osquery response actions

nastasha-solomon · nastasha-solomon · commit 3e6700a00be6 · 2025-02-20T22:18:08.000-05:00
diff --git a/raw-migrated-files/docs-content/serverless/security-osquery-response-action.md b/raw-migrated-files/docs-content/serverless/security-osquery-response-action.md
diff --git a/raw-migrated-files/toc.yml b/raw-migrated-files/toc.yml
@@ -292,7 +292,6 @@ toc:
       - file: docs-content/serverless/security-machine-learning.md
       - file: docs-content/serverless/security-ml-requirements.md
       - file: docs-content/serverless/security-osquery-placeholder-fields.md
-      - file: docs-content/serverless/security-osquery-response-action.md
       - file: docs-content/serverless/security-overview-dashboard.md
       - file: docs-content/serverless/security-policies-page.md
       - file: docs-content/serverless/security-posture-faq.md
diff --git a/solutions/security/investigate/add-osquery-response-actions.md b/solutions/security/investigate/add-osquery-response-actions.md
@@ -4,14 +4,7 @@ mapped_urls:
   - https://www.elastic.co/guide/en/serverless/current/security-osquery-response-action.html
 ---
 
-# Add Osquery Response Actions
-
-% What needs to be done: Align serverless/stateful
-
-% Use migrated content from existing pages that map to this page:
-
-% - [x] ./raw-migrated-files/security-docs/security/osquery-response-action.md
-% - [ ] ./raw-migrated-files/docs-content/serverless/security-osquery-response-action.md
+# Add Osquery Response Actions [security-osquery-response-action]
 
 ::::{warning}
 This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
@@ -21,8 +14,9 @@ This functionality is in technical preview and may be changed or removed in a fu
 Osquery Response Actions allow you to add live queries to custom query rules so you can automatically collect data on systems the rule is monitoring. Use this data to support your alert triage and investigation efforts.
 
 ::::{admonition} Requirements
-* Osquery Response Actions require a [Platinum or Enterprise subscription](https://www.elastic.co/pricing).
-* The [Osquery manager integration](/solutions/security/investigate/manage-integration.md) must be installed.
+* In {{stack}}, Osquery Response Actions require a [Platinum or Enterprise subscription](https://www.elastic.co/pricing).
+* In {{serverless-short}}, Osquery Response Actions require the Endpoint Protection Complete [project feature](../../../deploy-manage/deploy/elastic-cloud/project-settings.md).
+* The [Osquery manager integration](manage-integration.md) must be installed. 
 * {{agent}}'s [status](asciidocalypse://docs/docs-content/docs/reference/ingestion-tools/fleet/monitor-elastic-agent.md) must be `Healthy`. Refer to [{{fleet}} Troubleshooting](/troubleshoot/ingest/fleet/common-problems.md) if it isn’t.
 * Your role must have [Osquery feature privileges](/solutions/security/investigate/osquery.md).
 * You can only add Osquery Response Actions to custom query rules.
@@ -102,6 +96,6 @@ Refer to [Examine Osquery results](/solutions/security/investigate/examine-osque
 
 
 :::{image} ../../../images/security-osquery-results-tab.png
-:alt: osquery results tab
+:alt: Shows how to set up a single query
 :class: screenshot
 :::
