Documents new RBAC for value reports (#3817)

Fixes #3720 — documents a new RBAC control that controls access to the
Value Report feature in Elastic Security (only available on serverless
security and EASE projects for now — planned for Stack v9.3).

Tweaks the value reports page to make it more generic, since previously
it was only available on EASE, and it's now available in serverless.

Although in the original ticket @stephmilovic requested that the new
RBAC control be documented
[here](https://www.elastic.co/docs/solutions/security/get-started/elastic-security-requirements),
for this draft I opted to document it directly on the Value Reports
page, since the security requirements page is more of a high-level page
that isn't focused on specific features (other than linking to other
requirements pages that are related to specific features). Instead, I
suggest we make the in-product link go to the Value Reports page rather
than the security requirements page.

Also added the value reports page to another spot in the GenAI for
security section — it's still present in the original spot in the EASE
subfolder, but now that it's available in serverless too, I wanted to
make it more findable.

---------

Co-authored-by: florent-leborgne <[email protected]>

Author: benironside

solutions/_snippets/value-report-intro.md

@@ -0,0 +1,11 @@
+The **Value report** page estimates your savings from using Elastic's AI SOC features for alert triage, in terms of **Analyst time saved** and **Cost Savings**. The message at the top of the page explains how those numbers were determined, and how many alerts were **Escalated** and **Filtered** by AI. 
+
+You can interact with the page in the following ways:
+
+- **Update the time range:** Use the time selector in the upper right corner to select the time range for which to show value metrics.
+- **Export report:** Select **Export report** in the upper right corner to download a sharable PDF of the value report.
+
+
+:::{image} /solutions/images/security-ease-value-report.png
+:alt: The Value Report in an EASE project
+:::

solutions/images/security-ease-value-report.png

@@ -10,6 +10,40 @@ Elastic AI SOC Engine (EASE) is an {{sec-serverless}} project type that provides
 
 This page describes how to create an EASE project, how to ingest your data, and how to use its key features.
 
+
+## Features
+
+EASE provides a set of capabilities designed to help make the most of each security analyst’s time, fight alert fatigue, and reduce your mean time to respond. Once your data is ingested, you can start using the following features:
+
+- **[Attack Discovery](/solutions/security/ai/attack-discovery.md)**: Helps you analyze alerts in your environment and identify threats. Each discovery represents a potential attack and describes relationships among multiple alerts to tell you which users and hosts are involved, how alerts correspond to the MITRE ATT&CK matrix, and which threat actor might be responsible. 
+
+     :::{image} /solutions/images/security-attck-disc-example-disc.png
+     :alt: Attack Discovery detail view
+     :width: 600px
+     :::
+
+     You can [schedule](/solutions/security/ai/attack-discovery.md#schedule-discoveries) Attack Discovery to run automatically, and notify you of any discoveries through a range of connectors such as Slack, Teams, PagerDuty, or email.
+
+- **[AI Assistant](/solutions/security/ai/ai-assistant.md)**: An LLM-powered virtual assistant specialized for digital security; it helps with data analysis, alert investigation, incident response, and {{esql}} query generation. You can add custom background knowledge and data to its [knowledge base](/solutions/security/ai/ai-assistant-knowledge-base.md) and use natural language to ask for its assistance with your SOC operations. 
+
+    :::{image} /solutions/images/security-ease-ai-assistant.png
+    :alt: A new conversation with AI Assistant
+    :width: 450px
+    :::
+
+    You can add custom information to AI Assistant's [Knowledge Base](/solutions/security/ai/ai-assistant-knowledge-base.md), either in the form of individual documents or entire indices containing numerous documents. This information informs the AI Assistant's responses and can include everything from threat intelligence, to information about your team's on-call rotation, to information about your infrastructure, and more. 
+
+- **[Cases](/solutions/security/investigate/cases.md)**: Helps you track and share related information about security issues. Track key investigation details and collect alerts in a central location.
+
+    :::{image} /solutions/images/security-ease-cases.png
+    :alt: The Cases page in an EASE project showing the default state
+    :::
+
+- **[Value report](/solutions/security/ai/ease/ease-value-report.md)**:
+
+   :::{include} /solutions/_snippets/value-report-intro.md
+   :::
+
 ## Create an EASE project
 
 To create an EASE project:
@@ -47,32 +81,3 @@ To ingest third-party security data:
 
 EASE uses LLM connectors to enable its AI features such as Attack Discovery and AI Assistant. The Elastic Managed LLM is enabled by default. You can also [configure your own third-party LLM connector](/solutions/security/ai/set-up-connectors-for-large-language-models-llm.md). Keep in mind that different models [perform differently](/solutions/security/ai/large-language-model-performance-matrix.md) on different tasks. 
 
-
-## Features
-
-EASE provides a set of capabilities designed to help make the most of each security analyst’s time, fight alert fatigue, and reduce your mean time to respond. Once your data is ingested, you can start using the following features:
-
-- **[Attack Discovery](/solutions/security/ai/attack-discovery.md)**: Helps you analyze alerts in your environment and identify threats. Each discovery represents a potential attack and describes relationships among multiple alerts to tell you which users and hosts are involved, how alerts correspond to the MITRE ATT&CK matrix, and which threat actor might be responsible. 
-
-     :::{image} /solutions/images/security-attck-disc-example-disc.png
-     :alt: Attack Discovery detail view
-     :width: 600px
-     :::
-
-     You can [schedule](/solutions/security/ai/attack-discovery.md#schedule-discoveries) Attack Discovery to run automatically, and notify you of any discoveries through a range of connectors such as Slack, Teams, PagerDuty, or email.
-
-- **[AI Assistant](/solutions/security/ai/ai-assistant.md)**: An LLM-powered virtual assistant specialized for digital security; it helps with data analysis, alert investigation, incident response, and {{esql}} query generation. You can add custom background knowledge and data to its [knowledge base](/solutions/security/ai/ai-assistant-knowledge-base.md) and use natural language to ask for its assistance with your SOC operations. 
-
-    :::{image} /solutions/images/security-ease-ai-assistant.png
-    :alt: A new conversation with AI Assistant
-    :width: 450px
-    :::
-
-    You can add custom information to AI Assistant's [Knowledge Base](/solutions/security/ai/ai-assistant-knowledge-base.md), either in the form of individual documents or entire indices containing numerous documents. This information informs the AI Assistant's responses and can include everything from threat intelligence, to information about your team's on-call rotation, to information about your infrastructure, and more. 
-
-- **[Cases](/solutions/security/investigate/cases.md)**: Helps you track and share related information about security issues. Track key investigation details and collect alerts in a central location.
-
-    :::{image} /solutions/images/security-ease-cases.png
-    :alt: The Cases page in an EASE project showing the default state
-    :::
-

solutions/images/security-value-report-rbac.png

@@ -3,18 +3,29 @@ navigation_title: Value report
 applies_to:
   serverless:
     security: preview
+  stack: preview 9.3
 ---
 
-# EASE Value Report
+# Value report
 
-The **Value report** page estimates your savings from using Elastic AI SOC Engine (EASE) for alert triage, in terms of **Analyst time saved** and **Cost Savings**. The message at the top of the page explains how those numbers were determined, and how many alerts were **Escalated** and **Filtered** by AI. 
+:::{include} /solutions/_snippets/value-report-intro.md
+:::
 
-You can interact with the page in the following ways:
+## Requirements
 
-- **Update the time range:** Use the time selector in the upper right corner to select the time range for which to show value metrics.
-- **Export report:** Select **Export report** in the upper right corner to download a sharable PDF of the value report.
+```{applies_to}
+serverless: preview
+stack: preview 9.3
+```
 
+* To access the **Value report** page, your subscription must include AI-powered features. For {{sec-serverless}}, this means you need either the Elastic AI SOC Engine (EASE) or Security Analytics Complete [feature tier](https://www.elastic.co/pricing/serverless-security).
 
-:::{image} /solutions/images/security-ease-value-report.png
-:alt: The Value Report in an EASE project
-:::
+* To access the **Value report** page, you need the **SOC Management** Security sub-feature [{{kib}} privilege](/deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md). 
+
+![value report RBAC setting](/solutions/images/security-value-report-rbac.png "=50%")
+
+::::{note}
+The following default roles have the **SOC Management** privilege by default:
+- EASE feature tier: ` _search_ai_lake_soc_manager`
+- Security Analytics Complete: `admin` and `soc_manager`
+::::

solutions/security/ai/ease/ease-intro.md

@@ -558,7 +558,6 @@ toc:
           - file: security/ai/ease/ease-intro.md
             children:
               - file: security/ai/ease/ease-alerts.md
-              - file: security/ai/ease/ease-value-report.md
               - file: security/ai/ease/ease-upgrade.md
           - file: security/ai/ai-assistant.md
             children:
@@ -578,6 +577,7 @@ toc:
               - file: security/ai/triage-alerts.md
               - file: security/ai/identify-investigate-document-threats.md
               - file: security/ai/generate-customize-learn-about-esorql-queries.md
+          - file: security/ai/ease/ease-value-report.md
       - file: security/detect-and-alert.md
         children:
           - file: security/detect-and-alert/detections-requirements.md