: Hover over a vulnerability CVE ID to display available inline actions. Use the Filter In (*+*) and Filter Out (*-*) buttons.
+TIP: You can also click a column's name to open a menu that allows you to perform multiple actions on the column. 
 
 [discrete]
 [[vuln-findings-learn-more]]
@@ -36,14 +58,6 @@ Click a vulnerability to open the vulnerability details flyout. This flyout incl
 
 When you open the vulnerability details flyout, it defaults to the *Overview* tab, which highlights key information. To view every field present in the vulnerability document, select the *Table* or *JSON* tabs.
 
-[discrete]
-[[cnvm-customize-the-findings-table]]
-=== Customize the Findings table
-Use the toolbar buttons in the upper-left of the Findings table to customize the columns you want displayed:
-
-* **Columns**: Select which columns to display.
-* **_x_ fields sorted**: Sort the table by one or more columns.
-
 [discrete]
 [[vuln-findings-remediate]]
 == Remediate vulnerabilities