Merge branch 'main' into 1567/existing

kilfoyle · web-flow · commit 47ea160dad24 · 2025-10-17T15:14:46.000-04:00
diff --git a/redirects.yml b/redirects.yml
@@ -537,6 +537,16 @@ redirects:
 # Search sessions becoming background search
   'explore-analyze/discover/search-sessions.md': 'explore-analyze/discover/background-search.md'
 
+# Related to https://github.com/elastic/docs-content/pull/3493
+  'solutions/security/cloud/ingest-third-party-cloud-security-data.md': 'solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md'
+  'solutions/security/cloud/ingest-cncf-falco-data.md': 'solutions/security/cloud/integrations/cncf-falco.md'
+  'solutions/security/cloud/ingest-wiz-data.md': 'solutions/security/cloud/integrations/wiz.md'
+  'solutions/security/cloud/integration-tenablevm.md': 'solutions/security/cloud/integrations/tenablevm.md'
+  'solutions/security/cloud/integration-rapid7.md': 'solutions/security/cloud/integrations/rapid7.md'
+  'solutions/security/cloud/integration-qualys.md': 'solutions/security/cloud/integrations/qualys.md'
+  'solutions/security/cloud/ingest-aws-security-hub-data.md': 'solutions/security/cloud/integrations/aws-security-hub.md'
+  'solutions/security/cloud/aws-config-integration.md': 'solutions/security/cloud/integrations/aws-config.md'
+  
 # Deduplicate canvas function reference
   'reference/data-analysis/kibana/canvas-functions.md': 'explore-analyze/visualize/canvas/canvas-function-reference.md'
   'reference/data-analysis/kibana/tinymath-functions.md': 'explore-analyze/visualize/canvas/canvas-tinymath-functions.md'
diff --git a/solutions/security/cloud/findings-page-3.md b/solutions/security/cloud/findings-page-3.md
@@ -14,7 +14,7 @@ products:
 
 # View and manage CNVM vulnerabilities in Findings [security-vuln-management-findings]
 
-The **Vulnerabilities** tab on the Findings page displays the vulnerabilities detected by the [CNVM integration](cloud-native-vulnerability-management.md), as well as those detected by [third-party integrations](ingest-third-party-cloud-security-data.md).
+The **Vulnerabilities** tab on the **Findings** page displays the vulnerabilities detected by the [CNVM integration](cloud-native-vulnerability-management.md), as well as those detected by [third-party integrations](integrations/ingest-third-party-cloud-security-data.md).
 
 :::{image} /solutions/images/serverless--cloud-native-security-cnvm-findings-page.png
 :alt: The Vulnerabilities tab of the Findings page
diff --git a/solutions/security/cloud/findings-page.md b/solutions/security/cloud/findings-page.md
@@ -18,7 +18,7 @@ products:
 
 $$$cspm-findings-page-filter-findings$$$
 
-The **Misconfigurations** tab on the Findings page displays the configuration risks identified by the [CSPM](/solutions/security/cloud/cloud-security-posture-management.md) and [KSPM](/solutions/security/cloud/kubernetes-security-posture-management.md) integrations, as well as data from [third-party integrations](/solutions/security/cloud/ingest-third-party-cloud-security-data.md).
+The **Misconfigurations** tab on the **Findings** page displays the configuration risks identified by the [CSPM](/solutions/security/cloud/cloud-security-posture-management.md) and [KSPM](/solutions/security/cloud/kubernetes-security-posture-management.md) integrations, as well as data from [third-party integrations](/solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md).
 
 :::{image} /solutions/images/security-findings-page.png
 :alt: Findings page
diff --git a/solutions/security/cloud/ingest-third-party-cloud-security-data.md b/solutions/security/cloud/ingest-third-party-cloud-security-data.md
diff --git a/solutions/security/cloud/integrations/aws-config.md b/solutions/security/cloud/integrations/aws-config.md
@@ -12,12 +12,12 @@ products:
 
 This page explains how to make data from the AWS Config integration appear in the following places within {{elastic-sec}}:
 
-- **Findings page**: Data appears on the Findings page's [Misconfigurations](/solutions/security/cloud/findings-page.md) tab.
+- **Findings page**: Data appears on the [Misconfigurations](/solutions/security/cloud/findings-page.md) tab.
 - **Alert and Entity details flyouts**: Data appears in the Insights section of the [Alert](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) and [Entity](/solutions/security/advanced-entity-analytics/view-entity-details.md#insights) details flyouts.
 
 
 In order for AWS Config data to appear in these workflows:
 
 * Follow the steps to [set up the AWS Config integration](https://docs.elastic.co/en/integrations/aws/config).
 * Make sure the integration version is at least 4.0.0.
-* Ensure you have `read` privileges for the following indices: `security_solution-*.misconfiguration_latest`.
+* Ensure you have `read` privileges for the following index: `security_solution-*.misconfiguration_latest`.
diff --git a/solutions/security/cloud/integrations/aws-inspector.md b/solutions/security/cloud/integrations/aws-inspector.md
@@ -0,0 +1,23 @@
+---
+applies_to:
+  stack: ga 9.2
+  serverless:
+    security: all
+products:
+  - id: security
+  - id: cloud-serverless
+---
+
+# AWS Inspector
+
+This page explains how to make data from the AWS Inspector integration appear in the following places within {{elastic-sec}}:
+
+- **Findings page**: Data appears on the [Vulnerabilities](/solutions/security/cloud/findings-page.md) tab.
+- **Alert and Entity details flyouts**: Data appears in the Insights section of the [Alert](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) and [Entity](/solutions/security/advanced-entity-analytics/view-entity-details.md#insights) details flyouts.
+
+
+In order for AWS Inspector data to appear in these workflows:
+
+* Follow the steps to [set up the AWS Inspector integration](https://www.elastic.co/docs/reference/integrations/aws/inspector).
+* Make sure the integration version is at least 4.0.0.
+* Ensure you have `read` privileges for the following index: `security_solution-*.vulnerability_latest`.
diff --git a/solutions/security/cloud/integrations/aws-security-hub.md b/solutions/security/cloud/integrations/aws-security-hub.md
diff --git a/solutions/security/cloud/integrations/cncf-falco.md b/solutions/security/cloud/integrations/cncf-falco.md
@@ -40,8 +40,8 @@ Next, to make alerts from Falco appear on {{elastic-sec}}'s Alerts page:
 
 You can either:
 
-* [Send Falco data to {{es}} from virtual machines (VMs)](/solutions/security/cloud/ingest-cncf-falco-data.md#ingest-falco-setup-falco-vm); or,
-* [Send Falco data to {{es}} from Kubernetes](/solutions/security/cloud/ingest-cncf-falco-data.md#ingest-falco-setup-falco-kubernetes).
+* [Send Falco data to {{es}} from virtual machines (VMs)](#ingest-falco-setup-falco-vm); or,
+* [Send Falco data to {{es}} from Kubernetes](#ingest-falco-setup-falco-kubernetes).
 
 
 ### Configure Falco and Falcosidekick for VMs [ingest-falco-setup-falco-vm]
diff --git a/solutions/security/cloud/integrations/google-security-command-center.md b/solutions/security/cloud/integrations/google-security-command-center.md
@@ -12,7 +12,7 @@ products:
 
 This page explains how to make data from the Google Security Command Center integration appear in the following workflows within {{elastic-sec}}:
 
-- **Findings page**: Data appears on the [Findings page's](/solutions/security/cloud/findings-page.md) **Vulnerabilities** tab and **Misconfigurations** tab.
+- **Findings page**: Data appears on the [Vulnerabilities](/solutions/security/cloud/findings-page-3.md) tab and the [Misconfiguations](/solutions/security/cloud/findings-page.md) tab.
 - **Alert and Entity details flyouts**: Data appears in the **Insights** section of the [Alert](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) and [Entity](/solutions/security/advanced-entity-analytics/view-entity-details.md#insights) details flyouts.
 
 
diff --git a/solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md b/solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md
@@ -0,0 +1,48 @@
+---
+mapped_pages:
+  - https://www.elastic.co/guide/en/security/current/ingest-third-party-cloud-security-data.html
+  - https://www.elastic.co/guide/en/serverless/current/ingest-third-party-cloud-security-data.html
+applies_to:
+  stack: all
+  serverless:
+    security: all
+products:
+  - id: security
+  - id: cloud-serverless
+---
+
+# Ingest third-party cloud security data
+
+This section describes how to ingest cloud security data from third-party tools into {{es}}. Once ingested, this data can provide additional context and enrich your {{elastic-sec}} workflows.
+
+You can ingest both third-party cloud workload protection data and third-party security posture and vulnerability data.
+
+
+## Ingest third-party workload protection data [_ingest_third_party_workload_protection_data]
+
+You can ingest third-party cloud security alerts into {{elastic-sec}} to view them on the [Alerts page](/solutions/security/advanced-entity-analytics/view-analyze-risk-score-data.md#alerts-page) and incorporate them into your triage and threat hunting workflows.
+
+* Learn to [ingest alerts from Sysdig Falco](/solutions/security/cloud/integrations/cncf-falco.md).
+
+
+## Ingest third-party security posture and vulnerability data [_ingest_third_party_security_posture_and_vulnerability_data]
+
+You can ingest third-party data into {{elastic-sec}} to review and investigate it alongside data collected by {{elastic-sec}}'s native cloud security integrations. Once ingested, cloud security posture and vulnerability data appears on the [**Findings**](/solutions/security/cloud/findings-page.md) page and in the [entity details](/solutions/security/advanced-entity-analytics/view-entity-details.md#entity-details-flyout) and [alert details](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) flyouts.
+
+::::{note}
+Data from third-party integrations does not appear on the [CNVM dashboard](/solutions/security/cloud/cnvm-dashboard.md) or the [Cloud Posture dashboard](/solutions/security/dashboards/cloud-security-posture-dashboard.md),
+::::
+
+Data from each of the following integrations can feed into at least some of these workflows:
+
+* [AWS Config](/solutions/security/cloud/integrations/aws-config.md)
+* [AWS Inspector](/solutions/security/cloud/integrations/aws-inspector.md)
+* [AWS Security Hub](/solutions/security/cloud/integrations/aws-security-hub.md)
+* [Google Security Command Center](/solutions/security/cloud/integrations/google-security-command-center.md)
+* [Microsoft Defender for Cloud](/solutions/security/cloud/integrations/microsoft-defender-for-cloud.md)
+* [Microsoft Defender for Endpoint](/solutions/security/cloud/integrations/microsoft-defender-for-endpoint.md)
+* [Microsoft Defender XDR](/solutions/security/cloud/integrations/microsoft-defender-xdr.md)
+* [Qualys VMDR](/solutions/security/cloud/integrations/qualys.md)
+* [Rapid7 InsightVM](/solutions/security/cloud/integrations/rapid7.md)
+* [Tenable VM](/solutions/security/cloud/integrations/tenablevm.md)
+* [Wiz](/solutions/security/cloud/integrations/wiz.md)
diff --git a/solutions/security/cloud/integrations/qualys.md b/solutions/security/cloud/integrations/qualys.md
@@ -13,11 +13,7 @@ products:
 This page explains how to make data from the Qualys Vulnerability Management, Detection and Response integration (Qualys VMDR) appear in the following places within {{elastic-sec}}:
 
 - **Findings page**: Data appears on the [Vulnerabilities](/solutions/security/cloud/findings-page-3.md) tab.
-- **Alert and Entity details flyouts**: Applicable data appears in the [Insights section](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section).
-
-:::{note}
-Data from this integration does not appear on the [CNVM dashboard](/solutions/security/cloud/cnvm-dashboard.md).
-:::
+- **Alert and Entity details flyouts**: Data appears in the Insights section of the [Alert](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) and [Entity](/solutions/security/advanced-entity-analytics/view-entity-details.md#insights) details flyouts.
 
 In order for Qualys VMDR data to appear in these workflows:
 
diff --git a/solutions/security/cloud/integrations/rapid7.md b/solutions/security/cloud/integrations/rapid7.md
@@ -13,11 +13,8 @@ products:
 This page explains how to make data from the Rapid7 InsightVM integration (Rapid7) appear in the following places within {{elastic-sec}}:
 
 - **Findings page**: Data appears on the [Vulnerabilities](/solutions/security/cloud/findings-page-3.md) tab.
-- **Alert and Entity details flyouts**: Applicable data appears in the [Insights section](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section).
+- **Alert and Entity details flyouts**: Data appears in the Insights section of the [Alert](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) and [Entity](/solutions/security/advanced-entity-analytics/view-entity-details.md#insights) details flyouts.
 
-:::{note}
-Data from this integration does not appear on the [CNVM dashboard](/solutions/security/cloud/cnvm-dashboard.md).
-:::
 
 In order for Rapid7 data to appear in these workflows:
 
diff --git a/solutions/security/cloud/integrations/tenablevm.md b/solutions/security/cloud/integrations/tenablevm.md
@@ -13,11 +13,7 @@ products:
 This page explains how to make data from the Tenable Vulnerability Management integration (Tenable VM) appear in the following places within {{elastic-sec}}:
 
 - **Findings page**: Data appears on the [Vulnerabilities](/solutions/security/cloud/findings-page-3.md) tab.
-- **Alert and Entity details flyouts**: Applicable data appears in the [Insights section](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section).
-
-::::{note}
-Data from this integration does not appear on the [CNVM dashboard](/solutions/security/cloud/cnvm-dashboard.md).
-::::
+- **Alert and Entity details flyouts**: Data appears in the Insights section of the [Alert](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) and [Entity](/solutions/security/advanced-entity-analytics/view-entity-details.md#insights) details flyouts.
 
 In order for Tenable VM data to appear in these workflows:
 
diff --git a/solutions/security/cloud/integrations/wiz.md b/solutions/security/cloud/integrations/wiz.md
diff --git a/solutions/toc.yml b/solutions/toc.yml
@@ -677,15 +677,16 @@ toc:
           - file: security/cloud/cloud-workload-protection-for-vms.md
             children:
               - file: security/cloud/capture-environment-variables.md
-          - file: security/cloud/ingest-third-party-cloud-security-data.md
-            children:
-              - file: security/cloud/ingest-cncf-falco-data.md
-              - file: security/cloud/ingest-aws-security-hub-data.md
-              - file: security/cloud/ingest-wiz-data.md
-              - file: security/cloud/integration-qualys.md
-              - file: security/cloud/integration-tenablevm.md
-              - file: security/cloud/integration-rapid7.md
-              - file: security/cloud/integrations/aws-config-integration.md
+          - file: security/cloud/integrations/ingest-third-party-cloud-security-data.md
+            children:
+              - file: security/cloud/integrations/cncf-falco.md
+              - file: security/cloud/integrations/aws-security-hub.md
+              - file: security/cloud/integrations/wiz.md
+              - file: security/cloud/integrations/qualys.md
+              - file: security/cloud/integrations/tenablevm.md
+              - file: security/cloud/integrations/rapid7.md
+              - file: security/cloud/integrations/aws-config.md
+              - file: security/cloud/integrations/aws-inspector.md
               - file: security/cloud/integrations/microsoft-defender-for-cloud.md
               - file: security/cloud/integrations/microsoft-defender-for-endpoint.md
               - file: security/cloud/integrations/microsoft-defender-xdr.md
