You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: solutions/security/get-started.md
+11-12Lines changed: 11 additions & 12 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -16,21 +16,20 @@ New to {{elastic-sec}}? Discover more about our security features and how to get
16
16
:::::{{stepper}}
17
17
::::{{step}} Choose your deployment type
18
18
19
-
Elastic provides several self-managed or Elastic-managed options for you to install {{elastic-sec}}. For simplicity and speed, we recommend one of our {{ecloud}} options. Review
19
+
Elastic provides several self-managed or Elastic-managed options for you to install {{elastic-sec}}. For simplicity and speed, we recommend one of our {{ecloud}} options. Check out our [deployment types](/deploy-manage/deploy.md#choosing-your-deployment-type) to learn more.
20
20
::::
21
21
22
+
::::{{step}} Ingest your data
23
+
After you've deployed {{elastic-sec}}, the next step is to get data into the product before you can search, analyze, or use any visualization tools. The easiest way to get data into Security is through one of our integrations—a pre-packaged collection of assets that allows you to easily collect, store, and visualize any data from any source. You can add an integration directly from the **Get Started** page within the **Ingest your data** section. Choose from one of our recommended integrations, or you can select one of the other tabs to browse by category. Elastic also provides different [ingestion methods](integration-docs://reference/index.md#ingestion-methods) to meet your infrastructure needs.
22
24
23
-
24
-
:::::
25
-
26
-
This section describes how to set up {{elastic-sec}}, install {{agent}} and the {{elastic-defend}} integration on your hosts, and use the {{elastic-sec}} UI in {{kib}}. To get started, click on one of the following tutorials, depending on your use case:
27
-
28
-
*[Detect threats in my data with SIEM](https://www.elastic.co/getting-started/security/detect-threats-in-my-data-with-siem)
29
-
30
-
::::{note}
31
-
If you're migrating to Elastic's SIEM from Splunk, you can use [Automatic Migration](../security/get-started/automatic-migration.md).
25
+
:::{{tip}}
26
+
If you have data from a source that doesn't yet have an integration, you can use our [Automatic Import tool](/solutions/security/get-started/automatic-import.md).
27
+
:::
32
28
::::
33
29
34
-
*[Secure my hosts with endpoint security](https://www.elastic.co/getting-started/security/secure-my-hosts-with-endpoint-security)
35
-
*[Secure my cloud assets with cloud posture management (CSPM)](https://www.elastic.co/getting-started/security/secure-my-cloud-assets-with-cloud-security-posture-management)
30
+
::::{{step}} Get started with your use case
31
+
Not sure where to start exploring {{elastic-sec}}
32
+
or which features may be relevant for you? Continue to the next topic to view our quickstart guides, which are tailored to a specific use case and help you complete a core task so you can get up and running.
Copy file name to clipboardExpand all lines: solutions/security/get-started/get-started-detect-with-siem.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -64,11 +64,11 @@ If you’re using macOS, some versions may require you to grant {{elastic-endpoi
64
64
65
65
::::{step} Modify policy configuration settings
66
66
67
-
After you install the {{agent}} with {{elastic-defend}}, several endpoint protections—such as preventions against malware, ransomware, memory threats, and other malicious behavior—are automatically enabled on protected hosts. This means that not only does {{elastic-defend}} detect the behavior and generate an alert, but it also blocks it. Due to this maximum level of protection, we recommend modifying the configuration policy to _detect_ instead of _prevent_. This will allow you to track which alerts are generating over a specific time period before enabling higher protection, if desired.
67
+
After you install the {{agent}} with {{elastic-defend}}, the Endpoint Security ({{elastic-defend}}) detection rule is automatically enabled, which also enables several endpoint protections—such as preventions against malware, ransomware, memory threats, and other malicious behavior—on protected hosts. This means that not only does {{elastic-defend}} monitor for these behaviors and generates an alert if any are detected, but it also blocks it. Due to this maximum level of protection, we recommend modifying the policy to _detect_ instead of _prevent_ so that only an alert will be generated, and you can decide how to respond to the threat. Then, closely monitor which alerts and how many are generating over a specific time period before enabling higher protection, if needed.
68
68
69
69
:::{dropdown} Steps to modify an endpoint policy
70
70
1. From the left navigation menu, go to **Assets** → **Endpoints** → **Policies**.
71
-
2. From the list, select the policy you want to configure. The integration policy configuration page appears.
71
+
2. From the list, select the policy you want to configure. The policy configuration page appears.
72
72
3. On the **Policy settings** tab, for each protection, switch the protection level from `Prevent` to `Detect`.
73
73
4. Review and configure the event collection and antivirus settings as appropriate.
74
74
5. Once you're finished making changes, click **Save** in the lower-right corner to update the policy.
@@ -81,7 +81,7 @@ For a comprehensive explanation of all endpoint protections and policy settings,
81
81
82
82
## Add Elastic prebuilt detection rules
83
83
84
-
Detection rules allow you to monitor your environment by searching for source events, matches, sequences, or {{ml}} job anomaly results that meet their criteria. When a rule’s criteria are met, {{elastic-sec}} generates an alert. While you can create your own rules tailored for your environment, Elastic ships out-of-the-box prebuilt rules that you can install.
84
+
Detection rules allow you to monitor your environment by searching for source events, matches, sequences, or {{ml}} job anomaly results that meet their criteria. When a rule’s criteria are met, {{elastic-sec}} generates an alert. While you can create your own rules tailored for your environment, Elastic ships out-of-the-box prebuilt rules that you can install. Remember that if you installed {{elastic-defend}}, the Endpoint Security rule is already enabled.
85
85
86
86
:::{dropdown} Steps to install and enable prebuilt rules
87
87
1. On the **Get Started** page, scroll down to the **Configure rules and alerts** section.
@@ -159,7 +159,7 @@ At the bottom of the **Alerts** page is the alerts table, which includes a compr
159
159
Consider [grouping alerts](/solutions/security/detect-and-alert/manage-detection-alerts.md#group-alerts) by other parameters such as rule name, user name, host name, source IP address, or any other field. You can select up to three fields.
160
160
:::
161
161
162
-
To view specific details about an alert, in the alerts table, click the **View details** button, which opens the alert details flyout. Here, you can view a quick description of the alert, or conduct a deep dive to investigate. Each section of the alert details flyout provides a different insight, and the **Take Action** menu at the bottom provides several options for interacting with the alert.
162
+
To view specific details about an alert, in the alerts table, click the **View details** button, which opens the alert details flyout. Here, you can view a quick description of the alert, or conduct a deep dive to investigate. Each section of the alert details flyout provides a different insight, and the **Take Action** menu at the bottom provides several options to respond to or interact with the alert.
0 commit comments