From fbf03d58751e7799c1b008011a4656a4df47b4cf Mon Sep 17 00:00:00 2001 From: natasha-moore-elastic Date: Wed, 15 Oct 2025 13:12:39 +0100 Subject: [PATCH 1/4] [Security] Privileged user monitoring - integrations --- .../privileged-user-monitoring-setup.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/solutions/security/advanced-entity-analytics/privileged-user-monitoring-setup.md b/solutions/security/advanced-entity-analytics/privileged-user-monitoring-setup.md index 863f86f381..bb9d4be6db 100644 --- a/solutions/security/advanced-entity-analytics/privileged-user-monitoring-setup.md +++ b/solutions/security/advanced-entity-analytics/privileged-user-monitoring-setup.md @@ -28,12 +28,26 @@ Privileged users typically include accounts with elevated access rights that all You can define privileged users in the following ways: +* {applies_to}`stack: preview 9.2` {applies_to}`serverless: preview` [Add a supported integration](#add-integration) with your organization’s user identities. If your environment is already ingesting data from a supported integration, the setup steps are skipped—you're taken directly to the Privileged user monitoring dashboard, where you can start [monitoring user activity](/solutions/security/advanced-entity-analytics/monitor-privileged-user-activitites.md). * [Select an existing index](#privmon-index) or create a new custom index with privileged user data. * [Bulk-upload](#privmon-upload) a list of privileged users using a CSV or TXT file. * Use the Entity analytics APIs to [mark individual users as privileged]({{kib-apis}}/operation/operation-createprivmonuser) or [bulk-upload multiple privileged users]({{kib-apis}}/operation/operation-privmonbulkuploaduserscsv). To get started, find the **Privileged user monitoring** page in the navigation menu or use the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md). +### Add a supported integration [add-integration] +```yaml {applies_to} +stack: preview 9.2 +serverless: preview +``` + +1. On the **Privileged user monitoring** page, select an integration. The supported integrations are: + * [Active Directory Entity Analytics](integration-docs://reference/entityanalytics_ad.md). Users in the following security groups will be automatically assigned as privileged users: + * Domain Admins + * Enterprise Admins + * [Okta Entity Analytics](integration-docs://reference/entityanalytics_okta.md). Refer to [Standard administrator roles and permissions](https://help.okta.com/en-us/content/topics/security/administrators-admin-comparison.htm) for a list of Okta roles that will be automatically assigned as privileged users. +2. Follow the steps to install the integration. + ### Select or create an index [privmon-index] 1. On the **Privileged user monitoring** page, click **Index**. @@ -78,6 +92,7 @@ You can use multiple data source types, such as an index and a CSV file, at the On this page, you can: +* {applies_to}`stack: preview 9.2` {applies_to}`serverless: preview` Change which integrations you're using as data sources. * View, remove, and change indices after initially defining them. * Import a new supported file with a list of privileged users. From 737072462cc604368f0f937252aab81a3101ffd8 Mon Sep 17 00:00:00 2001 From: natasha-moore-elastic Date: Wed, 15 Oct 2025 13:18:36 +0100 Subject: [PATCH 2/4] make section ID consistent --- .../privileged-user-monitoring-setup.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/solutions/security/advanced-entity-analytics/privileged-user-monitoring-setup.md b/solutions/security/advanced-entity-analytics/privileged-user-monitoring-setup.md index bb9d4be6db..ede3ad13f0 100644 --- a/solutions/security/advanced-entity-analytics/privileged-user-monitoring-setup.md +++ b/solutions/security/advanced-entity-analytics/privileged-user-monitoring-setup.md @@ -28,14 +28,14 @@ Privileged users typically include accounts with elevated access rights that all You can define privileged users in the following ways: -* {applies_to}`stack: preview 9.2` {applies_to}`serverless: preview` [Add a supported integration](#add-integration) with your organization’s user identities. If your environment is already ingesting data from a supported integration, the setup steps are skipped—you're taken directly to the Privileged user monitoring dashboard, where you can start [monitoring user activity](/solutions/security/advanced-entity-analytics/monitor-privileged-user-activitites.md). +* {applies_to}`stack: preview 9.2` {applies_to}`serverless: preview` [Add a supported integration](#privmon-integrations) with your organization’s user identities. If your environment is already ingesting data from a supported integration, the setup steps are skipped—you're taken directly to the Privileged user monitoring dashboard, where you can start [monitoring user activity](/solutions/security/advanced-entity-analytics/monitor-privileged-user-activitites.md). * [Select an existing index](#privmon-index) or create a new custom index with privileged user data. * [Bulk-upload](#privmon-upload) a list of privileged users using a CSV or TXT file. * Use the Entity analytics APIs to [mark individual users as privileged]({{kib-apis}}/operation/operation-createprivmonuser) or [bulk-upload multiple privileged users]({{kib-apis}}/operation/operation-privmonbulkuploaduserscsv). To get started, find the **Privileged user monitoring** page in the navigation menu or use the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md). -### Add a supported integration [add-integration] +### Add a supported integration [privmon-integrations] ```yaml {applies_to} stack: preview 9.2 serverless: preview From e36e04ebea41a22f13b443b50530fd239cfbc7f5 Mon Sep 17 00:00:00 2001 From: natasha-moore-elastic Date: Wed, 15 Oct 2025 13:25:04 +0100 Subject: [PATCH 3/4] wording tweak --- .../privileged-user-monitoring-setup.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/solutions/security/advanced-entity-analytics/privileged-user-monitoring-setup.md b/solutions/security/advanced-entity-analytics/privileged-user-monitoring-setup.md index ede3ad13f0..d7719605ca 100644 --- a/solutions/security/advanced-entity-analytics/privileged-user-monitoring-setup.md +++ b/solutions/security/advanced-entity-analytics/privileged-user-monitoring-setup.md @@ -42,7 +42,7 @@ serverless: preview ``` 1. On the **Privileged user monitoring** page, select an integration. The supported integrations are: - * [Active Directory Entity Analytics](integration-docs://reference/entityanalytics_ad.md). Users in the following security groups will be automatically assigned as privileged users: + * [Active Directory Entity Analytics](integration-docs://reference/entityanalytics_ad.md). Users in the following security groups will be automatically assigned as privileged: * Domain Admins * Enterprise Admins * [Okta Entity Analytics](integration-docs://reference/entityanalytics_okta.md). Refer to [Standard administrator roles and permissions](https://help.okta.com/en-us/content/topics/security/administrators-admin-comparison.htm) for a list of Okta roles that will be automatically assigned as privileged users. From bdcdd606b2d3857375765e7a73cd148426075405 Mon Sep 17 00:00:00 2001 From: natasha-moore-elastic Date: Wed, 22 Oct 2025 10:21:05 +0100 Subject: [PATCH 4/4] remove serverless tags --- .../privileged-user-monitoring-setup.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/solutions/security/advanced-entity-analytics/privileged-user-monitoring-setup.md b/solutions/security/advanced-entity-analytics/privileged-user-monitoring-setup.md index d7719605ca..51a48027da 100644 --- a/solutions/security/advanced-entity-analytics/privileged-user-monitoring-setup.md +++ b/solutions/security/advanced-entity-analytics/privileged-user-monitoring-setup.md @@ -28,7 +28,7 @@ Privileged users typically include accounts with elevated access rights that all You can define privileged users in the following ways: -* {applies_to}`stack: preview 9.2` {applies_to}`serverless: preview` [Add a supported integration](#privmon-integrations) with your organization’s user identities. If your environment is already ingesting data from a supported integration, the setup steps are skipped—you're taken directly to the Privileged user monitoring dashboard, where you can start [monitoring user activity](/solutions/security/advanced-entity-analytics/monitor-privileged-user-activitites.md). +* {applies_to}`stack: preview 9.2` [Add a supported integration](#privmon-integrations) with your organization’s user identities. If your environment is already ingesting data from a supported integration, the setup steps are skipped—you're taken directly to the Privileged user monitoring dashboard, where you can start [monitoring user activity](/solutions/security/advanced-entity-analytics/monitor-privileged-user-activitites.md). * [Select an existing index](#privmon-index) or create a new custom index with privileged user data. * [Bulk-upload](#privmon-upload) a list of privileged users using a CSV or TXT file. * Use the Entity analytics APIs to [mark individual users as privileged]({{kib-apis}}/operation/operation-createprivmonuser) or [bulk-upload multiple privileged users]({{kib-apis}}/operation/operation-privmonbulkuploaduserscsv). @@ -38,7 +38,6 @@ To get started, find the **Privileged user monitoring** page in the navigation m ### Add a supported integration [privmon-integrations] ```yaml {applies_to} stack: preview 9.2 -serverless: preview ``` 1. On the **Privileged user monitoring** page, select an integration. The supported integrations are: @@ -92,7 +91,7 @@ You can use multiple data source types, such as an index and a CSV file, at the On this page, you can: -* {applies_to}`stack: preview 9.2` {applies_to}`serverless: preview` Change which integrations you're using as data sources. +* {applies_to}`stack: preview 9.2` Change which integrations you're using as data sources. * View, remove, and change indices after initially defining them. * Import a new supported file with a list of privileged users.