diff --git a/docs/dashboards/kubernetes-dashboard.asciidoc b/docs/dashboards/kubernetes-dashboard.asciidoc index 550e5dcde7..45c35d17b0 100644 --- a/docs/dashboards/kubernetes-dashboard.asciidoc +++ b/docs/dashboards/kubernetes-dashboard.asciidoc @@ -35,14 +35,14 @@ The *Metadata* tab is organized into these expandable sections: [discrete] [[k8s-dash-setup]] == Setup -To collect session data for the dashboard, you'll deploy a Kubernetes DaemonSet to your clusters that implements the {endpoint-cloud-sec} integration. +To collect session data for the dashboard, you'll deploy a Kubernetes DaemonSet to your clusters that implements the {elastic-defend} integration. **Prerequisites**: - This feature requires Elastic Stack version 8.4 or newer. - You need an active {fleet-guide}/fleet-overview.html[{fleet} Server]. -- Your Elastic deployment must have the {endpoint-cloud-sec} integration <>. -- The {endpoint-cloud-sec} integration policy must have **Include session data** set to `true`. To modify this setting, go to **Manage -> Policies**, select your policy, and find `Include session data` near the bottom of the `Policy settings` tab. +- Your Elastic deployment must have the {elastic-defend} integration <>. +- The {elastic-defend} integration policy must have **Include session data** set to `true`. To modify this setting, go to **Manage -> Policies**, select your policy, and find `Include session data` near the bottom of the `Policy settings` tab. **Support matrix**: This feature is currently available on GKE and EKS using Linux hosts and Kubernetes versions that match the following specifications: |===================== diff --git a/docs/dashboards/overview-dashboard.asciidoc b/docs/dashboards/overview-dashboard.asciidoc index 49bfbf7d69..863c38ed30 100644 --- a/docs/dashboards/overview-dashboard.asciidoc +++ b/docs/dashboards/overview-dashboard.asciidoc @@ -24,7 +24,7 @@ TIP: Many {elastic-sec} histograms, graphs, and tables contain an *Inspect* butt [discrete] == Host and network events -View event and host counts grouped by data source, such as *Auditbeat* or *{endpoint-cloud-sec}*. Expand a category to view specific counts of host or network events from the selected source. +View event and host counts grouped by data source, such as *Auditbeat* or *{elastic-defend}*. Expand a category to view specific counts of host or network events from the selected source. [role="screenshot"] image::images/events-count.png[Host and network events on the Overview dashboard] diff --git a/docs/detections/alerts-view-details.asciidoc b/docs/detections/alerts-view-details.asciidoc index fe03e44fe3..a3bd6da716 100644 --- a/docs/detections/alerts-view-details.asciidoc +++ b/docs/detections/alerts-view-details.asciidoc @@ -62,7 +62,7 @@ The Insights section provides the following details: + beta::[] + -NOTE: This feature requires a https://www.elastic.co/pricing[Platinum or Enterprise subscription]. In addition, the *Include session data* setting must be enabled on your {endpoint-cloud-sec} integration policy. Refer to <> for more information. +NOTE: This feature requires a https://www.elastic.co/pricing[Platinum or Enterprise subscription]. In addition, the *Include session data* setting must be enabled on your {elastic-defend} integration policy. Refer to <> for more information. * *Alerts related by process ancestry* - Shows alerts that are related by process events on the same linear branch. Note that alerts generated from processes on child or related branches are not shown. To further examine alerts, click *Investigate in timeline*. + diff --git a/docs/detections/session-view.asciidoc b/docs/detections/session-view.asciidoc index 5d8ba44061..60989c672b 100644 --- a/docs/detections/session-view.asciidoc +++ b/docs/detections/session-view.asciidoc @@ -22,13 +22,13 @@ NOTE: To view Linux session data from your Kubernetes infrastructure, you'll nee [float] [[enable-session-view]] === Enable Session View data -Session View uses process data collected by the {endpoint-cloud-sec} integration, +Session View uses process data collected by the {elastic-defend} integration, but this data is not collected by default. To enable Session View data, go to *Manage* -> *Policies* -and edit one or more of your {endpoint-cloud-sec} integration policies. On the *Policy settings* tab, +and edit one or more of your {elastic-defend} integration policies. On the *Policy settings* tab, scroll down to the Linux event collection section near the bottom of the page and turn on the *Include session data* toggle. Session View can only display data that was -collected by {endpoint-cloud-sec} when this setting was enabled. For more information about the additional -fields collected by {endpoint-cloud-sec} when this setting is enabled, refer to the https://github.com/elastic/ecs/blob/main/rfcs/text/0030-linux-event-model.md[Linux event model RFC]. +collected by {elastic-defend} when this setting was enabled. For more information about the additional +fields collected by {elastic-defend} when this setting is enabled, refer to the https://github.com/elastic/ecs/blob/main/rfcs/text/0030-linux-event-model.md[Linux event model RFC]. [float] [[open-session-view]] diff --git a/docs/detections/visual-event-analyzer.asciidoc b/docs/detections/visual-event-analyzer.asciidoc index 44b7e288d1..c112457b3c 100644 --- a/docs/detections/visual-event-analyzer.asciidoc +++ b/docs/detections/visual-event-analyzer.asciidoc @@ -8,7 +8,7 @@ [[find-events-analyze]] === Find events to analyze -You can only visualize events triggered by hosts configured with the {endpoint-cloud-sec} integration or any `sysmon` data from `winlogbeat`. +You can only visualize events triggered by hosts configured with the {elastic-defend} integration or any `sysmon` data from `winlogbeat`. In KQL, this translates to any event with the `agent.type` set to either: diff --git a/docs/es-overview.asciidoc b/docs/es-overview.asciidoc index dfec4bd27a..664aeb209e 100644 --- a/docs/es-overview.asciidoc +++ b/docs/es-overview.asciidoc @@ -27,7 +27,7 @@ image::images/workflow.png[Elastic Security workflow] Here's an overview of the flow and its components: * Data is shipped from your hosts to {es} in the following ways: -** <>: {agent} integration that +** <>: {agent} integration that protects your hosts <> and ships these data sets: *** *Windows*: Process, network, file, DNS, registry, DLL and driver loads, malware security detections @@ -39,7 +39,7 @@ parsing specific data sets from common sources, such as cloud and OS events, logs, and metrics. Common security-related modules are listed <>. * The {security-app} in {kib} is used to manage the *Detection engine*, -*Cases*, and *Timeline*, as well as administer hosts running {endpoint-cloud-sec}: +*Cases*, and *Timeline*, as well as administer hosts running {elastic-defend}: ** Detection engine: Automatically searches for suspicious host and network activity via the following: *** <>: Periodically search the data @@ -51,7 +51,7 @@ You can create your own rules and make use of our <>: Automatic anomaly detection of host and network events. Anomaly scores are provided per host and can be used with detection rules. ** <>: Workspace for investigating alerts and events. @@ -62,7 +62,7 @@ others, as well as attached to Cases. ** <>: An internal system for opening, tracking, and sharing security issues directly in the Security app. Cases can be integrated with external ticketing systems. -** <>: View and manage hosts running Elastic {endpoint-cloud-sec}. +** <>: View and manage hosts running {elastic-defend}. <> and <> describe how to ship security-related data to {es}. @@ -96,9 +96,9 @@ Cold tier is a {ref}/data-tiers.html[data tier] that holds time series data that Using cold tier data for unsupported indices may result in detection rule timeouts and overall performance degradation. [discrete] -=== Additional Elastic {endpoint-cloud-sec} information +=== Additional {elastic-defend} information -The https://www.elastic.co/endpoint-security/[{endpoint-cloud-sec} integration] +The https://www.elastic.co/endpoint-security/[{elastic-defend} integration] for {agent} provides capabilities such as collecting events, detecting and preventing malicious activity, exceptions, and artifact delivery. The {fleet-guide}/fleet-overview.html[{fleet}] app is used to diff --git a/docs/getting-started/advanced-setting.asciidoc b/docs/getting-started/advanced-setting.asciidoc index 8436fac2e7..e910c156f5 100644 --- a/docs/getting-started/advanced-setting.asciidoc +++ b/docs/getting-started/advanced-setting.asciidoc @@ -29,7 +29,7 @@ permanently. To access advanced settings, go to *Stack Management* -> *Advanced Settings*, then scroll down to *Security Solution* settings. [role="screenshot"] -image::images/advanced-settings.png[] +image::images/solution-advanced-settings.png[] [discrete] [[update-sec-indices]] diff --git a/docs/getting-started/configure-integration-policy.asciidoc b/docs/getting-started/configure-integration-policy.asciidoc index 6631bdf2d0..56286f41b7 100644 --- a/docs/getting-started/configure-integration-policy.asciidoc +++ b/docs/getting-started/configure-integration-policy.asciidoc @@ -1,13 +1,13 @@ [[configure-endpoint-integration-policy]] -= Configure an integration policy for {endpoint-cloud-sec} += Configure an integration policy for {elastic-defend} -After the {agent} is installed with the {endpoint-cloud-sec} integration, several protections features — including +After the {agent} is installed with the {elastic-defend} integration, several protections features — including preventions against malware, ransomware, memory threats, and malicious behavior — are automatically enabled on protected hosts (some features require a Platinum or Enterprise license). If needed, you can update the integration policy to configure protection settings, event collection, antivirus settings, trusted applications, event filters, host isolation exceptions, and blocked applications to meet your organization's security needs. -You can also create multiple integration policies to maintain unique configuration profiles. To create an additional {endpoint-cloud-sec} integration policy, go to **Management** -> **Integrations**, then follow the steps for <>. +You can also create multiple {elastic-defend} integration policies to maintain unique configuration profiles. To create an additional {elastic-defend} integration policy, go to **Management** -> **Integrations**, then follow the steps for <>. NOTE: You must have the {kib} `superuser` role to configure an integration policy in the {security-app}. @@ -61,7 +61,7 @@ Notifications appear by default. Deselect the **Notify User** option to disable TIP: Platinum and Enterprise customers can customize these notifications using the `Elastic Security {action} {filename}` syntax. Malware protection also allows you to manage a blocklist to prevent specified applications from running on hosts, -extending the list of processes that {endpoint-cloud-sec} considers malicious. Use the **Blocklist enabled** toggle +extending the list of processes that {elastic-defend} considers malicious. Use the **Blocklist enabled** toggle to enable or disable this feature for all hosts associated with the integration policy. To configure the blocklist, refer to <>. [role="screenshot"] diff --git a/docs/getting-started/endpoint-diagnostic-data.asciidoc b/docs/getting-started/endpoint-diagnostic-data.asciidoc index d9b7e6a5cb..8bdfe3705e 100644 --- a/docs/getting-started/endpoint-diagnostic-data.asciidoc +++ b/docs/getting-started/endpoint-diagnostic-data.asciidoc @@ -1,9 +1,9 @@ [[endpoint-diagnostic-data]] -= Turn off diagnostic data for {endpoint-cloud-sec} += Turn off diagnostic data for {elastic-defend} -By default, {endpoint-cloud-sec} streams diagnostic data to your cluster, which Elastic uses to tune protection features. You can stop producing this diagnostic data by configuring the advanced settings in the {endpoint-cloud-sec} integration policy. +By default, {elastic-defend} streams diagnostic data to your cluster, which Elastic uses to tune protection features. You can stop producing this diagnostic data by configuring the advanced settings in the {elastic-defend} integration policy. -NOTE: {kib} also collects usage telemetry, which includes {endpoint-cloud-sec} diagnostic data. You can modify telemetry preferences in {kibana-ref}/telemetry-settings-kbn.html[Advanced Settings]. +NOTE: {kib} also collects usage telemetry, which includes {elastic-defend} diagnostic data. You can modify telemetry preferences in {kibana-ref}/telemetry-settings-kbn.html[Advanced Settings]. . In the {security-app}, go to *Manage* -> *Endpoints* to view the Endpoints list. . Locate the endpoint for which you want to disable diagnostic data, then click the integration policy in the *Policy* column. diff --git a/docs/getting-started/images/advanced-settings.png b/docs/getting-started/images/solution-advanced-settings.png similarity index 100% rename from docs/getting-started/images/advanced-settings.png rename to docs/getting-started/images/solution-advanced-settings.png diff --git a/docs/getting-started/index.asciidoc b/docs/getting-started/index.asciidoc index 04af933af0..96a41fe9a7 100644 --- a/docs/getting-started/index.asciidoc +++ b/docs/getting-started/index.asciidoc @@ -2,7 +2,7 @@ [[getting-started]] = Get started with {elastic-sec} -Looking to get started with {elastic-sec}? This section describes the {elastic-sec} UI in {kib}, the system requirements required to run the {agent} with the Elastic {endpoint-cloud-sec} integration, and instructions on how to configure and install {elastic-sec} on your host. +Looking to get started with {elastic-sec}? This section describes the {elastic-sec} UI in {kib}, the system requirements required to run the {agent} with the {elastic-defend} integration, and instructions on how to configure and install {elastic-sec} on your host. TIP: View the https://www.elastic.co/training/elastic-security-quick-start[{elastic-sec} Quick Start video] to learn how to configure your endpoints with {elastic-sec} so you can stream, detect, and visualize threats in real time on {ecloud}. diff --git a/docs/getting-started/ingest-data.asciidoc b/docs/getting-started/ingest-data.asciidoc index 6b6b2ee876..133ecb1173 100644 --- a/docs/getting-started/ingest-data.asciidoc +++ b/docs/getting-started/ingest-data.asciidoc @@ -3,7 +3,7 @@ To ingest data, you can use: -* The {fleet-guide}/fleet-overview.html[{agent}] with the **Elastic {endpoint-cloud-sec}** integration, which protects +* The {fleet-guide}/fleet-overview.html[{agent}] with the **{elastic-defend}** integration, which protects your hosts and sends logs, metrics, and endpoint security data to {elastic-sec}. See <>. * The {agent} with integrations, which are available in the {fleet-guide}/fleet-overview.html#package-registry-intro[Elastic Package Registry (EPR)]. To install an integration that works with {elastic-sec}, go to the {kib} Home page or main navigation menu and click *Add integrations*. On the Integrations page, click the *Security* category filter, then select an integration to view the installation instructions. For more information on integrations, refer to {integrations-docs}[{integrations}]. * *{beats}* shippers installed for each system you want to monitor. @@ -22,7 +22,7 @@ primary key for identifying hosts. ============== The {agent} with the -https://www.elastic.co/products/endpoint-security[{endpoint-cloud-sec} Integration] +https://www.elastic.co/products/endpoint-security[{elastic-defend} integration] ships these data sources: * Process - Linux, macOS, Windows diff --git a/docs/getting-started/install-elastic-endpoint.asciidoc b/docs/getting-started/install-elastic-endpoint.asciidoc index c1228d09ee..cca1b16c31 100644 --- a/docs/getting-started/install-elastic-endpoint.asciidoc +++ b/docs/getting-started/install-elastic-endpoint.asciidoc @@ -7,7 +7,7 @@ To properly install and configure {elastic-endpoint} manually without a Mobile D * <> * <> -NOTE: The following permissions that need to be enabled are required after you <>, which includes <>. +NOTE: The following permissions that need to be enabled are required after you <>, which includes <>. [discrete] [[system-extension-endpoint]] @@ -49,7 +49,7 @@ image::images/install-endpoint/filter-network-content.png[] [[enable-fda-endpoint]] == Enable Full Disk Access for {elastic-endpoint} -{elastic-endpoint} requires Full Disk Access to subscribe to system events via the {endpoint-cloud-sec} framework and to protect your network from malware and other cybersecurity threats. Full Disk Access permissions is a new privacy feature introduced in macOS Mojave (10.14) that prevents some applications from accessing your data. To enable Full Disk Access, you must manually approve {elastic-endpoint}. For endpoints running macOS Mojave (10.14) and earlier, you must also approve the {elastic-endpoint} <>. +{elastic-endpoint} requires Full Disk Access to subscribe to system events via the {elastic-defend} framework and to protect your network from malware and other cybersecurity threats. Full Disk Access permissions is a new privacy feature introduced in macOS Mojave (10.14) that prevents some applications from accessing your data. To enable Full Disk Access, you must manually approve {elastic-endpoint}. For endpoints running macOS Mojave (10.14) and earlier, you must also approve the {elastic-endpoint} <>. NOTE: The following instructions apply only to {elastic-endpoint} running {stack} version 8.0.0 and later. To see Full Disk Access requirements for the Endgame sensor, refer to <>. diff --git a/docs/getting-started/install-endpoint.asciidoc b/docs/getting-started/install-endpoint.asciidoc index a920b69793..b25c8885f1 100644 --- a/docs/getting-started/install-endpoint.asciidoc +++ b/docs/getting-started/install-endpoint.asciidoc @@ -1,9 +1,9 @@ [[install-endpoint]] -= Configure and install the {endpoint-cloud-sec} integration += Configure and install the {elastic-defend} integration -Like other Elastic integrations, {endpoint-cloud-sec} can be integrated into the {agent} through {fleet-guide}/fleet-overview.html[{fleet}]. Upon configuration, the integration allows the {agent} to monitor for events on your host and send data to the {security-app}. +Like other Elastic integrations, {elastic-defend} can be integrated into the {agent} through {fleet-guide}/fleet-overview.html[{fleet}]. Upon configuration, the integration allows the {agent} to monitor for events on your host and send data to the {security-app}. -NOTE: To configure the {endpoint-cloud-sec} integration on the {agent}, you must have permission to use {fleet} in {kib}. You must also have admin permissions in {kib} to access the **Endpoints** page in the {security-app}. +NOTE: To configure the {elastic-defend} integration on the {agent}, you must have permission to use {fleet} in {kib}. You must also have admin permissions in {kib} to access the **Endpoints** page in the {security-app}. [discrete] [[security-before-you-begin]] @@ -13,7 +13,7 @@ If you're using macOS, some versions may require you to grant Full Disk Access t [discrete] [[add-security-integration]] -== Add the {endpoint-cloud-sec} integration +== Add the {elastic-defend} integration . Go to the *Integrations* page, which you can access in several ways: @@ -22,14 +22,14 @@ If you're using macOS, some versions may require you to grant Full Disk Access t + [role="screenshot"] -image::images/install-endpoint/endpoint-cloud-sec-integrations-page.png[Search result for "Endpoint and Cloud Security" on the Integrations page.] +image::images/install-endpoint/endpoint-cloud-sec-integrations-page.png[Search result for "{elastic-defend}" on the Integrations page.] -. Search for and select *{endpoint-cloud-sec}*, then select *Add {endpoint-cloud-sec}*. The integration configuration page appears. +. Search for and select *{elastic-defend}*, then select *Add {elastic-defend}*. The integration configuration page appears. + [role="screenshot"] -image::images/install-endpoint/endpoint-cloud-security-configuration.png[Add Endpoint and Cloud Security integration page,75%] +image::images/install-endpoint/endpoint-cloud-security-configuration.png[Add {elastic-defend} integration page,75%] + -. Configure the {endpoint-cloud-sec} integration with an **Integration name** and optional **Description**. +. Configure the {elastic-defend} integration with an **Integration name** and optional **Description**. . Enter a name for the agent policy in **New agent policy name**. If other agent policies already exist, you can click the **Existing hosts** tab and select an existing policy instead. For more details on {agent} configuration settings, refer to {fleet-guide}/agent-policy.html[{agent} policies]. . When the configuration is complete, click **Save and continue**. . To complete the integration, continue to the next section to install the {agent} on your hosts. @@ -38,13 +38,13 @@ image::images/install-endpoint/endpoint-cloud-security-configuration.png[Add End [[enroll-security-agent]] == Configure and enroll the {agent} -To enable the {endpoint-cloud-sec} integration, you must enroll agents in the relevant policy using {fleet}. +To enable the {elastic-defend} integration, you must enroll agents in the relevant policy using {fleet}. [IMPORTANT] ===== Before you add an {agent}, a {fleet-server} must be running. Refer to {fleet-guide}/add-a-fleet-server.html[Add a {fleet-server}]. -{endpoint-cloud-sec} cannot be integrated with an {agent} in standalone mode. +{elastic-defend} cannot be integrated with an {agent} in standalone mode. ===== [discrete] @@ -70,12 +70,12 @@ image::images/install-endpoint/endpoint-cloud-sec-add-agent.png[Add agent flyout . Select an agent policy for the {agent}. You can select an existing policy, or select **Create new agent policy** to create a new one. For more details on {agent} configuration settings, refer to {fleet-guide}/agent-policy.html[{agent} policies]. + -The selected agent policy should include {endpoint-cloud-sec}. +The selected agent policy should include {elastic-defend}. + [role="screenshot"] -image::images/install-endpoint/endpoint-cloud-sec-add-agent-detail.png[Add agent flyout with Endpoint and Cloud Security integration highlighted.,575] +image::images/install-endpoint/endpoint-cloud-sec-add-agent-detail.png[Add agent flyout with {elastic-defend} integration highlighted.,575] -. Ensure that the **Enroll in {fleet}** option is selected. {endpoint-cloud-sec} cannot be integrated with {agent} in standalone mode. +. Ensure that the **Enroll in {fleet}** option is selected. {elastic-defend} cannot be integrated with {agent} in standalone mode. . Select the appropriate platform or operating system for the host, then copy the provided commands. diff --git a/docs/getting-started/linux-file-monitoring.asciidoc b/docs/getting-started/linux-file-monitoring.asciidoc index 12168bc6c9..73ac60301e 100644 --- a/docs/getting-started/linux-file-monitoring.asciidoc +++ b/docs/getting-started/linux-file-monitoring.asciidoc @@ -1,13 +1,13 @@ [[linux-file-monitoring]] = Configure Linux file system monitoring -By default, {endpoint-cloud-sec} monitors specific Linux file system types that Elastic has tested for compatibility. If your network includes nonstandard, proprietary, or otherwise unrecognized Linux file systems, you can configure the integration policy to extend monitoring and protections to those additional file systems. You can also have {endpoint-cloud-sec} ignore unrecognized file system types if they don't require monitoring or cause unexpected problems. +By default, {elastic-defend} monitors specific Linux file system types that Elastic has tested for compatibility. If your network includes nonstandard, proprietary, or otherwise unrecognized Linux file systems, you can configure the integration policy to extend monitoring and protections to those additional file systems. You can also have {elastic-defend} ignore unrecognized file system types if they don't require monitoring or cause unexpected problems. -CAUTION: Ignoring file systems can create gaps in your security coverage. Use additional security layers for any file systems ignored by {endpoint-cloud-sec}. +CAUTION: Ignoring file systems can create gaps in your security coverage. Use additional security layers for any file systems ignored by {elastic-defend}. To monitor or ignore additional file systems, configure the following advanced settings related to *fanotify*, a Linux feature that monitors file system events. Go to *Manage* -> *Policies*, click a policy's name, then scroll down and select *Show advanced settings*. -NOTE: Even when configured to monitor all file systems (`ignore_unknown_filesystems` is `false`), {endpoint-cloud-sec} will still ignore specific file systems that Elastic has internally identified as incompatible. The following settings apply to any _other_ file systems. +NOTE: Even when configured to monitor all file systems (`ignore_unknown_filesystems` is `false`), {elastic-defend} will still ignore specific file systems that Elastic has internally identified as incompatible. The following settings apply to any _other_ file systems. [[ignore-unknown-filesystems]] `linux.advanced.fanotify.ignore_unknown_filesystems`:: Determines whether to ignore unrecognized file systems. Enter one of the following: diff --git a/docs/getting-started/security-ui.asciidoc b/docs/getting-started/security-ui.asciidoc index 52c57d1769..7b2f8d8e0b 100644 --- a/docs/getting-started/security-ui.asciidoc +++ b/docs/getting-started/security-ui.asciidoc @@ -113,12 +113,12 @@ Expand this section to access and manage additional security features: * <>: Create and manage rules to monitor suspicious events. * <>: View and manage all rule exceptions. -* <>: View and manage hosts running {endpoint-cloud-sec}. -* <>: View and manage {endpoint-cloud-sec} integration policies. +* <>: View and manage hosts running {elastic-defend}. +* <>: View and manage {elastic-defend} integration policies. * <>: View and manage trusted Windows, macOS, and Linux applications. * <>: View and manage event filters, which allow you to filter endpoint events you don't need to want stored in {es}. * <>: View and manage host isolation exceptions, which specify IP addresses that can communicate with your hosts even when those hosts are blocked from your network. -* <>: View and manage the blocklist, which allows you to prevent specified applications from running on hosts, extending the list of processes that {endpoint-cloud-sec} considers malicious. +* <>: View and manage the blocklist, which allows you to prevent specified applications from running on hosts, extending the list of processes that {elastic-defend} considers malicious. * <>: View, enable, or disable benchmark rules. [role="screenshot"] diff --git a/docs/getting-started/self-healing-rollback.asciidoc b/docs/getting-started/self-healing-rollback.asciidoc index eac96ae7a9..5a7dfc38bc 100644 --- a/docs/getting-started/self-healing-rollback.asciidoc +++ b/docs/getting-started/self-healing-rollback.asciidoc @@ -1,9 +1,9 @@ [[self-healing-rollback]] = Configure self-healing rollback for Windows endpoints -{endpoint-cloud-sec}'s self-healing feature rolls back file changes on Windows endpoints when a prevention alert is generated by enabled protection features. File changes that occurred on the host within five minutes before the prevention alert will revert to their previous state (which may be up to two hours before the alert). +{elastic-defend}'s self-healing feature rolls back file changes on Windows endpoints when a prevention alert is generated by enabled protection features. File changes that occurred on the host within five minutes before the prevention alert will revert to their previous state (which may be up to two hours before the alert). -This can help contain the impact of malicious activity, as {endpoint-cloud-sec} not only stops the activity but also erases any attack artifacts deployed prior to detection. +This can help contain the impact of malicious activity, as {elastic-defend} not only stops the activity but also erases any attack artifacts deployed prior to detection. Self-healing rollback is a https://www.elastic.co/pricing[Platinum or Enterprise subscription] feature and is only supported for Windows endpoints. @@ -11,7 +11,7 @@ Self-healing rollback is a https://www.elastic.co/pricing[Platinum or Enterprise ==== This feature can cause permanent data loss since it overwrites recent changes and deletes recently added files on the host. Self-healing rollback targets the changes related to a detected threat, but may also include incidental actions that aren't directly related to the threat. -Also, rollback is triggered by _every_ {endpoint-cloud-sec} prevention alert, so you should tune your system to eliminate false positives before enabling this feature. +Also, rollback is triggered by _every_ {elastic-defend} prevention alert, so you should tune your system to eliminate false positives before enabling this feature. ==== . In the {security-app}, go to *Manage* -> *Policies*, then select the integration policy you want to configure. diff --git a/docs/index.asciidoc b/docs/index.asciidoc index 85b7797ee5..d9b9d38976 100644 --- a/docs/index.asciidoc +++ b/docs/index.asciidoc @@ -8,7 +8,7 @@ include::{asciidoc-dir}/../../shared/attributes.asciidoc[] :es-sec: {elastic-sec} :es-sec-app: {security-app} :es-sec-ui: {elastic-sec} UI -:es-sec-endpoint: Elastic {endpoint-cloud-sec} +:es-sec-endpoint: {elastic-defend} :siem-soln: {elastic-sec} :siem-app: {security-app} :siem-ui: {es-sec-ui} diff --git a/docs/management/admin/admin-pg-ov.asciidoc b/docs/management/admin/admin-pg-ov.asciidoc index e06deda6aa..8c1f956c17 100644 --- a/docs/management/admin/admin-pg-ov.asciidoc +++ b/docs/management/admin/admin-pg-ov.asciidoc @@ -1,6 +1,7 @@ [[admin-page-ov]] = Endpoints -The Endpoints page allows administrators to view and manage endpoints that are running the <>. + +The Endpoints page allows administrators to view and manage endpoints that are running the <>. [NOTE] ===== @@ -13,7 +14,7 @@ You must have the built-in `superuser` role to access this feature. For more inf [discrete] == Endpoints list -The *Endpoints* list displays all hosts running {elastic-sec} and their relevant integration details. Endpoints appear in chronological order, with newly added endpoints at the top. +The *Endpoints* list displays all hosts running {elastic-defend} and their relevant integration details. Endpoints appear in chronological order, with newly added endpoints at the top. [role="screenshot"] image::images/endpoints-pg.png[Endpoints page] @@ -91,7 +92,7 @@ Users who have unique configuration and security requirements can select **Show NOTE: Advanced settings are not recommended for most users. [role="screenshot"] -image::images/advanced-settings.png[Integration page] +image::images/integration-advanced-settings.png[Integration page] [discrete] [[policy-status]] diff --git a/docs/management/admin/blocklist.asciidoc b/docs/management/admin/blocklist.asciidoc index e8293d1528..a719296920 100644 --- a/docs/management/admin/blocklist.asciidoc +++ b/docs/management/admin/blocklist.asciidoc @@ -2,16 +2,16 @@ [chapter] = Blocklist -The blocklist allows you to prevent specified applications from running on hosts, extending the list of processes that {endpoint-cloud-sec} considers malicious. This is especially useful for ensuring that known malicious processes aren't accidentally executed by end users. +The blocklist allows you to prevent specified applications from running on hosts, extending the list of processes that {elastic-defend} considers malicious. This is especially useful for ensuring that known malicious processes aren't accidentally executed by end users. [NOTE] ===== -In addition to configuring specific entries on the **Blocklist** page, you must also ensure that the blocklist is enabled on the {endpoint-cloud-sec} integration policy in the <>. This setting is enabled by default. +In addition to configuring specific entries on the **Blocklist** page, you must also ensure that the blocklist is enabled on the {elastic-defend} integration policy in the <>. This setting is enabled by default. You must have the built-in `superuser` role to access the blocklist. For more information, refer to {ref}/built-in-users.html[Built-in users]. ===== -By default, a blocklist entry is recognized globally across all hosts running {endpoint-cloud-sec}. If you have a https://www.elastic.co/pricing[Platinum or Enterprise subscription], you can also assign a blocklist entry to specific {endpoint-cloud-sec} integration policies, which blocks the process only on hosts assigned to that policy. +By default, a blocklist entry is recognized globally across all hosts running {elastic-defend}. If you have a https://www.elastic.co/pricing[Platinum or Enterprise subscription], you can also assign a blocklist entry to specific {elastic-defend} integration policies, which blocks the process only on hosts assigned to that policy. . Go to **Manage** -> **Blocklist**. @@ -38,14 +38,14 @@ NOTE: Hash values must be valid to add them to the blocklist. . Select an option in the *Assignment* section to assign the blocklist entry to a specific integration policy: + -* `Global`: Assign the blocklist entry to all {endpoint-cloud-sec} integration policies. -* `Per Policy`: Assign the blocklist entry to one or more specific {endpoint-cloud-sec} integration policies. Select each policy where you want the blocklist entry to apply. +* `Global`: Assign the blocklist entry to all {elastic-defend} integration policies. +* `Per Policy`: Assign the blocklist entry to one or more specific {elastic-defend} integration policies. Select each policy where you want the blocklist entry to apply. + NOTE: You can also select the `Per Policy` option without immediately assigning a policy to the blocklist entry. For example, you could do this to create and review your blocklist configurations before putting them into action with a policy. . Click **Add blocklist**. The new entry is added to the **Blocklist** page. -. When you're done adding entries to the blocklist, ensure that the blocklist is enabled for the {endpoint-cloud-sec} integration policies that you just assigned: +. When you're done adding entries to the blocklist, ensure that the blocklist is enabled for the {elastic-defend} integration policies that you just assigned: .. Go to **Manage** -> **Policies**, then click on an integration policy. .. On the **Policy settings** tab, ensure that the **Malware protections enabled** and **Blocklist enabled** toggles are switched on. Both settings are enabled by default. @@ -72,7 +72,7 @@ To edit a blocklist entry: [discrete] [[delete-blocklist-entry]] === Delete a blocklist entry -You can delete a blocklist entry, which removes it entirely from all {endpoint-cloud-sec} policies. This allows end users to access the application that was previously blocked. +You can delete a blocklist entry, which removes it entirely from all {elastic-defend} policies. This allows end users to access the application that was previously blocked. To delete a blocklist entry: diff --git a/docs/management/admin/event-filters.asciidoc b/docs/management/admin/event-filters.asciidoc index 646532176e..4d48f897d9 100644 --- a/docs/management/admin/event-filters.asciidoc +++ b/docs/management/admin/event-filters.asciidoc @@ -8,7 +8,7 @@ NOTE: You must have the built-in `superuser` role to access this feature. For mo IMPORTANT: Since an event filter blocks an event from streaming to {es}, be conscious of event filter conditions you set and any existing rule conditions. If there is too much overlap, the rule may run less frequently than specified and, therefore, will not trigger the corresponding alert for that rule. This is the expected behavior of event filters. -By default, event filters are recognized globally across all hosts running {endpoint-cloud-sec}. If you have a https://www.elastic.co/pricing[Platinum or Enterprise subscription], you can also assign an event filter to a specific {endpoint-cloud-sec} integration policy, which would filter endpoint events from the hosts assigned to that policy. +By default, event filters are recognized globally across all hosts running {elastic-defend}. If you have a https://www.elastic.co/pricing[Platinum or Enterprise subscription], you can also assign an event filter to a specific {elastic-defend} integration policy, which would filter endpoint events from the hosts assigned to that policy. Create event filters from the Hosts page or the Event filters page. @@ -52,8 +52,8 @@ IMPORTANT: Using wildcards in file paths can impact performance. To create a mor . Select an option in the *Assignment* section to assign the event filter to a specific integration policy: + -* `Global`: Assign the event filter to all integration policies for {endpoint-cloud-sec}. -* `Per Policy` (Platinum or Enterprise subscription only): Assign the event filter to one or more specific {endpoint-cloud-sec} integration policies. Select each policy in which you want the events to be filtered. +* `Global`: Assign the event filter to all integration policies for {elastic-defend}. +* `Per Policy` (Platinum or Enterprise subscription only): Assign the event filter to one or more specific {elastic-defend} integration policies. Select each policy in which you want the events to be filtered. + NOTE: You can also select the `Per Policy` option without immediately assigning a policy to the event filter. For example, you could do this to create and review your event filter configurations before putting them into action with a policy. . Add a comment if you want to provide more information about the event filter (optional). @@ -82,7 +82,7 @@ To edit an event filter: [discrete] [[delete-event-filter]] === Delete an event filter -You can delete an event filter, which removes it entirely from all {endpoint-cloud-sec} policies. +You can delete an event filter, which removes it entirely from all {elastic-defend} integration policies. To delete an event filter: diff --git a/docs/management/admin/host-isolation-exceptions.asciidoc b/docs/management/admin/host-isolation-exceptions.asciidoc index 79be23c20a..c9cc830d34 100644 --- a/docs/management/admin/host-isolation-exceptions.asciidoc +++ b/docs/management/admin/host-isolation-exceptions.asciidoc @@ -10,7 +10,7 @@ NOTE: You must have the built-in `superuser` role to access this feature. For mo IMPORTANT: Each host isolation exception IP address should be a highly trusted and secure location since you're allowing it to communicate with hosts that have been isolated to prevent a potential threat from spreading. -Host isolation is a https://www.elastic.co/pricing[Platinum or Enterprise subscription] feature. By default, a host isolation exception is recognized globally across all hosts running {endpoint-cloud-sec}. You can also assign a host isolation exception to a specific {endpoint-cloud-sec} integration policy, affecting only the hosts assigned to that policy. +Host isolation is a https://www.elastic.co/pricing[Platinum or Enterprise subscription] feature. By default, a host isolation exception is recognized globally across all hosts running {elastic-defend}. You can also assign a host isolation exception to a specific {elastic-defend} integration policy, affecting only the hosts assigned to that policy. . Go to **Manage** -> **Host isolation exceptions**. . Click **Add Host isolation exception**. @@ -20,8 +20,8 @@ Host isolation is a https://www.elastic.co/pricing[Platinum or Enterprise subscr .. `Enter IP Address`: Enter the IP address for which you want to allow communication with an isolated host. This must be an IPv4 address, with optional CIDR notation (for example, `0.0.0.0` or `1.0.0.0/24`, respectively). . Select an option in the *Assignment* section to assign the host isolation exception to a specific integration policy: + -* `Global`: Assign the host isolation exception to all integration policies for {endpoint-cloud-sec}. -* `Per Policy`: Assign the host isolation exception to one or more specific {endpoint-cloud-sec} integration policies. Select each policy where you want the host isolation exception to apply. +* `Global`: Assign the host isolation exception to all integration policies for {elastic-defend}. +* `Per Policy`: Assign the host isolation exception to one or more specific {elastic-defend} integration policies. Select each policy where you want the host isolation exception to apply. + NOTE: You can also select the `Per Policy` option without immediately assigning a policy to the host isolation exception. For example, you could do this to create and review your host isolation exception configurations before putting them into action with a policy. . Click **Add Host isolation exception**. The new exception is added to the *Host isolation exceptions* list. @@ -49,7 +49,7 @@ To edit a host isolation exception: [discrete] [[delete-host-isolation-exception]] === Delete a host isolation exception -You can delete a host isolation exception, which removes it entirely from all {endpoint-cloud-sec} policies. +You can delete a host isolation exception, which removes it entirely from all {elastic-defend} integration policies. To delete a host isolation exception: diff --git a/docs/management/admin/images/advanced-settings.png b/docs/management/admin/images/advanced-settings.png deleted file mode 100644 index ff3d65e07a..0000000000 Binary files a/docs/management/admin/images/advanced-settings.png and /dev/null differ diff --git a/docs/management/admin/images/endpoints-pg.png b/docs/management/admin/images/endpoints-pg.png index 08621d908d..22e7410c5b 100644 Binary files a/docs/management/admin/images/endpoints-pg.png and b/docs/management/admin/images/endpoints-pg.png differ diff --git a/docs/management/admin/images/filter-endpoints.png b/docs/management/admin/images/filter-endpoints.png index 8f29beba7d..8989c5175d 100644 Binary files a/docs/management/admin/images/filter-endpoints.png and b/docs/management/admin/images/filter-endpoints.png differ diff --git a/docs/management/admin/images/host-flyout.png b/docs/management/admin/images/host-flyout.png index 19534f8786..0a3b36ac9c 100644 Binary files a/docs/management/admin/images/host-flyout.png and b/docs/management/admin/images/host-flyout.png differ diff --git a/docs/management/admin/images/integration-advanced-settings.png b/docs/management/admin/images/integration-advanced-settings.png new file mode 100644 index 0000000000..8d1fd38512 Binary files /dev/null and b/docs/management/admin/images/integration-advanced-settings.png differ diff --git a/docs/management/admin/images/integration-pg.png b/docs/management/admin/images/integration-pg.png index 224f9bf58e..22ab5469f6 100644 Binary files a/docs/management/admin/images/integration-pg.png and b/docs/management/admin/images/integration-pg.png differ diff --git a/docs/management/admin/images/policy-list.png b/docs/management/admin/images/policy-list.png index 9067603fdf..e94ed5e9ff 100644 Binary files a/docs/management/admin/images/policy-list.png and b/docs/management/admin/images/policy-list.png differ diff --git a/docs/management/admin/policy-list.asciidoc b/docs/management/admin/policy-list.asciidoc index 63f51c6e77..d07776b385 100644 --- a/docs/management/admin/policy-list.asciidoc +++ b/docs/management/admin/policy-list.asciidoc @@ -2,7 +2,7 @@ [chapter] = Policies -The **Policies** page lists all of the integration policies configured for {endpoint-cloud-sec}. +The **Policies** page lists all of the integration policies configured for {elastic-defend}. Click on an integration policy's name to configure its settings. For more information on configuring an integration policy, refer to <>. diff --git a/docs/management/admin/response-actions.asciidoc b/docs/management/admin/response-actions.asciidoc index 0c0ff48074..3c54b1d781 100644 --- a/docs/management/admin/response-actions.asciidoc +++ b/docs/management/admin/response-actions.asciidoc @@ -9,7 +9,7 @@ Response actions are supported on all endpoint platforms (Linux, macOS, and Wind ===== Response actions and the response console UI are https://www.elastic.co/pricing[Enterprise subscription] features. -Endpoints must have {agent} version 8.4 or higher installed with the {endpoint-cloud-sec} integration to receive response actions. +Endpoints must have {agent} version 8.4 or higher installed with the {elastic-defend} integration to receive response actions. ===== [role="screenshot"] @@ -47,7 +47,7 @@ Release an isolated host, allowing it to communicate with the network again. Example: `release --comment "Release host, everything looks OK"` === `status` -Show information about the host's status, including: {agent} status and version, the {endpoint-cloud-sec} integration's policy status, and when the host was last active. +Show information about the host's status, including: {agent} status and version, the {elastic-defend} integration's policy status, and when the host was last active. === `processes` Show a list of all processes running on the host. This action may take a minute or so to complete. diff --git a/docs/management/admin/trusted-apps.asciidoc b/docs/management/admin/trusted-apps.asciidoc index 9e49564d3e..53dd7b6ca9 100644 --- a/docs/management/admin/trusted-apps.asciidoc +++ b/docs/management/admin/trusted-apps.asciidoc @@ -2,13 +2,13 @@ [chapter, role="xpack"] = Trusted applications -You can add Windows, macOS, and Linux applications that should be trusted. By adding these trusted applications, you can use {elastic-sec} without compatibility or performance issues with other installed applications on your system. Trusted applications apply only to hosts running {endpoint-cloud-sec}. +You can add Windows, macOS, and Linux applications that should be trusted. By adding these trusted applications, you can use {elastic-sec} without compatibility or performance issues with other installed applications on your system. Trusted applications apply only to hosts running {elastic-defend}. NOTE: You must have the built-in `superuser` role to access this feature. For more information, refer to {ref}/built-in-users.html[Built-in users]. Trusted applications are designed to help mitigate performance issues and incompatibilities with other endpoint software. However, they create blindspots for {elastic-sec}. One avenue attackers use to exploit these blindspots is by DLL (Dynamic Link Library) side-loading, where they leverage processes signed by trusted vendors -- such as antivirus software -- to execute their malicious DLLs. Such activity appears to originate from the trusted vendor's process. -By default, a trusted application is recognized globally across all hosts running {endpoint-cloud-sec}. If you have a https://www.elastic.co/pricing[Platinum or Enterprise subscription], you can also assign a trusted application to a specific {endpoint-cloud-sec} integration policy, enabling the application to be trusted by only the hosts assigned to that policy. +By default, a trusted application is recognized globally across all hosts running {elastic-defend}. If you have a https://www.elastic.co/pricing[Platinum or Enterprise subscription], you can also assign a trusted application to a specific {elastic-defend} integration policy, enabling the application to be trusted by only the hosts assigned to that policy. To add a trusted application: @@ -40,8 +40,8 @@ TIP: To find the signer's name for an application, go to *Kibana* -> *Discover* NOTE: You can only add a single field type value per trusted application. For example, if you try to add two `Path` values, you'll get an error message. Also, an application's hash value must be valid to add it as a trusted application. In addition, to minimize visibility gaps in the {security-app}, be as specific as possible in your entries. For example, combine `Signature` information with a known `Path`. . Select an option in the *Assignment* section to assign the trusted application to a specific integration policy: -* `Global`: Assign the trusted application to all integration policies for {endpoint-cloud-sec}. -* `Per Policy` (Platinum or Enterprise subscription only): Assign the trusted application to one or more specific {endpoint-cloud-sec} integration policies. Select each policy in which you want the application to be trusted. +* `Global`: Assign the trusted application to all integration policies for {elastic-defend}. +* `Per Policy` (Platinum or Enterprise subscription only): Assign the trusted application to one or more specific {elastic-defend} integration policies. Select each policy in which you want the application to be trusted. + NOTE: You can also select the `Per Policy` option without immediately assigning a policy to the trusted application. For example, you could do this to create and review your trusted application configurations before putting them into action with a policy. @@ -70,7 +70,7 @@ To edit a trusted application: [discrete] [[delete-trusted-app]] === Delete a trusted application -You can delete a trusted application, which removes it entirely from all {endpoint-cloud-sec} policies. +You can delete a trusted application, which removes it entirely from all {elastic-defend} integration policies. To delete a trusted application: diff --git a/docs/management/api/blocklist-api.asciidoc b/docs/management/api/blocklist-api.asciidoc index 35e946c45c..2e87ac0417 100644 --- a/docs/management/api/blocklist-api.asciidoc +++ b/docs/management/api/blocklist-api.asciidoc @@ -32,8 +32,8 @@ include::_exceptions-api-reusable-content.asciidoc[tags=create-exception-contain -------------------------------------------------- POST api/exception_lists { - "description": "{endpoint-cloud-sec} Blocklists List", - "name": "{endpoint-cloud-sec} Blocklists List", + "description": "{elastic-defend} Blocklists List", + "name": "{elastic-defend} Blocklists List", "list_id": "{endpoint-artifact-list-id}", "type": "endpoint_blocklists", "namespace_type": "agnostic" @@ -54,11 +54,11 @@ POST api/exception_lists "_version": "WzcsMV0=", "created_at": "2020-07-13T09:33:46.187Z", "created_by": "elastic", - "description": "{endpoint-cloud-sec} Blocklists List", + "description": "{elastic-defend} Blocklists List", "id": "f320c070-c4eb-11ea-80bb-11861bae2798", "immutable": false, "list_id": "{endpoint-artifact-list-id}", - "name": "{endpoint-cloud-sec} Blocklists List", + "name": "{elastic-defend} Blocklists List", "namespace_type": "agnostic", "os_types": [], "tags": [], diff --git a/docs/management/api/event-filters-api.asciidoc b/docs/management/api/event-filters-api.asciidoc index 028a0e9e9c..86f820ada6 100644 --- a/docs/management/api/event-filters-api.asciidoc +++ b/docs/management/api/event-filters-api.asciidoc @@ -31,8 +31,8 @@ include::_exceptions-api-reusable-content.asciidoc[tags=create-exception-contain -------------------------------------------------- POST api/exception_lists { - "description": "{endpoint-cloud-sec} Event Filters List", - "name": "{endpoint-cloud-sec} Event Filters List", + "description": "{elastic-defend} Event Filters List", + "name": "{elastic-defend} Event Filters List", "list_id": "{endpoint-artifact-list-id}", "type": "endpoint", "namespace_type": "agnostic" @@ -53,8 +53,8 @@ POST api/exception_lists "_tags": [], "created_at": "2020-07-13T09:33:46.187Z", "created_by": "user", - "description": "{endpoint-cloud-sec} Event Filters List", - "name": "{endpoint-cloud-sec} Event Filters List", + "description": "{elastic-defend} Event Filters List", + "name": "{elastic-defend} Event Filters List", "list_id": "{endpoint-artifact-list-id}", "type": "endpoint", "namespace_type": "agnostic", diff --git a/docs/management/api/get-endpoint-api.asciidoc b/docs/management/api/get-endpoint-api.asciidoc index b6dafbfd48..6e25bc331a 100644 --- a/docs/management/api/get-endpoint-api.asciidoc +++ b/docs/management/api/get-endpoint-api.asciidoc @@ -1,7 +1,7 @@ [[get-endpoint-api]] === Get endpoint -Retrieves metadata about a single host running {endpoint-cloud-sec}. +Retrieves metadata about a single host running {elastic-defend}. ==== Request URL diff --git a/docs/management/api/host-isolation-api.asciidoc b/docs/management/api/host-isolation-api.asciidoc index 9fbb782dc3..b87877c54e 100644 --- a/docs/management/api/host-isolation-api.asciidoc +++ b/docs/management/api/host-isolation-api.asciidoc @@ -1,7 +1,7 @@ [[host-isolation-api]] === Isolate a host -Isolates a host running {endpoint-cloud-sec} from the network. +Isolates a host running {elastic-defend} from the network. `Isolated` is a persistent status until the endpoint is given a release command. You must have the `superuser` role and at least a Platinum license to perform this action. diff --git a/docs/management/api/host-isolation-exceptions-api.asciidoc b/docs/management/api/host-isolation-exceptions-api.asciidoc index 0e0aa2dad9..f85b66b106 100644 --- a/docs/management/api/host-isolation-exceptions-api.asciidoc +++ b/docs/management/api/host-isolation-exceptions-api.asciidoc @@ -31,8 +31,8 @@ include::_exceptions-api-reusable-content.asciidoc[tags=create-exception-contain -------------------------------------------------- POST api/exception_lists { - "description": "{endpoint-cloud-sec} Host Isolation Exceptions List", - "name": "{endpoint-cloud-sec} Host Isolation Exceptions List", + "description": "{elastic-defend} Host Isolation Exceptions List", + "name": "{elastic-defend} Host Isolation Exceptions List", "list_id": "{endpoint-artifact-list-id}", "type": "endpoint", "namespace_type": "agnostic" @@ -53,11 +53,11 @@ POST api/exception_lists "_version": "WzIxMTgsMV0=", "created_at": "2022-03-03T13:55:32.176Z", "created_by": "elastic", - "description": "{endpoint-cloud-sec} Host Isolation Exceptions List", + "description": "{elastic-defend} Host Isolation Exceptions List", "id": "978cbd00-9af9-11ec-94b1-fd7e90cc2a08", "immutable": false, "list_id": "{endpoint-artifact-list-id}", - "name": "{endpoint-cloud-sec} Host Isolation Exceptions List", + "name": "{elastic-defend} Host Isolation Exceptions List", "namespace_type": "agnostic", "os_types": [], "tags": [], diff --git a/docs/management/api/kill-process-api.asciidoc b/docs/management/api/kill-process-api.asciidoc index e48f6583cf..290d683142 100644 --- a/docs/management/api/kill-process-api.asciidoc +++ b/docs/management/api/kill-process-api.asciidoc @@ -1,7 +1,7 @@ [[kill-process-api]] === Terminate a process -Terminates a process on a host running {endpoint-cloud-sec}. +Terminates a process on a host running {elastic-defend}. You must have the `superuser` role and at least an Enterprise license to perform this action. diff --git a/docs/management/api/list-endpoints-api.asciidoc b/docs/management/api/list-endpoints-api.asciidoc index 3c9f3dfc84..9a18032968 100644 --- a/docs/management/api/list-endpoints-api.asciidoc +++ b/docs/management/api/list-endpoints-api.asciidoc @@ -1,7 +1,7 @@ [[list-endpoints-api]] === List endpoints -Retrieves a list of hosts running {endpoint-cloud-sec}. +Retrieves a list of hosts running {elastic-defend}. ==== Request URL diff --git a/docs/management/api/management-api-index.asciidoc b/docs/management/api/management-api-index.asciidoc index e313124ad9..805fdc9b2d 100644 --- a/docs/management/api/management-api-index.asciidoc +++ b/docs/management/api/management-api-index.asciidoc @@ -1,7 +1,7 @@ [[management-api-overview]] == Endpoint management API -The following APIs allow you to interact with and manage endpoints running the {endpoint-cloud-sec} integration. +The following APIs allow you to interact with and manage endpoints running the {elastic-defend} integration. include::get-endpoint-api.asciidoc[] include::list-endpoints-api.asciidoc[] diff --git a/docs/management/api/running-procs-api.asciidoc b/docs/management/api/running-procs-api.asciidoc index 011805c525..abaf00c906 100644 --- a/docs/management/api/running-procs-api.asciidoc +++ b/docs/management/api/running-procs-api.asciidoc @@ -1,7 +1,7 @@ [[running-procs-api]] === Get processes -Get processes on a host running {endpoint-cloud-sec}. +Get processes on a host running {elastic-defend}. You must have the `superuser` role and at least an Enterprise license to perform this action. diff --git a/docs/management/api/suspend-process-api.asciidoc b/docs/management/api/suspend-process-api.asciidoc index 508b05788e..565028023f 100644 --- a/docs/management/api/suspend-process-api.asciidoc +++ b/docs/management/api/suspend-process-api.asciidoc @@ -1,7 +1,7 @@ [[suspend-process-api]] === Suspend a process -Suspend a process on a host running {endpoint-cloud-sec}. +Suspend a process on a host running {elastic-defend}. You must have the `superuser` role and at least an Enterprise license to perform this action. diff --git a/docs/management/api/trusted-apps-api.asciidoc b/docs/management/api/trusted-apps-api.asciidoc index 81f78eff04..3300fec2d6 100644 --- a/docs/management/api/trusted-apps-api.asciidoc +++ b/docs/management/api/trusted-apps-api.asciidoc @@ -30,8 +30,8 @@ include::_exceptions-api-reusable-content.asciidoc[tags=create-exception-contain -------------------------------------------------- POST api/exception_lists { - "description": "{endpoint-cloud-sec} Trusted Apps List", - "name": "{endpoint-cloud-sec} Trusted Apps List", + "description": "{elastic-defend} Trusted Apps List", + "name": "{elastic-defend} Trusted Apps List", "list_id": "{endpoint-artifact-list-id}", "type": "endpoint", "namespace_type": "agnostic" @@ -52,8 +52,8 @@ POST api/exception_lists "_tags": [], "created_at": "2020-07-13T09:33:46.187Z", "created_by": "elastic", - "description": "{endpoint-cloud-sec} Trusted Apps List", - "name": "{endpoint-cloud-sec} Trusted Apps List", + "description": "{elastic-defend} Trusted Apps List", + "name": "{elastic-defend} Trusted Apps List", "list_id": "{endpoint-artifact-list-id}", "type": "endpoint", "namespace_type": "agnostic", diff --git a/docs/troubleshooting/images/endpoints-transform-failed.png b/docs/troubleshooting/images/endpoints-transform-failed.png index 1fb7593def..1b46dd539f 100644 Binary files a/docs/troubleshooting/images/endpoints-transform-failed.png and b/docs/troubleshooting/images/endpoints-transform-failed.png differ diff --git a/docs/troubleshooting/images/unhealthy-agent-fleet.png b/docs/troubleshooting/images/unhealthy-agent-fleet.png index 6aa64d2157..ea140f2993 100644 Binary files a/docs/troubleshooting/images/unhealthy-agent-fleet.png and b/docs/troubleshooting/images/unhealthy-agent-fleet.png differ diff --git a/docs/troubleshooting/management/ts-management.asciidoc b/docs/troubleshooting/management/ts-management.asciidoc index 68684c72a4..46f2405c0a 100644 --- a/docs/troubleshooting/management/ts-management.asciidoc +++ b/docs/troubleshooting/management/ts-management.asciidoc @@ -12,20 +12,20 @@ This topic covers common troubleshooting issues when using {elastic-sec} < *Endpoints*, then click the link in the *Policy status* column). [role="screenshot"] image::images/unhealthy-agent-fleet.png[Agent details page in {fleet} with Unhealthy status and integration failures] -Common causes of failure in the {endpoint-cloud-sec} integration policy include missing prerequisites or unexpected system configuration. Consult the following topics to resolve a specific error: +Common causes of failure in the {elastic-defend} integration policy include missing prerequisites or unexpected system configuration. Consult the following topics to resolve a specific error: - <> (macOS) - <> (macOS) - <> (Linux) -TIP: If the {endpoint-cloud-sec} integration policy is not the cause of the `Unhealthy` agent status, refer to {fleet-guide}/fleet-troubleshooting.html[{fleet} troubleshooting] for help with the {agent}. +TIP: If the {elastic-defend} integration policy is not the cause of the `Unhealthy` agent status, refer to {fleet-guide}/fleet-troubleshooting.html[{fleet} troubleshooting] for help with the {agent}. ==== [discrete] @@ -33,13 +33,13 @@ TIP: If the {endpoint-cloud-sec} integration policy is not the cause of the `Unh .Disabled to avoid potential system deadlock (Linux) [%collapsible] ==== -If you have an `Unhealthy` {agent} status with the message `Disabled due to potential system deadlock`, that means malware protection was disabled on the {endpoint-cloud-sec} integration policy due to errors while monitoring a Linux host. +If you have an `Unhealthy` {agent} status with the message `Disabled due to potential system deadlock`, that means malware protection was disabled on the {elastic-defend} integration policy due to errors while monitoring a Linux host. -You can resolve the issue by configuring the policy's <> related to *fanotify*, a Linux feature that monitors file system events. By default, {endpoint-cloud-sec} works with fanotify to monitor specific file system types that Elastic has tested for compatibility, and ignores other unknown file system types. +You can resolve the issue by configuring the policy's <> related to *fanotify*, a Linux feature that monitors file system events. By default, {elastic-defend} works with fanotify to monitor specific file system types that Elastic has tested for compatibility, and ignores other unknown file system types. -If your network includes nonstandard, proprietary, or otherwise unrecognized Linux file systems that cause errors while being monitored, you can configure {endpoint-cloud-sec} to ignore those file systems. This allows {endpoint-cloud-sec} to resume monitoring and protecting the hosts on the integration policy. +If your network includes nonstandard, proprietary, or otherwise unrecognized Linux file systems that cause errors while being monitored, you can configure {elastic-defend} to ignore those file systems. This allows {elastic-defend} to resume monitoring and protecting the hosts on the integration policy. -CAUTION: Ignoring file systems can create gaps in your security coverage. Use additional security layers for any file systems ignored by {endpoint-cloud-sec}. +CAUTION: Ignoring file systems can create gaps in your security coverage. Use additional security layers for any file systems ignored by {elastic-defend}. To resolve the potential system deadlock error: @@ -59,7 +59,7 @@ Once you save the policy, malware protection is re-enabled. .Required transform failed [%collapsible] ==== -If you encounter a `“Required transform failed”` notice on the Endpoints page, you can usually resolve the issue by restarting the transform. See {ref}/transforms.html[Transforming data] for more information about transforms. +If you encounter a `“Required transform failed”` notice on the Endpoints page, you can usually resolve the issue by restarting the transform. Refer to {ref}/transforms.html[Transforming data] for more information about transforms. [role="screenshot"] image::images/endpoints-transform-failed.png[Endpoints page with Required transform failed notice] @@ -67,7 +67,7 @@ image::images/endpoints-transform-failed.png[Endpoints page with Required transf To restart a transform that’s not running: . Go to *Kibana* -> *Stack Management* -> *Data* -> *Transforms*. -. Enter `endpoint.metadata` in the search box to find the transforms for {endpoint-cloud-sec}. +. Enter `endpoint.metadata` in the search box to find the transforms for {elastic-defend}. . Click the *Actions* menu (*...*) and do one of the following for each transform, depending on the value in the *Status* column: * `stopped`: Select *Start* to restart the transform. * `failed`: Select *Stop* to first stop the transform, and then select *Start* to restart it. @@ -76,5 +76,5 @@ To restart a transform that’s not running: image::images/transforms-start.png[Transforms page with Start option selected] . On the confirmation message that displays, click *Start* to restart the transform. -. The transform’s status changes to `started`. Refresh the page if you don't see the change. +. The transform’s status changes to `started`. If it doesn't change, refresh the page. ====