[Quality][Security] Improve usability of the "Detections requirements" page #4937
Conversation
Vale Linting ResultsSummary: 3 suggestions found 💡 Suggestions (3)
The Vale linter checks documentation changes against the Elastic Docs style guide. To use Vale locally or report issues, refer to Elastic style guide for Vale. |
|
|
||
| {{kib}} privileges | ||
| : - {applies_to}`stack: ga 9.0` `All` for the `Security` feature | ||
| - {applies_to}`stack: ga 9.3` {applies_to}`serverless: ga` `All` for the `Rules` and `Saved Objects Management` features |
There was a problem hiding this comment.
We've had some discussions on the team and I think we can remove the Saved Objects Management privilege from our requirements as this can lead to unintentional access to other SO's outside of the security team.
There was a problem hiding this comment.
Would that change eventually go into 9.4 and Serverless? If so, I'd add it here once the changes were released.
benironside
left a comment
benironside
left a comment
There was a problem hiding this comment.
LGTM! Love the reorg, splitting "Turn on detections" from "Detections privileges" makes this section more intuitive and navigable IMO.
Co-authored-by: Benjamin Ironside Goldstein <[email protected]>
Co-authored-by: Benjamin Ironside Goldstein <[email protected]>
Summary
Fixes https://github.com/elastic/docs-content-internal/issues/511
This PR improves the organization, usability, and clarity of the Elastic Security detections documentation by splitting a dense requirements page into focused, task-oriented guides.
Note: This PR will eventually include exception priv docs that are being written in #4400.
Major Changes
1. Split
detections-requirements.mdinto two focused pagesBefore: A single long page mixed setup instructions, privilege requirements, custom role configuration, and advanced settings—making it difficult for users to find what they needed.
After:
detections-requirements.md→ "Turn on detections": A streamlined quick-start guide focused on enabling the detections feature. Previewdetections-privileges.md→ "Detections privileges": A comprehensive reference for privilege requirements, predefined roles, and the authorization model. Preview2. Reorganized content by deployment type
The setup instructions now use a tabbed interface organized by deployment type (Serverless → Cloud → Self-managed), letting users jump directly to their relevant configuration. Self-managed setup uses a stepper component for clear sequential steps. Preview
3. Improved "next steps" guidance
Added a comprehensive "Start detecting threats" section (preview) that guides users through:
4. Relocated content to contextually appropriate pages
create-manage-value-lists.md, where users actually perform that task. Preview5. Clarified index privilege requirements
Added an "About index privileges" section (preview) that explains:
Generative AI disclosure
Cursor, claude-4.5-opus-high