From d91cbaef3a25f8ed7289ca0a5dfc2e178668a631 Mon Sep 17 00:00:00 2001
From: natasha-moore-elastic <natasha.moore@elastic.co>
Date: Fri, 17 Jan 2025 12:12:36 +0000
Subject: [PATCH] Updates RBAC requirements for 3rd-party response actions

---
 docs/management/admin/response-actions-config.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/management/admin/response-actions-config.asciidoc b/docs/management/admin/response-actions-config.asciidoc
index 3f4f9295f3..ba12519495 100644
--- a/docs/management/admin/response-actions-config.asciidoc
+++ b/docs/management/admin/response-actions-config.asciidoc
@@ -20,7 +20,7 @@ Check out <<third-party-actions>> to learn which response actions are supported
 --
 * https://www.elastic.co/pricing[Subscription level]: Enterprise 
 
-* {kibana-ref}/kibana-role-management.html#adding_kibana_privileges[{kib} feature privilege]: **Actions and Connectors : All**.
+* {kibana-ref}/kibana-role-management.html#adding_kibana_privileges[{kib} feature privilege]: Under **Actions and Connectors**, turn on **Customize sub-feature privileges** and enable **Endpoint Security**.
 
 * <<endpoint-management-req,{elastic-sec} feature privileges>>: **All** for the response action features, such as **Host Isolation**, that you want to perform.