Session view

nastasha-solomon · nastasha-solomon · commit 0cdda0b2786e · 2025-02-20T10:33:34.000-05:00
diff --git a/raw-migrated-files/docs-content/serverless/security-session-view.md b/raw-migrated-files/docs-content/serverless/security-session-view.md
diff --git a/solutions/security/investigate/session-view.md b/solutions/security/investigate/session-view.md
@@ -4,23 +4,12 @@ mapped_urls:
   - https://www.elastic.co/guide/en/serverless/current/security-session-view.html
 ---
 
-# Session view
-
-% What needs to be done: Align serverless/stateful
-
-% Use migrated content from existing pages that map to this page:
-
-% - [x] ./raw-migrated-files/security-docs/security/session-view.md
-% - [ ] ./raw-migrated-files/docs-content/serverless/security-session-view.md
-
-% Internal links rely on the following IDs being on this page (e.g. as a heading ID, paragraph ID, etc):
-
-$$$enable-session-view$$$
+# Session View [security-session-view]
 
 Session View is an investigation tool that allows you to examine Linux process data organized in a tree-like structure according to the Linux logical event model, with processes organized by parentage and time of execution. It displays events in a highly readable format that is inspired by the terminal. This makes it a powerful tool for monitoring and investigating session activity on your Linux infrastructure and understanding user and service behavior.
 
 ::::{admonition} Requirements
-* Session View requires an [Enterprise subscription](https://www.elastic.co/pricing).
+* In {{stack}}, Session View requires an [Enterprise subscription](https://www.elastic.co/pricing).
 
 ::::
 
@@ -56,7 +45,7 @@ Session View can only display data that was collected by {{elastic-defend}} when
 
 ## Open Session View [open-session-view]
 
-Session View is accessible from the **Hosts**, **Alerts***, and ***Timelines** pages, as well as the alert details flyout and the **Kubernetes** dashboard. Events and sessions that you can investigate in Session View have a rectangular **Open Session View** button in the **Actions** column. For example:
+Session View is accessible from the **Hosts**, **Alerts**, and **Timelines** pages, as well as the alert details flyout and the **Kubernetes** dashboard. Events and sessions that you can investigate in Session View have a rectangular **Open Session View** button in the **Actions** column. For example:
 
 * On the Alerts page, scroll down to view the Alerts table. Look for alerts that have the **Open Session View** button in the **Actions** column:
 
diff --git a/solutions/security/investigate/timeline.md b/solutions/security/investigate/timeline.md
@@ -223,7 +223,7 @@ From the **Correlation** tab, you can also do the following:
 ## Use {{esql}} to investigate events [esql-in-timeline]
 
 ::::{note}
-{{esql}} is enabled by default in {{stack}} 9.0.0+. It can be disabled using the `enableESQL` setting from the [Advanced Settings](https://www.elastic.co/guide/en/kibana/current/advanced-options.html). This will hide the {{esql}} user interface from various applications. However, users will be able to access existing {{esql}} artifacts like saved searches and visualizations.
+{{esql}} is enabled by default in {{stack}}. It can be disabled using the `enableESQL` setting from the [Advanced Settings](https://www.elastic.co/guide/en/kibana/current/advanced-options.html). This will hide the {{esql}} user interface from various applications. However, users will be able to access existing {{esql}} artifacts like saved searches and visualizations.
 ::::
 
 
diff --git a/solutions/security/investigate/visual-event-analyzer.md b/solutions/security/investigate/visual-event-analyzer.md
@@ -9,7 +9,7 @@ mapped_urls:
 {{elastic-sec}} allows any event detected by {{elastic-endpoint}} to be analyzed using a process-based visual analyzer, which shows a graphical timeline of processes that led up to the alert and the events that occurred immediately after. Examining events in the visual event analyzer is useful to determine the origin of potentially malicious activity and other areas in your environment that may be compromised. It also enables security analysts to drill down into all related hosts, processes, and other events to aid in their investigations.
 
 ::::{tip}
-If you’re on {{stack}} 9.0.0+ amd experiencing performance degradation, you can [exclude cold and frozen tier data](/solutions/security/get-started/configure-advanced-settings.md#exclude-cold-frozen-tiers) from analyzer queries.
+If you’re on {{stack}} and experiencing performance degradation, you can [exclude cold and frozen tier data](/solutions/security/get-started/configure-advanced-settings.md#exclude-cold-frozen-tiers) from analyzer queries.
 ::::
 
 
@@ -168,7 +168,7 @@ When you select an `event.category` pill, all the events within that category ar
 
 ::::{note}
 - There is no limit to the number of events that can be associated with a process.
-- In {{stack}} 9.0.0+, you need a [Platinum or Enterprise subscription](https://www.elastic.co/pricing) to examine alerts associated with events.
+- In {{stack}}, you need a [Platinum or Enterprise subscription](https://www.elastic.co/pricing) to examine alerts associated with events.
 ::::
 
 
