Restructure Attack Discovery docs (structural changes only, no content rewrites)#7448
Draft
nastasha-solomon wants to merge 2 commits into
Draft
Restructure Attack Discovery docs (structural changes only, no content rewrites)#7448nastasha-solomon wants to merge 2 commits into
nastasha-solomon wants to merge 2 commits into
Conversation
Contributor
Elastic Docs AI PR menuCheck the box to run an AI review for this pull request.
Powered by GitHub Agentic Workflows and docs-actions. For more information, reach out to the docs team. |
Contributor
Contributor
Elastic Docs Style Checker (Vale)Summary: 2 warnings, 4 suggestions found
|
| File | Line | Rule | Message |
|---|---|---|---|
| explore-analyze/workflows/use-cases/security/automate-security-operations/ai-driven-alert-triage.md | 18 | Elastic.Spelling | 'triages' is a possible misspelling. |
| solutions/security/ai/attack-discovery/attack-discovery.md | 2 | Elastic.MappedPages | mapped_pages should only be added or updated in rare scenarios. Talk with your local technical writer before pushing changes to this key. |
💡 Suggestions (4): Optional style improvements. Apply when helpful.
| File | Line | Rule | Message |
|---|---|---|---|
| solutions/security/ai/attack-discovery/attacks-page.md | 20 | Elastic.Semicolons | Use semicolons judiciously. |
| solutions/security/ai/attack-discovery/manage-discoveries.md | 62 | Elastic.WordChoice | Consider using 'can, might' instead of 'may', unless the term is in the UI. |
| solutions/security/ai/attack-discovery/manage-discoveries.md | 64 | Elastic.Wordiness | Consider using 'act' instead of 'Take action'. |
| solutions/security/ai/identify-investigate-document-threats.md | 28 | Elastic.WordChoice | Consider using 'can, might' instead of 'may', unless the term is in the UI. |
The Vale linter checks documentation changes against the Elastic Docs style guide. To use Vale locally or report issues, refer to Elastic style guide for Vale.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes https://github.com/elastic/docs-content-internal/issues/1493
The Attack Discovery docs lived almost entirely on one large page, with RBAC, manual runs, scheduling, and settings stacked into a single file alongside two loosely-related siblings.
This made it hard to:
As a result, reviews were harder to scope, content was harder to find, and the reading experience suffered from one page trying to do too much.
What changed
This is solely a change to the existing structure, not a content rewrite. Every existing instruction stays as written, just relocated and occasionally retitled. The major changes are as follows:
solutions/security/ai/attack-discovery/folder, split into focused, predictable pages that each own a single task or concept.so the section is now consistent with the rest of the site.
Before → After
Before: One monolithic page plus two loosely attached siblings:
After: Dedicated pages for individual tasks, each flows naturally:
(1) Page is applicable to users who are on 9.4+/Serverless and have enabled the "Enable alerts and attacks alignment" advanced setting.
(2) Page is applicable to users who are are on 9.4+/Serverless or earlier and are using the default setup/UI for Attack Discovery. It is not users haven't enabled the "Enable alerts and attacks alignment" advanced setting.
Improvements
Previews
Attack Discovery
Generative AI disclosure