From f2df03fea487ec1db91b50fa2539d6bcac80438c Mon Sep 17 00:00:00 2001 From: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com> Date: Thu, 31 Jul 2025 15:49:26 +0100 Subject: [PATCH] Replace placeholder URLs (#6990) (cherry picked from commit 16334698c81dba33d1d3f90988852adf08fa3594) --- docs/AI-for-security/connect-to-byo.asciidoc | 16 ++++++++-------- .../cspm-get-started-aws.asciidoc | 2 +- .../kspm-get-started.asciidoc | 2 +- .../multiple-vault-web-credentials-read.asciidoc | 4 ++-- docs/release-notes/8.16.asciidoc | 2 +- docs/release-notes/8.8.asciidoc | 6 +++--- docs/release-notes/8.9.asciidoc | 4 ++-- 7 files changed, 18 insertions(+), 18 deletions(-) diff --git a/docs/AI-for-security/connect-to-byo.asciidoc b/docs/AI-for-security/connect-to-byo.asciidoc index edad451526..36e1cb1603 100644 --- a/docs/AI-for-security/connect-to-byo.asciidoc +++ b/docs/AI-for-security/connect-to-byo.asciidoc @@ -33,22 +33,22 @@ The following is an example Nginx configuration file: server { listen 80; listen [::]:80; - server_name ; + server_name ; server_tokens off; add_header x-xss-protection "1; mode=block" always; add_header x-frame-options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; - return 301 https://$server_name$request_uri; + return 301 ; } server { listen 443 ssl http2; listen [::]:443 ssl http2; - server_name ; + server_name ; server_tokens off; - ssl_certificate /etc/letsencrypt/live//fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live//privkey.pem; + ssl_certificate /etc/letsencrypt/live//fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live//privkey.pem; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets on; @@ -62,7 +62,7 @@ server { add_header Referrer-Policy "strict-origin-when-cross-origin" always; ssl_stapling on; ssl_stapling_verify on; - ssl_trusted_certificate /etc/letsencrypt/live//fullchain.pem; + ssl_trusted_certificate /etc/letsencrypt/live//fullchain.pem; resolver 1.1.1.1; location / { @@ -70,7 +70,7 @@ server { return 401; } - proxy_pass http://localhost:1234/; + proxy_pass :1234/; } } @@ -81,7 +81,7 @@ server { If using the example configuration file above, you must replace several values: * Replace `` with your actual token, and keep it safe since you'll need it to set up the {elastic-sec} connector. -* Replace `` with your actual domain name. +* Replace `` with your actual domain name. * Update the `proxy_pass` value at the bottom of the configuration if you decide to change the port number in LM Studio to something other than 1234. ==== diff --git a/docs/cloud-native-security/cspm-get-started-aws.asciidoc b/docs/cloud-native-security/cspm-get-started-aws.asciidoc index ee9d907766..d7e77ba371 100644 --- a/docs/cloud-native-security/cspm-get-started-aws.asciidoc +++ b/docs/cloud-native-security/cspm-get-started-aws.asciidoc @@ -250,7 +250,7 @@ You can use the AWS CLI to generate temporary credentials. For example, you coul [source,console] ---------------------------------- -sts get-session-token --serial-number arn:aws:iam::1234:mfa/your-email@example.com --duration-seconds 129600 --token-code 123456 +sts get-session-token --serial-number arn:aws:iam::1234:mfa/your-email --duration-seconds 129600 --token-code 123456 ---------------------------------- The output from this command includes the following fields, which you should provide when configuring the CSPM integration: diff --git a/docs/cloud-native-security/kspm-get-started.asciidoc b/docs/cloud-native-security/kspm-get-started.asciidoc index 2d85352a48..7df589299a 100644 --- a/docs/cloud-native-security/kspm-get-started.asciidoc +++ b/docs/cloud-native-security/kspm-get-started.asciidoc @@ -159,7 +159,7 @@ You can use the AWS CLI to generate temporary credentials. For example, you coul [source,console] ---------------------------------- -`sts get-session-token --serial-number arn:aws:iam::1234:mfa/your-email@example.com --duration-seconds 129600 --token-code 123456` +`sts get-session-token --serial-number arn:aws:iam::1234:mfa/your-email@ --duration-seconds 129600 --token-code 123456` ---------------------------------- The output from this command includes the following fields, which you should provide when configuring the KSPM integration: diff --git a/docs/detections/prebuilt-rules/rule-details/multiple-vault-web-credentials-read.asciidoc b/docs/detections/prebuilt-rules/rule-details/multiple-vault-web-credentials-read.asciidoc index a5cd5a95eb..d543b08fad 100644 --- a/docs/detections/prebuilt-rules/rule-details/multiple-vault-web-credentials-read.asciidoc +++ b/docs/detections/prebuilt-rules/rule-details/multiple-vault-web-credentials-read.asciidoc @@ -105,12 +105,12 @@ sequence by winlog.computer_name, winlog.process.pid with maxspan=1s [any where event.code : "5382" and (winlog.event_data.SchemaFriendlyName : "Windows Web Password Credential" and winlog.event_data.Resource : "http*") and not winlog.event_data.SubjectLogonId : "0x3e7" and - not winlog.event_data.Resource : "http://localhost/"] + not winlog.event_data.Resource : ""] [any where event.code : "5382" and (winlog.event_data.SchemaFriendlyName : "Windows Web Password Credential" and winlog.event_data.Resource : "http*") and not winlog.event_data.SubjectLogonId : "0x3e7" and - not winlog.event_data.Resource : "http://localhost/"] + not winlog.event_data.Resource : ""] ---------------------------------- diff --git a/docs/release-notes/8.16.asciidoc b/docs/release-notes/8.16.asciidoc index 3174c5bc40..8aac536b5b 100644 --- a/docs/release-notes/8.16.asciidoc +++ b/docs/release-notes/8.16.asciidoc @@ -737,7 +737,7 @@ NOTE: These instructions only apply to the Google Chrome browser. Modify the ste . Right-click anywhere on the **Alerts** page, then select *Inspect* to open Chrome's Developer Tools. . Go to *Application -> Storage*, then expand *Local Storage*. -. Click on the name of your Kibana instance, for example, http://localhost:1234. +. Click on the name of your Kibana instance, for example, :1234. . Search for the `siem..pageFilters` key, right-click on the value, then click *Delete*. If you have multiple non-default spaces, do this for each space. . Refresh the **Alerts** page to reload it. diff --git a/docs/release-notes/8.8.asciidoc b/docs/release-notes/8.8.asciidoc index 90b2253388..be9c0ebc39 100644 --- a/docs/release-notes/8.8.asciidoc +++ b/docs/release-notes/8.8.asciidoc @@ -36,7 +36,7 @@ NOTE: These instructions only apply to the Google Chrome browser. Modify the ste . Right-click anywhere on the Alerts page, then select *Inspect* to open Chrome's Developer Tools. . Go to *Application -> Storage*, then expand *Local Storage*. -. Click on the name of your Kibana instance, for example, http://localhost:1234. +. Click on the name of your Kibana instance, for example, :1234. . Search for the `detection-engine-alert-table-securitySolution-rule-details-gridView` key and copy its value. The value you copied is the JSON blob that's used to persist the Alerts table's state, including the table's selected columns. . Paste the JSON blob into a text file and edit it as follows: .. Remove the `id:file.name` string from the `columns` array. @@ -259,7 +259,7 @@ NOTE: These instructions only apply to the Google Chrome browser. Modify the ste . Right-click anywhere on the Alerts page, then select *Inspect* to open Chrome's Developer Tools. . Go to *Application -> Storage*, then expand *Local Storage*. -. Click on the name of your Kibana instance, for example, http://localhost:1234. +. Click on the name of your Kibana instance, for example, :1234. . Search for the `detection-engine-alert-table-securitySolution-rule-details-gridView` key and copy its value. The value you copied is the JSON blob that's used to persist the Alerts table's state, including the table's selected columns. . Paste the JSON blob into a text file and edit it as follows: .. Remove the `id:file.name` string from the `columns` array. @@ -413,7 +413,7 @@ NOTE: These instructions only apply to the Google Chrome browser. Modify the ste . Right-click anywhere on the Alerts page, then select *Inspect* to open Chrome's Developer Tools. . Go to *Application -> Storage*, then expand *Local Storage*. -. Click on the name of your Kibana instance, for example, http://localhost:1234. +. Click on the name of your Kibana instance, for example, :1234. . Search for the `detection-engine-alert-table-securitySolution-rule-details-gridView` key and copy its value. The value you copied is the JSON blob that's used to persist the Alerts table's state, including the table's selected columns. . Paste the JSON blob into a text file and edit it as follows: .. Remove the `id:file.name` string from the `columns` array. diff --git a/docs/release-notes/8.9.asciidoc b/docs/release-notes/8.9.asciidoc index 21f0e521e2..95a9416d8c 100644 --- a/docs/release-notes/8.9.asciidoc +++ b/docs/release-notes/8.9.asciidoc @@ -48,7 +48,7 @@ NOTE: These instructions only apply to the Google Chrome browser. Modify the ste . Right-click anywhere on the Alerts page, then select *Inspect* to open Chrome's Developer Tools. . Go to *Application -> Storage*, then expand *Local Storage*. -. Click on the name of your Kibana instance, for example, http://localhost:1234. +. Click on the name of your Kibana instance, for example, :1234. . Search for the `detection-engine-alert-table-securitySolution-rule-details-gridView` key and copy its value. The value you copied is the JSON blob that's used to persist the Alert table's state, including the table's selected columns. . Paste the JSON blob into a text file and edit it as follows: .. Remove the `id:file.name` string from the `columns` array. @@ -115,7 +115,7 @@ NOTE: These instructions only apply to the Google Chrome browser. Modify the ste . Right-click anywhere on the Alerts page, then select *Inspect* to open Chrome's Developer Tools. . Go to *Application -> Storage*, then expand *Local Storage*. -. Click on the name of your Kibana instance, for example, http://localhost:1234. +. Click on the name of your Kibana instance, for example, :1234. . Search for the `detection-engine-alert-table-securitySolution-rule-details-gridView` key and copy its value. The value you copied is the JSON blob that's used to persist the Alert table's state, including the table's selected columns. . Paste the JSON blob into a text file and edit it as follows: .. Remove the `id:file.name` string from the `columns` array.