elastic · joepeeples · Sep 29, 2022 · Sep 29, 2022
diff --git a/docs/dashboards/kubernetes-dashboard.asciidoc b/docs/dashboards/kubernetes-dashboard.asciidoc
@@ -35,14 +35,14 @@ The *Metadata* tab is organized into these expandable sections:
 [discrete]
 [[k8s-dash-setup]]
 == Setup
-To collect session data for the dashboard, you'll deploy a Kubernetes DaemonSet to your clusters that  implements the {endpoint-cloud-sec} integration.
+To collect session data for the dashboard, you'll deploy a Kubernetes DaemonSet to your clusters that implements the {elastic-defend} integration.
 
 **Prerequisites**:
 
 - This feature requires Elastic Stack version 8.4 or newer.
 - You need an active {fleet-guide}/fleet-overview.html[{fleet} Server].
-- Your Elastic deployment must have the {endpoint-cloud-sec} integration <<install-endpoint,enabled>>.
-- The {endpoint-cloud-sec} integration policy must have **Include session data** set to `true`. To modify this setting, go to **Manage -> Policies**, select your policy, and find `Include session data` near the bottom of the `Policy settings` tab.
+- Your Elastic deployment must have the {elastic-defend} integration <<install-endpoint,enabled>>.
+- The {elastic-defend} integration policy must have **Include session data** set to `true`. To modify this setting, go to **Manage -> Policies**, select your policy, and find `Include session data` near the bottom of the `Policy settings` tab.
 
 **Support matrix**: This feature is currently available on GKE and EKS using Linux hosts and Kubernetes versions that match the following specifications:
 |=====================

diff --git a/docs/dashboards/overview-dashboard.asciidoc b/docs/dashboards/overview-dashboard.asciidoc
@@ -24,7 +24,7 @@ TIP: Many {elastic-sec} histograms, graphs, and tables contain an *Inspect* butt
 [discrete]
 == Host and network events
 
-View event and host counts grouped by data source, such as *Auditbeat* or *{endpoint-cloud-sec}*. Expand a category to view specific counts of host or network events from the selected source.
+View event and host counts grouped by data source, such as *Auditbeat* or *{elastic-defend}*. Expand a category to view specific counts of host or network events from the selected source.
 
 [role="screenshot"]
 image::images/events-count.png[Host and network events on the Overview dashboard]

diff --git a/docs/detections/alerts-view-details.asciidoc b/docs/detections/alerts-view-details.asciidoc
@@ -62,7 +62,7 @@ The Insights section provides the following details:
 +
 beta::[]
 +
-NOTE: This feature requires a https://www.elastic.co/pricing[Platinum or Enterprise subscription]. In addition, the *Include session data* setting must be enabled on your {endpoint-cloud-sec} integration policy. Refer to <<enable-session-view, Enable Session View data>> for more information.
+NOTE: This feature requires a https://www.elastic.co/pricing[Platinum or Enterprise subscription]. In addition, the *Include session data* setting must be enabled on your {elastic-defend} integration policy. Refer to <<enable-session-view, Enable Session View data>> for more information.
 
 * *Alerts related by process ancestry* - Shows alerts that are related by process events on the same linear branch. Note that alerts generated from processes on child or related branches are not shown. To further examine alerts, click *Investigate in timeline*.
 +

diff --git a/docs/detections/session-view.asciidoc b/docs/detections/session-view.asciidoc
@@ -22,13 +22,13 @@ NOTE: To view Linux session data from your Kubernetes infrastructure, you'll nee
 [float]
 [[enable-session-view]]
 === Enable Session View data
-Session View uses process data collected by the {endpoint-cloud-sec} integration,
+Session View uses process data collected by the {elastic-defend} integration,
 but this data is not collected by default. To enable Session View data, go to *Manage* -> *Policies*
-and edit one or more of your {endpoint-cloud-sec} integration policies. On the *Policy settings* tab,
+and edit one or more of your {elastic-defend} integration policies. On the *Policy settings* tab,
 scroll down to the Linux event collection section near the bottom of the page
 and turn on the *Include session data* toggle. Session View can only display data that was
-collected by {endpoint-cloud-sec} when this setting was enabled. For more information about the additional
-fields collected by {endpoint-cloud-sec} when this setting is enabled, refer to the https://github.com/elastic/ecs/blob/main/rfcs/text/0030-linux-event-model.md[Linux event model RFC].
+collected by {elastic-defend} when this setting was enabled. For more information about the additional
+fields collected by {elastic-defend} when this setting is enabled, refer to the https://github.com/elastic/ecs/blob/main/rfcs/text/0030-linux-event-model.md[Linux event model RFC].
 
 [float]
 [[open-session-view]]

diff --git a/docs/detections/visual-event-analyzer.asciidoc b/docs/detections/visual-event-analyzer.asciidoc
@@ -8,7 +8,7 @@
 [[find-events-analyze]]
 === Find events to analyze
 
-You can only visualize events triggered by hosts configured with the {endpoint-cloud-sec} integration or any `sysmon` data from `winlogbeat`.
+You can only visualize events triggered by hosts configured with the {elastic-defend} integration or any `sysmon` data from `winlogbeat`.
 
 In KQL, this translates to any event with the `agent.type` set to either:
 

diff --git a/docs/es-overview.asciidoc b/docs/es-overview.asciidoc
@@ -27,7 +27,7 @@ image::images/workflow.png[Elastic Security workflow]
 Here's an overview of the flow and its components:
 
 * Data is shipped from your hosts to {es} in the following ways:
-** <<install-endpoint, {es-sec-endpoint}>>: {agent} integration that
+** <<install-endpoint, {elastic-defend}>>: {agent} integration that
 protects your hosts <<malware-prevention, against malware>> and ships these data sets:
 ***  *Windows*: Process, network, file, DNS, registry, DLL and driver loads,
 malware security detections
@@ -39,7 +39,7 @@ parsing specific data sets from common sources, such as cloud and OS events,
 logs, and metrics. Common security-related modules are listed
 <<enable-beat-modules, here>>.
 * The {security-app} in {kib} is used to manage the *Detection engine*,
-*Cases*, and *Timeline*, as well as administer hosts running {endpoint-cloud-sec}:
+*Cases*, and *Timeline*, as well as administer hosts running {elastic-defend}:
 ** Detection engine: Automatically searches for suspicious host and network
 activity via the following:
 *** <<detection-engine-overview, Detection rules>>: Periodically search the data
@@ -51,7 +51,7 @@ You can create your own rules and make use of our <<prebuilt-rules, prebuilt one
 false positives. Exceptions are associated with rules and prevent alerts when
 an exception's conditions are met. *Value lists* contain source event
 values that can be used as part of an exception's conditions. When
-{es-sec-endpoint} is installed on your hosts, you can add malware exceptions
+{elastic-defend} is installed on your hosts, you can add malware exceptions
 directly to the endpoint from the Security app.
 *** <<included-jobs, {ml-cap} jobs>>: Automatic anomaly detection of host and network events. Anomaly scores are provided per host and can be used with detection rules.
 ** <<timelines-ui, Timeline>>: Workspace for investigating alerts and events.
@@ -62,7 +62,7 @@ others, as well as attached to Cases.
 ** <<cases-overview, Cases>>: An internal system for opening, tracking, and sharing
 security issues directly in the Security app. Cases can be integrated with
 external ticketing systems.
-** <<admin-page-ov, Administration>>: View and manage hosts running Elastic {endpoint-cloud-sec}.
+** <<admin-page-ov, Administration>>: View and manage hosts running {elastic-defend}.
 
 <<ingest-data>> and <<install-endpoint>> describe how to ship security-related
 data to {es}.
@@ -96,9 +96,9 @@ Cold tier is a {ref}/data-tiers.html[data tier] that holds time series data that
 Using cold tier data for unsupported indices may result in detection rule timeouts and overall performance degradation.
 
 [discrete]
-=== Additional Elastic {endpoint-cloud-sec} information
+=== Additional {elastic-defend} information
 
-The https://www.elastic.co/endpoint-security/[{endpoint-cloud-sec} integration]
+The https://www.elastic.co/endpoint-security/[{elastic-defend} integration]
 for {agent} provides capabilities such as collecting events, detecting and preventing
 malicious activity, exceptions, and artifact delivery. The
 {fleet-guide}/fleet-overview.html[{fleet}] app is used to

diff --git a/docs/getting-started/advanced-setting.asciidoc b/docs/getting-started/advanced-setting.asciidoc
@@ -29,7 +29,7 @@ permanently.
 To access advanced settings, go to *Stack Management* -> *Advanced Settings*, then scroll down to *Security Solution* settings.
 
 [role="screenshot"]
-image::images/advanced-settings.png[]
+image::images/solution-advanced-settings.png[]
 
 [discrete]
 [[update-sec-indices]]

diff --git a/docs/getting-started/configure-integration-policy.asciidoc b/docs/getting-started/configure-integration-policy.asciidoc
@@ -1,13 +1,13 @@
 [[configure-endpoint-integration-policy]]
-= Configure an integration policy for {endpoint-cloud-sec}
+= Configure an integration policy for {elastic-defend}
 
-After the {agent} is installed with the {endpoint-cloud-sec} integration, several protections features — including
+After the {agent} is installed with the {elastic-defend} integration, several protections features — including
 preventions against malware, ransomware, memory threats, and malicious behavior — are automatically enabled
 on protected hosts (some features require a Platinum or Enterprise license). If needed, you can update the
 integration policy to configure protection settings, event collection, antivirus settings, trusted applications,
 event filters, host isolation exceptions, and blocked applications to meet your organization's security needs.
 
-You can also create multiple integration policies to maintain unique configuration profiles. To create an additional {endpoint-cloud-sec} integration policy, go to **Management** -> **Integrations**, then follow the steps for <<add-security-integration, adding the {endpoint-cloud-sec} integration>>.
+You can also create multiple {elastic-defend} integration policies to maintain unique configuration profiles. To create an additional {elastic-defend} integration policy, go to **Management** -> **Integrations**, then follow the steps for <<add-security-integration, adding the {elastic-defend} integration>>.
 
 NOTE: You must have the {kib} `superuser` role to configure an integration policy in the {security-app}.
 
@@ -61,7 +61,7 @@ Notifications appear by default. Deselect the **Notify User** option to disable
 TIP: Platinum and Enterprise customers can customize these notifications using the `Elastic Security {action} {filename}` syntax.
 
 Malware protection also allows you to manage a blocklist to prevent specified applications from running on hosts,
-extending the list of processes that {endpoint-cloud-sec} considers malicious. Use the **Blocklist enabled** toggle
+extending the list of processes that {elastic-defend} considers malicious. Use the **Blocklist enabled** toggle
 to enable or disable this feature for all hosts associated with the integration policy. To configure the blocklist, refer to <<blocklist>>.
 
 [role="screenshot"]

diff --git a/docs/getting-started/endpoint-diagnostic-data.asciidoc b/docs/getting-started/endpoint-diagnostic-data.asciidoc
@@ -1,9 +1,9 @@
 [[endpoint-diagnostic-data]]
-= Turn off diagnostic data for {endpoint-cloud-sec}
+= Turn off diagnostic data for {elastic-defend}
 
-By default, {endpoint-cloud-sec} streams diagnostic data to your cluster, which Elastic uses to tune protection features. You can stop producing this diagnostic data by configuring the advanced settings in the {endpoint-cloud-sec} integration policy.
+By default, {elastic-defend} streams diagnostic data to your cluster, which Elastic uses to tune protection features. You can stop producing this diagnostic data by configuring the advanced settings in the {elastic-defend} integration policy.
 
-NOTE: {kib} also collects usage telemetry, which includes {endpoint-cloud-sec} diagnostic data. You can modify telemetry preferences in {kibana-ref}/telemetry-settings-kbn.html[Advanced Settings].
+NOTE: {kib} also collects usage telemetry, which includes {elastic-defend} diagnostic data. You can modify telemetry preferences in {kibana-ref}/telemetry-settings-kbn.html[Advanced Settings].
 
 . In the {security-app}, go to *Manage* -> *Endpoints* to view the Endpoints list.
 . Locate the endpoint for which you want to disable diagnostic data, then click the integration policy in the *Policy* column.

diff --git a/...ting-started/images/advanced-settings.png → ...ted/images/solution-advanced-settings.png b/...ting-started/images/advanced-settings.png → ...ted/images/solution-advanced-settings.png
diff --git a/docs/getting-started/index.asciidoc b/docs/getting-started/index.asciidoc
@@ -2,7 +2,7 @@
 [[getting-started]]
 = Get started with {elastic-sec}
 
-Looking to get started with {elastic-sec}? This section describes the {elastic-sec} UI in {kib}, the system requirements required to run the {agent} with the Elastic {endpoint-cloud-sec} integration, and instructions on how to configure and install {elastic-sec} on your host.
+Looking to get started with {elastic-sec}? This section describes the {elastic-sec} UI in {kib}, the system requirements required to run the {agent} with the {elastic-defend} integration, and instructions on how to configure and install {elastic-sec} on your host.
 
 TIP: View the https://www.elastic.co/training/elastic-security-quick-start[{elastic-sec} Quick Start video] to learn how to configure your endpoints with {elastic-sec} so you can stream, detect, and visualize threats in real time on {ecloud}.
 

diff --git a/docs/getting-started/ingest-data.asciidoc b/docs/getting-started/ingest-data.asciidoc
@@ -3,7 +3,7 @@
 
 To ingest data, you can use:
 
-* The {fleet-guide}/fleet-overview.html[{agent}] with the **Elastic {endpoint-cloud-sec}** integration, which protects
+* The {fleet-guide}/fleet-overview.html[{agent}] with the **{elastic-defend}** integration, which protects
 your hosts and sends logs, metrics, and endpoint security data to {elastic-sec}. See <<install-endpoint>>.
 * The {agent} with integrations, which are available in the {fleet-guide}/fleet-overview.html#package-registry-intro[Elastic Package Registry (EPR)]. To install an integration that works with {elastic-sec}, go to the {kib} Home page or main navigation menu and click *Add integrations*. On the Integrations page, click the *Security* category filter, then select an integration to view the installation instructions. For more information on integrations, refer to {integrations-docs}[{integrations}].
 * *{beats}* shippers installed for each system you want to monitor.
@@ -22,7 +22,7 @@ primary key for identifying hosts.
 ==============
 
 The {agent} with the
-https://www.elastic.co/products/endpoint-security[{endpoint-cloud-sec} Integration]
+https://www.elastic.co/products/endpoint-security[{elastic-defend} integration]
 ships these data sources:
 
 * Process - Linux, macOS, Windows

diff --git a/docs/getting-started/install-elastic-endpoint.asciidoc b/docs/getting-started/install-elastic-endpoint.asciidoc
@@ -7,7 +7,7 @@ To properly install and configure {elastic-endpoint} manually without a Mobile D
 * <<allow-filter-content, Approve network content filtering>>
 * <<enable-fda-endpoint, Enable Full Disk Access>>
 
-NOTE: The following permissions that need to be enabled are required after you <<install-endpoint, configure and install the {endpoint-cloud-sec} integration>>, which includes <<enroll-security-agent, enrolling the {agent}>>.
+NOTE: The following permissions that need to be enabled are required after you <<install-endpoint, configure and install the {elastic-defend} integration>>, which includes <<enroll-security-agent, enrolling the {agent}>>.
 
 [discrete]
 [[system-extension-endpoint]]
@@ -49,7 +49,7 @@ image::images/install-endpoint/filter-network-content.png[]
 [[enable-fda-endpoint]]
 == Enable Full Disk Access for {elastic-endpoint}
 
-{elastic-endpoint} requires Full Disk Access to subscribe to system events via the {endpoint-cloud-sec} framework and to protect your network from malware and other cybersecurity threats. Full Disk Access permissions is a new privacy feature introduced in macOS Mojave (10.14) that prevents some applications from accessing your data. To enable Full Disk Access, you must manually approve {elastic-endpoint}. For endpoints running macOS Mojave (10.14) and earlier, you must also approve the {elastic-endpoint} <<kernel-extension-approval, kernel system extension>>.
+{elastic-endpoint} requires Full Disk Access to subscribe to system events via the {elastic-defend} framework and to protect your network from malware and other cybersecurity threats. Full Disk Access permissions is a new privacy feature introduced in macOS Mojave (10.14) that prevents some applications from accessing your data. To enable Full Disk Access, you must manually approve {elastic-endpoint}. For endpoints running macOS Mojave (10.14) and earlier, you must also approve the {elastic-endpoint} <<kernel-extension-approval, kernel system extension>>.
 
 NOTE: The following instructions apply only to {elastic-endpoint} running {stack} version 8.0.0 and later. To see Full Disk Access requirements for the Endgame sensor, refer to <<endgame-sensor-full-disk-access>>.