From 93e34d45157a6f755f1bf3d3ba05f67330110a15 Mon Sep 17 00:00:00 2001
From: Benjamin Ironside Goldstein
 <91905639+benironside@users.noreply.github.com>
Date: Wed, 9 Oct 2024 11:32:07 -0400
Subject: [PATCH 1/2] Fixes support matrix (#5882)

(cherry picked from commit d887c555272ef6c3af5e360263c895e8cd69ab94)

# Conflicts:
#	docs/serverless/dashboards/kubernetes-dashboard-dash.mdx
---
 docs/dashboards/kubernetes-dashboard.asciidoc |  2 +-
 .../dashboards/kubernetes-dashboard-dash.mdx  | 69 +++++++++++++++++++
 2 files changed, 70 insertions(+), 1 deletion(-)
 create mode 100644 docs/serverless/dashboards/kubernetes-dashboard-dash.mdx

diff --git a/docs/dashboards/kubernetes-dashboard.asciidoc b/docs/dashboards/kubernetes-dashboard.asciidoc
index b6da9c1dec..aee5e8db5d 100644
--- a/docs/dashboards/kubernetes-dashboard.asciidoc
+++ b/docs/dashboards/kubernetes-dashboard.asciidoc
@@ -50,7 +50,7 @@ This feature is currently available on GKE and EKS using Linux hosts and Kuberne
 |===
 | | EKS 1.24-1.26 (AL2022) | GKE 1.24-1.26 (COS)
 | Process event exports | ✓ | ✓
-| Network event exports | ✓ | ✓
+| Network event exports | ✗ | ✗
 | File event exports | ✓ | ✓
 | File blocking | ✓ | ✓
 | Process blocking | ✓ | ✓
diff --git a/docs/serverless/dashboards/kubernetes-dashboard-dash.mdx b/docs/serverless/dashboards/kubernetes-dashboard-dash.mdx
new file mode 100644
index 0000000000..aa92e0e5ef
--- /dev/null
+++ b/docs/serverless/dashboards/kubernetes-dashboard-dash.mdx
@@ -0,0 +1,69 @@
+---
+slug: /serverless/security/kubernetes-dashboard-dash
+title: Kubernetes dashboard
+description: The Kubernetes dashboard provides insight into Linux process data from your Kubernetes clusters.
+tags: [ 'serverless', 'security', 'overview', 'cloud security' ]
+status: in review
+---
+
+<DocBadge template="technical preview" />
+<div id="kubernetes-dashboard"></div>
+
+The Kubernetes dashboard provides insight into Linux process data from your Kubernetes clusters. It shows sessions in detail and in the context of your monitored infrastructure.
+
+![The Kubernetes dashboard, with numbered labels 1 through 3 for major sections](../images/kubernetes-dashboard/-dashboards-kubernetes-dashboard.png)
+The numbered sections are described below:
+
+  1. The charts at the top of the dashboard provide an overview of your monitored Kubernetes infrastructure. You can hide them by clicking **Hide charts**.
+  1. The tree navigation menu allows you to navigate through your deployments and select the scope of the sessions table to the right. You can select any item in the menu to show its sessions. In Logical view, the menu is organized by Cluster, Namespace, Pod, and Container image. In Infrastructure view, it is organized by Cluster, Node, Pod, and Container image.
+  1. The sessions table displays sessions collected from the selected element of your Kubernetes infrastructure. You can view it in fullscreen by selecting the button in the table's upper right corner. You can sort the table by any of its fields.
+
+You can filter the data using the KQL search bar and date picker at the top of the page.
+
+From the sessions table's Actions column, you can take the following investigative actions:
+
+- View details
+- <DocLink slug="/serverless/security/timelines-ui">Open in Timeline</DocLink>
+- <DocLink slug="/serverless/security/alerts-run-osquery">Run Osquery</DocLink>
+- <DocLink slug="/serverless/security/visual-event-analyzer">Analyze event</DocLink>
+- <DocLink slug="/serverless/security/session-view">Open Session View</DocLink>
+
+Session View displays Kubernetes metadata under the **Metadata** tab of the Detail panel:
+
+![The Detail panel's metadata tab](../images/kubernetes-dashboard/-dashboards-metadata-tab.png)
+
+The **Metadata** tab is organized into these expandable sections:
+
+- **Metadata:** `hostname`, `id`, `ip`, `mac`, `name`, Host OS information
+- **Cloud:** `instance.name`, `provider`, `region`, `account.id`, `project.id`
+- **Container:** `id`, `name`, `image.name`, `image.tag`, `image.hash.all`
+- **Orchestrator:** `resource.ip`, `resource.name`, `resource.type`, `namespace`, `cluster.id`, `cluster.name`, `parent.type`
+
+<div id="k8s-dash-setup"></div>
+
+## Setup
+To get data for this dashboard, set up <DocLink slug="/serverless/security/d4c-get-started">Cloud Workload Protection for Kubernetes</DocLink> for the clusters you want to display on the dashboard.
+
+<DocCallOut title="Requirements">
+
+- Kubernetes node operating systems must have Linux kernels 5.10.16 or higher.
+
+</DocCallOut>
+
+**Support matrix**:
+This feature is currently available on GKE and EKS using Linux hosts and Kubernetes versions that match the following specifications:
+|  |  |  |
+|---|---|---|
+| | EKS 1.24-1.26 (AL2022) | GKE 1.24-1.26 (COS) |
+| Process event exports | ✓ | ✓ |
+| Network event exports | ✗ | ✗ |
+| File event exports | ✓ | ✓ |
+| File blocking | ✓ | ✓ |
+| Process blocking | ✓ | ✓ |
+| Network blocking | ✗ | ✗ |
+| Drift prevention | ✓ | ✓ |
+| Mount point awareness | ✓ | ✓ |
+
+<DocCallOut title="Important" color="warning">
+This dashboard uses data from the `logs-*` index pattern, which is included by default in the <DocLink slug="/serverless/security/advanced-settings">`securitySolution:defaultIndex` advanced setting</DocLink>. To collect data from multiple ((es)) clusters (as in a cross-cluster deployment), update `logs-*` to `*:logs-*`.
+</DocCallOut>
\ No newline at end of file

From 6f457ec1392de17c34a3fe4c2529f19062c48cdd Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Wed, 9 Oct 2024 15:34:50 +0000
Subject: [PATCH 2/2] Delete docs/serverless directory and its contents

---
 .../dashboards/kubernetes-dashboard-dash.mdx  | 69 -------------------
 1 file changed, 69 deletions(-)
 delete mode 100644 docs/serverless/dashboards/kubernetes-dashboard-dash.mdx

diff --git a/docs/serverless/dashboards/kubernetes-dashboard-dash.mdx b/docs/serverless/dashboards/kubernetes-dashboard-dash.mdx
deleted file mode 100644
index aa92e0e5ef..0000000000
--- a/docs/serverless/dashboards/kubernetes-dashboard-dash.mdx
+++ /dev/null
@@ -1,69 +0,0 @@
----
-slug: /serverless/security/kubernetes-dashboard-dash
-title: Kubernetes dashboard
-description: The Kubernetes dashboard provides insight into Linux process data from your Kubernetes clusters.
-tags: [ 'serverless', 'security', 'overview', 'cloud security' ]
-status: in review
----
-
-<DocBadge template="technical preview" />
-<div id="kubernetes-dashboard"></div>
-
-The Kubernetes dashboard provides insight into Linux process data from your Kubernetes clusters. It shows sessions in detail and in the context of your monitored infrastructure.
-
-![The Kubernetes dashboard, with numbered labels 1 through 3 for major sections](../images/kubernetes-dashboard/-dashboards-kubernetes-dashboard.png)
-The numbered sections are described below:
-
-  1. The charts at the top of the dashboard provide an overview of your monitored Kubernetes infrastructure. You can hide them by clicking **Hide charts**.
-  1. The tree navigation menu allows you to navigate through your deployments and select the scope of the sessions table to the right. You can select any item in the menu to show its sessions. In Logical view, the menu is organized by Cluster, Namespace, Pod, and Container image. In Infrastructure view, it is organized by Cluster, Node, Pod, and Container image.
-  1. The sessions table displays sessions collected from the selected element of your Kubernetes infrastructure. You can view it in fullscreen by selecting the button in the table's upper right corner. You can sort the table by any of its fields.
-
-You can filter the data using the KQL search bar and date picker at the top of the page.
-
-From the sessions table's Actions column, you can take the following investigative actions:
-
-- View details
-- <DocLink slug="/serverless/security/timelines-ui">Open in Timeline</DocLink>
-- <DocLink slug="/serverless/security/alerts-run-osquery">Run Osquery</DocLink>
-- <DocLink slug="/serverless/security/visual-event-analyzer">Analyze event</DocLink>
-- <DocLink slug="/serverless/security/session-view">Open Session View</DocLink>
-
-Session View displays Kubernetes metadata under the **Metadata** tab of the Detail panel:
-
-![The Detail panel's metadata tab](../images/kubernetes-dashboard/-dashboards-metadata-tab.png)
-
-The **Metadata** tab is organized into these expandable sections:
-
-- **Metadata:** `hostname`, `id`, `ip`, `mac`, `name`, Host OS information
-- **Cloud:** `instance.name`, `provider`, `region`, `account.id`, `project.id`
-- **Container:** `id`, `name`, `image.name`, `image.tag`, `image.hash.all`
-- **Orchestrator:** `resource.ip`, `resource.name`, `resource.type`, `namespace`, `cluster.id`, `cluster.name`, `parent.type`
-
-<div id="k8s-dash-setup"></div>
-
-## Setup
-To get data for this dashboard, set up <DocLink slug="/serverless/security/d4c-get-started">Cloud Workload Protection for Kubernetes</DocLink> for the clusters you want to display on the dashboard.
-
-<DocCallOut title="Requirements">
-
-- Kubernetes node operating systems must have Linux kernels 5.10.16 or higher.
-
-</DocCallOut>
-
-**Support matrix**:
-This feature is currently available on GKE and EKS using Linux hosts and Kubernetes versions that match the following specifications:
-|  |  |  |
-|---|---|---|
-| | EKS 1.24-1.26 (AL2022) | GKE 1.24-1.26 (COS) |
-| Process event exports | ✓ | ✓ |
-| Network event exports | ✗ | ✗ |
-| File event exports | ✓ | ✓ |
-| File blocking | ✓ | ✓ |
-| Process blocking | ✓ | ✓ |
-| Network blocking | ✗ | ✗ |
-| Drift prevention | ✓ | ✓ |
-| Mount point awareness | ✓ | ✓ |
-
-<DocCallOut title="Important" color="warning">
-This dashboard uses data from the `logs-*` index pattern, which is included by default in the <DocLink slug="/serverless/security/advanced-settings">`securitySolution:defaultIndex` advanced setting</DocLink>. To collect data from multiple ((es)) clusters (as in a cross-cluster deployment), update `logs-*` to `*:logs-*`.
-</DocCallOut>
\ No newline at end of file