Merge branch 'main' into esql-increase-history-size

florent-leborgne · web-flow · commit 9806662b450a · 2025-10-01T09:44:03.000+02:00
diff --git a/reference/fleet/fleet-enrollment-tokens.md b/reference/fleet/fleet-enrollment-tokens.md
@@ -8,19 +8,27 @@ products:
 
 # Fleet enrollment tokens [fleet-enrollment-tokens]
 
-A {{fleet}} enrollment token (referred to as an `enrollment API key` in the {{fleet}} API documentation) is an {{es}} API key that you use to enroll one or more {{agent}}s in {{fleet}}. The enrollment token enrolls the {{agent}} in a specific agent policy that defines the data to be collected by the agent. You can use the token as many times as required. It will remain valid until you revoke it.
+A {{fleet}} enrollment token (referred to as an `enrollment API key` in the {{fleet}} API documentation) is an {{es}} API key that you use to enroll one or more {{agent}}s in {{fleet}}. The enrollment token enrolls the {{agent}} in a specific agent policy that defines the data to be collected by the agent and which output to use. You can use the token as many times as needed. It will remain valid until you revoke it.
 
-The enrollment token is used for the initial communication between {{agent}} and {{fleet-server}}. After the initial connection request from the {{agent}}, the {{fleet-server}} passes two API keys to the {{agent}}:
+The enrollment token is used for the initial communication between {{agent}} and {{fleet-server}}. After the initial connection request from {{agent}}, {{fleet-server}} passes a communication API key to the agent. This API key includes only the necessary permissions to communicate with {{fleet-server}}. If the API key is invalid, {{fleet-server}} stops communicating with {{agent}}.
 
-* An output API key
+Depending on the output of the agent policy with which the enrollment token is associated, {{fleet-server}} also passes additional data to {{agent}}:
+    
+* For the {{es}} and remote {{es}} outputs, it passes an output API key.
+    
+    This API key is used to send data to {{es}}. It has the minimal permissions needed to ingest all the data specified by the agent policy. If the API key is invalid, {{agent}} stops ingesting data into {{es}}.
 
-    This API key is used to send data to {{es}}. It has the minimal permissions needed to ingest all the data specified by the agent policy. If the API key is invalid, the {{agent}} stops ingesting data into {{es}}.
+* For the Kafka output, it passes authentication parameters.
 
-* A communication API key
+    The authentication parameters are defined in the authentication settings of the Kafka output and are used by {{agent}} to authenticate with the Kafka cluster before sending data to it.
 
-    This API key is used to communicate with the {{fleet-server}}. It has only the permissions needed to communicate with the {{fleet-server}}. If the API key is invalid, {{fleet-server}} stops communicating with the {{agent}}.
+* For the {{ls}} output, it passes SSL/TLS configuration details.
 
+    The SSL/TLS configuration details such as the SSL certificate authority, the SSL certificate, and the SSL certificate key are defined during {{ls}} output creation. {{agent}} uses SSL/TLS client authentication to authenticate with the {{ls}} pipeline before sending data to it.
 
+:::{note}
+Although an API key is generated during {{ls}} output creation, this key is not passed to {{agent}} by {{fleet-server}}. If the {{ls}} pipeline uses the {{es}} output, this API key is used by {{ls}} to authenticate with the {{es}} cluster before sending data to it.
+:::
 
 ## Create enrollment tokens [create-fleet-enrollment-tokens]
 
diff --git a/solutions/security/apis.md b/solutions/security/apis.md
@@ -3,9 +3,10 @@ applies_to:
   stack: all
   serverless:
     security: all
+navigation_title: APIs
 ---
 
-# APIs
+# {{elastic-sec}} APIs
 
 You can use these APIs to interface with {{elastic-sec}} features:
 
@@ -21,3 +22,4 @@ You can use these APIs to interface with {{elastic-sec}} features:
 * [Osquery API](https://www.elastic.co/docs/api/doc/kibana/group/endpoint-security-osquery-api): Manage live queries, packs, and saved queries.
 * [Timeline API](https://www.elastic.co/docs/api/doc/kibana/group/endpoint-security-timeline-api): Manage, import, and export Timelines.
 
+To view other APIs, such as {{kib}} or {{es}} APIs, refer to [Elastic APIs]({{apis}}).
diff --git a/solutions/security/cloud/cnvm-frequently-asked-questions-faq.md b/solutions/security/cloud/cnvm-frequently-asked-questions-faq.md
@@ -16,13 +16,9 @@ products:
 
 Frequently asked questions about the Cloud Native Vulnerability Management (CNVM) integration and features.
 
-**Which security data sources does the CNVM integration use to identify vulnerabilities?**
-
-The CNVM integration uses various security data sources. The complete list can be found [here](https://github.com/aquasecurity/trivy/blob/v0.35.0/docs/docs/vulnerability/detection/data-source.md).
-
 **What’s the underlying scanner used by CNVM integration?**
 
-CNVM uses the open source scanner [Trivy](https://github.com/aquasecurity/trivy) v0.35.
+CNVM uses the open source scanner [Trivy](https://github.com/aquasecurity/trivy).
 
 **What system architectures are supported?**
 
diff --git a/solutions/security/cloud/get-started-with-cspm-for-gcp.md b/solutions/security/cloud/get-started-with-cspm-for-gcp.md
@@ -28,21 +28,21 @@ This page explains how to get started monitoring the security posture of your GC
 
 ## Set up CSPM for GCP [cspm-setup-gcp]
 
-You can set up CSPM for GCP either by enrolling a single project, or by enrolling an organization containing multiple projects. Either way, you need to first add the CSPM integration, then enable cloud account access. 
+You can set up CSPM for GCP either by enrolling a single project, or by enrolling an organization containing multiple projects. Either way, you need to first add the CSPM integration, then enable cloud access. 
 
 Two deployment technologies are available: agentless and agent-based. 
 
 * [Agentless deployment](/solutions/security/cloud/asset-disc-azure.md#cad-azure-agentless) allows you to collect cloud posture data without having to manage the deployment of an agent in your cloud. 
-* [Agent-based deployment](/solutions/security/cloud/asset-disc-azure.md#cad-azure-agent-based) requires you to deploy and manage an agent in the cloud account you want to monitor.
+* [Agent-based deployment](/solutions/security/cloud/asset-disc-azure.md#cad-azure-agent-based) requires you to deploy and manage an agent in the cloud project or projects you want to monitor.
 
 
 ## Agentless deployment [cspm-gcp-agentless]
 
 1. Find **Integrations** in the navigation menu or use the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md).
 2. Search for `CSPM`, then click on the result.
 3. Click **Add Cloud Security Posture Management (CSPM)**.
-4. Under **Configure integration**, select **GCP**, then either **GCP Organization** to onboard your whole organization, or **Single Project** to onboard an individual account.
-5. Give your integration a name and description that match the purpose or team of the GCP subscription/organization you want to monitor, for example, `dev-gcp-account`.
+4. Under **Configure integration**, select **GCP**, then either **GCP Organization** to onboard your whole organization, or **Single Project** to onboard an individual project.
+5. Give your integration a name and description that match the purpose or team of the GCP subscription/organization you want to monitor, for example, `dev-gcp-project`.
 6. (Optional) Expand **Advanced options** and add a `Namespace` to the integration's data stream.
 
 :::{include} _snippets/cspm-namespace.md
@@ -60,8 +60,8 @@ Two deployment technologies are available: agentless and agent-based.
 1. Find **Integrations** in the navigation menu or use the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md).
 2. Search for `CSPM`, then click on the result.
 3. Click **Add Cloud Security Posture Management (CSPM)**.
-4. For **Configure integration**, select **GCP**, then either **GCP Organization** to onboard your whole organization, or **Single Project** to onboard an individual account.
-5. Give your integration a name and description that match the purpose or team of the GCP account you want to monitor, for example, `dev-gcp-project`.
+4. For **Configure integration**, select **GCP**, then either **GCP Organization** to onboard your whole organization, or **Single Project** to onboard an individual project.
+5. Give your integration a name and description that match the purpose or team of the GCP project you want to monitor, for example, `dev-gcp-project`.
 6. (Optional) Expand the **Advanced options** menu and add a `Namespace` to the integration's data stream.
 
 ::::{include} _snippets/cspm-namespace.md
@@ -76,7 +76,7 @@ To set up CSPM for a GCP project, you need admin privileges for the project.
 ::::
 
 
-For most users, the simplest option is to use a Google Cloud Shell script to automatically provision the necessary resources and permissions in your GCP account. This method, as well as two manual options, are described next on this page.
+For most users, the simplest option is to use a Google Cloud Shell script to automatically provision the necessary GCP resources and permissions. This method, as well as two manual options, are described next on this page.
 
 
 ## Cloud Shell script setup (recommended) [cspm-set-up-cloudshell]
@@ -85,8 +85,8 @@ For most users, the simplest option is to use a Google Cloud Shell script to aut
 2. In **Where to add this integration**:
 
     1. Select **New Hosts**.
-    2. Name the {{agent}} policy. Use a name that matches the purpose or team of the cloud account or accounts you want to monitor. For example, `dev-gcp-account`.
-    3. Click **Save and continue**, then **Add {{agent}} to your hosts**. The **Add agent** wizard appears and provides {{agent}} binaries, which you can download and deploy to a VM in your GCP account.
+    2. Name the {{agent}} policy. Use a name that matches the purpose or team of the cloud project or projects you want to monitor. For example, `dev-gcp-project`.
+    3. Click **Save and continue**, then **Add {{agent}} to your hosts**. The **Add agent** wizard appears and provides {{agent}} binaries, which you can download and deploy to a VM in GCP.
 
 3. Click **Save and continue**.
 4. Copy the command that appears, then click **Launch Google Cloud Shell**. It opens in a new window.
@@ -160,7 +160,7 @@ Provide credentials to the CSPM integration:
 2. Enter your GCP **Organization ID**. Enter the GCP **Project ID** of the project where you want to provision the compute instance that will run CSPM.
 3. Select **Credentials JSON**, and enter the value you generated earlier.
 4. For **Where to add this integration**, select **New Hosts**.
-5. Name the {{agent}} policy. Use a name that matches the purpose or team of the cloud account or accounts you want to monitor. For example, `dev-gcp-account`.
+5. Name the {{agent}} policy. Use a name that matches the purpose or team of the cloud project or projects you want to monitor. For example, `dev-gcp-project`.
 6. Click **Save and continue**, then follow the instructions to install {{agent}} in your chosen GCP project.
 
 Wait for the confirmation that {{kib}} received data from your new integration. Then you can click **View Assets** to see your data.
@@ -217,7 +217,7 @@ Provide credentials to the CSPM integration:
 2. Enter your GCP **Project ID**.
 3. Select **Credentials JSON**, and enter the value you generated earlier.
 4. For **Where to add this integration**, select **New Hosts**.
-5. Name the {{agent}} policy. Use a name that matches the purpose or team of the cloud account or accounts you want to monitor. For example, `dev-gcp-account`.
+5. Name the {{agent}} policy. Use a name that matches the purpose or team of the cloud project or projects you want to monitor. For example, `dev-gcp-project`.
 6. Click **Save and continue**, then follow the instructions to install {{agent}} in your chosen GCP project.
 
 Wait for the confirmation that {{kib}} received data from your new integration. Then you can click **View Assets** to see your data.
diff --git a/solutions/security/get-started/agentless-integrations.md b/solutions/security/get-started/agentless-integrations.md
@@ -16,20 +16,31 @@ products:
 Agentless integrations provide a means to ingest data while avoiding the orchestration, management, and maintenance needs associated with standard ingest infrastructure. Using agentless integrations makes manual agent deployment unnecessary, allowing you to focus on your data instead of the agent that collects it.
 
 ::::{important}
-There are currently no additional costs associated with deploying agentless integrations. 
-There is currently a limit of 5 agentless integrations per project. 
+During technical preview, there are no additional costs associated with deploying agentless integrations. 
+There is a limit of 5 agentless integrations per project. 
 ::::
 
 ## Generally available (GA) agentless integrations
 
-We fully support agentless deployment for Cloud security posture management (CSPM). Using this integration’s agentless deployment option, you can enable Elastic’s CSPM capabilities just by providing the necessary credentials. Agentless CSPM deployments support AWS, Azure, and GCP accounts.
+Elastic fully supports agentless deployment for the Cloud Security Posture Management (CSPM) integration. Using this integration’s agentless deployment option, you can enable Elastic’s CSPM capabilities just by providing the necessary credentials. Agentless CSPM deployments support AWS, Azure, and GCP accounts.
+
+To learn more about agentless CSPM deployments, refer to the getting started guides for CSPM on [AWS](../cloud/get-started-with-cspm-for-aws.md), [Azure](../cloud/get-started-with-cspm-for-azure.md), or [GCP](../cloud/get-started-with-cspm-for-gcp.md)
 
-To learn more about agentless CSPM deployments, refer to the getting started guides for CSPM on [AWS](../cloud/get-started-with-cspm-for-aws.md),  [Azure](../cloud/get-started-with-cspm-for-azure.md), or [GCP](../cloud/get-started-with-cspm-for-gcp.md)
 
 ## Beta agentless integrations
 
-::::{warning}
 Agentless deployment for other integrations is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features.
-::::
 
-For setup guides and to learn more about Elastic's integrations, including whether each one supports agentless deployment, refer to [Elastic integrations](https://docs.elastic.co/en/integrations/).
+For setup guides and to learn more about Elastic's integrations, including whether each supports agentless deployment, refer to [Elastic integrations](https://docs.elastic.co/en/integrations/).
+
+## Filter the integrations page to find agentless integrations
+
+```{applies_to}
+stack: ga 9.2
+serverless: ga 
+```
+
+To identify which integrations support agentless deployment:
+
+1. In {{kib}}, go to **Integrations**.
+2. On the left, enable the **Only agentless integrations** toggle. 
