case requirements

nastasha-solomon · nastasha-solomon · commit 01cec652037b · 2025-02-22T23:50:11.000-05:00
diff --git a/raw-migrated-files/docs-content/serverless/security-cases-requirements.md b/raw-migrated-files/docs-content/serverless/security-cases-requirements.md
diff --git a/raw-migrated-files/toc.yml b/raw-migrated-files/toc.yml
@@ -238,7 +238,6 @@ toc:
       - file: docs-content/serverless/security-blocklist.md
       - file: docs-content/serverless/security-building-block-rules.md
       - file: docs-content/serverless/security-cases-overview.md
-      - file: docs-content/serverless/security-cases-requirements.md
       - file: docs-content/serverless/security-cases-settings.md
       - file: docs-content/serverless/security-cloud-native-security-overview.md
       - file: docs-content/serverless/security-cloud-posture-dashboard-dash-cspm.md
diff --git a/solutions/security/investigate/cases-requirements.md b/solutions/security/investigate/cases-requirements.md
@@ -4,35 +4,24 @@ mapped_urls:
   - https://www.elastic.co/guide/en/serverless/current/security-cases-requirements.html
 ---
 
-# Cases requirements
-
-% What needs to be done: Align serverless/stateful
-
-% Use migrated content from existing pages that map to this page:
-
-% - [x] ./raw-migrated-files/security-docs/security/case-permissions.md
-% - [ ] ./raw-migrated-files/docs-content/serverless/security-cases-requirements.md
-
-You can create roles and define feature privileges at different levels to manage feature access in {{kib}}. {{kib}} privileges grant access to features within a specified {{kib}} space, and you can grant full or partial access. For more information, refer to [{{kib}} privileges](/deploy-manage/users-roles/cluster-or-deployment-auth/defining-roles.md#adding_kibana_privileges).
+# Cases requirements [security-cases-requirements]
 
 ::::{note}
-To send cases to external systems, you need the [appropriate license](https://www.elastic.co/subscriptions).
+- To send cases to external systems, ensure you have the appropriate [{{stack}} subscription](https://www.elastic.co/pricing) or [{{serverless-short}} project tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md).
 
-If you are using an on-premises {{kib}} deployment and want the email notifications and the external incident management systems to contain links back to {{kib}}, you must configure the [server.publicBaseUrl](/deploy-manage/deploy/self-managed/configure.md#server-publicBaseUrl) setting.
+- Certain subscriptions and privileges might be required to manage case attachments. For example in {{stack}}, to add alerts to cases, you must have privileges for [managing alerts](/solutions/security/detect-and-alert/detections-requirements.md#enable-detections-ui). In {{serverless-short}}, you need the Security Analytics Complete [project feature](../../../deploy-manage/deploy/elastic-cloud/project-settings.md).
 
+- If you are using an on-premises {{kib}} deployment and want the email notifications and the external incident management systems to contain links back to {{kib}}, you must configure the [server.publicBaseUrl](/deploy-manage/deploy/self-managed/configure.md#server-publicBaseUrl) setting.
 ::::
 
 
-::::{important}
-Certain subscriptions and privileges might be required to manage case attachments. For example, to add alerts to cases, you must have privileges for [managing alerts](/solutions/security/detect-and-alert/detections-requirements.md#enable-detections-ui).
-::::
-
+To grant access to cases in a custom role, set the privileges for the **Cases** and **{{connectors-feature}}** features as follows:
 
-To grant access to cases, set the privileges for the **Cases** and **{{connectors-feature}}** features as follows:
+% Management might be called Stack Management in Serverless.
 
 | Action | {{kib}} Privileges |
 | --- | --- |
-| Give full access to manage cases and settings | * **All** for the **Cases** feature under **Security**<br>* **All*** for the **{{connectors-feature}}** feature under **Management**<br><br>::::{note} <br>Roles without ***All** privileges for the **{{connectors-feature}}** feature cannot create, add, delete, or modify case connectors.<br><br>By default, **All** for the **Cases** feature allows you to delete cases, delete alerts and comments from cases, and edit case settings. You can customize the sub-feature privileges to limit feature access.<br><br>::::<br><br> |
-| Give assignee access to cases | **All** for the **Cases** feature under **Security**<br><br>::::{note} <br>Before a user can be assigned to a case, they must log into {{kib}} at least once, which creates a user profile.<br>::::<br><br> |
-| Give view-only access for cases | **Read** for the **Security** feature and **All** for the **Cases** feature<br><br>::::{note} <br>You can customize the sub-feature privileges to allow access to deleting cases, deleting alerts and comments from cases, viewing or editing case settings, adding case comments and attachments, and re-opening cases.<br>::::<br><br> |
+| Give full access to manage cases and settings | - **All** for the **Cases** feature under **Security**<br> - **All*** for the **{{connectors-feature}}** feature under **Management**<br><br>**Note:** Roles without **All** privileges for the **{{connectors-feature}}** feature cannot create, add, delete, or modify case connectors. By default, **All** for the **Cases** feature allows you to delete cases, delete alerts and comments from cases, and edit case settings. You can customize the sub-feature privileges to limit feature access.<br><br><br><br> |
+| Give assignee access to cases | **All** for the **Cases** feature under **Security**<br><br>**Note:** Before a user can be assigned to a case, they must log into {{kib}} at least once, which creates a user profile. <br><br> |
+| Give view-only access for cases | **Read** for the **Security** feature and **All** for the **Cases** feature<br><br> **Note:** You can customize the sub-feature privileges to allow access to deleting cases, deleting alerts and comments from cases, viewing or editing case settings, adding case comments and attachments, and re-opening cases. <br><br> |
 | Revoke all access to cases | **None** for the **Cases** feature under **Security** |
diff --git a/solutions/security/investigate/notes.md b/solutions/security/investigate/notes.md
@@ -6,19 +6,6 @@ mapped_urls:
 
 # Notes [security-add-manage-notes]
 
-% What needs to be done: Lift-and-shift
-
-% Use migrated content from existing pages that map to this page:
-
-% - [x] ./raw-migrated-files/security-docs/security/add-manage-notes.md
-% - [ ] ./raw-migrated-files/docs-content/serverless/security-add-manage-notes.md
-
-% Internal links rely on the following IDs being on this page (e.g. as a heading ID, paragraph ID, etc):
-
-$$$manage-notes$$$
-
-$$$notes-alerts-events$$$
-
 Incorporate notes into your investigative workflows to coordinate responses, conduct threat hunting, and share investigative findings. You can attach notes to alerts, events, and Timelines and manage them from the **Notes** page.
 
 ::::{note}
diff --git a/solutions/security/investigate/open-manage-cases.md b/solutions/security/investigate/open-manage-cases.md
@@ -6,35 +6,6 @@ mapped_urls:
 
 # Open and manage cases [security-cases-open-manage]
 
-% What needs to be done: Align serverless/stateful
-
-% Use migrated content from existing pages that map to this page:
-
-% - [x] ./raw-migrated-files/security-docs/security/cases-open-manage.md
-% - [ ] ./raw-migrated-files/docs-content/serverless/security-cases-open-manage.md
-
-% Internal links rely on the following IDs being on this page (e.g. as a heading ID, paragraph ID, etc):
-
-$$$cases-ui-open$$$
-
-$$$cases-add-files$$$
-
-$$$cases-add-observables$$$
-
-$$$cases-copy-case-uuid$$$
-
-$$$cases-examine-alerts$$$
-
-$$$cases-export$$$
-
-$$$cases-import$$$
-
-$$$cases-lens-visualization$$$
-
-$$$cases-manage-comments$$$
-
-$$$cases-summary$$$
-
 You can create and manage cases using the UI or the [cases API](https://www.elastic.co/docs/api/doc/kibana/group/endpoint-cases).
 
 
