SIEM section doc updates

2020-04-20 13:19:42 +03:00 · 2020-04-20 13:19:42 +03:00 · fc55d90a6d
parent ab1d8e3023
commit fc55d90a6d
3 changed files with 19 additions and 0 deletions
--- a/docs/management/advanced-options.asciidoc
+++ b/docs/management/advanced-options.asciidoc
@ -217,6 +217,9 @@ might increase the search time. This setting is off by default. Users must opt-i
 [horizontal]
 `siem:defaultAnomalyScore`:: The threshold above which Machine Learning job anomalies are displayed in the SIEM app.
 `siem:defaultIndex`:: A comma-delimited list of Elasticsearch indices from which the SIEM app collects events.
+`siem:ipReputationLinks`:: A JSON array containing links for verifying an IP
+address’s reputation. The links are displayed on
+{siem-guide}/siem-ui-overview.html#network-ui[IP detail] pages.
 `siem:enableNewsFeed`:: Enables the security news feed on the SIEM *Overview*
 page.
 `siem:newsFeedUrl`:: The URL from which the security news feed content is
--- a/docs/siem/images/cases-ui.png
+++ b/docs/siem/images/cases-ui.png
--- a/docs/siem/siem-ui.asciidoc
+++ b/docs/siem/siem-ui.asciidoc
@ -50,6 +50,22 @@ or the Detections API.
 [role="screenshot"]
 image::siem/images/detections-ui.png[]

+[float]
+[[cases-ui]]
+=== Cases (Beta)
+
+Cases are used to open and track security issues directly in the {siem-app}. 
+They list the original reporter and all users who contribute to a case
+(`participants`). Case comments support markdown syntax, and allow linking to
+saved Timelines. Additionally, you can send cases to external systems from
+within the {siem-app} (currently ServiceNow).
+
+For information about opening, updating, and closing cases, see
+{siem-guide}/cases-overview.html[Cases] in the SIEM Guide.
+
+[role="screenshot"]
+image::siem/images/cases-ui.png[]
+
 [float]
 [[timelines-ui]]
 === Timeline