diff --git a/docs/detections/alerts-view-details.asciidoc b/docs/detections/alerts-view-details.asciidoc index 9ccb359d73..83ba78e3dc 100644 --- a/docs/detections/alerts-view-details.asciidoc +++ b/docs/detections/alerts-view-details.asciidoc @@ -52,7 +52,7 @@ IMPORTANT: If you've enabled grouping on the Alerts page, the alert details flyo [[preview-panel]] === Preview panel -Some areas in the flyout provide previews when you click on them. For example, clicking **Show rule summary** in the rule description displays a preview of the rule's details. To close the preview, click **x**. +Some areas in the flyout provide previews when you click on them. For example, clicking **Show rule summary** in the rule description displays a preview of the rule's details. To close the preview, click **Back** or **x**. [role="screenshot"] image::images/alert-details-flyout-preview-panel.gif[Preview panel of the alert details flyout, 65%] @@ -67,13 +67,13 @@ The left panel provides an expanded view of what's shown in the right panel. To + [role="screenshot"] -image::images/expand-details-button.png[Expand details button at the top of the alert details flyout, 45%] +image::images/expand-details-button.png[Expand details button at the top of the alert details flyout, 65%] * Click one of the section titles on the **Overview** tab within the right panel. + [role="screenshot"] -image::images/alert-details-flyout-left-panel.png[Left panel of the alert details flyout, 45%] +image::images/alert-details-flyout-left-panel.png[Left panel of the alert details flyout, 65%] [discrete] [[about-section]] @@ -201,7 +201,7 @@ From the right panel, click **Threat intelligence** to open the expanded Threat NOTE: The expanded threat intelligence view queries indices specified in the `securitySolution:defaultThreatIndex` advanced setting. Refer to <> to learn more about threat intelligence indices. [role="screenshot"] -image::images/expanded-threat-intelligence-view.png[Expanded view of threat intelligence on the alert, 70%] +image::images/expanded-threat-intelligence-view.png[Expanded view of threat intelligence on the alert, 80%] The expanded Threat intelligence view shows individual indicators within the alert document. You can expand and collapse indicator details by clicking the arrow button at the end of the indicator label. Each indicator is labeled with values from the `matched.field` and `matched.atomic` fields and displays the threat intelligence provider. @@ -256,7 +256,7 @@ NOTE: To access data about alerts related by process ancestry, you must have a h From the right panel, click **Correlations** to open the expanded Correlations view within the left panel. [role="screenshot"] -image::images/expanded-correlations-view.png[Expanded view of correlation data, 65%] +image::images/expanded-correlations-view.png[Expanded view of correlation data, 75%] In the expanded view, corelation data is organized into several tables: diff --git a/docs/detections/images/alert-details-flyout-preview-panel.gif b/docs/detections/images/alert-details-flyout-preview-panel.gif index 52f91aaf38..0e27cbf7dc 100644 Binary files a/docs/detections/images/alert-details-flyout-preview-panel.gif and b/docs/detections/images/alert-details-flyout-preview-panel.gif differ diff --git a/docs/detections/images/alert-details-flyout-right-panel.png b/docs/detections/images/alert-details-flyout-right-panel.png index 1f01cda76a..e1072a26f5 100644 Binary files a/docs/detections/images/alert-details-flyout-right-panel.png and b/docs/detections/images/alert-details-flyout-right-panel.png differ diff --git a/docs/detections/images/expand-details-button.png b/docs/detections/images/expand-details-button.png index 2a53fac260..3152e9cad2 100644 Binary files a/docs/detections/images/expand-details-button.png and b/docs/detections/images/expand-details-button.png differ diff --git a/docs/detections/images/expanded-correlations-view.png b/docs/detections/images/expanded-correlations-view.png index 2aa9b75275..7679fa88c5 100644 Binary files a/docs/detections/images/expanded-correlations-view.png and b/docs/detections/images/expanded-correlations-view.png differ diff --git a/docs/detections/images/expanded-entities-view.png b/docs/detections/images/expanded-entities-view.png index e7f05fe2ed..6a37b0cb0e 100644 Binary files a/docs/detections/images/expanded-entities-view.png and b/docs/detections/images/expanded-entities-view.png differ diff --git a/docs/detections/images/expanded-prevalence-view.png b/docs/detections/images/expanded-prevalence-view.png index 48c44f6a18..2bfe84fa1a 100644 Binary files a/docs/detections/images/expanded-prevalence-view.png and b/docs/detections/images/expanded-prevalence-view.png differ diff --git a/docs/detections/images/expanded-threat-intelligence-view.png b/docs/detections/images/expanded-threat-intelligence-view.png index da4632101c..0fff543aa7 100644 Binary files a/docs/detections/images/expanded-threat-intelligence-view.png and b/docs/detections/images/expanded-threat-intelligence-view.png differ diff --git a/docs/detections/images/ig-alert-flyout-invest-tab.png b/docs/detections/images/ig-alert-flyout-invest-tab.png index b686a3f4c0..b778699fb1 100644 Binary files a/docs/detections/images/ig-alert-flyout-invest-tab.png and b/docs/detections/images/ig-alert-flyout-invest-tab.png differ diff --git a/docs/detections/images/ig-alert-flyout.png b/docs/detections/images/ig-alert-flyout.png index eb6a4eee6a..a7a8bbe744 100644 Binary files a/docs/detections/images/ig-alert-flyout.png and b/docs/detections/images/ig-alert-flyout.png differ diff --git a/docs/detections/images/ig-timeline-query.png b/docs/detections/images/ig-timeline-query.png index 48f3029494..3999031407 100644 Binary files a/docs/detections/images/ig-timeline-query.png and b/docs/detections/images/ig-timeline-query.png differ diff --git a/docs/detections/images/ig-timeline.png b/docs/detections/images/ig-timeline.png index 706891bb91..d5ad773504 100644 Binary files a/docs/detections/images/ig-timeline.png and b/docs/detections/images/ig-timeline.png differ diff --git a/docs/detections/images/open-alert-details-flyout.gif b/docs/detections/images/open-alert-details-flyout.gif index 462ff9f429..29a156e35c 100644 Binary files a/docs/detections/images/open-alert-details-flyout.gif and b/docs/detections/images/open-alert-details-flyout.gif differ diff --git a/docs/events/images/correlation-tab-eql-query.png b/docs/events/images/correlation-tab-eql-query.png index 2c2a104489..56d45538a3 100644 Binary files a/docs/events/images/correlation-tab-eql-query.png and b/docs/events/images/correlation-tab-eql-query.png differ diff --git a/docs/events/images/create-a-timeline-template-field.png b/docs/events/images/create-a-timeline-template-field.png index 6b2fd0ea1c..5a13242d44 100644 Binary files a/docs/events/images/create-a-timeline-template-field.png and b/docs/events/images/create-a-timeline-template-field.png differ diff --git a/docs/events/images/timeline-sidebar.png b/docs/events/images/timeline-sidebar.png index 2c4152ffeb..76d45ff77a 100644 Binary files a/docs/events/images/timeline-sidebar.png and b/docs/events/images/timeline-sidebar.png differ diff --git a/docs/events/images/timeline-ui-renderer.png b/docs/events/images/timeline-ui-renderer.png index e799fe2236..207d5e5ccb 100644 Binary files a/docs/events/images/timeline-ui-renderer.png and b/docs/events/images/timeline-ui-renderer.png differ diff --git a/docs/events/images/timeline-ui-updated.png b/docs/events/images/timeline-ui-updated.png index 4149116feb..63450436cd 100644 Binary files a/docs/events/images/timeline-ui-updated.png and b/docs/events/images/timeline-ui-updated.png differ diff --git a/docs/events/timeline-ui-overview.asciidoc b/docs/events/timeline-ui-overview.asciidoc index ebaaa901f9..4459a9149a 100644 --- a/docs/events/timeline-ui-overview.asciidoc +++ b/docs/events/timeline-ui-overview.asciidoc @@ -58,7 +58,7 @@ Many types of events automatically appear in preconfigured views that provide re contextual information, called *Event renderers*. All event renderers are turned off by default. To turn them on, use the **Event renderers** toggle at the top of the results pane. To only turn on specific event renderers, click the gear (image:images/customize-event-renderers.png[The customize event renderer button,20,20]) icon next to the toggle, and select the ones you want enabled. Close the **Customize event renderers** pane when you're done. Your changes are automatically applied to Timeline. [role="screenshot"] -image::images/timeline-ui-renderer.png[example timeline with the event renderer highlighted] +image::images/timeline-ui-renderer.png[example timeline with the event renderer highlighted, 70%] The example above displays the Flow event renderer, which highlights the movement of data between its source and destination. If you see a particular part of the rendered event that @@ -101,7 +101,7 @@ TIP: Collapse the query builder to provide more space for Timeline results by cl Click a filter to access additional operations such as *Add filter*, *Clear all*, *Load saved query*, and more: [role="screenshot"] -image::images/timeline-ui-filter-options.png[width=30%] +image::images/timeline-ui-filter-options.png[width=60%] Here are examples of various types of filters: