elastic · lcawl · Jul 17, 2025 · Jun 30, 2025 · Jul 2, 2025 · Jul 3, 2025
@@ -11,14 +11,25 @@ products:
 
 # Get started [getting-started]
 
-This section describes how to set up {{elastic-sec}}, install {{agent}} and the {{elastic-defend}} integration on your hosts, and use the {{elastic-sec}} UI in {{kib}}. To get started, click on one of the following tutorials, depending on your use case:
+New to {{elastic-sec}}? Discover more about our security features and how to get started. This section describes how to set up {{elastic-sec}}, install {{agent}} and the {{elastic-defend}} integration on your hosts, and use the {{elastic-sec}} UI in {{kib}}.
 
-* [Detect threats in my data with SIEM](https://www.elastic.co/getting-started/security/detect-threats-in-my-data-with-siem)
+:::::{{stepper}}
+::::{{step}} Choose your deployment type 
 
-::::{note}
-If you're migrating to Elastic's SIEM from Splunk, you can use [Automatic Migration](../security/get-started/automatic-migration.md). 
+Elastic provides several self-managed or Elastic-managed options for you to install {{elastic-sec}}. For simplicity and speed, we recommend one of our {{ecloud}} options. Check out our [deployment types](/deploy-manage/deploy.md#choosing-your-deployment-type) to learn more. 
 ::::
 
-* [Secure my hosts with endpoint security](https://www.elastic.co/getting-started/security/secure-my-hosts-with-endpoint-security)
-* [Secure my cloud assets with cloud posture management (CSPM)](https://www.elastic.co/getting-started/security/secure-my-cloud-assets-with-cloud-security-posture-management)
+::::{{step}} Ingest your data 
+After you've deployed {{elastic-sec}}, the next step is to get data into the product before you can search, analyze, or use any visualization tools. The easiest way to get data into Security is through one of our integrations—a pre-packaged collection of assets that allows you to easily collect, store, and visualize any data from any source. You can add an integration directly from the **Get Started** page within the **Ingest your data** section. Choose from one of our recommended integrations, or you can select one of the other tabs to browse by category. Elastic also provides different [ingestion methods](integration-docs://reference/index.md#ingestion-methods) to meet your infrastructure needs. 
 
+:::{{tip}}
+If you have data from a source that doesn't yet have an integration, you can use our [Automatic Import tool](/solutions/security/get-started/automatic-import.md). 
+:::
+::::
+
+::::{{step}} Get started with your use case 
+Not sure where to start exploring {{elastic-sec}} 
+or which features may be relevant for you? Continue to the next topic to view our quickstart guides, which are tailored to a specific use case and help you complete a core task so you can get up and running. 
+::::
+
+:::::
@@ -0,0 +1,92 @@
+---
+navigation_title: Secure your cloud assets with cloud security posture management
+description: A quick start guide to securing your cloud assets using {{elastic-sec}}.
+applies_to:
+  serverless:
+products:
+  - id: security
+---
+
+# Quickstart: Secure your cloud assets with cloud security posture management
+
+In this quickstart guide, you'll learn how to get started with Elastic Security for Cloud Security so you can monitor, detect, and investigate anomalous activity within cloud environments.
+
+## Prerequisites 
+
+* Access to a {{sec-serverless}} project. If you don't have one yet, refer to [Create a Security project](/solutions/security/get-started/create-security-project.md) to learn how to create one. 
+* An admin account for the cloud service provider (CSP) you want to use.  
+
+
+## Add the Cloud Security Posture Management integration 
+
+The Cloud Security Posture Management (CSPM) integration helps you identify and remediate configurations risks that could potentially undermine the confidentiality, integrity, and availability of your data in the cloud.
+
+To add the CSPM integration: 
+
+1. On the **Get Started** home page, in the **Ingest your data** section, select the **Cloud** tab. 
+2. Select **Cloud Security Posture Management (CSPM)**, then click Add **Cloud Security Posture Management (CSPM)**. The integration configuration page displays. 
+3. For this guide, we'll be using AWS single account for configuration. Select these options in the configuration integration section. 
+4. Give the integration a name and enter an optional description. 
+5. Next, choose your deployment option. An agent-based deployment requires you to deploy and manage {{agent}} in the cloud account you want to monitor, whereas an agentless deployment allows you to collect cloud posture data without having to manage the {{agent}} deployment in your cloud. For simplicity, select **Agentless**.
+6. Next, in the **Setup Access** section, choose your preferred authentication method — direct access keys (recommended) or temporary keys. For this guide, we'll use direct access keys. 
+7. Expand the Steps to Generate AWS Account Credentials, and follow the instructions. 
-7. Expand the Steps to Generate AWS Account Credentials, and follow the instructions. 
+7. Expand the Steps to Generate AWS Account Credentials, and follow the instructions. 
-7. Expand the Steps to Generate AWS Account Credentials, and follow the instructions. 
+7. Expand the Steps to Generate AWS Account Credentials, and follow the instructions. 
+8. Once you've generated an Access Key ID and Secret Access Key and pasted the credentials, click **Save and continue** to complete deployment. Your data should start to appear within a few minutes.
+
+:::{image} /solutions/images/security-gs-cloudsec-cspm.png
+:alt: Cloud Security Posture management integration
+:screenshot:
+:::
+
+% insert image 
+
+:::{{{note}}}
+Consider also adding the Cloud Native Vulnerability Management (CNVM) integration, which identifies vulnerabilities in your cloud workloads.
+:::
+
+## View the Cloud Security Posture dashboard
+
+The Cloud Posture dashboard summarizes your cloud infrastructure's overall performance against security guidelines defined by the Center for Internet Security (CIS). It shows configuration risk metrics for all of your monitored cloud accounts and Kubernetes clusters and groups them by specific parameters. All configuration risks the integration identifies are called benchmark rules, and are listed on the **Findings** page. 
+
+The dashboard also shows your overall compliance score, and your compliance score for each CIS section. Use these scores to determine how securely configured your overall cloud environment is. To learn more, refer to our [documentation](/solutions/security/cloud/cspm-dashboard.md).
+
+:::{image} /solutions/images/security-gs-cspm-dashboard.png
+:alt: Cloud Security Posture dashboard
+:screenshot:
+:::
+
+To access the Cloud Security Posture dashboard, go to **Dashboards** → **Cloud Security Posture**. 
+
+
+## Analyze Findings 
+
+After you install the CSPM integration, it evaluates the configuration of resources in your environment every 24 hours. It lists the results and whether a given resource passed or failed evaluation against a specific security guideline on the **Findings** page, which you can access from the left navigation menu. By default, the Findings page lists all findings without any grouping or filtering. However, we recommend [filtering the data](/solutions/security/cloud/findings-page.md#cspm-findings-page-filter-findings) for failed findings. You can also [customize](/solutions/security/cloud/findings-page.md#cspm-customize-the-findings-table) the table to control which columns appear.  
+
+To remediate a failed finding, click the arrow to the left of a failed finding to open the findings flyout, then follow the steps under **Remediation**. 
+
+:::{image} /solutions/images/security-gs-cloudsec-findings-flyout.gif
+:alt: Findings flyout
+:screenshot:
+:::
+
+:::{{tip}}
+On the Cloud Security Posture dashboard, click one of the "View all failed findings" links to display a filtered view. 
+:::
+
+### Set up alerts 
+
+To monitor your configuration more closely, we recommend creating detection rules to detect specific failed findings, which if found, generates an alert. 
+
+You can create detection rule directly from the Findings page: 
+
+1. Click the arrow to the left of a Finding to open the findings flyout.
+2. Click Take action, then Create a detection rule. This automatically creates a detection rule that creates alerts when the associated benchmark rule generates a failed finding.
+3. To review or customize the new rule, click View rule. For example, you may want to set up a rule action—like an email or Slack notification—when alerts are generated. To learn more about rule actions, refer to [this topic](/solutions/security/detect-and-alert/create-detection-rule.md#rule-notifications).   
+
+## More resources 
+
+Now that you've configured CSPM, check out these other Cloud Security resources: 
+
+* [CSPM for Google Cloud Posture (GCP)](/solutions/security/cloud/get-started-with-cspm-for-gcp.md) and [Azure](/solutions/security/cloud/get-started-with-cspm-for-azure.md) 
+* [Kubernetes security posture management](/solutions/security/cloud/kubernetes-security-posture-management.md)
+* [Cloud native vulnerability management](/solutions/security/cloud/cloud-native-vulnerability-management.md)
+* [Cloud workload protection for VMs](/solutions/security/cloud/cloud-workload-protection-for-vms.md)