diff --git a/docs/AI-for-security/connect-to-byo.asciidoc b/docs/AI-for-security/connect-to-byo.asciidoc index 6dc6a88648..f6d7f9c6d5 100644 --- a/docs/AI-for-security/connect-to-byo.asciidoc +++ b/docs/AI-for-security/connect-to-byo.asciidoc @@ -31,22 +31,22 @@ The following is an example Nginx configuration file: server { listen 80; listen [::]:80; - server_name ; + server_name ; server_tokens off; add_header x-xss-protection "1; mode=block" always; add_header x-frame-options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; - return 301 https://$server_name$request_uri; + return 301 ; } server { listen 443 ssl http2; listen [::]:443 ssl http2; - server_name ; + server_name ; server_tokens off; - ssl_certificate /etc/letsencrypt/live//fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live//privkey.pem; + ssl_certificate /etc/letsencrypt/live//fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live//privkey.pem; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets on; @@ -60,7 +60,7 @@ server { add_header Referrer-Policy "strict-origin-when-cross-origin" always; ssl_stapling on; ssl_stapling_verify on; - ssl_trusted_certificate /etc/letsencrypt/live//fullchain.pem; + ssl_trusted_certificate /etc/letsencrypt/live//fullchain.pem; resolver 1.1.1.1; location / { @@ -68,13 +68,13 @@ server { return 401; } - proxy_pass http://localhost:1234/; + proxy_pass :1234/; } } -------------------------------------------------- -IMPORTANT: If using the example configuration file above, you must replace several values: Replace `` with your actual token, and keep it safe since you'll need it to set up the {elastic-sec} connector. Replace `` with your actual domain name. Update the `proxy_pass` value at the bottom of the configuration if you decide to change the port number in LM Studio to something other than 1234. +IMPORTANT: If using the example configuration file above, you must replace several values: Replace `` with your actual token, and keep it safe since you'll need it to set up the {elastic-sec} connector. Replace `` with your actual domain name. Update the `proxy_pass` value at the bottom of the configuration if you decide to change the port number in LM Studio to something other than 1234. [discrete] === (Optional) Set up performance monitoring for your reverse proxy diff --git a/docs/cloud-native-security/cspm-get-started-aws.asciidoc b/docs/cloud-native-security/cspm-get-started-aws.asciidoc index 4cebbe26e5..afdd8b9fe5 100644 --- a/docs/cloud-native-security/cspm-get-started-aws.asciidoc +++ b/docs/cloud-native-security/cspm-get-started-aws.asciidoc @@ -231,7 +231,7 @@ You can use the AWS CLI to generate temporary credentials. For example, you coul [source,console] ---------------------------------- -sts get-session-token --serial-number arn:aws:iam::1234:mfa/your-email@example.com --duration-seconds 129600 --token-code 123456 +sts get-session-token --serial-number arn:aws:iam::1234:mfa/your-email --duration-seconds 129600 --token-code 123456 ---------------------------------- The output from this command includes the following fields, which you should provide when configuring the CSPM integration: diff --git a/docs/cloud-native-security/kspm-get-started.asciidoc b/docs/cloud-native-security/kspm-get-started.asciidoc index 9ef78eb193..42ec57da97 100644 --- a/docs/cloud-native-security/kspm-get-started.asciidoc +++ b/docs/cloud-native-security/kspm-get-started.asciidoc @@ -159,7 +159,7 @@ You can use the AWS CLI to generate temporary credentials. For example, you coul [source,console] ---------------------------------- -`sts get-session-token --serial-number arn:aws:iam::1234:mfa/your-email@example.com --duration-seconds 129600 --token-code 123456` +`sts get-session-token --serial-number arn:aws:iam::1234:mfa/your-email@ --duration-seconds 129600 --token-code 123456` ---------------------------------- The output from this command includes the following fields, which you should provide when configuring the KSPM integration: diff --git a/docs/detections/prebuilt-rules/rule-details/multiple-vault-web-credentials-read.asciidoc b/docs/detections/prebuilt-rules/rule-details/multiple-vault-web-credentials-read.asciidoc index 3e1d112d26..e1acabe3ce 100644 --- a/docs/detections/prebuilt-rules/rule-details/multiple-vault-web-credentials-read.asciidoc +++ b/docs/detections/prebuilt-rules/rule-details/multiple-vault-web-credentials-read.asciidoc @@ -105,12 +105,12 @@ sequence by winlog.computer_name, winlog.process.pid with maxspan=1s [any where event.code : "5382" and (winlog.event_data.SchemaFriendlyName : "Windows Web Password Credential" and winlog.event_data.Resource : "http*") and not winlog.event_data.SubjectLogonId : "0x3e7" and - not winlog.event_data.Resource : "http://localhost/"] + not winlog.event_data.Resource : ""] [any where event.code : "5382" and (winlog.event_data.SchemaFriendlyName : "Windows Web Password Credential" and winlog.event_data.Resource : "http*") and not winlog.event_data.SubjectLogonId : "0x3e7" and - not winlog.event_data.Resource : "http://localhost/"] + not winlog.event_data.Resource : ""] ---------------------------------- diff --git a/docs/release-notes/8.8.asciidoc b/docs/release-notes/8.8.asciidoc index a5337b2696..c530868479 100644 --- a/docs/release-notes/8.8.asciidoc +++ b/docs/release-notes/8.8.asciidoc @@ -36,7 +36,7 @@ NOTE: These instructions only apply to the Google Chrome browser. Modify the ste . Right-click anywhere on the Alerts page, then select *Inspect* to open Chrome's Developer Tools. . Go to *Application -> Storage*, then expand *Local Storage*. -. Click on the name of your Kibana instance, for example, http://localhost:1234. +. Click on the name of your Kibana instance, for example, :1234. . Search for the `detection-engine-alert-table-securitySolution-rule-details-gridView` key and copy its value. The value you copied is the JSON blob that's used to persist the Alerts table's state, including the table's selected columns. . Paste the JSON blob into a text file and edit it as follows: .. Remove the `id:file.name` string from the `columns` array. @@ -259,7 +259,7 @@ NOTE: These instructions only apply to the Google Chrome browser. Modify the ste . Right-click anywhere on the Alerts page, then select *Inspect* to open Chrome's Developer Tools. . Go to *Application -> Storage*, then expand *Local Storage*. -. Click on the name of your Kibana instance, for example, http://localhost:1234. +. Click on the name of your Kibana instance, for example, :1234. . Search for the `detection-engine-alert-table-securitySolution-rule-details-gridView` key and copy its value. The value you copied is the JSON blob that's used to persist the Alerts table's state, including the table's selected columns. . Paste the JSON blob into a text file and edit it as follows: .. Remove the `id:file.name` string from the `columns` array. @@ -413,7 +413,7 @@ NOTE: These instructions only apply to the Google Chrome browser. Modify the ste . Right-click anywhere on the Alerts page, then select *Inspect* to open Chrome's Developer Tools. . Go to *Application -> Storage*, then expand *Local Storage*. -. Click on the name of your Kibana instance, for example, http://localhost:1234. +. Click on the name of your Kibana instance, for example, :1234. . Search for the `detection-engine-alert-table-securitySolution-rule-details-gridView` key and copy its value. The value you copied is the JSON blob that's used to persist the Alerts table's state, including the table's selected columns. . Paste the JSON blob into a text file and edit it as follows: .. Remove the `id:file.name` string from the `columns` array. diff --git a/docs/release-notes/8.9.asciidoc b/docs/release-notes/8.9.asciidoc index 21f0e521e2..95a9416d8c 100644 --- a/docs/release-notes/8.9.asciidoc +++ b/docs/release-notes/8.9.asciidoc @@ -48,7 +48,7 @@ NOTE: These instructions only apply to the Google Chrome browser. Modify the ste . Right-click anywhere on the Alerts page, then select *Inspect* to open Chrome's Developer Tools. . Go to *Application -> Storage*, then expand *Local Storage*. -. Click on the name of your Kibana instance, for example, http://localhost:1234. +. Click on the name of your Kibana instance, for example, :1234. . Search for the `detection-engine-alert-table-securitySolution-rule-details-gridView` key and copy its value. The value you copied is the JSON blob that's used to persist the Alert table's state, including the table's selected columns. . Paste the JSON blob into a text file and edit it as follows: .. Remove the `id:file.name` string from the `columns` array. @@ -115,7 +115,7 @@ NOTE: These instructions only apply to the Google Chrome browser. Modify the ste . Right-click anywhere on the Alerts page, then select *Inspect* to open Chrome's Developer Tools. . Go to *Application -> Storage*, then expand *Local Storage*. -. Click on the name of your Kibana instance, for example, http://localhost:1234. +. Click on the name of your Kibana instance, for example, :1234. . Search for the `detection-engine-alert-table-securitySolution-rule-details-gridView` key and copy its value. The value you copied is the JSON blob that's used to persist the Alert table's state, including the table's selected columns. . Paste the JSON blob into a text file and edit it as follows: .. Remove the `id:file.name` string from the `columns` array.