Skip to content

Documents CPS scope fields on Security alerts and detection rules#6594

Merged
nastasha-solomon merged 5 commits into
mainfrom
issue-6497-cps-rules
May 27, 2026
Merged

Documents CPS scope fields on Security alerts and detection rules#6594
nastasha-solomon merged 5 commits into
mainfrom
issue-6497-cps-rules

Conversation

@nastasha-solomon
Copy link
Copy Markdown
Member

@nastasha-solomon nastasha-solomon commented May 20, 2026
edited
Loading

Summary

Fixes #6497 by doc'ing the CPS scope fields on Security alerts and detection rules.

Previews

  • Alert schema: Added descriptions for the new kibana.cps_scope.expression and kibana.cps_scope.linked_projects fields and clarified the kibana.space_ids field description.
  • Cross-project search and detection rules: New section that explains how CPS scope is recorded on alert documents and in the event log. Includes with field references and an example event log query for investigations.

Generative AI disclosure

  1. Did you use a generative AI (GenAI) tool to assist in creating this contribution?
  • Yes - Cursor + Auto
  • No

@nastasha-solomon nastasha-solomon self-assigned this May 20, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 20, 2026

Elastic Docs AI PR menu

Check the box to run an AI review for this pull request.

  • Review docs changes (docs-review). Status: not started.

Powered by GitHub Agentic Workflows and docs-actions. For more information, reach out to the docs team.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 20, 2026
edited
Loading

🔍 Preview links for changed docs

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 20, 2026
edited
Loading

✅ Vale Linting Results

No issues found on modified lines!

The Vale linter checks documentation changes against the Elastic Docs style guide.

To use Vale locally or report issues, refer to Elastic style guide for Vale.

@nastasha-solomon nastasha-solomon marked this pull request as ready for review May 21, 2026 01:25
@nastasha-solomon nastasha-solomon requested a review from a team as a code owner May 21, 2026 01:25
hannahbrooks
hannahbrooks reviewed May 25, 2026
View reviewed changes
Comment thread solutions/security/detect-and-alert/cross-project-search-detection-rules.md Outdated
hannahbrooks
hannahbrooks approved these changes May 25, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@hannahbrooks hannahbrooks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good to me! thank you @nastasha-solomon

florent-leborgne
florent-leborgne approved these changes May 26, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@florent-leborgne florent-leborgne left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nothing blocking just a few small comments, overall LGTM!

Comment thread solutions/security/detect-and-alert/cross-project-search-detection-rules.md Outdated
Comment thread solutions/security/detect-and-alert/cross-project-search-detection-rules.md Outdated
Comment thread solutions/security/detect-and-alert/cross-project-search-detection-rules.md Outdated
@nastasha-solomon nastasha-solomon merged commit d98e351 into main May 27, 2026
8 checks passed
@nastasha-solomon nastasha-solomon deleted the issue-6497-cps-rules branch May 27, 2026 00:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@florent-leborgne florent-leborgne florent-leborgne approved these changes

@hannahbrooks hannahbrooks hannahbrooks approved these changes

Assignees

@nastasha-solomon nastasha-solomon

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

View which cross-project search context a detection rule ran in when an alert was generated

3 participants

@nastasha-solomon @florent-leborgne @hannahbrooks