Skip to content

Documents new RBAC for value reports #3817

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 15 commits into from
Nov 13, 2025
Merged

Documents new RBAC for value reports #3817

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
379e164
Documents RBAC for AI SOC value report
benironside Nov 5, 2025
c23c007
links to kibana privs docs
benironside Nov 5, 2025
6f777b5
adds value report page to ToC again
benironside Nov 5, 2025
9409e81
fixes applies to
benironside Nov 5, 2025
5881e0a
Update solutions/security/ai/ease/ease-value-report.md
benironside Nov 6, 2025
5046908
Merge branch 'main' into 3720-value-report
benironside Nov 6, 2025
51da14b
Incorporates reviews
benironside Nov 6, 2025
7796dc2
Merge branch 'main' into 3720-value-report
benironside Nov 6, 2025
2e6db25
Moves Features section up on EASE intro page
benironside Nov 7, 2025
ef68d09
Merge branch 'main' into 3720-value-report
benironside Nov 7, 2025
a206241
Incorporates Florent's review
benironside Nov 12, 2025
df53f89
Merge branch 'main' into 3720-value-report
benironside Nov 12, 2025
9cb7ded
Merge branch 'main' into 3720-value-report
benironside Nov 12, 2025
dd25dd2
Update solutions/security/ai/ease/ease-intro.md
florent-leborgne Nov 13, 2025
b3999e5
Merge branch 'main' into 3720-value-report
benironside Nov 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Binary file added solutions/images/security-value-report-rbac.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
18 changes: 16 additions & 2 deletions solutions/security/ai/ease/ease-value-report.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,9 @@ applies_to:
security: preview
---

# EASE Value Report
# Value Report

The **Value report** page estimates your savings from using Elastic AI SOC Engine (EASE) for alert triage, in terms of **Analyst time saved** and **Cost Savings**. The message at the top of the page explains how those numbers were determined, and how many alerts were **Escalated** and **Filtered** by AI.
The **Value report** page estimates your savings from using Elastic's AI SOC features for alert triage, in terms of **Analyst time saved** and **Cost Savings**. The message at the top of the page explains how those numbers were determined, and how many alerts were **Escalated** and **Filtered** by AI.

You can interact with the page in the following ways:

Expand All @@ -18,3 +18,17 @@ You can interact with the page in the following ways:
:::{image} /solutions/images/security-ease-value-report.png
:alt: The Value Report in an EASE project
:::

## Requirements

```{applies_to}
serverless: preview
stack: preview 9.3
```
Comment on lines +16 to +19
Copy link
Contributor

@florent-leborgne florent-leborgne Nov 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice usage of applies_to. One thing though:

  • "stack" doesn't exist at the page level. Is the feature available there too?
  • This also sounds confusing to me because EASE is a serverless project type and we're in the EASE docs.

Can you look into this? Happy to provide input about what to do once we know more exactly what is available where and what do we need to call out (or locate things) exactly

Copy link
Contributor Author

@benironside benironside Nov 6, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point Florent. This page was initially introduced just for the EASE feature tier of the Serverless Security project type. It's now available in the security analytics complete feature tier of Serverless Security — and also planned for Stack 9.3.

I've added stack: preview 9.3 at the page level. Also, as part of this PR I made it so that this page appears in two places in the ToC:

  • The original place, within the EASE docs (which is a sub-section within the AI docs section)
  • A new place, within the AI docs section but not within the EASE sub-section.
    My thinking here is that this page should still be findable in the EASE docs since it's one of this feature tier's core features, and it should also be findable when a user is just looking at the AI for Security docs, but not EASE specifically.

What do you think?

Copy link
Contributor Author

@benironside benironside Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, to address your comment about possibly linking to this page from this section, I'd recommend against it. The pages in that section are dedicated specifically to requirements — they aren't feature pages with requirements sections, such as the one this PR updates. I think the link would be out of place there.

Copy link
Contributor

@florent-leborgne florent-leborgne Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the link would be out of place there.

Fine by me, thanks for explaining!

I made it so that this page appears in two places in the ToC

I understand your reasoning here but this isn't well supported in our docs system (it creates 2 pages with the same URL, especially in this case where the 2 pages are close in the TOC, could impair linking, etc.). So we must work around this.

Since it's a core feature of EASE security projects, one approach we could take is:

Happy to hear your thoughts on this but I believe we have to find a way to keep only one occurrence of this page, that using snippets wouldn't make sense either here since the entirety of the page makes sense, and that better referencing it from the EASE docs should be sufficient.

Copy link
Contributor Author

@benironside benironside Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Love this. Implemented it. Thanks!

Copy link
Contributor Author

@benironside benironside Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I reused much of the content from the EASE value reports page in the Features section. I think it works, but it might be a bit repetitive since the content now appears on both pages. Thoughts?


To access the **Value report** page, you need the **SOC Management** Security sub-feature [{{kib}} privilege](/deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md).

:::{image} /solutions/images/security-value-report-rbac.png
:alt: value report RBAC setting
:screenshot:
:::
1 change: 1 addition & 0 deletions solutions/toc.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -580,6 +580,7 @@ toc:
- file: security/ai/triage-alerts.md
- file: security/ai/identify-investigate-document-threats.md
- file: security/ai/generate-customize-learn-about-esorql-queries.md
- file: security/ai/ease/ease-value-report.md
- file: security/detect-and-alert.md
children:
- file: security/detect-and-alert/detections-requirements.md
Expand Down