elastic · joepeeples · Oct 26, 2022 · Oct 19, 2022 · Oct 20, 2022 · Oct 20, 2022
@@ -3,12 +3,13 @@
 
 The Endpoints page allows administrators to view and manage endpoints that are running the <<install-endpoint, {elastic-defend} integration>>.
 
-[NOTE]
-=====
-{fleet} must be enabled in a {kib} space for administrative actions to function correctly.
+.Requirements
+[sidebar]
+--
+* {fleet} must be enabled in a {kib} space for administrative actions to function correctly.
 
-You must have the built-in `superuser` role to access this feature. For more information, refer to {ref}/built-in-users.html[Built-in users].
-=====
+* You must have the `superuser` {ref}/built-in-roles.html[built-in user role] to access this feature.
+--
 
 [[endpoints-list-ov]]
 [discrete]

@@ -6,12 +6,13 @@ The blocklist allows you to prevent specified applications from running on hosts
 
 The blocklist is not intended to broadly block benign applications for non-security reasons; only use it to block potentially harmful applications. To compare the blocklist with other endpoint artifacts, refer to <<endpoint-artifacts>>.
 
-[NOTE] 
-=====
-In addition to configuring specific entries on the **Blocklist** page, you must also ensure that the blocklist is enabled on the {elastic-defend} integration policy in the <<malware-protection, Malware protection settings>>. This setting is enabled by default.
+.Requirements
+[sidebar]
+--
+* In addition to configuring specific entries on the **Blocklist** page, you must also ensure that the blocklist is enabled on the {elastic-defend} integration policy in the <<malware-protection, Malware protection settings>>. This setting is enabled by default.
 
-You must have the built-in `superuser` role to access the blocklist. For more information, refer to {ref}/built-in-users.html[Built-in users].
-=====
+* You must have the `superuser` {ref}/built-in-roles.html[built-in user role] to access this feature.
+--
 
 By default, a blocklist entry is recognized globally across all hosts running {elastic-defend}. If you have a https://www.elastic.co/pricing[Platinum or Enterprise subscription], you can also assign a blocklist entry to specific {elastic-defend} integration policies, which blocks the process only on hosts assigned to that policy.
 

@@ -6,7 +6,11 @@ Event filters allow you to filter endpoint events that you do not need or want s
 
 Event filters do not lower CPU usage on hosts; {elastic-endpoint} still monitors events to detect and prevent possible threats, but without writing event data to {es}. To compare event filters with other endpoint artifacts, refer to <<endpoint-artifacts>>.
 
-NOTE: You must have the built-in `superuser` role to access this feature. For more information, refer to {ref}/built-in-users.html[Built-in users].
+.Requirements
+[sidebar]
+--
+You must have the `superuser` {ref}/built-in-roles.html[built-in user role] to access this feature.
+--
 
 IMPORTANT: Since an event filter blocks an event from streaming to {es}, be conscious of event filter conditions you set and any existing rule conditions. If there is too much overlap, the rule may run less frequently than specified and, therefore, will not trigger the corresponding alert for that rule. This is the expected behavior of event filters.
 

@@ -6,7 +6,11 @@ You can configure host isolation exceptions for specific IP addresses that <<hos
 
 Host isolation exceptions support IPv4 addresses, with optional classless inter-domain routing (CIDR) notation.
 
-NOTE: You must have the built-in `superuser` role to access this feature. For more information, refer to {ref}/built-in-users.html[Built-in users].
+.Requirements
+[sidebar]
+--
+You must have the `superuser` {ref}/built-in-roles.html[built-in user role] to access this feature.
+--
 
 IMPORTANT: Each host isolation exception IP address should be a highly trusted and secure location since you're allowing it to communicate with hosts that have been isolated to prevent a potential threat from spreading.
 

@@ -6,21 +6,20 @@ Host isolation allows you to isolate hosts from your network, blocking communica
 
 Isolated hosts, however, can still send data to {es} and {kib}. You can also create <<host-isolation-exceptions, host isolation exceptions>> for specific IP addresses that isolated hosts are still allowed to communicate with, even when blocked from the rest of your network.
 
-Host isolation is a https://www.elastic.co/pricing[Platinum or Enterprise subscription] feature. 
+.Requirements
+[sidebar]
+--
+* Host isolation is a https://www.elastic.co/pricing[Platinum or Enterprise subscription] feature. 
 
-[NOTE] 
-=========================
-For {stack} version >= 7.15.0, host isolation is supported for endpoints running Windows, macOS, and these Linux distributions:
+* For {stack} versions >= 7.15.0, host isolation is supported for endpoints running Windows, macOS, and these Linux distributions:
 
-* CentOS/RHEL 8
-* Debian 11
-* Ubuntu 18.04
-* Ubuntu 20.04
-* Ubuntu 22.04
-* AWS Linux 2
+** CentOS/RHEL 8
+** Debian 11
+** Ubuntu 18.04, 20.04, and 22.04
+** AWS Linux 2
 
-To isolate and release hosts in any operating system, you must have the built-in `superuser` role. For more information, refer to {ref}/built-in-users.html[Built-in users].
-=========================
+* To isolate and release hosts in any operating system, you must have the `superuser` {ref}/built-in-roles.html[built-in user role].
+--
 
 [role="screenshot"]
 image::images/isolated-host.png[Endpoint page highlighting a host that's been isolated]

@@ -12,7 +12,7 @@ Response actions are supported on all endpoint platforms (Linux, macOS, and Wind
 
 * Endpoints must have {agent} version 8.4 or higher installed with the {elastic-defend} integration to receive response actions.
 
-* You must have the `superuser` {ref}/built-in-users.html[built-in user role] to access the response console.
+* You must have the `superuser` {ref}/built-in-roles.html[built-in user role] to access this feature.
 --
 
 [role="screenshot"]

@@ -4,7 +4,11 @@
 
 You can add Windows, macOS, and Linux applications that should be trusted, such as other antivirus or endpoint security applications. Trusted applications are designed to help mitigate performance issues and incompatibilities with other endpoint software installed on your hosts. Trusted applications apply only to hosts running the {elastic-defend} integration.
 
-NOTE: You must have the built-in `superuser` role to access this feature. For more information, refer to {ref}/built-in-users.html[Built-in users].
+.Requirements
+[sidebar]
+--
+You must have the `superuser` {ref}/built-in-roles.html[built-in user role] to access this feature.
+--
 
 Trusted applications create blindspots for {elastic-defend}, because the applications are no longer monitored for threats. One avenue attackers use to exploit these blindspots is by DLL (Dynamic Link Library) side-loading, where they leverage processes signed by trusted vendors -- such as antivirus software -- to execute their malicious DLLs. Such activity appears to originate from the trusted application's process.