From ab153ef6a1d91aaefafa12bd9682d3fba041adbf Mon Sep 17 00:00:00 2001
From: natasha-moore-elastic
<137783811+natasha-moore-elastic@users.noreply.github.com>
Date: Thu, 17 Oct 2024 08:57:46 +0100
Subject: [PATCH 1/2] Update text about risk scoring recalculation after file
upload (#5924)
(cherry picked from commit dd3b9e76ac90b72552793b9077d7b1c5fb92f05e)
# Conflicts:
# docs/serverless/advanced-entity-analytics/asset-criticality.mdx
---
.../asset-criticality.asciidoc | 6 +-
.../asset-criticality.mdx | 115 ++++++++++++++++++
2 files changed, 119 insertions(+), 2 deletions(-)
create mode 100644 docs/serverless/advanced-entity-analytics/asset-criticality.mdx
diff --git a/docs/advanced-entity-analytics/asset-criticality.asciidoc b/docs/advanced-entity-analytics/asset-criticality.asciidoc
index 111b0d5561..cef15b6b30 100644
--- a/docs/advanced-entity-analytics/asset-criticality.asciidoc
+++ b/docs/advanced-entity-analytics/asset-criticality.asciidoc
@@ -30,7 +30,7 @@ Entities do not have a default asset criticality level. You can either assign as
When you assign, change, or unassign an individual entity's asset criticality level, that entity's risk score is immediately recalculated.
-NOTE: If you assign asset criticality using the file import feature, risk scores are **not** immediately recalculated. The newly assigned or updated asset criticality levels will impact entity risk scores during the next hourly risk scoring calculation.
+NOTE: If you assign asset criticality using the file import feature, risk scores are **not** immediately recalculated. However, you can trigger an immediate recalculation by clicking **Recalculate entity risk scores now**. Otherwise, the newly assigned or updated asset criticality levels will be factored in during the next hourly risk scoring calculation.
You can view, assign, change, or unassign asset criticality from the following places in the {elastic-sec} app:
@@ -84,7 +84,9 @@ To import a file:
NOTE: The file validation step highlights any lines that don't follow the required file structure. The asset criticality levels for those entities won't be assigned. We recommend that you fix any invalid lines and re-upload the file.
. Click **Assign**.
-This process overwrites any previously assigned asset criticality levels for the entities included in the imported file. The newly assigned or updated asset criticality levels are immediately visible within all asset criticality workflows and will impact entity risk scores during the next risk scoring calculation.
+This process overwrites any previously assigned asset criticality levels for the entities included in the imported file. The newly assigned or updated asset criticality levels are immediately visible within all asset criticality workflows.
+
+You can trigger an immediate recalculation of entity risk scores by clicking **Recalculate entity risk scores now**. Otherwise, the newly assigned or updated asset criticality levels will be factored in during the next hourly risk scoring calculation.
[discrete]
== Improve your security operations
diff --git a/docs/serverless/advanced-entity-analytics/asset-criticality.mdx b/docs/serverless/advanced-entity-analytics/asset-criticality.mdx
new file mode 100644
index 0000000000..a14d6accaf
--- /dev/null
+++ b/docs/serverless/advanced-entity-analytics/asset-criticality.mdx
@@ -0,0 +1,115 @@
+---
+slug: /serverless/security/asset-criticality
+title: Asset criticality
+description: Learn how to use asset criticality to improve your security operations.
+tags: [ 'serverless', 'security', 'overview', 'analyze' ]
+status: in review
+---
+
+
+
+
+To view and assign asset criticality, you must:
+* Have the appropriate user role.
+* Turn on the `securitySolution:enableAssetCriticality` advanced setting.
+
+For more information, refer to Entity risk scoring prerequisites.
+
+
+The asset criticality feature allows you to classify your organization's entities based on various operational factors that are important to your organization. Through this classification, you can improve your threat detection capabilities by focusing your alert triage, threat-hunting, and investigation activities on high-impact entities.
+
+You can assign one of the following asset criticality levels to your entities, based on their impact:
+
+* Low impact
+* Medium impact
+* High impact
+* Extreme impact
+
+For example, you can assign **Extreme impact** to business-critical entities, or **Low impact** to entities that pose minimal risk to your security posture.
+
+## View and assign asset criticality
+
+Entities do not have a default asset criticality level. You can either assign asset criticality to your entities individually, or bulk assign it to multiple entities by importing a text file.
+
+When you assign, change, or unassign an individual entity's asset criticality level, that entity's risk score is immediately recalculated.
+
+
+If you assign asset criticality using the file import feature, risk scores are **not** immediately recalculated. However, you can trigger an immediate recalculation by clicking **Recalculate entity risk scores now**. Otherwise, the newly assigned or updated asset criticality levels will be factored in during the next hourly risk scoring calculation.
+
+
+You can view, assign, change, or unassign asset criticality from the following places in the ((elastic-sec)) app:
+
+* The host details page and user details page:
+
+ 
+
+* The host details flyout and user details flyout:
+
+ 
+
+* The host details flyout and user details flyout in Timeline:
+
+ 
+
+### Bulk assign asset criticality
+
+You can bulk assign asset criticality to multiple entities by importing a CSV, TXT or TSV file from your asset management tools.
+
+The file must contain three columns, with each entity record listed on a separate row:
+
+1. The first column should indicate whether the entity is a `host` or a `user`.
+1. The second column should specify the entity's `host.name` or `user.name`.
+1. The third column should specify one of the following asset criticality levels:
+ * `extreme_impact`
+ * `high_impact`
+ * `medium_impact`
+ * `low_impact`
+
+The maximum file size is 1 MB.
+
+File structure example:
+
+```
+user,user-001,low_impact
+user,user-002,medium_impact
+host,host-001,extreme_impact
+````
+
+To import a file:
+1. Go to **Project Settings** → **Stack Management** → **Asset criticality**.
+1. Select or drag and drop the file you want to import.
+
+
+ The file validation step highlights any lines that don't follow the required file structure. The asset criticality levels for those entities won't be assigned. We recommend that you fix any invalid lines and re-upload the file.
+
+
+1. Click **Assign**.
+
+This process overwrites any previously assigned asset criticality levels for the entities included in the imported file. The newly assigned or updated asset criticality levels are immediately visible within all asset criticality workflows.
+
+You can trigger an immediate recalculation of entity risk scores by clicking **Recalculate entity risk scores now**. Otherwise, the newly assigned or updated asset criticality levels will be factored in during the next hourly risk scoring calculation.
+
+## Improve your security operations
+
+With asset criticality, you can improve your security operations by:
+
+* Prioritizing open alerts
+* Monitoring an entity's risk
+
+### Prioritize open alerts
+
+You can use asset criticality as a prioritization factor when triaging alerts and conducting investigations and response activities.
+
+Once you assign a criticality level to an entity, all subsequent alerts related to that entity are enriched with its criticality level. This additional context allows you to prioritize alerts associated with business-critical entities.
+
+### Monitor an entity's risk
+
+The risk scoring engine dynamically factors in an entity's asset criticality, along with `Open` and `Acknowledged` detection alerts to calculate the entity's overall risk score. This dynamic risk scoring allows you to monitor changes in the risk profiles of your most sensitive entities, and quickly escalate high-risk threats.
+
+To view the impact of asset criticality on an entity's risk score, follow these steps:
+
+1. Open the host details flyout or user details flyout. The risk summary section shows asset criticality's contribution to the overall risk score.
+1. Click **View risk contributions** to open the flyout's left panel.
+1. In the **Risk contributions** section, verify the entity's criticality level from the time the alert was generated.
+
+
From 2433898efd164c48b774868a67a7c802434aff32 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
Date: Thu, 17 Oct 2024 07:59:18 +0000
Subject: [PATCH 2/2] Delete docs/serverless directory and its contents
---
.../asset-criticality.mdx | 115 ------------------
1 file changed, 115 deletions(-)
delete mode 100644 docs/serverless/advanced-entity-analytics/asset-criticality.mdx
diff --git a/docs/serverless/advanced-entity-analytics/asset-criticality.mdx b/docs/serverless/advanced-entity-analytics/asset-criticality.mdx
deleted file mode 100644
index a14d6accaf..0000000000
--- a/docs/serverless/advanced-entity-analytics/asset-criticality.mdx
+++ /dev/null
@@ -1,115 +0,0 @@
----
-slug: /serverless/security/asset-criticality
-title: Asset criticality
-description: Learn how to use asset criticality to improve your security operations.
-tags: [ 'serverless', 'security', 'overview', 'analyze' ]
-status: in review
----
-
-
-
-
-To view and assign asset criticality, you must:
-* Have the appropriate user role.
-* Turn on the `securitySolution:enableAssetCriticality` advanced setting.
-
-For more information, refer to Entity risk scoring prerequisites.
-
-
-The asset criticality feature allows you to classify your organization's entities based on various operational factors that are important to your organization. Through this classification, you can improve your threat detection capabilities by focusing your alert triage, threat-hunting, and investigation activities on high-impact entities.
-
-You can assign one of the following asset criticality levels to your entities, based on their impact:
-
-* Low impact
-* Medium impact
-* High impact
-* Extreme impact
-
-For example, you can assign **Extreme impact** to business-critical entities, or **Low impact** to entities that pose minimal risk to your security posture.
-
-## View and assign asset criticality
-
-Entities do not have a default asset criticality level. You can either assign asset criticality to your entities individually, or bulk assign it to multiple entities by importing a text file.
-
-When you assign, change, or unassign an individual entity's asset criticality level, that entity's risk score is immediately recalculated.
-
-
-If you assign asset criticality using the file import feature, risk scores are **not** immediately recalculated. However, you can trigger an immediate recalculation by clicking **Recalculate entity risk scores now**. Otherwise, the newly assigned or updated asset criticality levels will be factored in during the next hourly risk scoring calculation.
-
-
-You can view, assign, change, or unassign asset criticality from the following places in the ((elastic-sec)) app:
-
-* The host details page and user details page:
-
- 
-
-* The host details flyout and user details flyout:
-
- 
-
-* The host details flyout and user details flyout in Timeline:
-
- 
-
-### Bulk assign asset criticality
-
-You can bulk assign asset criticality to multiple entities by importing a CSV, TXT or TSV file from your asset management tools.
-
-The file must contain three columns, with each entity record listed on a separate row:
-
-1. The first column should indicate whether the entity is a `host` or a `user`.
-1. The second column should specify the entity's `host.name` or `user.name`.
-1. The third column should specify one of the following asset criticality levels:
- * `extreme_impact`
- * `high_impact`
- * `medium_impact`
- * `low_impact`
-
-The maximum file size is 1 MB.
-
-File structure example:
-
-```
-user,user-001,low_impact
-user,user-002,medium_impact
-host,host-001,extreme_impact
-````
-
-To import a file:
-1. Go to **Project Settings** → **Stack Management** → **Asset criticality**.
-1. Select or drag and drop the file you want to import.
-
-
- The file validation step highlights any lines that don't follow the required file structure. The asset criticality levels for those entities won't be assigned. We recommend that you fix any invalid lines and re-upload the file.
-
-
-1. Click **Assign**.
-
-This process overwrites any previously assigned asset criticality levels for the entities included in the imported file. The newly assigned or updated asset criticality levels are immediately visible within all asset criticality workflows.
-
-You can trigger an immediate recalculation of entity risk scores by clicking **Recalculate entity risk scores now**. Otherwise, the newly assigned or updated asset criticality levels will be factored in during the next hourly risk scoring calculation.
-
-## Improve your security operations
-
-With asset criticality, you can improve your security operations by:
-
-* Prioritizing open alerts
-* Monitoring an entity's risk
-
-### Prioritize open alerts
-
-You can use asset criticality as a prioritization factor when triaging alerts and conducting investigations and response activities.
-
-Once you assign a criticality level to an entity, all subsequent alerts related to that entity are enriched with its criticality level. This additional context allows you to prioritize alerts associated with business-critical entities.
-
-### Monitor an entity's risk
-
-The risk scoring engine dynamically factors in an entity's asset criticality, along with `Open` and `Acknowledged` detection alerts to calculate the entity's overall risk score. This dynamic risk scoring allows you to monitor changes in the risk profiles of your most sensitive entities, and quickly escalate high-risk threats.
-
-To view the impact of asset criticality on an entity's risk score, follow these steps:
-
-1. Open the host details flyout or user details flyout. The risk summary section shows asset criticality's contribution to the overall risk score.
-1. Click **View risk contributions** to open the flyout's left panel.
-1. In the **Risk contributions** section, verify the entity's criticality level from the time the alert was generated.
-
-