[Meta][Security] 9.2 Security checklist

[nastasha-solomon]

This issue tracks doc needs for the 9.2 Security release.

Release docs

• Release notes: Security 9.2 release notes #3390

Security UI

• [Internal]: [Security] Document UI changes for the new left-side solution navigation #2590

Cloud & Contextual Security

New cloud security integrations:

• Google Security Command Center [Internal]: Add docs for Google Security Command Center Integration #3185
• MS Defender XDR [Internal]: Add docs for MS Defender XDR Integration #3184
• MS Defender for Endpoint [Internal]: Add docs for MS Defender for Endpoint Integration #3183
• MS Defender for Cloud Integration [Internal]: Add docs for MS Defender for Cloud Integration #3182
• AWS Config [Internal]: Add docs for AWS Config Integration #3181

New deployment method for the CSPM and Asset Discovery integrations: Cloud Deployment #2891

GenAI

• New Attack Discovery API (Tech preview) [Internal]: Attack Discovery API Released as Tech Preview in 9.2 #3152
• Automatic Migration shows total duration of processing and reprocessing [Internal]: Automatic migration: total processing time updates #3126
• https://github.com/elastic/docs-content-internal/issues/326

Detection Engine

• [REQUEST]: Add docs for a new advanced setting that allows the suppression window to continue when an alert is closed #2526
• [Internal]: add DOES NOT MATCH condition to Indicator Match rule #2295
• [Internal]: improvements to threshold rule documentation #2110

Rule Management

• Updates MITRE docs to currently used version v17.1 #2518 (notes the version mapped to Security 9.2 docs)

Entity Analytics

• [Internal]: Entity Analytics - Privileged User Monitoring - Integration sync #3419
• [Internal]: Advanced setting for ES|QL risk scoring #3418
• [Internal]: Retain risk scores configuration setting #3417
• [UI copy]: Retain risk scores configuration setting #3416

Entity store

• [Internal]: Update entity store docs with the supported new features and limitations #3228

Threat Hunting

• [UI copy]: Help text for security managed data view #2570
• [Internal]: Alerts closing reason #2810

Cases

• https://github.com/elastic/docs-content-internal/issues/362
• [UI copy]: Cases auto-extract observables #3159
• [Request] Case events #3255

EDR Workflows

• [Internal]: Advanced Mode for Trusted Applications #1520
• [Internal]: Doc updates/additions for automatic troubleshooting GA #2968
• [Internal]: Endpoint Exceptions sub-feature privilege across offers #2974
• https://github.com/elastic/docs-content-internal/issues/356
• [security][9.2] Collect DNS events from Linux machines using Defend #276

Response actions

• [Internal]: Analyzer support for MDE #2308
• [Request] [EDR] Document the availability of runscript response action for SentinelOne Hosts #2729
• [Internal]: Cancel response action for Microsoft Defender Endpoint #2866

Osquery

• [Request] [EDR] Update index privileges for Osquery docs #2874