diff --git a/docs/advanced-entity-analytics/api/asset-criticality-api-overview.asciidoc b/docs/advanced-entity-analytics/api/asset-criticality-api-overview.asciidoc index 22c657b031..e83fb00fd2 100644 --- a/docs/advanced-entity-analytics/api/asset-criticality-api-overview.asciidoc +++ b/docs/advanced-entity-analytics/api/asset-criticality-api-overview.asciidoc @@ -2,4 +2,10 @@ [role="xpack"] == Asset criticality API -You can manage <> records through the API. To use this API, you must first turn on the `securitySolution:enableAssetCriticality` <>. \ No newline at end of file +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-entity-analytics-api[Entity Analytics APIs]. +-- + +You can manage <> records through the API. diff --git a/docs/advanced-entity-analytics/asset-criticality.asciidoc b/docs/advanced-entity-analytics/asset-criticality.asciidoc index 1ee6cb2670..55437a3c56 100644 --- a/docs/advanced-entity-analytics/asset-criticality.asciidoc +++ b/docs/advanced-entity-analytics/asset-criticality.asciidoc @@ -4,12 +4,7 @@ .Requirements [sidebar] -- -To view and assign asset criticality, you must: - -* Have the appropriate user role. -* Turn on the `securitySolution:enableAssetCriticality` <>. - -For more information, refer to <>. +To view and assign asset criticality, you must have the appropriate user role. For more information, refer to <>. -- The asset criticality feature allows you to classify your organization's entities based on various operational factors that are important to your organization. Through this classification, you can improve your threat detection capabilities by focusing your alert triage, threat-hunting, and investigation activities on high-impact entities. diff --git a/docs/advanced-entity-analytics/entity-risk-scoring.asciidoc b/docs/advanced-entity-analytics/entity-risk-scoring.asciidoc index 932e6b07fb..8b9be7a266 100644 --- a/docs/advanced-entity-analytics/entity-risk-scoring.asciidoc +++ b/docs/advanced-entity-analytics/entity-risk-scoring.asciidoc @@ -30,11 +30,7 @@ Entity risk scores are determined by the following risk inputs: The resulting entity risk scores are stored in the `risk-score.risk-score-` data stream alias. -[NOTE] -====== -* Entities without any alerts, or with only `Closed` alerts, are not assigned a risk score. -* To use asset criticality, you must enable the `securitySolution:enableAssetCriticality` <>. -====== +NOTE: Entities without any alerts, or with only `Closed` alerts, are not assigned a risk score. [discrete] [[how-is-risk-score-calculated]] diff --git a/docs/advanced-entity-analytics/ers-req.asciidoc b/docs/advanced-entity-analytics/ers-req.asciidoc index 90b6ffa961..35f0a0a588 100644 --- a/docs/advanced-entity-analytics/ers-req.asciidoc +++ b/docs/advanced-entity-analytics/ers-req.asciidoc @@ -45,8 +45,6 @@ The risk scoring engine uses an internal user role to score all hosts and users, [discrete] == Asset criticality -To use the asset criticality feature, turn on the `securitySolution:enableAssetCriticality` <>. - [discrete] === Privileges diff --git a/docs/getting-started/advanced-setting.asciidoc b/docs/getting-started/advanced-setting.asciidoc index 2298fbc483..afde06a108 100644 --- a/docs/getting-started/advanced-setting.asciidoc +++ b/docs/getting-started/advanced-setting.asciidoc @@ -102,11 +102,6 @@ Security *Overview* page. * `securitySolution:newsFeedUrl`: The URL from which the security news feed content is retrieved. -[discrete] -[[enable-asset-criticality]] -== Enable asset criticality workflows -The `securitySolution:enableAssetCriticality` setting determines whether asset criticality is included as a risk input to entity risk scoring. This setting is turned off by default. Turn it on to enable asset criticality workflows and to use asset criticality as part of entity risk scoring. - [discrete] [[exclude-cold-frozen-tiers]] == Exclude cold and frozen tier data from analyzer queries diff --git a/docs/getting-started/users-page.asciidoc b/docs/getting-started/users-page.asciidoc index f7df997574..56218a3019 100644 --- a/docs/getting-started/users-page.asciidoc +++ b/docs/getting-started/users-page.asciidoc @@ -36,7 +36,7 @@ A user's details page displays all relevant information for the selected user. T The user details page includes the following sections: -* **Asset Criticality**: If the `securitySolution:enableAssetCriticality` <> is on, this section displays the user's current <>. +* **Asset Criticality**: This section displays the user's current <>. * *Summary*: Details such as the user ID, when the user was first and last seen, the associated IP address(es), and operating system. If the user risk score feature is enabled, this section also displays user risk score data. @@ -99,12 +99,6 @@ image::images/users/user-risk-inputs.png[User risk inputs] [[user-asset-criticality-section]] === Asset Criticality -.Requirements -[sidebar] --- -The **Asset Criticality** section is only available if the `securitySolution:enableAssetCriticality` <> is on. --- - The **Asset Criticality** section displays the selected user's <>. Asset criticality contributes to the overall <>. The criticality level defines how impactful the user is when calculating the risk score. [role="screenshot"] diff --git a/docs/management/hosts/hosts-overview.asciidoc b/docs/management/hosts/hosts-overview.asciidoc index b8d12049cb..4e78ad68d7 100644 --- a/docs/management/hosts/hosts-overview.asciidoc +++ b/docs/management/hosts/hosts-overview.asciidoc @@ -42,7 +42,7 @@ A host's details page displays all relevant information for the selected host. T The host details page includes the following sections: -* **Asset Criticality**: If the `securitySolution:enableAssetCriticality` <> is on, this section displays the host's current <>. +* **Asset Criticality**: This section displays the host's current <>. * *Summary*: Details such as the host ID, when the host was first and last seen, the associated IP addresses, and associated operating system. If the host risk score feature is enabled, this section also displays host risk score data. * *Alert metrics*: The total number of alerts by severity, rule, and status (`Open`, `Acknowledged`, or `Closed`). * *Data tables*: The same data tables as on the main Hosts page, except with values for the selected host instead of all hosts. @@ -102,12 +102,6 @@ image::images/host-risk-inputs.png[Host risk inputs] [[host-asset-criticality-section]] === Asset Criticality -.Requirements -[sidebar] --- -The **Asset Criticality** section is only available if the `securitySolution:enableAssetCriticality` <> is on. --- - The **Asset Criticality** section displays the selected host's <>. Asset criticality contributes to the overall <>. The criticality level defines how impactful the host is when calculating the risk score. [role="screenshot"]