fix

Author: shainaraskas

deploy-manage/deploy/elastic-cloud/azure-native-isv-service.md

@@ -349,7 +349,7 @@ $$$azure-integration-monitor$$$How do I monitor my existing Azure services?
 
 
 ::::{note}
-If you want to send platform logs to a deployment that has [network security policies](../../security/traffic-filtering.md) applied, then you need to contact [the Elastic Support Team](#azure-integration-support) to perform additional configurations. Refer support to the article [Azure++ Resource Logs blocked by Traffic Filters](https://support.elastic.co/knowledge/18603788).
+If you want to send platform logs to a deployment that has [IP or Private Link traffic filters](../../security/traffic-filtering.md) enabled, then you need to contact [the Elastic Support Team](#azure-integration-support) to perform additional configurations. Refer support to the article [Azure++ Resource Logs blocked by Traffic Filters](https://support.elastic.co/knowledge/18603788).
 
 ::::
 
@@ -477,15 +477,20 @@ $$$azure-integration-deployment-failed-traffic-filter$$$My {{ecloud}} deployment
       ]
     ```
 
-    One possible cause of a deployment creation failure is the default network security policies. Deployments fail to create if a previously created network security policy has enabled the **Include by default** option. When this option is enabled, traffic to the deployment is blocked, including traffic that is part of the {{ecloud}} Azure Native ISV Service. As a result, some of the integration components are not successfully provisioned and the deployment creation fails.
+    One possible cause of a deployment creation failure is the default traffic filtering rules. Deployments fail to create if a previously created traffic filter has enabled the **Include by default** option. When this option is enabled, traffic to the deployment is blocked, including traffic that is part of the {{ecloud}} Azure Native ISV Service. As a result, some of the integration components are not successfully provisioned and the deployment creation fails.
 
     Follow these steps to resolve the problem:
 
     1. Login to the [{{ecloud}} Console](https://cloud.elastic.co?page=docs&placement=docs-body).
-    2. Go to the [Network security page](https://cloud.elastic.co/deployment-features/traffic-filters).
-    3. Edit the policy and disable the **Include by default** option.
+    2. Go to the [Traffic filters page](https://cloud.elastic.co/deployment-features/traffic-filters).
+    3. Edit the traffic filter and disable the **Include by default** option.
+
+        :::{image} /deploy-manage/images/cloud-ec-marketplace-azure-traffic-filter-option.png
+        :alt: The Include by default option under Add to Deployments on the Traffic Filter page
+        :::
+
     4. In Azure, create a new {{ecloud}} deployment.
-    5. After the deployment has been created successfully, go back to the [Network security page](https://cloud.elastic.co/deployment-features/traffic-filters) in {{ecloud}} and re-enable the **Include by default** option.
+    5. After the deployment has been created successfully, go back to the [Traffic filters page](https://cloud.elastic.co/deployment-features/traffic-filters) in {{ecloud}} and re-enable the **Include by default** option.
 
 
 If your deployment still does not create successfully, [contact the Elastic Support Team](#azure-integration-support) for assistance.
@@ -506,7 +511,7 @@ Mimicking this metadata by manually adding tags to an {{ecloud}} deployment will
 
 $$$azure-integration-logs-not-ingested$$$My {{ecloud}} Azure Native ISV Service logs are not being ingested.
 :   * When you set up monitoring for your Azure services, if your Azure and Elastic resources are in different subscriptions, you need to make sure that the `Microsoft.Elastic` resource provider is registered in the subscription in which the Azure resources exist. Check [How do I monitor my existing Azure services?](#azure-integration-monitor) for details.
-* If you are using [network security policies](../../security/traffic-filtering.md), reach out to [the Elastic Support Team](#azure-integration-support).
+* If you are using [IP or Private Link traffic filters](../../security/traffic-filtering.md), reach out to [the Elastic Support Team](#azure-integration-support).
 
 
 

deploy-manage/deploy/elastic-cloud/ec-customize-deployment-components.md

@@ -129,7 +129,7 @@ Refer to [Manage your Integrations Server](manage-integrations-server.md) to lea
 
 ## Security [ec_security]
 
-Here, you can configure features that keep your deployment secure: reset the password for the `elastic` user, set up network security policies, and add settings to the {{es}} keystore. You can also set up remote connections to other deployments.
+Here, you can configure features that keep your deployment secure: reset the password for the `elastic` user, set up traffic filters, and add settings to the {{es}} keystore. You can also set up remote connections to other deployments.
 
 
 ## Actions [ec_actions]

deploy-manage/deploy/elastic-cloud/heroku.md

@@ -82,7 +82,7 @@ You might want to add more layers of security to your deployment, such as:
 
 * Add more users to the deployment with third-party authentication providers and services like [SAML](../../users-roles/cluster-or-deployment-auth/saml.md), [OpenID Connect](../../users-roles/cluster-or-deployment-auth/openid-connect.md), or [Kerberos](../../users-roles/cluster-or-deployment-auth/kerberos.md).
 * Do not use clients that only support HTTP to connect to {{ecloud}}. If you need to do so, you should use a reverse proxy setup.
-* Create [network security policies](../../security/traffic-filtering.md) and apply them to your deployments.
+* Create [traffic filters](../../security/traffic-filtering.md) and apply them to your deployments.
 * If needed, you can [reset](../../users-roles/cluster-or-deployment-auth/built-in-users.md) the `elastic` password.
 
 ### Scale or adjust your deployment [echscale_or_adjust_your_deployment]

deploy-manage/deploy/elastic-cloud/restrictions-known-problems.md

@@ -20,8 +20,8 @@ When using {{ecloud}}, there are some limitations you should be aware of:
 * [Private Link and SSO to {{kib}} URLs](#ec-restrictions-traffic-filters-kibana-sso)
 * [PDF report generation using Alerts or Watcher webhooks](#ec-restrictions-traffic-filters-watcher)
 * [Kibana](#ec-restrictions-kibana)
-% * [APM Agent central configuration with network security policies](#ec-restrictions-apm-traffic-filters)
-* [Fleet with network security policies](#ec-restrictions-fleet-traffic-filters)
+% * [APM Agent central configuration with Private Link or traffic filters](#ec-restrictions-apm-traffic-filters)
+* [Fleet with Private Link or traffic filters](#ec-restrictions-fleet-traffic-filters)
 * [Restoring a snapshot across deployments](#ec-snapshot-restore-enterprise-search-kibana-across-deployments)
 * [Migrate Fleet-managed {{agents}} across deployments by restoring a snapshot](#ec-migrate-elastic-agent)
 * [Regions and Availability Zones](#ec-regions-and-availability-zone)
@@ -88,13 +88,13 @@ Alternatively, a custom mail server can be configured as described in [Configuri
 
 ## Private Link and SSO to {{kib}} URLs [ec-restrictions-traffic-filters-kibana-sso]
 
-Currently you can’t use SSO to login directly from {{ecloud}} into {{kib}} endpoints that are protected by Private Link network security policies. However, you can still SSO into Private Link protected {{kib}} endpoints individually using the [SAML](../../users-roles/cluster-or-deployment-auth/saml.md) or [OIDC](../../users-roles/cluster-or-deployment-auth/openid-connect.md) protocol from your own identity provider, just not through the {{ecloud}} console. Stack level authentication using the {{es}} username and password should also work with `{{kibana-id}}.{vpce|privatelink|psc}.domain` URLs.
+Currently you can’t use SSO to login directly from {{ecloud}} into {{kib}} endpoints that are protected by Private Link traffic filters. However, you can still SSO into Private Link protected {{kib}} endpoints individually using the [SAML](../../users-roles/cluster-or-deployment-auth/saml.md) or [OIDC](../../users-roles/cluster-or-deployment-auth/openid-connect.md) protocol from your own identity provider, just not through the {{ecloud}} console. Stack level authentication using the {{es}} username and password should also work with `{{kibana-id}}.{vpce|privatelink|psc}.domain` URLs.
 
 
 ## PDF report generation using Alerts or Watcher webhooks [ec-restrictions-traffic-filters-watcher]
 
 * PDF report automatic generation via Alerts is not possible on {{ecloud}}.
-* PDF report generation isn’t possible for deployments running on {{stack}} version 8.7.0 or before that are protected by IP filters. This limitation doesn’t apply to public webhooks such as Slack, PagerDuty, and email. For deployments running on {{stack}} version 8.7.1 and beyond, [PDF report automatic generation via Watcher webhook](../../../explore-analyze/report-and-share/automating-report-generation.md#use-watcher) is possible using the `xpack.notification.webhook.additional_token_enabled` configuration setting to bypass IP filters.
+* PDF report generation isn’t possible for deployments running on {{stack}} version 8.7.0 or before that are protected by traffic filters. This limitation doesn’t apply to public webhooks such as Slack, PagerDuty, and email. For deployments running on {{stack}} version 8.7.1 and beyond, [PDF report automatic generation via Watcher webhook](../../../explore-analyze/report-and-share/automating-report-generation.md#use-watcher) is possible using the `xpack.notification.webhook.additional_token_enabled` configuration setting to bypass traffic filters.
 
 
 ## {{kib}} [ec-restrictions-kibana]
@@ -103,18 +103,18 @@ Currently you can’t use SSO to login directly from {{ecloud}} into {{kib}} end
 * Running an external {{kib}} in parallel to {{ecloud}}’s {{kib}} instances may cause errors, for example [`Unable to decrypt attribute`](../../../explore-analyze/alerts-cases/alerts/alerting-common-issues.md#rule-cannot-decrypt-api-key), due to a mismatched [`xpack.encryptedSavedObjects.encryptionKey`](kibana://reference/configuration-reference/security-settings.md#security-encrypted-saved-objects-settings) as {{ecloud}} does not [allow users to set](edit-stack-settings.md) nor expose this value. While workarounds are possible, this is not officially supported nor generally recommended.
 
 
-% ## APM Agent central configuration with network security policies [ec-restrictions-apm-traffic-filters]
+% ## APM Agent central configuration with PrivateLink or traffic filters [ec-restrictions-apm-traffic-filters]
 
 % If you are using APM 7.9.0 or older:
 
-% * You cannot use [APM Agent central configuration](/solutions/observability/apm/apm-agent-central-configuration.md) if your deployment is secured by [network security policies](../../security/traffic-filtering.md).
+% * You cannot use [APM Agent central configuration](/solutions/observability/apm/apm-agent-central-configuration.md) if your deployment is secured by [traffic filters](../../security/traffic-filtering.md).
 % * If you access your APM deployment over [PrivateLink](../../security/aws-privatelink-traffic-filters.md), to use APM Agent central configuration you need to allow access to the APM deployment over public internet.
 
 
-## Fleet with network security policies [ec-restrictions-fleet-traffic-filters]
+## Fleet with PrivateLink or traffic filters [ec-restrictions-fleet-traffic-filters]
 
-% * You cannot use Fleet 7.13.x if your deployment is secured by [network security policies](../../security/traffic-filtering.md). Fleet 7.14.0 and later works with network security policies (both IP filters and private connection policies).
-* If you are using Fleet 8.12+, using a remote {{es}} output with a target cluster that has [network security policies](../../security/traffic-filtering.md) applied is not currently supported.
+% * You cannot use Fleet 7.13.x if your deployment is secured by [traffic filters](../../security/traffic-filtering.md). Fleet 7.14.0 and later works with traffic filters (both Private Link and IP filters).
+* If you are using Fleet 8.12+, using a remote {{es}} output with a target cluster that has [traffic filters](../../security/traffic-filtering.md) enabled is not currently supported.
 
 ## Restoring a snapshot across deployments [ec-snapshot-restore-enterprise-search-kibana-across-deployments]
 

deploy-manage/deploy/elastic-cloud/tools-apis.md

@@ -30,7 +30,7 @@ The following REST APIs allow you to manage your {{ecloud}} organization, users,
 
 | Area | API | Tasks |
 | --- | --- | --- |
-| {{ecloud}} organization<br><br>{{ech}} deployments | [{{ecloud}} API](https://www.elastic.co/docs/api/doc/cloud/) | Manage your Cloud organization, members, costs, billing, and more.<br><br>Manage your hosted deployments and all of the resources associated with them, including scaling or autoscaling resources, and managing network security policies, deployment extensions, remote clusters, and {{stack}} versions.<br><br>Refer to [{{ecloud}} RESTful API](cloud://reference/cloud-hosted/ec-api-restful.md) for usage information and examples. |
+| {{ecloud}} organization<br><br>{{ech}} deployments | [{{ecloud}} API](https://www.elastic.co/docs/api/doc/cloud/) | Manage your Cloud organization, members, costs, billing, and more.<br><br>Manage your hosted deployments and all of the resources associated with them, including scaling or autoscaling resources, and managing traffic filters, deployment extensions, remote clusters, and {{stack}} versions.<br><br>Refer to [{{ecloud}} RESTful API](cloud://reference/cloud-hosted/ec-api-restful.md) for usage information and examples. |
 | {{serverless-full}} projects | [{{serverless-full}} API](https://www.elastic.co/docs/api/doc/elastic-cloud-serverless) | Manage {{serverless-full}} projects. |
 | {{ecloud}} services | [Service Status API](https://status.elastic.co/api/) | Programmatically ingest [service status](/deploy-manage/cloud-organization/service-status.md) updates. |
 

deploy-manage/remote-clusters/ec-remote-cluster-ece.md

@@ -39,7 +39,7 @@ If you run into any issues, refer to [Troubleshooting](/troubleshoot/elasticsear
 ### Prerequisites and limitations [ec_prerequisites_and_limitations_3]
 
 * The local and remote deployments must be on {{stack}} 8.14 or later.
-* API key authentication can’t be used in combination with [network security](/deploy-manage/security/traffic-filtering.md).
+* API key authentication can’t be used in combination with traffic filters.
 * Contrary to the certificate security model, the API key security model does not require that both local and remote clusters trust each other.