Skip to content

[lmd] update documentation for prerequisite data steps#17642

Open
mmahacek wants to merge 3 commits intomainfrom
mm/lmd_doc
Open

[lmd] update documentation for prerequisite data steps#17642
mmahacek wants to merge 3 commits intomainfrom
mm/lmd_doc

Conversation

@mmahacek
Copy link
Contributor

@mmahacek mmahacek commented Mar 3, 2026

Proposed commit message

LMD: Update documentation for prerequisite steps

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

  • Documentation review

How to test this PR locally

Docs-only change

Related issues

Screenshots

Docs-only change

@mmahacek mmahacek self-assigned this Mar 3, 2026
@mmahacek mmahacek requested review from a team as code owners March 3, 2026 20:13
@mmahacek mmahacek added documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. enhancement New feature or request Integration:lmd Lateral Movement Detection labels Mar 3, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Mar 3, 2026
edited
Loading

Vale Linting Results

Summary: 1 warning found

⚠️ Warnings (1)
File Line Rule Message
packages/lmd/docs/README.md 29 Elastic.QuotesPunctuation Place punctuation inside closing quotation marks.

The Vale linter checks documentation changes against the Elastic Docs style guide.

To use Vale locally or report issues, refer to Elastic style guide for Vale.

@mmahacek mmahacek enabled auto-merge (squash) March 3, 2026 20:32
@andrewkroh andrewkroh added the Team:Security-Applied ML Elastic Security Protections Machine Learning (ML) team [elastic/sec-applied-ml] label Mar 3, 2026
@elasticmachine
Copy link

elasticmachine commented Mar 3, 2026

Pinging @elastic/sec-applied-ml (Team:Security-Applied ML)

susan-shu-c
susan-shu-c reviewed Mar 4, 2026
View reviewed changes
packages/lmd/docs/README.md Outdated

Before installing this integration, make sure you have deployed the Elastic Defend integration. This integration uses a transform based on data collected by Elastic Defend.

If you are running Elasticsearch 8.18+, the Defend integration only collects a [subset of host information by default](https://www.elastic.co/docs/solutions/security/configure-elastic-defend/configure-data-volume-for-elastic-endpoint#host-fields). To ensure the transform runs properly, the `[linux|mac|windows].advanced.set_extended_host_information` settings need to be set to `true.
Copy link
Member

@susan-shu-c susan-shu-c Mar 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a great detail, thanks for adding. Do you think the Installation or transforms section could fit this?

Copy link
Contributor Author

@mmahacek mmahacek Mar 4, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I contemplated putting it as step 1 in the Installation section. Though I ended up creating Prerequisites to (a) include a reminder that this relies of data from Defend and (b) to possibly also include a note indicating requirements for ML nodes. Out of the box, running all the Anomaly Detection jobs needs just over 8.2GB of ML memory. I was going to raise a separate issue (unless it's okay to discuss here) about providing some documentation on minimum memory requirements for ML.

Copy link
Contributor Author

@mmahacek mmahacek Mar 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I made some updates to consolidate some of the intro paragraph into the Prereqs section, as well as updated some install steps to reflect UI changes in Kibana v9.

@mmahacek
lmd: Update readme
dd7bc17 
Updated README to clarify prerequisites and integration steps.
@elasticmachine
Copy link

elasticmachine commented Mar 4, 2026

💚 Build Succeeded

History

cc @mmahacek

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@susan-shu-c susan-shu-c susan-shu-c left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@mmahacek mmahacek

Labels

documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. enhancement New feature or request Integration:lmd Lateral Movement Detection Team:Security-Applied ML Elastic Security Protections Machine Learning (ML) team [elastic/sec-applied-ml]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mmahacek @elasticmachine @susan-shu-c @andrewkroh