[Internal]: Enhance Vulnerabilities management docs #3571
Description
Description
During QA Cycle for v9.2.0 BC4 I found these issues in the documentation pages for Vulnerabilities management and related 3rd party integrations. I passed the existing content to an LLM it found these details that we can improve:
1. Typo in Wiz Documentation
Page: https://www.elastic.co/docs/solutions/security/cloud/integrations/wiz
Issue: "Misconfiguations" should be "Misconfigurations"
Found in: "Data appears on the Vulnerabilities tab and the Misconfiguations tab."
2. Inconsistent Section References Across Pages
Issue: Different pages refer to the "Insights section" inconsistently:
- Wiz, AWS Security Hub: Says data appears in "Insights section" (generic)
- Qualys VMDR, Tenable VM, Rapid7: Specifically says "Data appears in the Insights section of the Alert and Entity details flyouts", which is clearer
3. Inconsistent Integration Link Formats
Issue: Links to integration setup pages are inconsistent:
- Wiz: Links to https://docs.elastic.co/en/integrations/wiz (docs.elastic.co)
- AWS Security Hub: Links to https://docs.elastic.co/en/integrations/aws/securityhub (docs.elastic.co)
- Qualys VMDR: Links to https://www.elastic.co/docs/reference/integrations/qualys_vmdr (www.elastic.co/docs)
- Rapid7: Links to https://www.elastic.co/docs/reference/integrations/rapid7_insightvm (www.elastic.co/docs)
- Tenable VM: Links to https://www.elastic.co/docs/reference/integrations/tenable_io (www.elastic.co/docs)
www.elastic.co/docs redirects to docs.elastic.co/en/integrations so better to only use the latter in case the first one stops redirecting in future and the link becomes broken.
4. Stack version
Issue: Version requirements are inconsistent:
- Wiz: No Stack version requirement mentioned (only integration version 2.0.1+)
- AWS Security Hub: No Stack version requirement mentioned (only integration version 2.31.1+)
- Qualys VMDR: Mentions "(Elastic Stack users) Ensure you're on at least v8.16"
- Tenable VM: Mentions "(Elastic Stack users) Ensure you're on at least v9.1"
- Rapid7: Mentions "(Elastic Stack users) Ensure you're on at least v9.1"
Is this intentional or is Qualys outdated and still references v8.16
5. Missing Integration Configuration Details
Issue: Not all pages provide specific configuration instructions:
- Wiz: Provides detailed toggles for "Cloud Configuration Finding logs" and "Vulnerability logs" with screenshots and Initial Interval recommendation
- AWS Security Hub: Provides detailed toggle for "Collect AWS Security Hub Findings" with screenshot and Initial Interval recommendation
- Qualys VMDR: Provides configuration detail about host_metadata=all parameter
- Tenable VM: No specific configuration details mentioned
- Rapid7: No specific configuration details mentioned
Is this intentional? We should have screenshots and follow a consistent details template in all integrations
6. Integration Name Inconsistencies
Issue: Integration names are sometimes inconsistent:
- Page title: "Rapid7" but the full name is "Rapid7 InsightVM"
- Page title: "Qualys VMDR" (correct full name used)
- Page title: "Tenable VM" (correct full name used)
Resources
You can use the current docs to get context, since most of it it's correct. I just brought up small details to fix. But feel free to ask the Cloud Security team in the contextual-security-apps-team Slack channel
Which documentation set does this change impact?
Elastic On-Prem and Cloud (all)
Feature differences
There should not be major differences in this feature after 9.2, but it's the version I verified and that we can improve things for.
What release is this request related to?
9.2
Serverless release
N/A
Collaboration model
The documentation team
Point of contact.
Main contact:
Stakeholders: @elastic/kibana-cloud-security-posture