Merge branch 'main' into update-screenshots-for-nav-changes-in-9.2

Author: ketkee-aryamane

manage-data/lifecycle/data-stream/tutorial-migrate-ilm-managed-data-stream-to-data-stream-lifecycle.md

@@ -13,8 +13,6 @@ products:
 In this tutorial we’ll look at migrating an existing data stream from [Index Lifecycle Management ({{ilm-init}})](../index-lifecycle-management.md) to [data stream lifecycle](../data-stream.md). The existing {{ilm-init}} managed backing indices will continue to be managed by {{ilm-init}} until they age out and get deleted by {{ilm-init}}; however, the new backing indices will be managed by data stream lifecycle. This way, a data stream is gradually migrated away from being managed by {{ilm-init}} to being managed by data stream lifecycle. As we’ll see, {{ilm-init}} and data stream lifecycle can co-manage a data stream; however, an index can only be managed by one system at a time.
 
 
-## TL;DR [migrate-dsl-ilm-tldr]
-
 To migrate a data stream from {{ilm-init}} to data stream lifecycle we’ll have to execute two steps:
 
 1. Update the index template that’s backing the data stream to set [prefer_ilm](elasticsearch://reference/elasticsearch/configuration-reference/data-stream-lifecycle-settings.md#index-lifecycle-prefer-ilm) to `false`, and to configure data stream lifecycle.

reference/fleet/manage-elastic-agents-in-fleet.md

@@ -38,8 +38,8 @@ Find **{{fleet}}** in the {{kib}} navigation menu, or use the [global search fie
 In {{fleet}} deployments where {{agents}} are installed in diverse locations and where data must be stored in local clusters, operators need a unified view of all agents and a central management interface for tasks like upgrades, policy organization, and metrics collection. {{fleet}} offers features to facilitate this deployment model:
 
 - [Remote {{es}} output](/reference/fleet/remote-elasticsearch-output.md): Configure {{agents}} to send data to remote {{es}} clusters while still sending their check-in payloads to the management cluster. This allows {{fleet}} on the management cluster to maintain a global view of all agents while the ingested data is routed to the agents' respective local clusters.
-- [Automatic integrations synchronization](/reference/fleet/automatic-integrations-synchronization.md) {applies_to}`stack: ga 9.1.0`: Install an integration once in the management cluster and use {{fleet}} to synchronize and update the integration across all remote clusters. This enables you to initiate services like [OSquery](integration-docs://reference/osquery-intro.md) from the management cluster, and to collect and display responses from dispersed agents in {{fleet}} on the central management cluster.
+- {applies_to}`stack: ga 9.1.0` [Automatic integrations synchronization](/reference/fleet/automatic-integrations-synchronization.md): Install an integration once in the management cluster and use {{fleet}} to synchronize and update the integration across all remote clusters. This enables you to initiate services like [OSquery](integration-docs://reference/osquery-intro.md) from the management cluster, and to collect and display responses from dispersed agents in {{fleet}} on the central management cluster.
 
 :::{image} images/manage-agents-global-fleet.png
 :alt: A diagram showing Elastic Agents connected to remote data clusters and to a Fleet management cluster
-:::
+:::

solutions/security/cloud/integrations/aws-config-integration.md

@@ -0,0 +1,23 @@
+---
+applies_to:
+  stack: ga 9.2
+  serverless:
+    security: all
+products:
+  - id: security
+  - id: cloud-serverless
+---
+
+# AWS Config
+
+This page explains how to make data from the AWS Config integration appear in the following places within {{elastic-sec}}:
+
+- **Findings page**: Data appears on the Findings page's [Misconfigurations](/solutions/security/cloud/findings-page.md) tab.
+- **Alert and Entity details flyouts**: Data appears in the Insights section of the [Alert](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) and [Entity](/solutions/security/advanced-entity-analytics/view-entity-details.md#insights) details flyouts.
+
+
+In order for AWS Config data to appear in these workflows:
+
+* Follow the steps to [set up the AWS Config integration](https://docs.elastic.co/en/integrations/aws/config).
+* Make sure the integration version is at least 4.0.0.
+* Ensure you have `read` privileges for the following indices: `security_solution-*.misconfiguration_latest`.

solutions/security/investigate/open-manage-cases.md

@@ -95,7 +95,7 @@ To explore a case, click on its name. You can then:
     Comments can contain Markdown. For syntax help, click the Markdown icon (![Click markdown icon](/solutions/images/security-markdown-icon.png "title =20x20")) in the bottom right of the comment.
     ::::
 
-* Examine [alerts](/solutions/security/investigate/open-manage-cases.md#cases-examine-alerts) and [indicators](/solutions/security/investigate/indicators-of-compromise.md#review-indicator-in-case) attached to the case
+* Examine [alerts](/solutions/security/investigate/open-manage-cases.md#cases-examine-alerts), [indicators](/solutions/security/investigate/indicators-of-compromise.md#review-indicator-in-case), and {applies_to}`stack: ga 9.2.0` [events](/solutions/security/investigate/open-manage-cases.md#cases-examine-events) attached to the case
 * [Add files](/solutions/security/investigate/open-manage-cases.md#cases-add-files)
 * [Add a Lens visualization](/solutions/security/investigate/open-manage-cases.md#cases-lens-visualization)
 * Modify the case’s description, assignees, category, severity, status, and tags.
@@ -147,7 +147,12 @@ To explore the alerts attached to a case, click the **Alerts** tab. In the table
 Each case can have a maximum of 1,000 alerts.
 ::::
 
+### Examine events attached to a case [cases-examine-events]
+```{applies_to}
+stack: ga 9.2
+```
 
+After adding events to cases from the Events table (which you can access from the **Events** tab on the **Hosts**, **Network**, or **Users** pages) or from Timeline, you can examine them in the case's **Events** tab. Within the tab, alerts are organized from newest to oldest. Click the **View details** button the find out more about the event.
 
 ### Add files [cases-add-files]
 

solutions/toc.yml

@@ -681,6 +681,7 @@ toc:
               - file: security/cloud/integration-qualys.md
               - file: security/cloud/integration-tenablevm.md
               - file: security/cloud/integration-rapid7.md
+              - file: security/cloud/integrations/aws-config-integration.md
       - file: security/investigate.md
         children:
           - file: security/investigate/timeline.md