From 5d47c29ea8eeb7ef337e963d537a61e4e822b4e7 Mon Sep 17 00:00:00 2001 From: natasha-moore-elastic Date: Thu, 24 Oct 2024 16:15:43 +0100 Subject: [PATCH] Asset criticality advanced setting removed --- .../api/asset-criticality-api-overview.asciidoc | 2 +- docs/advanced-entity-analytics/asset-criticality.asciidoc | 7 +------ .../entity-risk-scoring.asciidoc | 6 +----- docs/advanced-entity-analytics/ers-req.asciidoc | 2 -- docs/getting-started/advanced-setting.asciidoc | 5 ----- docs/getting-started/users-page.asciidoc | 8 +------- docs/management/hosts/hosts-overview.asciidoc | 8 +------- .../advanced-entity-analytics/asset-criticality.mdx | 6 +----- .../advanced-entity-analytics/entity-risk-scoring.mdx | 3 +-- docs/serverless/advanced-entity-analytics/ers-req.mdx | 2 -- docs/serverless/explore/hosts-overview.mdx | 6 +----- docs/serverless/explore/users-page.mdx | 6 +----- docs/serverless/settings/advanced-settings.mdx | 4 ---- 13 files changed, 9 insertions(+), 56 deletions(-) diff --git a/docs/advanced-entity-analytics/api/asset-criticality-api-overview.asciidoc b/docs/advanced-entity-analytics/api/asset-criticality-api-overview.asciidoc index ac19c135a6..4ae62def30 100644 --- a/docs/advanced-entity-analytics/api/asset-criticality-api-overview.asciidoc +++ b/docs/advanced-entity-analytics/api/asset-criticality-api-overview.asciidoc @@ -8,4 +8,4 @@ For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-entity-analytics-api[Entity Analytics APIs]. -- -You can manage <> records through the API. To use this API, you must first turn on the `securitySolution:enableAssetCriticality` <>. \ No newline at end of file +You can manage <> records through the API. \ No newline at end of file diff --git a/docs/advanced-entity-analytics/asset-criticality.asciidoc b/docs/advanced-entity-analytics/asset-criticality.asciidoc index cef15b6b30..6b4d9b679a 100644 --- a/docs/advanced-entity-analytics/asset-criticality.asciidoc +++ b/docs/advanced-entity-analytics/asset-criticality.asciidoc @@ -4,12 +4,7 @@ .Requirements [sidebar] -- -To view and assign asset criticality, you must: - -* Have the appropriate user role. -* Turn on the `securitySolution:enableAssetCriticality` <>. - -For more information, refer to <>. +To view and assign asset criticality, you must have the appropriate user role. For more information, refer to <>. -- The asset criticality feature allows you to classify your organization's entities based on various operational factors that are important to your organization. Through this classification, you can improve your threat detection capabilities by focusing your alert triage, threat-hunting, and investigation activities on high-impact entities. diff --git a/docs/advanced-entity-analytics/entity-risk-scoring.asciidoc b/docs/advanced-entity-analytics/entity-risk-scoring.asciidoc index 932e6b07fb..8b9be7a266 100644 --- a/docs/advanced-entity-analytics/entity-risk-scoring.asciidoc +++ b/docs/advanced-entity-analytics/entity-risk-scoring.asciidoc @@ -30,11 +30,7 @@ Entity risk scores are determined by the following risk inputs: The resulting entity risk scores are stored in the `risk-score.risk-score-` data stream alias. -[NOTE] -====== -* Entities without any alerts, or with only `Closed` alerts, are not assigned a risk score. -* To use asset criticality, you must enable the `securitySolution:enableAssetCriticality` <>. -====== +NOTE: Entities without any alerts, or with only `Closed` alerts, are not assigned a risk score. [discrete] [[how-is-risk-score-calculated]] diff --git a/docs/advanced-entity-analytics/ers-req.asciidoc b/docs/advanced-entity-analytics/ers-req.asciidoc index 90b6ffa961..35f0a0a588 100644 --- a/docs/advanced-entity-analytics/ers-req.asciidoc +++ b/docs/advanced-entity-analytics/ers-req.asciidoc @@ -45,8 +45,6 @@ The risk scoring engine uses an internal user role to score all hosts and users, [discrete] == Asset criticality -To use the asset criticality feature, turn on the `securitySolution:enableAssetCriticality` <>. - [discrete] === Privileges diff --git a/docs/getting-started/advanced-setting.asciidoc b/docs/getting-started/advanced-setting.asciidoc index b1e10980c0..cd90705d62 100644 --- a/docs/getting-started/advanced-setting.asciidoc +++ b/docs/getting-started/advanced-setting.asciidoc @@ -102,11 +102,6 @@ Security *Overview* page. * `securitySolution:newsFeedUrl`: The URL from which the security news feed content is retrieved. -[discrete] -[[enable-asset-criticality]] -== Enable asset criticality workflows -The `securitySolution:enableAssetCriticality` setting determines whether asset criticality is included as a risk input to entity risk scoring. This setting is turned off by default. Turn it on to enable asset criticality workflows and to use asset criticality as part of entity risk scoring. - [discrete] [[exclude-cold-frozen-tiers]] == Exclude cold and frozen tier data from analyzer queries diff --git a/docs/getting-started/users-page.asciidoc b/docs/getting-started/users-page.asciidoc index f7df997574..56218a3019 100644 --- a/docs/getting-started/users-page.asciidoc +++ b/docs/getting-started/users-page.asciidoc @@ -36,7 +36,7 @@ A user's details page displays all relevant information for the selected user. T The user details page includes the following sections: -* **Asset Criticality**: If the `securitySolution:enableAssetCriticality` <> is on, this section displays the user's current <>. +* **Asset Criticality**: This section displays the user's current <>. * *Summary*: Details such as the user ID, when the user was first and last seen, the associated IP address(es), and operating system. If the user risk score feature is enabled, this section also displays user risk score data. @@ -99,12 +99,6 @@ image::images/users/user-risk-inputs.png[User risk inputs] [[user-asset-criticality-section]] === Asset Criticality -.Requirements -[sidebar] --- -The **Asset Criticality** section is only available if the `securitySolution:enableAssetCriticality` <> is on. --- - The **Asset Criticality** section displays the selected user's <>. Asset criticality contributes to the overall <>. The criticality level defines how impactful the user is when calculating the risk score. [role="screenshot"] diff --git a/docs/management/hosts/hosts-overview.asciidoc b/docs/management/hosts/hosts-overview.asciidoc index b8d12049cb..4e78ad68d7 100644 --- a/docs/management/hosts/hosts-overview.asciidoc +++ b/docs/management/hosts/hosts-overview.asciidoc @@ -42,7 +42,7 @@ A host's details page displays all relevant information for the selected host. T The host details page includes the following sections: -* **Asset Criticality**: If the `securitySolution:enableAssetCriticality` <> is on, this section displays the host's current <>. +* **Asset Criticality**: This section displays the host's current <>. * *Summary*: Details such as the host ID, when the host was first and last seen, the associated IP addresses, and associated operating system. If the host risk score feature is enabled, this section also displays host risk score data. * *Alert metrics*: The total number of alerts by severity, rule, and status (`Open`, `Acknowledged`, or `Closed`). * *Data tables*: The same data tables as on the main Hosts page, except with values for the selected host instead of all hosts. @@ -102,12 +102,6 @@ image::images/host-risk-inputs.png[Host risk inputs] [[host-asset-criticality-section]] === Asset Criticality -.Requirements -[sidebar] --- -The **Asset Criticality** section is only available if the `securitySolution:enableAssetCriticality` <> is on. --- - The **Asset Criticality** section displays the selected host's <>. Asset criticality contributes to the overall <>. The criticality level defines how impactful the host is when calculating the risk score. [role="screenshot"] diff --git a/docs/serverless/advanced-entity-analytics/asset-criticality.mdx b/docs/serverless/advanced-entity-analytics/asset-criticality.mdx index a14d6accaf..569ce0857c 100644 --- a/docs/serverless/advanced-entity-analytics/asset-criticality.mdx +++ b/docs/serverless/advanced-entity-analytics/asset-criticality.mdx @@ -9,11 +9,7 @@ status: in review -To view and assign asset criticality, you must: -* Have the appropriate user role. -* Turn on the `securitySolution:enableAssetCriticality` advanced setting. - -For more information, refer to Entity risk scoring prerequisites. +To view and assign asset criticality, you must have the appropriate user role. For more information, refer to Entity risk scoring prerequisites. The asset criticality feature allows you to classify your organization's entities based on various operational factors that are important to your organization. Through this classification, you can improve your threat detection capabilities by focusing your alert triage, threat-hunting, and investigation activities on high-impact entities. diff --git a/docs/serverless/advanced-entity-analytics/entity-risk-scoring.mdx b/docs/serverless/advanced-entity-analytics/entity-risk-scoring.mdx index afac426c31..3b0bc0fd36 100644 --- a/docs/serverless/advanced-entity-analytics/entity-risk-scoring.mdx +++ b/docs/serverless/advanced-entity-analytics/entity-risk-scoring.mdx @@ -42,8 +42,7 @@ The resulting entity risk scores are stored in the `risk-score.risk-score- -* Entities without any alerts, or with only `Closed` alerts, are not assigned a risk score. -* To use asset criticality, you must enable the `securitySolution:enableAssetCriticality` advanced setting. +Entities without any alerts, or with only `Closed` alerts, are not assigned a risk score. diff --git a/docs/serverless/advanced-entity-analytics/ers-req.mdx b/docs/serverless/advanced-entity-analytics/ers-req.mdx index 989b3ef8ea..b902a51861 100644 --- a/docs/serverless/advanced-entity-analytics/ers-req.mdx +++ b/docs/serverless/advanced-entity-analytics/ers-req.mdx @@ -41,8 +41,6 @@ To turn on the risk scoring engine, you need either the appropriate advanced setting. - ### User roles To use asset criticality, you need either the appropriate predefined Security user role or a custom role with the right privileges: diff --git a/docs/serverless/explore/hosts-overview.mdx b/docs/serverless/explore/hosts-overview.mdx index fcae2ab0d2..21eb840909 100644 --- a/docs/serverless/explore/hosts-overview.mdx +++ b/docs/serverless/explore/hosts-overview.mdx @@ -50,7 +50,7 @@ A host's details page displays all relevant information for the selected host. T The host details page includes the following sections: -* **Asset Criticality**: If the `securitySolution:enableAssetCriticality` advanced setting is on, this section displays the host's current asset criticality level. +* **Asset Criticality**: This section displays the host's current asset criticality level. * **Summary**: Details such as the host ID, when the host was first and last seen, the associated IP addresses, and associated operating system. If the entity risk score feature is enabled, this section also displays host risk score data. * **Alert metrics**: The total number of alerts by severity, rule, and status (`Open`, `Acknowledged`, or `Closed`). * **Data tables**: The same data tables as on the main Hosts page, except with values for the selected host instead of all hosts. @@ -99,10 +99,6 @@ If more than 10 alerts contributed to the risk scoring calculation, the remainin ### Asset Criticality - -The **Asset Criticality** section is only available if the `securitySolution:enableAssetCriticality` advanced setting is on. - - The **Asset Criticality** section displays the selected host's asset criticality level. Asset criticality contributes to the overall host risk score. The criticality level defines how impactful the host is when calculating the risk score. ![Asset criticality](../images/hosts-overview/-host-asset-criticality.png) diff --git a/docs/serverless/explore/users-page.mdx b/docs/serverless/explore/users-page.mdx index 3defe8e72d..b1b4ae1df4 100644 --- a/docs/serverless/explore/users-page.mdx +++ b/docs/serverless/explore/users-page.mdx @@ -41,7 +41,7 @@ A user's details page displays all relevant information for the selected user. T The user details page includes the following sections: -* **Asset Criticality**: If the `securitySolution:enableAssetCriticality` advanced setting is on, this section displays the user's current asset criticality level. +* **Asset Criticality**: This section displays the user's current asset criticality level. * **Summary**: Details such as the user ID, when the user was first and last seen, the associated IP address(es), and operating system. If the entity risk score feature is enabled, this section also displays user risk score data. @@ -93,10 +93,6 @@ If more than 10 alerts contributed to the risk scoring calculation, the remainin ### Asset Criticality - -The **Asset Criticality** section is only available if the `securitySolution:enableAssetCriticality` advanced setting is on. - - The **Asset Criticality** section displays the selected user's asset criticality level. Asset criticality contributes to the overall user risk score. The criticality level defines how impactful the user is when calculating the risk score. ![Asset criticality](../images/users-page/-user-asset-criticality.png) diff --git a/docs/serverless/settings/advanced-settings.mdx b/docs/serverless/settings/advanced-settings.mdx index 0d044dcb8c..0870fc718b 100644 --- a/docs/serverless/settings/advanced-settings.mdx +++ b/docs/serverless/settings/advanced-settings.mdx @@ -126,10 +126,6 @@ You can change these settings, which affect the news feed displayed on the * `securitySolution:newsFeedUrl`: The URL from which the security news feed content is retrieved. -## Enable asset criticality workflows - -The `securitySolution:enableAssetCriticality` setting determines whether asset criticality is included as a risk input to entity risk scoring. This setting is turned off by default. Turn it on to enable asset criticality workflows and to use asset criticality as part of entity risk scoring. - ## Exclude cold and frozen tier data from analyzer queries Including data from cold and frozen [data tiers](((ref))/data-tiers.html) in visual event analyzer queries may result in performance degradation. The `securitySolution:excludeColdAndFrozenTiersInAnalyzer` setting allows you to exclude this data from analyzer queries. This setting is turned off by default.