[DOCS] Admin and endpoint updates (7.10)

docs/management/admin/admin-pg-ov.asciidoc

@@ -1,77 +1,153 @@
 [[admin-page-ov]]
 [chapter, role="xpack"]
 = Administration page overview
-The Administration page enables admins to view and manage hosts that are running Elastic Endpoint Security.
+The Administration page enables admins to view and manage endpoints that are running Endpoint Security. Admins can also view and manage trusted applications.
 
-NOTE: Ingest Manager must be enabled in a Kibana Space for administrative actions to function correctly.
+In this topic:
 
-The *Hosts* list is an enumeration of all hosts and their relevant configuration and integration details, organized in a tabular format. Hosts appear in chronological order, with newly added hosts on top. The Hosts list provides the following data:
+* <<endpoints-list-ov>>
+* <<trusted-apps-ov>>
 
-* *Hostname:* The system host name. Click the link to view host details in a flyout panel, where you can also reassign an agent configuration.
 
-* *Host Status:* The current host status, which is one of the following:
+NOTE: {fleet} must be enabled in a Kibana Space for administrative actions to function correctly.
 
-** *Online:* The Elastic Agent is online and communicating with Kibana.
+[[endpoints-list-ov]]
+[discrete]
+== Endpoints list
 
-** *Unenrolling:* The agent is currently unenrolling and will soon be removed from Ingest. Afterward, the host will also unenroll.
+The *Endpoints list* lists all hosts running {elastic-sec} and their relevant integration details. Endpoints appear in chronological order, with newly added endpoints at the top. The Endpoints list provides the following data:
+
+* *Hostname:* The system hostname. Click the link to view host details in a flyout panel, where you can also reassign an agent configuration.
+
+* *Agent Status:* The current status of the Elastic Agent, which is one of the following:
+
+** *Online:* The {agent} is online and communicating with Kibana.
+
+** *Unenrolling:* The agent is currently unenrolling and will soon be removed from Fleet. Afterward, the endpoint will also unenroll.
 
 ** *Offline:* The agent is still enrolled but may be on a machine that is shut down or currently does not have internet access. In this state, the agent is no longer communicating with Kibana on a regular interval.
 
-** *Error:* There is an error with the agent. An *Error* status can also mean that the host is unable to find the parent agent or is missing the agent ID. It is recommended to look at the agent logs in Fleet to find out more information.
+** *Error:* There is an error with the agent. An *Error* status can also mean that the endpoint is unable to find the parent agent or is missing the agent ID. It is recommended to look at the agent logs in Fleet to find out more information.
 
-* *Integration:* The name of the associated integration when the agent was installed. Click the link to view the Integration details page.
+* *Integration Policy:* The name of the associated Policy when the agent was installed. Click the link to view the Integration Policy page.
 
-* *Configuration Status:* Lists whether the configuration was a success or failure. Click the link to view configuration response details in a flyout panel.
+* *Policy Status:* Lists whether the Policy configuration was a success or failure. Click the link to view configuration response details in a flyout panel.
 
 * *Operating System:* The associated operating system.
 
-* *IP Address:* All IP addresses associated with the host name.
+* *IP Address:* All IP addresses associated with the hostname.
+
+* *Version:* The Elastic Stack version currently running.
 
-* *Version:* The current Elastic Stack version running.
+* *Last Active:* A date and timestamp of the last time the agent was active.
+
+* *Actions:* Select the context menu to do the following:
+
+** *View Host Details:* View host details on the *Hosts* page in the {security-app}.
+
+** *View Agent Policy:* View the Policy in {fleet}.
+
+** *View Agent Details:* View agent details and activity logs in {fleet}.
 
-* *Last Active:* A date and timestamp of the last time the host was active.
 
 [role="screenshot"]
 image::images/admin-pg.png[Admin page]
 
 
 *Hostname details*
 
-Click a *Hostname* link to display host details in a flyout panel. This panel also provides shortcut links to view the associated integration, view the configuration response details, and reassign the configuration if needed.
+Click a *Hostname* link to display host details in a flyout panel. This panel also provides shortcut links to view the associated Policy, view the configuration response details, and reassign the Policy if needed.
 
 [role="screenshot"]
 image::images/host-flyout.png[Admin page]
 
-*Integration details*
+*Integration Policy details*
 
-To view the Integration details page, click the link in the Integration column. If you are viewing host details, you can also click the *Integration* link on the flyout panel.
+To view the Integration Policy page, click the link in the *Integration Policy* column. If you are viewing host details, you can also click the *Integration Policy* link on the flyout panel.
 
-On this page, you can view and manage protection configuration and event collection settings. In the upper-right corner is a Key Performance Indicator (KPI) widget that provides hosts status data. If you need to update the configuration, make changes as appropriate, then click the *Save* button to save your changes.
+On this page, you can view and configure endpoint protection and event collection settings. In the upper-right corner are Key Performance Indicators (KPIs) that provide current endpoint status. If you need to update the Policy configuration, make changes as appropriate, then click the *Save* button to apply the new changes.
 
-NOTE: Users must have permission to read/write to Ingest Manager APIs to make changes to the configuration.
+NOTE: Users must have permission to read/write to Fleet APIs to make changes to the configuration.
 
 [role="screenshot"]
 image::images/integration-pg.png[Integration page]
 
 *Configuration status*
 
-The status of the configuration appears in the *Configuration Status* column and displays one of the following possibilities:
+The status of the Policy configuration appears in the *Policy Status* column and displays one of the following possibilities:
 
-* *Success:* The configuration applied successfully.
+* *Success:* The Policy applied successfully.
 
-* *Pending or Partially Applied:* The configuration is pending application, or the configuration in its entirety was not applied.
+* *Warning or Partially Applied:* The Policy is pending application, or the Policy was not applied in its entirety.
 
-NOTE: In some cases, some actions taken on the endpoint may fail during the configuration application but are not recognized as a critical failure - meaning there may be a failure, but the hosts are still protected. In this case, the configuration status will display as "Partially Applied."
+NOTE: In some cases, some actions taken on the endpoint may fail during the configuration application but are not recognized as a critical failure - meaning there may be a failure, but the endpoints are still protected. In this case, the configuration status will display as "Partially Applied."
 
-* *Failure:* The configuration did not apply correctly. As such, hosts are not protected.
+* *Failure:* The Policy did not apply correctly. As such, endpoints are not protected.
 
 * *Unknown:* The user interface is waiting for the API response to return, or, in rare cases, the API returns an undefined error or value.
 
-To view configuration status details, click the link and review the data in the flyout panel. In the following image, you can see that the `Agent Connectivity` failed, generating a "Failed" configuration status.
+To view Policy status details, click the link and review the data in the flyout panel. In the following image, you can see that the malware configuration and logging failed, generating a "Failed" Policy status.
 
 [role="screenshot"]
 image::images/config-status.png[Config status details]
 
 Expand each section and subsection to view individual responses from the agent.
 
-TIP: If you need help troubleshooting a configuration failure, see the {ingest-guide}/ingest-management-troubleshooting.html[Ingest Manager troubleshooting topic].
+TIP: If you need help troubleshooting a configuration failure, see the {ingest-guide}/ingest-management-troubleshooting.html[Fleet troubleshooting topic].
+
+*Filter endpoints*
+
+To filter the Endpoints list, use the Search bar to enter a query using *{kibana-ref}/kuery-query.html[{kib} Query Language (KQL)]*. To refresh the search results, click *Refresh*.
+
+[role="screenshot"]
+image::images/filter-endpoints.png[]
+
+NOTE: The timepicker on the right side of the page allows you to set a time interval to automatically refresh the Endpoints list -- for example, if new endpoints were added or deleted.
+
+[[trusted-apps-ov]]
+[discrete]
+== Trusted applications
+
+Administrators can add Windows, macOS, and Linux applications that should be trusted. By adding these "trusted applications," you can use {elastic-sec} without compatibility or performance issues with other installed applications on your system. Trusted applications are applied only to hosts running {endpoint-sec}.
+
+To add a trusted application:
+
+. On the *Administration* page, select the *Trusted applications* tab.
+
+. Click *Add Trusted Application*.
+
+. Complete the following field requirements in the "Trusted Applications" dialog:
+
+* `Name your trusted app application`: Enter a name for the trusted application.
+
+* `Select operating system`: Select the appropriate operating system from the drop-down.
+
+* `Field`: Select the appropriate field you want to use - *Hash* or *Path*.
+
+* `Operator`: Defaults to `is` (i.e., "equal to"). This cannot be changed.
+
+* `Value`: Enter the hash value or file path. To add an additional value, click *AND*.
+
+* `Description`(Optional): Enter a description of the trusted application.
+
+. Click *Add trusted application*. If successfully added, the added application appears in the Trusted applications list.
+
+NOTE: Hash values must be valid to add the trusted application.
+
+*Trusted applications list*
+
+The *Trusted applications list* lists all the trusted applications that have been added to the {security-app}. By default, applications appear in "Grid view" -- a comprehensive display of all metadata and field values. To view a condensed version of the list that displays general information, select *List view*.
+
+TIP: In the List view, click the arrow to expand and collapse details.
+
+[role="screenshot"]
+image::images/trusted-apps-list.png[]
+
+*Remove a trusted application*
+
+. If in the Grid view, click *Remove* on the appropriate application to delete. If in the List view, click the *Remove this entry* button that looks like a trash can.
+
+. On the "Remove trusted application" dialog that appears, confirm you are removing the correct application. If so, click *Remove trusted application*. A "Successfully removed" confirmation appears.
+
+[role="screenshot"]
+image::images/remove-app.png[]