Skip to content

[Internal]: Document confidence assessment patterns for AD findings #5482

New issue
New issue
Open
Open
[Internal]: Document confidence assessment patterns for AD findings#5482
Assignees
benironside
Labels
Team:ExperienceIssues owned by the Experience Docs Team
@benironside

Description

@benironside
benironside
opened on Mar 13, 2026

Description

The Attack Discovery skill's three-signal methodology for assessing Attack discovery findings (alert diversity, rule frequency, entity risk) is entirely tribal knowledge. Let's create a page on "Assessing Attack Discovery findings" would help users triage attacks more effectively.

Resources

Which documentation set does this change impact?

Elastic On-Prem and Cloud (all)

Feature differences

What release is this request related to?

N/A

Serverless release

Collaboration model

The documentation team

Point of contact.

Main contact: @

Stakeholders:

Metadata

Metadata

Assignees

Labels

Team:ExperienceIssues owned by the Experience Docs Team

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions