Fix conflict?

nastasha-solomon · nastasha-solomon · commit a24ac14c4e9e · 2025-02-21T15:00:56.000-05:00
diff --git a/solutions/security/investigate/manage-integration.md b/solutions/security/investigate/manage-integration.md
@@ -3,6 +3,10 @@ mapped_pages:
   - https://www.elastic.co/guide/en/kibana/current/manage-osquery-integration.html
 
 navigation_title: "Osquery manager integration"
+
+applies_to:
+  stack: preview all
+  serverless: preview all
 ---
 
 # Manage the integration [manage-osquery-integration]
@@ -28,7 +32,7 @@ Depending on your [subscription level](https://www.elastic.co/subscriptions), yo
 
 ## Customize Osquery configuration [osquery-custom-config]
 
-[preview] By default, all Osquery Manager integrations share the same Osquery configuration. However, you can customize how Osquery is configured by editing the Osquery Manager integration for each agent policy you want to adjust. The custom configuration is then applied to all agents in the policy. This powerful feature allows you to configure [File Integrity Monitoring](https://osquery.readthedocs.io/en/stable/deployment/file-integrity-monitoring), [Process auditing](https://osquery.readthedocs.io/en/stable/deployment/process-auditing), and [others](https://osquery.readthedocs.io/en/stable/deployment/configuration/#configuration-specification).
+By default, all Osquery Manager integrations share the same Osquery configuration. However, you can customize how Osquery is configured by editing the Osquery Manager integration for each agent policy you want to adjust. The custom configuration is then applied to all agents in the policy. This powerful feature allows you to configure [File Integrity Monitoring](https://osquery.readthedocs.io/en/stable/deployment/file-integrity-monitoring), [Process auditing](https://osquery.readthedocs.io/en/stable/deployment/process-auditing), and [others](https://osquery.readthedocs.io/en/stable/deployment/configuration/#configuration-specification).
 
 ::::{important}
 * Take caution when editing this configuration. The changes you make are distributed to all agents in the policy.
@@ -105,6 +109,6 @@ To get more details in the logs, change the agent logging level to debug:
 
 1. Go to **{{fleet}}** using the navigation menu or the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md).
 2. Select the agent that you want to debug.
-3. On the **Logs** tab, change the ***Agent logging level*** to ***debug***, and then click ***Apply changes**.
+3. On the **Logs** tab, change the **Agent logging level** to **debug**, and then click **Apply changes**.
 
     `agent.logging.level` is updated in `fleet.yml`, and the logging level is changed to `debug`.
diff --git a/solutions/security/investigate/run-osquery-from-alerts.md b/solutions/security/investigate/run-osquery-from-alerts.md
@@ -11,7 +11,7 @@ Run live queries on hosts associated with alerts to learn more about your infras
 ::::{admonition} Requirements
 * The [Osquery manager integration](/solutions/security/investigate/manage-integration.md) must be installed.
 * {{agent}}'s [status](asciidocalypse://docs/docs-content/docs/reference/ingestion-tools/fleet/monitor-elastic-agent.md) must be `Healthy`. Refer to [{{fleet}} Troubleshooting](/troubleshoot/ingest/fleet/common-problems.md) if it isn’t.
-* Your role must have the appropriate [feature privileges](osquery#required_osquery-privileges) in {{stack}} or [user role](/deploy-manage/users-roles/cloud-organization/user-roles.md) in {{serverless-short}}.
+* Your role must have the appropriate [feature privileges](/solutions/security/investigate/osquery#required_osquery-privileges) in {{stack}} or [user role](/deploy-manage/users-roles/cloud-organization/user-roles.md) in {{serverless-short}}.
 
 ::::
 
@@ -51,7 +51,7 @@ To run Osquery from an alert:
 
 
         :::{image} ../../../images/security-setup-query.png
-        :alt: Shows how to set up a single queryy
+        :alt: Shows how to set up a single query
         :class: screenshot
         :::
 
diff --git a/solutions/security/investigate/session-view.md b/solutions/security/investigate/session-view.md
@@ -9,7 +9,7 @@ mapped_urls:
 Session View is an investigation tool that allows you to examine Linux process data organized in a tree-like structure according to the Linux logical event model, with processes organized by parentage and time of execution. It displays events in a highly readable format that is inspired by the terminal. This makes it a powerful tool for monitoring and investigating session activity on your Linux infrastructure and understanding user and service behavior.
 
 ::::{admonition} Requirements
-* In {{stack}}, Session View requires an [Enterprise subscription](https://www.elastic.co/pricing).
+Ensure you have the appropriate [{{stack}}](https://www.elastic.co/pricing) subscription or [{{serverless-short}} project tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md).
 
 ::::
 
diff --git a/solutions/security/investigate/timeline.md b/solutions/security/investigate/timeline.md
@@ -87,7 +87,7 @@ To add a field from the sidebar, hover over it, and click the **Add field as a c
 
 ## Use the Timeline query builder [narrow-expand]
 
-Expand the query builder by clicking the query builder button (![Qery builder button](../../../images/security-query-builder-button.png "title =20x20")) to the right of the KQL query bar. Drop in fields to build a query that filters Timeline results. The fields' relative placement specifies their logical relationships: horizontally adjacent filters use `AND`, while vertically adjacent filters use `OR`.
+Expand the query builder by clicking the query builder button (![Query builder button](../../../images/security-query-builder-button.png "title =20x20")) to the right of the KQL query bar. Drop in fields to build a query that filters Timeline results. The fields' relative placement specifies their logical relationships: horizontally adjacent filters use `AND`, while vertically adjacent filters use `OR`.
 
 ::::{tip}
 Collapse the query builder and provide more space for Timeline results by clicking the query builder button (![Query builder button](../../../images/security-query-builder-button.png "title =20x20")).
diff --git a/solutions/security/investigate/visual-event-analyzer.md b/solutions/security/investigate/visual-event-analyzer.md
@@ -9,7 +9,7 @@ mapped_urls:
 {{elastic-sec}} allows any event detected by {{elastic-endpoint}} to be analyzed using a process-based visual analyzer, which shows a graphical timeline of processes that led up to the alert and the events that occurred immediately after. Examining events in the visual event analyzer is useful to determine the origin of potentially malicious activity and other areas in your environment that may be compromised. It also enables security analysts to drill down into all related hosts, processes, and other events to aid in their investigations.
 
 ::::{tip}
-If you’re on {{stack}} and experiencing performance degradation, you can [exclude cold and frozen tier data](/solutions/security/get-started/configure-advanced-settings.md#exclude-cold-frozen-tiers) from analyzer queries.
+If you’re experiencing performance degradation, you can [exclude cold and frozen tier data](/solutions/security/get-started/configure-advanced-settings.md#exclude-cold-frozen-tiers) from analyzer queries. This setting is only available for the {{stack}}. 
 ::::
 
 
@@ -167,8 +167,8 @@ When you select an `event.category` pill, all the events within that category ar
 :::
 
 ::::{note}
+- You must have the appropriate [{{stack}}](https://www.elastic.co/pricing) subscription or [{{serverless-short}} project tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md) to examine alerts associated with events.
 - There is no limit to the number of events that can be associated with a process.
-- In {{stack}}, you need a [Platinum or Enterprise subscription](https://www.elastic.co/pricing) to examine alerts associated with events.
 ::::
 
 
