diff --git a/solutions/security/advanced-entity-analytics.md b/solutions/security/advanced-entity-analytics.md
index 26ae4885fc..4a2a0c6d5c 100644
--- a/solutions/security/advanced-entity-analytics.md
+++ b/solutions/security/advanced-entity-analytics.md
@@ -19,5 +19,5 @@ Advanced Entity Analytics provides the following key capabilities:
* [](advanced-entity-analytics/entity-risk-scoring.md)
* [](advanced-entity-analytics/advanced-behavioral-detections.md)
-* {applies_to}`stack: preview 9.1` {applies_to}`serverless: unavailable`
+* {applies_to}`stack: preview 9.1` {applies_to}`serverless: preview`
[](/solutions/security/advanced-entity-analytics/privileged-user-monitoring.md)
diff --git a/solutions/security/advanced-entity-analytics/asset-criticality.md b/solutions/security/advanced-entity-analytics/asset-criticality.md
index e2478ef2d6..acd2037061 100644
--- a/solutions/security/advanced-entity-analytics/asset-criticality.md
+++ b/solutions/security/advanced-entity-analytics/asset-criticality.md
@@ -68,7 +68,7 @@ You can view, assign, change, or unassign asset criticality from the following p
If you have enabled the [entity store](entity-store.md), you can also view asset criticality assignments in the **Entities** section on the following pages:
-* {applies_to}`stack: ga 9.1` {applies_to}`serverless: unavailable` [Entity analytics](/solutions/security/advanced-entity-analytics/overview.md)
+* {applies_to}`stack: ga 9.1` {applies_to}`serverless: ga` [Entity analytics](/solutions/security/advanced-entity-analytics/overview.md)
* [Entity analytics dashboard](/solutions/security/dashboards/entity-analytics-dashboard.md)
:::{image} /solutions/images/security-entities-section.png
diff --git a/solutions/security/advanced-entity-analytics/entity-store.md b/solutions/security/advanced-entity-analytics/entity-store.md
index a2e3d77b0b..234338ce78 100644
--- a/solutions/security/advanced-entity-analytics/entity-store.md
+++ b/solutions/security/advanced-entity-analytics/entity-store.md
@@ -45,7 +45,7 @@ To enable the entity store:
Once you enable the entity store, the **Entities** section appears on the following pages:
-* {applies_to}`stack: ga 9.1` {applies_to}`serverless: unavailable` [Entity analytics](/solutions/security/advanced-entity-analytics/overview.md)
+* {applies_to}`stack: ga 9.1` {applies_to}`serverless: ga` [Entity analytics](/solutions/security/advanced-entity-analytics/overview.md)
* [Entity analytics dashboard](/solutions/security/dashboards/entity-analytics-dashboard.md)
## Clear entity store data [clear-entity-store]
diff --git a/solutions/security/advanced-entity-analytics/monitor-privileged-user-activitites.md b/solutions/security/advanced-entity-analytics/monitor-privileged-user-activitites.md
index d9bb30d993..f398f40ed6 100644
--- a/solutions/security/advanced-entity-analytics/monitor-privileged-user-activitites.md
+++ b/solutions/security/advanced-entity-analytics/monitor-privileged-user-activitites.md
@@ -1,6 +1,8 @@
---
applies_to:
stack: preview 9.1
+ serverless:
+ security: preview
products:
- id: security
- id: cloud-serverless
diff --git a/solutions/security/advanced-entity-analytics/overview.md b/solutions/security/advanced-entity-analytics/overview.md
index 15596b1322..1e794d4ebf 100644
--- a/solutions/security/advanced-entity-analytics/overview.md
+++ b/solutions/security/advanced-entity-analytics/overview.md
@@ -1,6 +1,8 @@
---
applies_to:
stack: ga 9.1
+ serverless:
+ security: ga
products:
- id: security
- id: cloud-serverless
diff --git a/solutions/security/advanced-entity-analytics/privileged-user-monitoring-requirements.md b/solutions/security/advanced-entity-analytics/privileged-user-monitoring-requirements.md
index 87cc6cd8ac..6ec5aace8b 100644
--- a/solutions/security/advanced-entity-analytics/privileged-user-monitoring-requirements.md
+++ b/solutions/security/advanced-entity-analytics/privileged-user-monitoring-requirements.md
@@ -1,6 +1,8 @@
---
applies_to:
stack: preview 9.1
+ serverless:
+ security: preview
products:
- id: security
- id: cloud-serverless
@@ -10,11 +12,15 @@ products:
This page covers the requirements for using the privileged user monitoring feature, as well as its known limitations.
-* Privileged user monitoring feature requires the appropriate [subscription](https://www.elastic.co/pricing).
+The privileged user monitoring feature requires:
+ * {applies_to}`stack: ` The appropriate [subscription](https://www.elastic.co/subscriptions)
+ * {applies_to}`serverless: ` The appropriate [feature tier](https://www.elastic.co/pricing/serverless-security)
-* To enable this feature, turn on the `securitySolution:enablePrivilegedUserMonitoring` [advanced setting](/solutions/security/get-started/configure-advanced-settings.md#access-privileged-user-monitoring).
+To enable this feature, turn on the `securitySolution:enablePrivilegedUserMonitoring` [advanced setting](/solutions/security/get-started/configure-advanced-settings.md#access-privileged-user-monitoring).
-* To use these features , your role must have certain [privileges](#privmon_privs).
+To use this feature, you need:
+ * {applies_to}`stack: ` A role with the appropriate [privileges](#privmon_privs)
+ * {applies_to}`serverless: ` Either the appropriate [predefined Security user role](#privmon_roles) or a [custom role](/deploy-manage/users-roles/cloud-organization/user-roles.md) with the right [privileges](#privmon_privs)
## Privileges [privmon_privs]
@@ -23,6 +29,16 @@ This page covers the requirements for using the privileged user monitoring featu
| Enable the privileged user monitoring feature | N/A | **All** for the **Security** feature |
| View the Privileged user monitoring dashboard | `Read` for the following indices:
- `.entity_analytics.monitoring.users-`
- `risk-score.risk-score-*`
- `.alerts-security.alerts-`
- `.ml-anomalies-shared`
- Security data view indices | **Read** for the **Security** feature |
+## Predefined roles [privmon_roles]
+```yaml {applies_to}
+serverless:
+```
+
+| Action | Predefined role |
+| --- | --- |
+| Enable privileged user monitoring | - Platform engineer
- Admin |
+| View the Privileged user monitoring dashboard | - Tier 1 analyst
- Tier 2 analyst
- Tier 3 analyst
- Rule author
- SOC manager
- Platform engineer
- Detections admin
- Admin |
+
## Known limitations
* Currently, none of the privileged user monitoring visualizations support [cross-cluster search](/solutions/search/cross-cluster-search.md) as part of the data that they query from.
diff --git a/solutions/security/advanced-entity-analytics/privileged-user-monitoring-setup.md b/solutions/security/advanced-entity-analytics/privileged-user-monitoring-setup.md
index 9029ba77c2..863f86f381 100644
--- a/solutions/security/advanced-entity-analytics/privileged-user-monitoring-setup.md
+++ b/solutions/security/advanced-entity-analytics/privileged-user-monitoring-setup.md
@@ -2,6 +2,8 @@
navigation_title: Set up privileged user monitoring
applies_to:
stack: preview 9.1
+ serverless:
+ security: preview
products:
- id: security
- id: cloud-serverless
diff --git a/solutions/security/advanced-entity-analytics/privileged-user-monitoring.md b/solutions/security/advanced-entity-analytics/privileged-user-monitoring.md
index 72833189c8..a799f8947f 100644
--- a/solutions/security/advanced-entity-analytics/privileged-user-monitoring.md
+++ b/solutions/security/advanced-entity-analytics/privileged-user-monitoring.md
@@ -1,6 +1,8 @@
---
applies_to:
stack: preview 9.1
+ serverless:
+ security: preview
products:
- id: security
- id: cloud-serverless
diff --git a/solutions/security/advanced-entity-analytics/view-analyze-risk-score-data.md b/solutions/security/advanced-entity-analytics/view-analyze-risk-score-data.md
index 2f647d6dee..d7cb412b3a 100644
--- a/solutions/security/advanced-entity-analytics/view-analyze-risk-score-data.md
+++ b/solutions/security/advanced-entity-analytics/view-analyze-risk-score-data.md
@@ -26,7 +26,7 @@ In the Entity Analytics overview, you can view entity key performance indicators
If you have enabled the [entity store](entity-store.md), you'll also get access to the **Entities** section, where you can view all hosts, users, and services along with their risk and asset criticality data.
Access the Entity Analytics overview from the following pages:
-* {applies_to}`stack: ga 9.1` {applies_to}`serverless: unavailable` [Entity analytics](/solutions/security/advanced-entity-analytics/overview.md)
+* {applies_to}`stack: ga 9.1` {applies_to}`serverless: ga` [Entity analytics](/solutions/security/advanced-entity-analytics/overview.md)
* [Entity analytics dashboard](/solutions/security/dashboards/entity-analytics-dashboard.md)
diff --git a/solutions/security/get-started/configure-advanced-settings.md b/solutions/security/get-started/configure-advanced-settings.md
index 7f02f759d2..21051ccadd 100644
--- a/solutions/security/get-started/configure-advanced-settings.md
+++ b/solutions/security/get-started/configure-advanced-settings.md
@@ -239,8 +239,8 @@ Even when the `excludedDataTiersForRuleExecution` advanced setting is enabled, i
## Access privileged user monitoring
```yaml {applies_to}
-stack: preview 9.1
-serverless: unavailable
+stack: ga 9.1
+serverless: ga
```
The `securitySolution:enablePrivilegedUserMonitoring` setting allows you to access the [Entity analytics overview page](/solutions/security/advanced-entity-analytics/overview.md) and the [privileged user monitoring](/solutions/security/advanced-entity-analytics/privileged-user-monitoring.md) feature. This setting is turned off by default.
diff --git a/solutions/security/get-started/elastic-security-ui.md b/solutions/security/get-started/elastic-security-ui.md
index 045caac8e1..5f05c70727 100644
--- a/solutions/security/get-started/elastic-security-ui.md
+++ b/solutions/security/get-started/elastic-security-ui.md
@@ -188,8 +188,8 @@ The Assets section allows you to manage the following features:
### Entity analytics
```yaml {applies_to}
-stack: preview 9.1
-serverless: unavailable
+stack: ga 9.1
+serverless: ga
```
:::{admonition} Requirements