From 74fa8ebe48bf859cf15b73ff142be12453a3aeae Mon Sep 17 00:00:00 2001
From: Apoorva Joshi <30438249+ajosh0504@users.noreply.github.com>
Date: Thu, 7 Oct 2021 20:38:24 -0700
Subject: [PATCH] Updating host risk score docs (#1518)

* Updating host risk score docs

* Update docs/experimental-machine-learning/host-risk-score.md

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

* Making some changes

* Adding space to :all the things:

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
---
 .../host-risk-score.md                        | 58 ++++++++++++-------
 1 file changed, 37 insertions(+), 21 deletions(-)

diff --git a/docs/experimental-machine-learning/host-risk-score.md b/docs/experimental-machine-learning/host-risk-score.md
index 526a16b4d..2215c04c2 100644
--- a/docs/experimental-machine-learning/host-risk-score.md
+++ b/docs/experimental-machine-learning/host-risk-score.md
@@ -7,48 +7,63 @@ To deploy this framework in your environment, follow the steps outlined below.
 
 #### 1. Unzip the release bundle
 
-#### 2. Navigate to the Dev Tools console in Kibana
-
-#### 3. Uploading required scripts
-
-Upload the scripts in `ml_hostriskscore_levels_script.json`, `ml_hostriskscore_map_script.json` and `ml_hostriskscore_reduce_script.json` using the following API call:
+#### 2. Modify artifacts to reflect Kibana space
+For security reasons, we require that you restrict the Host Risk Score application to a specific Kibana space. In order to do so, run the `generate_scripts.py` script with your Kibana space as the argument.
 
+Eg:
 
 ```
-PUT _scripts/<script_name>
+python generate_scripts.py --space default
 ```
 
-#### 4. Upload required ingest pipelines
+This will create a folder named `<your-space-name>`, consisting of all the required artifacts, modified for your Kibana space. **For the steps that follow, please use the scripts from this folder.**
+
+#### 3. Navigate to the Dev Tools console in Kibana
+
+You will now upload all the Host Risk Score artifacts to Kibana. Remember to suffix the names of all the scripts, ingest pipelines, transforms etc. with your Kibana space, while uploading them. 
+#### 4. Uploading required scripts
+
+Upload the contents of `ml_hostriskscore_levels_script.json`, `ml_hostriskscore_map_script.json` and `ml_hostriskscore_reduce_script.json` as individual scripts, using the Script API.
+
+Eg:
+
+```
+PUT _scripts/ml_hostriskscore_levels_script_<your-space-name>
+{content of the ml_hostriskscore_levels_script.json file}
+```
+
+#### 5. Upload required ingest pipelines
 
 Upload the ingest pipeline in `ml_hostriskscore_ingest_pipeline.json` using the following API call:
 
 
 ```
-PUT _ingest/pipeline/ml_hostriskscore_ingest_pipeline
+PUT _ingest/pipeline/ml_hostriskscore_ingest_pipeline_<your-space-name>
+{content of the ml_hostriskscore_ingest_pipeline.json file}
 ```
 
-#### 5. Upload and start the `pivot` transform
+#### 6. Upload and start the `pivot` transform
 
-Upload the `pivot` transform in `ml_hostriskscore_pivot_transform.json` using the following API call. This transform calculates the risk level per hour for each host in your environment:
+Upload the `pivot` transform in `ml_hostriskscore_pivot_transform.json` using the following API call. This transform calculates the risk level per hour for each host in the Kibana space specified in Step 2:
 
 
 ```
-PUT _transform/ml_hostriskscore_pivot_transform
+PUT _transform/ml_hostriskscore_pivot_transform_<your-space-name>
+{content of the ml_hostriskscore_pivot_transform.json file}
 ```
 
-* Navigate to `Transforms` under `Management` -> `Stack Management`. For the transform with the ID `ml_hostriskscore_pivot_transform`, under `Actions`, click `Start`. 
+* Navigate to `Transforms` under `Management` -> `Stack Management`. For the transform with the ID `ml_hostriskscore_pivot_transform_<your-space-name>`, under `Actions`, click `Start`. 
 * Verify that the Transform started as expected by ensuring that documents are appearing in the destination index of the Transform, eg: using the Search/Count APIs:
 
 
 ```
-GET ml_host_risk_score/_search (or _count)
+GET ml_host_risk_score_<your-space-name>/_search (or _count)
 ```
 
-#### 6. Create the `ml_host_risk_score_latest` index with appropriate mappings
-
+#### 7. Create the space-aware `ml_host_risk_score_latest_<your-space-name>` index with appropriate mappings
 
 ```
-PUT ml_host_risk_score_latest
+PUT ml_host_risk_score_latest_<your-space-name>
 {
     "mappings" : {
             "properties" : {
@@ -58,21 +73,22 @@ PUT ml_host_risk_score_latest
 }
 ```
 
-#### 7. Upload the `latest` transform
+#### 8. Upload the `latest` transform
 
-Upload the `latest` transform in `ml_hostriskscore_latest_transform.json` using the following API call. This transform gets the most current risk levels for all the hosts in your environment:
+Upload the `latest` transform in `ml_hostriskscore_latest_transform.json` using the following API call. This transform gets the most current risk levels for all the hosts in the Kibana space specified in Step 2:
 
 
 ```
-PUT _transform/ml_hostriskscore_latest_transform
+PUT _transform/ml_hostriskscore_latest_transform_<your-space-name>
+{content of the ml_hostriskscore_latest_transform.json file}
 ```
 
-* Navigate to `Transforms` under `Management` -> `Stack Management`. For the transform with the ID `ml_hostriskscore_latest_transform`, under `Actions`, click `Start`. 
+* Navigate to `Transforms` under `Management` -> `Stack Management`. For the transform with the ID `ml_hostriskscore_latest_transform_<your-space-name>`, under `Actions`, click `Start`. 
 * Verify that the Transform started as expected by ensuring that documents are appearing in the destination index of the Transform, eg: using the Search/Count APIs:
 
 
 ```
-GET ml_host_risk_score_latest/_search (or _count)
+GET ml_host_risk_score_latest_<your-space-name>/_search (or _count)
 ```
 
 #### 8. Import the dashboards