turn on ers

natasha-moore-elastic · natasha-moore-elastic · commit af42c488a70f · 2025-02-21T12:18:16.000Z
diff --git a/raw-migrated-files/docs-content/serverless/security-turn-on-risk-engine.md b/raw-migrated-files/docs-content/serverless/security-turn-on-risk-engine.md
diff --git a/raw-migrated-files/toc.yml b/raw-migrated-files/toc.yml
@@ -318,7 +318,6 @@ toc:
       - file: docs-content/serverless/security-triage-alerts-with-elastic-ai-assistant.md
       - file: docs-content/serverless/security-trusted-applications.md
       - file: docs-content/serverless/security-tune-detection-signals.md
-      - file: docs-content/serverless/security-turn-on-risk-engine.md
       - file: docs-content/serverless/security-ui.md
       - file: docs-content/serverless/security-view-alert-details.md
       - file: docs-content/serverless/security-visual-event-analyzer.md
diff --git a/solutions/security/advanced-entity-analytics/turn-on-risk-scoring-engine.md b/solutions/security/advanced-entity-analytics/turn-on-risk-scoring-engine.md
@@ -6,29 +6,18 @@ mapped_urls:
 
 # Turn on the risk scoring engine
 
-% What needs to be done: Align serverless/stateful
-
-% Use migrated content from existing pages that map to this page:
-
-% - [x] ./raw-migrated-files/security-docs/security/turn-on-risk-engine.md
-% - [ ] ./raw-migrated-files/docs-content/serverless/security-turn-on-risk-engine.md
-
-% Internal links rely on the following IDs being on this page (e.g. as a heading ID, paragraph ID, etc):
-
-$$$upgrade-risk-engine$$$
 
 ::::{important}
-To use entity risk scoring, your role must have the appropriate privileges. For more information, refer to [Entity risk scoring requirements](/solutions/security/advanced-entity-analytics/entity-risk-scoring-requirements.md).
+To use entity risk scoring, your role must have the appropriate user role or privileges. For more information, refer to [Entity risk scoring requirements](/solutions/security/advanced-entity-analytics/entity-risk-scoring-requirements.md).
 ::::
 
 
-
 ## Preview risky entities [_preview_risky_entities]
 
 You can preview risky entities before installing the latest risk engine. The preview shows the riskiest hosts and users found in the 1000 sampled entities during the time frame selected in the date picker.
 
 ::::{note}
-The preview is limited to two risk scores per {{kib}} instance.
+The preview is limited to two risk scores per {{kib}} instance or serverless project.
 ::::
 
 
@@ -44,7 +33,7 @@ To preview risky entities, find **Entity Risk Score** in the navigation menu or
 
 ::::{note}
 * To view risk score data, you must have alerts generated in your environment.
-* If you previously installed the original user and host risk score modules, and you’re upgrading to {{stack}} version 8.11 or newer, refer to [Upgrade to the latest risk engine](/solutions/security/advanced-entity-analytics/turn-on-risk-scoring-engine.md#upgrade-risk-engine).
+* In {{stack}}, if you previously installed the original user and host risk score modules, and you’re upgrading to {{stack}} version 8.11 or newer, refer to [Upgrade to the latest risk engine](/solutions/security/advanced-entity-analytics/turn-on-risk-scoring-engine.md#upgrade-risk-engine).
 
 ::::
 
@@ -63,6 +52,9 @@ You can also choose to include `Closed` alerts in risk scoring calculations and
 
 
 ## Upgrade to the latest risk engine [upgrade-risk-engine]
+```yaml {applies_to}
+stack:
+```
 
 If you upgraded to 8.11 from an earlier {{stack}} version, and you have the original risk engine installed, you can upgrade to the latest risk engine. You will be prompted to upgrade in places where risk score data exists, such as:
 
