diff --git a/deploy-manage/cloud-organization/billing/elastic-observability-billing-dimensions.md b/deploy-manage/cloud-organization/billing/elastic-observability-billing-dimensions.md index abb70dce44..ad9def32d4 100644 --- a/deploy-manage/cloud-organization/billing/elastic-observability-billing-dimensions.md +++ b/deploy-manage/cloud-organization/billing/elastic-observability-billing-dimensions.md @@ -26,8 +26,8 @@ Refer to [Serverless billing dimensions](serverless-project-billing-dimensions.m ## Synthetics [synthetics-billing] -[Synthetic monitoring](/solutions/observability/synthetics/index.md) is an optional add-on to Observability Serverless projects that allows you to periodically check the status of your services and applications as a part of your "Complete" tier subscription. In addition to the core ingest and retention dimensions, there is a charge to execute synthetic monitors on our testing infrastructure. Browser (journey) based tests are charged per-test-run, and ping (lightweight) tests have an all-you-can-use model per location used. +[Synthetic monitoring](/solutions/observability/synthetics/index.md) is an optional add-on to Observability Serverless projects that allows you to periodically check the status of your services and applications as a part of the "Observability Complete" feature tier. In addition to the core ingest and retention dimensions, there is a charge to execute synthetic monitors on our testing infrastructure. Browser (journey) based tests are charged per-test-run, and ping (lightweight) tests have an all-you-can-use model per location used. ## Elastic Managed LLM -The default [Elastic Managed LLM](kibana://reference/connectors-kibana/elastic-managed-llm.md) enables you to leverage AI-powered search as a service without deploying a model in your serverless project. It's configured by default to use with the Security AI Assistant, Attack Discovery, and other applicable AI features as a part of your "Complete" tier subscription. Using the default LLM will use tokens and incur related token-based add-on billing for your serverless project. \ No newline at end of file +The default [Elastic Managed LLM](kibana://reference/connectors-kibana/elastic-managed-llm.md) enables you to leverage AI-powered search as a service without deploying a model in your serverless project. It's configured by default to use with the Security AI Assistant, Attack Discovery, and other applicable AI features as a part of the "Observability Complete" feature tier. Using the default LLM will use tokens and incur related token-based add-on billing for your serverless project. \ No newline at end of file diff --git a/deploy-manage/cloud-organization/billing/security-billing-dimensions.md b/deploy-manage/cloud-organization/billing/security-billing-dimensions.md index a1eca2e24e..f798375d40 100644 --- a/deploy-manage/cloud-organization/billing/security-billing-dimensions.md +++ b/deploy-manage/cloud-organization/billing/security-billing-dimensions.md @@ -73,4 +73,4 @@ For more details about {{elastic-sec}} serverless project rates and billable ass ## Elastic Managed LLM -The default [Elastic Managed LLM](kibana://reference/connectors-kibana/elastic-managed-llm.md) enables you to leverage AI-powered search as a service without deploying a model in your serverless project. It's configured by default to use with the Security AI Assistant, Attack Discovery, and other applicable AI features as a part of your "Complete" tier subscription. Using the default LLM will use tokens and incur related token-based add-on billing for your serverless project. \ No newline at end of file +The default [Elastic Managed LLM](kibana://reference/connectors-kibana/elastic-managed-llm.md) enables you to leverage AI-powered search as a service without deploying a model in your serverless project. It's configured by default to use with the Security AI Assistant, Attack Discovery, and other applicable AI features as a part of the "Security Analytics Complete" feature tier. Using the default LLM will use tokens and incur related token-based add-on billing for your serverless project. \ No newline at end of file diff --git a/deploy-manage/deploy/elastic-cloud/differences-from-other-elasticsearch-offerings.md b/deploy-manage/deploy/elastic-cloud/differences-from-other-elasticsearch-offerings.md index a91c172069..cd447ace48 100644 --- a/deploy-manage/deploy/elastic-cloud/differences-from-other-elasticsearch-offerings.md +++ b/deploy-manage/deploy/elastic-cloud/differences-from-other-elasticsearch-offerings.md @@ -105,7 +105,7 @@ This table compares Elasticsearch capabilities between {{ech}} deployments and S ### Observability -This table compares Observability capabilities between {{ech}} deployments and Observability Complete Serverless projects. For more information on Observability Logs Essentials Serverless projects, refer to [Observability subscription tiers](../../../solutions/observability/observability-serverless-feature-tiers.md). +This table compares Observability capabilities between {{ech}} deployments and Observability Complete Serverless projects. For more information on Observability Logs Essentials Serverless projects, refer to [Observability feature tiers](../../../solutions/observability/observability-serverless-feature-tiers.md). | **Feature** | {{ech}} | Serverless Observability Complete projects | Serverless notes | |---------|----------------------|-----------------------------------|------------------| diff --git a/solutions/observability/observability-serverless-feature-tiers.md b/solutions/observability/observability-serverless-feature-tiers.md index e456660d8d..0f60d1404f 100644 --- a/solutions/observability/observability-serverless-feature-tiers.md +++ b/solutions/observability/observability-serverless-feature-tiers.md @@ -15,7 +15,7 @@ products: Refer to the [feature comparison table](#obs-subscription-features) for a more detailed comparison between the tiers. -## Subscription tier pricing [obs-subscription-pricing] +## Feature tier pricing [obs-subscription-pricing] For pricing information, refer to [Elastic Observability Serverless pricing](https://www.elastic.co/pricing/serverless-observability). @@ -53,7 +53,7 @@ From the main navigation menu, select **Add data**. Select what you want to moni Upgrading from Observability Logs Essentials to Observability Complete is permanent and is not reversible. ::: -To access the additional features available in Observability Complete, upgrade your Observability Logs Essentials subscription by completing the following steps: +To access the additional features available in Observability Complete, upgrade your Observability project feature tier by completing the following steps: 1. From the [{{ecloud}} Console](https://cloud.elastic.co), select **Manage** next to the Observability Logs Essentials serverless project you want to upgrade. 1. Next to **Project features**, select **Edit**. diff --git a/solutions/security/advanced-entity-analytics/behavioral-detection-use-cases.md b/solutions/security/advanced-entity-analytics/behavioral-detection-use-cases.md index 2a9e659f29..6db629068d 100644 --- a/solutions/security/advanced-entity-analytics/behavioral-detection-use-cases.md +++ b/solutions/security/advanced-entity-analytics/behavioral-detection-use-cases.md @@ -25,7 +25,7 @@ Behavioral detection integrations provide a convenient way to enable behavioral ::::{admonition} Requirements * In {{stack}}, behavioral detection integrations require a [Platinum subscription](https://www.elastic.co/pricing) or higher. -* In serverless, behavioral detection integrations require the Security Analytics Complete [project feature](/deploy-manage/deploy/elastic-cloud/project-settings.md). +* In serverless, behavioral detection integrations require the Security Analytics Complete [project feature tier](/deploy-manage/deploy/elastic-cloud/project-settings.md). * To learn more about the requirements for using {{ml}} jobs, refer to [Machine learning job and rule requirements](/solutions/security/advanced-entity-analytics/machine-learning-job-rule-requirements.md). :::: diff --git a/solutions/security/advanced-entity-analytics/entity-risk-scoring-requirements.md b/solutions/security/advanced-entity-analytics/entity-risk-scoring-requirements.md index f713e03037..eb63f471ef 100644 --- a/solutions/security/advanced-entity-analytics/entity-risk-scoring-requirements.md +++ b/solutions/security/advanced-entity-analytics/entity-risk-scoring-requirements.md @@ -17,7 +17,7 @@ This page covers the requirements and guidelines for using the entity risk scori To use these features in {{stack}}, your role must have certain cluster, index, and {{kib}} privileges. In {{serverless-short}}, you need the appropriate user roles or a custom role with the right privileges. -In {{stack}}, these features require a [Platinum subscription](https://www.elastic.co/pricing) or higher. In {{serverless-short}}, they require the Security Analytics Complete [project feature](/deploy-manage/deploy/elastic-cloud/project-settings.md). +In {{stack}}, these features require a [Platinum subscription](https://www.elastic.co/pricing) or higher. In {{serverless-short}}, they require the Security Analytics Complete [project feature tier](/deploy-manage/deploy/elastic-cloud/project-settings.md). ## Entity risk scoring [_entity_risk_scoring] diff --git a/solutions/security/advanced-entity-analytics/overview.md b/solutions/security/advanced-entity-analytics/overview.md index 870ea6e515..15596b1322 100644 --- a/solutions/security/advanced-entity-analytics/overview.md +++ b/solutions/security/advanced-entity-analytics/overview.md @@ -13,7 +13,7 @@ The **Entity analytics** page provides a centralized view of emerging insider th To access the page, find **Entity analytics** → **Overview** in the navigation menu or use the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md). :::{admonition} Requirements -* This feature requires the appropriate [subscription](https://www.elastic.co/pricing) in {{stack}} or [project feature](/deploy-manage/deploy/elastic-cloud/project-settings.md) in {{serverless-short}}. +* This feature requires the appropriate [subscription](https://www.elastic.co/pricing) in {{stack}} or [project feature tier](/deploy-manage/deploy/elastic-cloud/project-settings.md) in {{serverless-short}}. * To get access to this page, turn on the `securitySolution:enablePrivilegedUserMonitoring` [advanced setting](/solutions/security/get-started/configure-advanced-settings.md#access-privileged-user-monitoring). ::: diff --git a/solutions/security/configure-elastic-defend/configure-an-integration-policy-for-elastic-defend.md b/solutions/security/configure-elastic-defend/configure-an-integration-policy-for-elastic-defend.md index 81e5fa4601..7867a8114a 100644 --- a/solutions/security/configure-elastic-defend/configure-an-integration-policy-for-elastic-defend.md +++ b/solutions/security/configure-elastic-defend/configure-an-integration-policy-for-elastic-defend.md @@ -67,7 +67,7 @@ By default, malware protection is enabled on Windows, macOS, and Linux hosts. To ::::{admonition} Requirements :class: note -In {{serverless-short}}, malware protection requires the Endpoint Protection Essentials [project feature](/deploy-manage/deploy/elastic-cloud/project-settings.md). +In {{serverless-short}}, malware protection requires the Endpoint Protection Essentials [project feature tier](/deploy-manage/deploy/elastic-cloud/project-settings.md). :::: Malware protection levels are: @@ -83,7 +83,7 @@ These additional options are available for malware protection: Select **Notify user** to send a push notification in the host operating system when activity is detected or prevented. Notifications are enabled by default for the **Prevent** option. ::::{tip} -If you have the appropriate license or project feature, you can customize these notifications using the `Elastic Security {action} {filename}` syntax. +If you have the appropriate license or project feature tier, you can customize these notifications using the `Elastic Security {action} {filename}` syntax. :::: @@ -125,7 +125,7 @@ Behavioral ransomware prevention detects and stops ransomware attacks on Windows ::::{admonition} Requirements :class: note * In {{stack}}, ransomware protection is enabled by default if you have a [Platinum or Enterprise license](https://www.elastic.co/pricing). If you upgrade to a Platinum or Enterprise license from Basic or Gold, ransomware protection will be disabled by default. -* In {{serverless-short}}, ransomware protection requires the Endpoint Protection Essentials [project feature](/deploy-manage/deploy/elastic-cloud/project-settings.md). +* In {{serverless-short}}, ransomware protection requires the Endpoint Protection Essentials [project feature tier](/deploy-manage/deploy/elastic-cloud/project-settings.md). :::: @@ -139,7 +139,7 @@ When ransomware protection is enabled, canary files placed in targeted locations Select **Notify user** to send a push notification in the host operating system when activity is detected or prevented. Notifications are enabled by default for the **Prevent** option. ::::{tip} -If you have the appropriate license or project feature, you can customize these notifications using the `Elastic Security {action} {filename}` syntax. +If you have the appropriate license or project feature tier, you can customize these notifications using the `Elastic Security {action} {filename}` syntax. :::: @@ -156,7 +156,7 @@ Memory threat protection detects and stops in-memory threats, such as shellcode :::{admonition} Requirements :class: note * In {{stack}}, memory threat protection is enabled by default if you have a [Platinum or Enterprise license](https://www.elastic.co/pricing). If you upgrade to a Platinum or Enterprise license from Basic or Gold, memory threat protection will be disabled by default. -* In {{serverless-short}}, memory threat protection requires the Endpoint Protection Essentials [project feature](/deploy-manage/deploy/elastic-cloud/project-settings.md). +* In {{serverless-short}}, memory threat protection requires the Endpoint Protection Essentials [project feature tier](/deploy-manage/deploy/elastic-cloud/project-settings.md). :::: @@ -168,7 +168,7 @@ Memory threat protection levels are: Select **Notify user** to send a push notification in the host operating system when activity is detected or prevented. Notifications are enabled by default for the **Prevent** option. ::::{tip} -If you have the appropriate license or project feature, you can customize these notifications using the `Elastic Security {action} {rule}` syntax. +If you have the appropriate license or project feature tier, you can customize these notifications using the `Elastic Security {action} {rule}` syntax. :::: @@ -185,7 +185,7 @@ Malicious behavior protection detects and stops threats by monitoring the behavi ::::{admonition} Requirements :class: note * In {{stack}}, malicious behavior protection is enabled by default if you have a [Platinum or Enterprise license](https://www.elastic.co/pricing). If you upgrade to a Platinum or Enterprise license from Basic or Gold, malicious behavior protection will be disabled by default. -* In {{serverless-short}}, malicious behavior protection requires the Endpoint Protection Essentials [project feature](/deploy-manage/deploy/elastic-cloud/project-settings.md). +* In {{serverless-short}}, malicious behavior protection requires the Endpoint Protection Essentials [project feature tier](/deploy-manage/deploy/elastic-cloud/project-settings.md). :::: @@ -204,7 +204,7 @@ In {{stack}}, reputation service requires an active [Platinum or Enterprise subs Select **Notify user** to send a push notification in the host operating system when activity is detected or prevented. Notifications are enabled by default for the **Prevent** option. ::::{tip} -If you have the appropriate license or project feature, you can customize these notifications using the `Elastic Security {action} {rule}` syntax. +If you have the appropriate license or project feature tier, you can customize these notifications using the `Elastic Security {action} {rule}` syntax. :::: @@ -220,7 +220,7 @@ This section helps you reduce vulnerabilities that attackers can target on Windo ::::{admonition} Requirements :class: note -In {{serverless-short}}, attack surface reduction requires the Endpoint Protection Essentials [project feature](/deploy-manage/deploy/elastic-cloud/project-settings.md). +In {{serverless-short}}, attack surface reduction requires the Endpoint Protection Essentials [project feature tier](/deploy-manage/deploy/elastic-cloud/project-settings.md). :::: **Credential hardening**: Prevents attackers from stealing credentials stored in Windows system process memory. Turn on the toggle to remove any overly permissive access rights that aren’t required for standard interaction with the Local Security Authority Subsystem Service (LSASS). This feature enforces the principle of least privilege without interfering with benign system activity that is related to LSASS. diff --git a/solutions/security/configure-elastic-defend/configure-self-healing-rollback-for-windows-endpoints.md b/solutions/security/configure-elastic-defend/configure-self-healing-rollback-for-windows-endpoints.md index faa9cdabf9..8b7afb2bc7 100644 --- a/solutions/security/configure-elastic-defend/configure-self-healing-rollback-for-windows-endpoints.md +++ b/solutions/security/configure-elastic-defend/configure-self-healing-rollback-for-windows-endpoints.md @@ -21,7 +21,7 @@ This can help contain the impact of malicious activity, as {{elastic-defend}} no :class: note * Self-healing rollback is only supported for Windows endpoints. * In {{stack}}, this feature requires a [Platinum or Enterprise subscription](https://www.elastic.co/pricing). -* In {{serverless-short}}, this feature requires the Endpoint Protection Complete [project feature](/deploy-manage/deploy/elastic-cloud/project-settings.md). +* In {{serverless-short}}, this feature requires the Endpoint Protection Complete [project feature tier](/deploy-manage/deploy/elastic-cloud/project-settings.md). :::: diff --git a/solutions/security/configure-elastic-defend/prevent-elastic-agent-uninstallation.md b/solutions/security/configure-elastic-defend/prevent-elastic-agent-uninstallation.md index 0d07ec2558..08dc158904 100644 --- a/solutions/security/configure-elastic-defend/prevent-elastic-agent-uninstallation.md +++ b/solutions/security/configure-elastic-defend/prevent-elastic-agent-uninstallation.md @@ -20,7 +20,7 @@ When enabled, {{agent}} and {{elastic-endpoint}} can only be uninstalled on the ::::{admonition} Requirements * In {{stack}}, agent tamper protection requires a [Platinum or higher subscription](https://www.elastic.co/pricing). -* In {{serverless-short}}, agent tamper protection requires the Endpoint Protection Complete [project feature](/deploy-manage/deploy/elastic-cloud/project-settings.md). +* In {{serverless-short}}, agent tamper protection requires the Endpoint Protection Complete [project feature tier](/deploy-manage/deploy/elastic-cloud/project-settings.md). * Hosts must be enrolled in the {{elastic-defend}} integration. * {{agent}}s must be version 8.11.0 or later. * This feature is supported for all operating systems. diff --git a/solutions/security/detect-and-alert/create-detection-rule.md b/solutions/security/detect-and-alert/create-detection-rule.md index 502098212a..c136a77535 100644 --- a/solutions/security/detect-and-alert/create-detection-rule.md +++ b/solutions/security/detect-and-alert/create-detection-rule.md @@ -89,7 +89,7 @@ Additional configuration is required for detection rules using cross-cluster sea ::::{admonition} Requirements To create or edit {{ml}} rules, you need: -* The appropriate [{{stack}} subscription](https://www.elastic.co/pricing) or [{{serverless-short}} project tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md). +* The appropriate [{{stack}} subscription](https://www.elastic.co/pricing) or [{{serverless-short}} project feature tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md). * The [`machine_learning_admin`](elasticsearch://reference/elasticsearch/roles.md#built-in-roles-ml-admin) in {{stack}} or the appropriate [user role](/deploy-manage/users-roles/cloud-organization/user-roles.md) in {{serverless-short}}. * The selected {{ml}} job to be running for the rule to function correctly. :::: diff --git a/solutions/security/detect-and-alert/detections-requirements.md b/solutions/security/detect-and-alert/detections-requirements.md index 28df0a41fd..1ed38fa5f3 100644 --- a/solutions/security/detect-and-alert/detections-requirements.md +++ b/solutions/security/detect-and-alert/detections-requirements.md @@ -13,7 +13,7 @@ products: # Detections requirements -To use the [Detections feature](/solutions/security/detect-and-alert.md), you first need to configure a few settings. You also need the appropriate [{{stack}} subscription](https://www.elastic.co/pricing) or [{{serverless-short}} project tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md) to send [notifications](/solutions/security/detect-and-alert/create-detection-rule.md#rule-notifications) when detection alerts are generated. Additionally, there are some [advanced settings](/solutions/security/detect-and-alert/detections-requirements.md#adv-list-settings) used to configure {{kib}} [value list](/solutions/security/detect-and-alert/create-manage-value-lists.md) upload limits. +To use the [Detections feature](/solutions/security/detect-and-alert.md), you first need to configure a few settings. You also need the appropriate [{{stack}} subscription](https://www.elastic.co/pricing) or [{{serverless-short}} project feature tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md) to send [notifications](/solutions/security/detect-and-alert/create-detection-rule.md#rule-notifications) when detection alerts are generated. Additionally, there are some [advanced settings](/solutions/security/detect-and-alert/detections-requirements.md#adv-list-settings) used to configure {{kib}} [value list](/solutions/security/detect-and-alert/create-manage-value-lists.md) upload limits. ::::{important} Several steps are **only** required for **self-managed** {{stack}} deployments. If you’re using an Elastic Cloud deployment, you only need to [enable detections](/solutions/security/detect-and-alert/detections-requirements.md#enable-detections-ui). diff --git a/solutions/security/detect-and-alert/install-manage-elastic-prebuilt-rules.md b/solutions/security/detect-and-alert/install-manage-elastic-prebuilt-rules.md index a9694025a9..48191c981d 100644 --- a/solutions/security/detect-and-alert/install-manage-elastic-prebuilt-rules.md +++ b/solutions/security/detect-and-alert/install-manage-elastic-prebuilt-rules.md @@ -25,7 +25,7 @@ Follow these guidelines to start using the {{security-app}}'s [prebuilt rules](d ::::{note} * Most prebuilt rules don’t start running by default. You can use the **Install and enable** option to start running rules as you install them, or first install the rules, then enable them manually. After installation, only a few prebuilt rules will be enabled by default, such as the Endpoint Security rule. -* Without an [Enterprise subscription](https://www.elastic.co/pricing) subscription on {{stack}} or a [Complete project tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md) subscription on {{serverless-short}}, you can't modify most settings on Elastic prebuilt rules. You must first duplicate them, then make your changes to the duplicated rules. Refer to [Select and duplicate all prebuilt rules](/solutions/security/detect-and-alert/install-manage-elastic-prebuilt-rules.md#select-all-prebuilt-rules) to learn more. +* Without an [Enterprise subscription](https://www.elastic.co/pricing) on {{stack}} or a [Security Analytics Complete project](../../../deploy-manage/deploy/elastic-cloud/project-settings.md) on {{serverless-short}}, you can't modify most settings on Elastic prebuilt rules. You must first duplicate them, then make your changes to the duplicated rules. Refer to [Select and duplicate all prebuilt rules](/solutions/security/detect-and-alert/install-manage-elastic-prebuilt-rules.md#select-all-prebuilt-rules) to learn more. * On {{stack}}, automatic updates of Elastic prebuilt rules are supported for the current {{elastic-sec}} version and the latest three previous minor releases. For example, if you’re on {{elastic-sec}} 9.0, you’ll be able to use the Rules UI to update your prebuilt rules until {{elastic-sec}} 9.4 is released. After that point, you can still manually download and install updated prebuilt rules, but you must upgrade to the latest {{elastic-sec}} version to receive automatic updates. :::: @@ -73,7 +73,7 @@ Follow these guidelines to start using the {{security-app}}'s [prebuilt rules](d Once you enable a rule, it starts running on its configured schedule. To confirm that it’s running successfully, check its **Last response** status in the rules table, or open the rule’s details page and check the [**Execution results**](/solutions/security/detect-and-alert/monitor-rule-executions.md#rule-execution-logs) tab. -If you have an [Enterprise subscription](https://www.elastic.co/pricing) subscription on {{stack}} or a [Complete project tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md) subscription on {{serverless-short}}, you can also [edit the prebuilt rules](/solutions/security/detect-and-alert/manage-detection-rules.md#edit-rules-settings) that you've installed. +If you have an [Enterprise subscription](https://www.elastic.co/pricing) on {{stack}} or a [Security Analytics Complete project](../../../deploy-manage/deploy/elastic-cloud/project-settings.md) on {{serverless-short}}, you can also [edit the prebuilt rules](/solutions/security/detect-and-alert/manage-detection-rules.md#edit-rules-settings) that you've installed. ## Prebuilt rule tags [prebuilt-rule-tags] @@ -102,7 +102,7 @@ Each prebuilt rule includes several tags identifying the rule’s purpose, detec ## Select and duplicate prebuilt rules [select-all-prebuilt-rules] -Without an [Enterprise subscription](https://www.elastic.co/pricing) subscription on {{stack}} or a [Complete project tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md) subscription on {{serverless-short}}, you can't modify most settings on Elastic prebuilt rules. You can only edit [rule actions](/solutions/security/detect-and-alert/create-detection-rule.md#rule-schedule) and [add exceptions](/solutions/security/detect-and-alert/add-manage-exceptions.md). If you want to modify other settings on a prebuilt rule, you must first duplicate it, then make your changes to the duplicated rule. Note that your customized rule is entirely separate from the original prebuilt rule, and will not get updates from Elastic if the prebuilt rule is updated. +Without an [Enterprise subscription](https://www.elastic.co/pricing) on {{stack}} or a [Security Analytics Complete project](../../../deploy-manage/deploy/elastic-cloud/project-settings.md) on {{serverless-short}}, you can't modify most settings on Elastic prebuilt rules. You can only edit [rule actions](/solutions/security/detect-and-alert/create-detection-rule.md#rule-schedule) and [add exceptions](/solutions/security/detect-and-alert/add-manage-exceptions.md). If you want to modify other settings on a prebuilt rule, you must first duplicate it, then make your changes to the duplicated rule. Note that your customized rule is entirely separate from the original prebuilt rule, and will not get updates from Elastic if the prebuilt rule is updated. 1. Find **Detection rules (SIEM)** in the navigation menu or by using the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md). 2. In the **Rules** table, select the **Elastic rules** filter. @@ -117,9 +117,9 @@ You can then modify the duplicated rules and, if required, delete the prebuilt o ::::{important} -The following steps are only applicable if you have a [Platinum](https://www.elastic.co/pricing) subscription or lower on {{stack}} or an [Essentials project tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md) subscription on {{serverless-short}}. +The following steps are only applicable if you have a [Platinum](https://www.elastic.co/pricing) subscription or lower on {{stack}} or a [Security Analytics Essentials project](../../../deploy-manage/deploy/elastic-cloud/project-settings.md) on {{serverless-short}}. -If you have an Enterprise subscription on {{stack}} or a Complete project tier subscription on {{serverless-short}}, follow the guidelines in [Update modified and unmodified Elastic prebuilt rules](/solutions/security/detect-and-alert/prebuilt-rules-update-modified-unmodified.md) instead. +If you have an Enterprise subscription on {{stack}} or a Security Analytics Complete project on {{serverless-short}}, follow the guidelines in [Update modified and unmodified Elastic prebuilt rules](/solutions/security/detect-and-alert/prebuilt-rules-update-modified-unmodified.md) instead. :::: Elastic regularly updates prebuilt rules to optimize their performance and ensure they detect the latest threats and techniques. When updated versions are available for your installed prebuilt rules, the **Rule Updates** tab appears on the **Rules** page, allowing you to update your installed rules with the latest versions. diff --git a/solutions/security/detect-and-alert/manage-detection-rules.md b/solutions/security/detect-and-alert/manage-detection-rules.md index fa287a9438..079e694a40 100644 --- a/solutions/security/detect-and-alert/manage-detection-rules.md +++ b/solutions/security/detect-and-alert/manage-detection-rules.md @@ -67,9 +67,9 @@ For {{ml}} rules, an indicator icon (![Error icon from rules table](/solutions/i ## Modify existing rules settings [edit-rules-settings] ::::{admonition} Requirements -* You can edit custom rules and bulk-modify them with any [{{stack}} subscription](https://www.elastic.co/pricing) or [{{serverless-short}} project tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md). -* You can edit [rule notifications](/solutions/security/detect-and-alert/create-detection-rule.md#rule-notifications) (notifications and response actions) for prebuilt rules with any {{stack}} subscription or {{serverless-short}} project tier. -* You must have an [Enterprise subscription](https://www.elastic.co/pricing) {{stack}} or a [Complete project tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md) subscription on {{serverless-short}} to edit all prebuilt rule settings (except for the **Author** and **License** fields) and bulk-modify them. +* You can edit custom rules and bulk-modify them with any [{{stack}} subscription](https://www.elastic.co/pricing) or [{{serverless-short}} project feature tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md). +* You can edit [rule notifications](/solutions/security/detect-and-alert/create-detection-rule.md#rule-notifications) (notifications and response actions) for prebuilt rules with any {{stack}} subscription or {{serverless-short}} project feature tier. +* You must have an [Enterprise subscription](https://www.elastic.co/pricing) {{stack}} or a [Security Analytics Complete project](../../../deploy-manage/deploy/elastic-cloud/project-settings.md) on {{serverless-short}} to edit all prebuilt rule settings (except for the **Author** and **License** fields) and bulk-modify them. :::: @@ -229,7 +229,7 @@ You can snooze rule notifications from the **Installed Rules** tab, the rule det ## Export and import rules [import-export-rules-ui] ::::{admonition} Requirements -* You can export and import custom rules and prebuilt rules (modified and unmodified) with any [{{stack}} subscription](https://www.elastic.co/pricing) or [{{serverless-short}} project tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md). +* You can export and import custom rules and prebuilt rules (modified and unmodified) with any [{{stack}} subscription](https://www.elastic.co/pricing) or [{{serverless-short}} project feature tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md). * At minimum, your role needs `Read` privileges for the **Action and Connectors** feature to import rules with actions. To overwrite or add new connectors, you need `All` privileges. Refer to [Enable and access detections](/solutions/security/detect-and-alert/detections-requirements.md#enable-detections-ui) to learn more about the required privileges for managing rules. :::: diff --git a/solutions/security/detect-and-alert/prebuilt-rules-update-modified-unmodified.md b/solutions/security/detect-and-alert/prebuilt-rules-update-modified-unmodified.md index d8a73cd424..bcaa8e5321 100644 --- a/solutions/security/detect-and-alert/prebuilt-rules-update-modified-unmodified.md +++ b/solutions/security/detect-and-alert/prebuilt-rules-update-modified-unmodified.md @@ -9,9 +9,9 @@ applies_to: ::::{admonition} Requirements -You must have an [Enterprise subscription](https://www.elastic.co/pricing) on {{stack}} or a [Complete project tier subscription](../../../deploy-manage/deploy/elastic-cloud/project-settings.md) on {{serverless-short}} to access this feature. +You must have an [Enterprise subscription](https://www.elastic.co/pricing) on {{stack}} or a [Security Analytics Complete project](../../../deploy-manage/deploy/elastic-cloud/project-settings.md) on {{serverless-short}} to access this feature. -If you have a Platinum subscription or lower on {{stack}} or an Essentials project tier subscription on {{serverless-short}}, follow the guidelines in [Update Elastic prebuilt rules](/solutions/security/detect-and-alert/install-manage-elastic-prebuilt-rules.md#update-prebuilt-rules) instead. +If you have a Platinum subscription or lower on {{stack}} or a Security Analytics Essentials project on {{serverless-short}}, follow the guidelines in [Update Elastic prebuilt rules](/solutions/security/detect-and-alert/install-manage-elastic-prebuilt-rules.md#update-prebuilt-rules) instead. :::: diff --git a/solutions/security/detect-and-alert/suppress-detection-alerts.md b/solutions/security/detect-and-alert/suppress-detection-alerts.md index 5323bcd573..8a240d417b 100644 --- a/solutions/security/detect-and-alert/suppress-detection-alerts.md +++ b/solutions/security/detect-and-alert/suppress-detection-alerts.md @@ -15,7 +15,7 @@ products: ::::{admonition} Requirements and notices -* In {{stack}} alert suppression requires a [Platinum or higher subscription](https://www.elastic.co/pricing) or the appropriate [{{serverless-short}} project tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md). +* In {{stack}} alert suppression requires a [Platinum or higher subscription](https://www.elastic.co/pricing) or the appropriate [{{serverless-short}} project feature tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md). * {{ml-cap}} rules have [additional requirements](/solutions/security/advanced-entity-analytics/machine-learning-job-rule-requirements.md) for alert suppression. * This functionality is in technical preview for event correlation rules only and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. diff --git a/solutions/security/detect-and-alert/view-detection-alert-details.md b/solutions/security/detect-and-alert/view-detection-alert-details.md index 1545fda285..96766f09dc 100644 --- a/solutions/security/detect-and-alert/view-detection-alert-details.md +++ b/solutions/security/detect-and-alert/view-detection-alert-details.md @@ -124,11 +124,11 @@ The Insights section is located on the **Overview** tab in the right panel. It o ### Entities [entities-overview] -The Entities overview provides high-level details about the user and host that are related to the alert. Host and user risk classifications are also available with a [Platinum subscription](https://www.elastic.co/pricing) or higher in {{stack}} or the Security Analytics Complete [project feature](../../../deploy-manage/deploy/elastic-cloud/project-settings.md) in {{serverless-short}}. +The Entities overview provides high-level details about the user and host that are related to the alert. Host and user risk classifications are also available with a [Platinum subscription](https://www.elastic.co/pricing) or higher in {{stack}} or the Security Analytics Complete [project feature tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md) in {{serverless-short}}. #### Expanded entities view [expanded-entities-view] -From the right panel, click **Entities** to open a detailed view of the host and user associated with the alert. The expanded view also includes risk scores and classifications and activity on related hosts and users. Access to these features requires a [Platinum subscription](https://www.elastic.co/pricing) or higher in {{stack}} or the Security Analytics Complete [project feature](../../../deploy-manage/deploy/elastic-cloud/project-settings.md) in {{serverless-short}} +From the right panel, click **Entities** to open a detailed view of the host and user associated with the alert. The expanded view also includes risk scores and classifications and activity on related hosts and users. Access to these features requires a [Platinum subscription](https://www.elastic.co/pricing) or higher in {{stack}} or the Security Analytics Complete [project feature tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md) in {{serverless-short}} ### Threat intelligence [threat-intelligence-overview] @@ -192,7 +192,7 @@ The Correlations overview provides the following information: * **Alerts related by process ancestry**: Shows the number of alerts that are related by process events on the same linear branch. ::::{note} - To access data about alerts related by process ancestry, you must have a [Platinum or higher subscription](https://www.elastic.co/pricing) in {{stack}} or the appropriate [{{serverless-short}} project tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md). + To access data about alerts related by process ancestry, you must have a [Platinum or higher subscription](https://www.elastic.co/pricing) in {{stack}} or the appropriate [{{serverless-short}} project feature tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md). :::: @@ -230,7 +230,7 @@ The expanded Prevalence view provides the following details: * **Alert count**: Shows the total number of alert documents that have identical highlighted field values, including the alert you’re currently examining. For example, if the `host.name` field has an alert count of 5, that means there are five total alerts with the same `host.name` value. The Alert count column only retrieves documents that contain the [`event.kind:signal`](ecs://reference/ecs-allowed-values-event-kind.md#ecs-event-kind-signal) field-value pair. * **Document count**: Shows the total number of event documents that have identical field values. A dash (`——`) displays if there are no event documents that match the field value. The Document count column only retrieves documents that don’t contain the [`event.kind:signal`](ecs://reference/ecs-allowed-values-event-kind.md#ecs-event-kind-signal) field-value pair. -The following features require a [Platinum subscription](https://www.elastic.co/pricing) or higher in {{stack}} or the appropriate [{{serverless-short}} project tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md) +The following features require a [Platinum subscription](https://www.elastic.co/pricing) or higher in {{stack}} or the appropriate [{{serverless-short}} project feature tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md) * **Host prevalence**: Shows the percentage of unique hosts that have identical field values. Host prevalence for highlighted fields is calculated by taking the number of unique hosts with identical highlighted field values and dividing that number by the total number of unique hosts in your environment. * **User prevalence**: Shows the percentage of unique users that have identical highlighted field values. User prevalence for highlighted fields is calculated by taking the number of unique users with identical field values and dividing that number by the total number of unique users in your environment. diff --git a/solutions/security/endpoint-response-actions.md b/solutions/security/endpoint-response-actions.md index 53707f1be8..f93d6b952c 100644 --- a/solutions/security/endpoint-response-actions.md +++ b/solutions/security/endpoint-response-actions.md @@ -18,7 +18,7 @@ The response console allows you to perform response actions on an endpoint using Response actions are supported on all endpoint platforms (Linux, macOS, and Windows). ::::{admonition} Requirements -* Response actions and the response console UI require the appropriate [subscription](https://www.elastic.co/pricing) in {{stack}} or [project feature](/deploy-manage/deploy/elastic-cloud/project-settings.md) in {{serverless-short}}. +* Response actions and the response console UI require the appropriate [subscription](https://www.elastic.co/pricing) in {{stack}} or [project feature tier](/deploy-manage/deploy/elastic-cloud/project-settings.md) in {{serverless-short}}. * Endpoints must have {{agent}} version 8.4 or higher installed with the {{elastic-defend}} integration to receive response actions. * Some response actions require: * In {{stack}}, specific [privileges](/solutions/security/configure-elastic-defend/elastic-defend-feature-privileges.md), indicated below. diff --git a/solutions/security/endpoint-response-actions/automated-response-actions.md b/solutions/security/endpoint-response-actions/automated-response-actions.md index fc082bba87..8daaaa9cc2 100644 --- a/solutions/security/endpoint-response-actions/automated-response-actions.md +++ b/solutions/security/endpoint-response-actions/automated-response-actions.md @@ -17,7 +17,7 @@ products: Add {{elastic-defend}}'s [response actions](/solutions/security/endpoint-response-actions.md) to detection rules to automatically perform actions on an affected host when an event meets the rule’s criteria. Use these actions to support your response to detected threats and suspicious events. ::::{admonition} Requirements -* Automated response actions require the appropriate [subscription](https://www.elastic.co/pricing) in {{stack}} or [project feature](/deploy-manage/deploy/elastic-cloud/project-settings.md) in {{serverless-short}}. +* Automated response actions require the appropriate [subscription](https://www.elastic.co/pricing) in {{stack}} or [project feature tier](/deploy-manage/deploy/elastic-cloud/project-settings.md) in {{serverless-short}}. * Hosts must have {{agent}} installed with the {{elastic-defend}} integration. * Your user role must have the ability to create detection rules and the privilege to perform [specific response actions](/solutions/security/endpoint-response-actions.md#response-action-commands) (for example, the **Host Isolation** privilege to isolate hosts). :::: diff --git a/solutions/security/endpoint-response-actions/configure-third-party-response-actions.md b/solutions/security/endpoint-response-actions/configure-third-party-response-actions.md index 7f9b6081b8..a5d6e5f23f 100644 --- a/solutions/security/endpoint-response-actions/configure-third-party-response-actions.md +++ b/solutions/security/endpoint-response-actions/configure-third-party-response-actions.md @@ -23,7 +23,7 @@ You can direct third-party endpoint protection systems to perform response actio Check out [](/solutions/security/endpoint-response-actions/third-party-response-actions.md) to learn which response actions are supported for each system. ::::{admonition} Prerequisites -* This feature requires the appropriate [subscription](https://www.elastic.co/pricing) in {{stack}} or [project feature](/deploy-manage/deploy/elastic-cloud/project-settings.md) in {{serverless-short}}. +* This feature requires the appropriate [subscription](https://www.elastic.co/pricing) in {{stack}} or [project feature tier](/deploy-manage/deploy/elastic-cloud/project-settings.md) in {{serverless-short}}. * [{{kib}} feature privilege](/deploy-manage/users-roles/cluster-or-deployment-auth/kibana-role-management.md): Under **Actions and Connectors**, turn on **Customize sub-feature privileges** and enable **Endpoint Security**. * [{{elastic-sec}} feature privileges](/solutions/security/configure-elastic-defend/elastic-defend-feature-privileges.md): **All** for the response action features, such as **Host Isolation**, that you want to perform. * (In {{serverless-short}}) [User roles](/deploy-manage/users-roles/cloud-organization/user-roles.md#general-assign-user-roles): **SOC manager** or **Endpoint operations analyst** diff --git a/solutions/security/endpoint-response-actions/isolate-host.md b/solutions/security/endpoint-response-actions/isolate-host.md index 31e19f3783..9123c4c4de 100644 --- a/solutions/security/endpoint-response-actions/isolate-host.md +++ b/solutions/security/endpoint-response-actions/isolate-host.md @@ -19,7 +19,7 @@ Host isolation allows you to isolate hosts from your network, blocking communica Isolated hosts, however, can still send data to {{elastic-sec}}. You can also create [host isolation exceptions](/solutions/security/manage-elastic-defend/host-isolation-exceptions.md) for specific IP addresses that isolated hosts are still allowed to communicate with, even when blocked from the rest of your network. ::::{admonition} Requirements -* Host isolation requires the appropriate [subscription](https://www.elastic.co/pricing) in {{stack}} or [project feature](/deploy-manage/deploy/elastic-cloud/project-settings.md) in {{serverless-short}}. +* Host isolation requires the appropriate [subscription](https://www.elastic.co/pricing) in {{stack}} or [project feature tier](/deploy-manage/deploy/elastic-cloud/project-settings.md) in {{serverless-short}}. * Hosts must have {{agent}} installed with the {{elastic-defend}} integration. * For {{stack}} versions >= 7.15.0 and {{serverless-short}}, host isolation is supported for endpoints running Windows, macOS, and these Linux distributions: @@ -74,7 +74,7 @@ All actions executed on a host are tracked in the host’s response actions hist :::::{dropdown} Isolate a host from the response console ::::{note} -The response console requires the appropriate [subscription](https://www.elastic.co/pricing) in {{stack}} or [project feature](/deploy-manage/deploy/elastic-cloud/project-settings.md) in {{serverless-short}}. +The response console requires the appropriate [subscription](https://www.elastic.co/pricing) in {{stack}} or [project feature tier](/deploy-manage/deploy/elastic-cloud/project-settings.md) in {{serverless-short}}. :::: @@ -89,7 +89,7 @@ The response console requires the appropriate [subscription](https://www.elastic :::::{dropdown} Automatically isolate a host using a rule’s endpoint response action ::::{note} -The host isolation endpoint response action requires the appropriate [subscription](https://www.elastic.co/pricing) in {{stack}} or [project feature](/deploy-manage/deploy/elastic-cloud/project-settings.md) in {{serverless-short}}. +The host isolation endpoint response action requires the appropriate [subscription](https://www.elastic.co/pricing) in {{stack}} or [project feature tier](/deploy-manage/deploy/elastic-cloud/project-settings.md) in {{serverless-short}}. :::: @@ -145,7 +145,7 @@ After the host is successfully isolated, an **Isolated** status is added to the :::::{dropdown} Release a host from the response console ::::{note} -The response console requires the appropriate [subscription](https://www.elastic.co/pricing) in {{stack}} or [project feature](/deploy-manage/deploy/elastic-cloud/project-settings.md) in {{serverless-short}}. +The response console requires the appropriate [subscription](https://www.elastic.co/pricing) in {{stack}} or [project feature tier](/deploy-manage/deploy/elastic-cloud/project-settings.md) in {{serverless-short}}. :::: diff --git a/solutions/security/endpoint-response-actions/third-party-response-actions.md b/solutions/security/endpoint-response-actions/third-party-response-actions.md index 70d30859c8..687501dfef 100644 --- a/solutions/security/endpoint-response-actions/third-party-response-actions.md +++ b/solutions/security/endpoint-response-actions/third-party-response-actions.md @@ -17,7 +17,7 @@ products: You can perform response actions on hosts enrolled in other third-party endpoint protection systems, such as CrowdStrike or SentinelOne. For example, you can direct the other system to isolate a suspicious endpoint from your network, without leaving the {{elastic-sec}} UI. ::::{admonition} Requirements -* Third-party response actions require the appropriate [subscription](https://www.elastic.co/pricing) in {{stack}} or [project feature](/deploy-manage/deploy/elastic-cloud/project-settings.md) in {{serverless-short}}. +* Third-party response actions require the appropriate [subscription](https://www.elastic.co/pricing) in {{stack}} or [project feature tier](/deploy-manage/deploy/elastic-cloud/project-settings.md) in {{serverless-short}}. * Each response action type has its own user role privilege requirements. Find an action’s role requirements at [Endpoint response actions](/solutions/security/endpoint-response-actions.md). * Additional [configuration](/solutions/security/endpoint-response-actions/configure-third-party-response-actions.md) is required to connect {{elastic-sec}} with a third-party system. :::: diff --git a/solutions/security/explore/hosts-page.md b/solutions/security/explore/hosts-page.md index 95f6739bd8..f875338679 100644 --- a/solutions/security/explore/hosts-page.md +++ b/solutions/security/explore/hosts-page.md @@ -41,7 +41,7 @@ Beneath the KPI charts are data tables, categorized by individual tabs, which ar * **All hosts**: High-level host details. * **Uncommon processes**: Uncommon processes running on hosts. * **Anomalies**: Anomalies discovered by [{{ml}} jobs](/solutions/security/advanced-entity-analytics/anomaly-detection.md). -* **Host risk**: The latest recorded host risk score for each host, and its host risk classification. In {{stack}}, this feature requires a [Platinum subscription](https://www.elastic.co/pricing) or higher. In serverless, this feature requires the Security Analytics Complete [project feature](/deploy-manage/deploy/elastic-cloud/project-settings.md). Click **Enable** on the **Host risk** tab to get started. To learn more, refer to our [entity risk scoring documentation](/solutions/security/advanced-entity-analytics/entity-risk-scoring.md). +* **Host risk**: The latest recorded host risk score for each host, and its host risk classification. In {{stack}}, this feature requires a [Platinum subscription](https://www.elastic.co/pricing) or higher. In serverless, this feature requires the Security Analytics Complete [project feature tier](/deploy-manage/deploy/elastic-cloud/project-settings.md). Click **Enable** on the **Host risk** tab to get started. To learn more, refer to our [entity risk scoring documentation](/solutions/security/advanced-entity-analytics/entity-risk-scoring.md). * **Sessions**: Linux process events that you can open in [Session View](/solutions/security/investigate/session-view.md), an investigation tool that allows you to examine Linux process data at a hierarchal level. The tables within the **Events** and **Sessions** tabs include inline actions and several customization options. To learn more about what you can do with the data in these tables, refer to [*Manage detection alerts*](/solutions/security/detect-and-alert/manage-detection-alerts.md). diff --git a/solutions/security/explore/users-page.md b/solutions/security/explore/users-page.md index 31089d2d9c..b55700ba63 100644 --- a/solutions/security/explore/users-page.md +++ b/solutions/security/explore/users-page.md @@ -41,7 +41,7 @@ Beneath the KPI charts are data tables, which are useful for viewing and investi * **All users**: A chronological list of unique user names, when they were last active, and the associated domains. * **Authentications**: A chronological list of user authentication events and associated details, such as the number of successes and failures, and the host name of the last successful destination. * **Anomalies**: Unusual activity discovered by [{{ml}} jobs](/solutions/security/advanced-entity-analytics/anomaly-detection.md) that contain user data. -* **User risk**: The latest recorded user risk score for each user, and its user risk classification. In {{stack}}, this feature requires a [Platinum subscription](https://www.elastic.co/pricing) or higher. In serverless, this feature requires the Security Analytics Complete [project feature](/deploy-manage/deploy/elastic-cloud/project-settings.md). Click **Enable** on the **User risk** tab to get started. To learn more, refer to our [entity risk scoring documentation](/solutions/security/advanced-entity-analytics/entity-risk-scoring.md). +* **User risk**: The latest recorded user risk score for each user, and its user risk classification. In {{stack}}, this feature requires a [Platinum subscription](https://www.elastic.co/pricing) or higher. In serverless, this feature requires the Security Analytics Complete [project feature tier](/deploy-manage/deploy/elastic-cloud/project-settings.md). Click **Enable** on the **User risk** tab to get started. To learn more, refer to our [entity risk scoring documentation](/solutions/security/advanced-entity-analytics/entity-risk-scoring.md). The Events table includes inline actions and several customization options. To learn more about what you can do with the data in these tables, refer to [*Manage detection alerts*](/solutions/security/detect-and-alert/manage-detection-alerts.md). diff --git a/solutions/security/get-started/automatic-import.md b/solutions/security/get-started/automatic-import.md index 60556d3dcb..24d1aed29d 100644 --- a/solutions/security/get-started/automatic-import.md +++ b/solutions/security/get-started/automatic-import.md @@ -26,7 +26,7 @@ Click [here](https://elastic.navattic.com/automatic-import) to access an interac * A working [LLM connector](/solutions/security/ai/set-up-connectors-for-large-language-models-llm.md). * {{stack}} users: An [Enterprise](https://www.elastic.co/pricing) subscription. -* {{serverless-short}} users: a [Security Analytics Complete subscription](/deploy-manage/deploy/elastic-cloud/project-settings.md). +* {{serverless-short}} users: a project with the [Security Analytics Complete](/deploy-manage/deploy/elastic-cloud/project-settings.md) feature tier. * A sample of the data you want to import. :::: diff --git a/solutions/security/investigate/add-osquery-response-actions.md b/solutions/security/investigate/add-osquery-response-actions.md index 852b01f3f0..0d877fdda8 100644 --- a/solutions/security/investigate/add-osquery-response-actions.md +++ b/solutions/security/investigate/add-osquery-response-actions.md @@ -21,7 +21,7 @@ This functionality is in technical preview and may be changed or removed in a fu Osquery Response Actions allow you to add live queries to custom query rules so you can automatically collect data on systems the rule is monitoring. Use this data to support your alert triage and investigation efforts. ::::{admonition} Requirements -* Ensure you have the appropriate [{{stack}} subscription](https://www.elastic.co/pricing) or [{{serverless-short}} project tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md). +* Ensure you have the appropriate [{{stack}} subscription](https://www.elastic.co/pricing) or [{{serverless-short}} project feature tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md). * The [Osquery manager integration](manage-integration.md) must be installed. * {{agent}}'s [status](/reference/fleet/monitor-elastic-agent.md) must be `Healthy`. Refer to [](/troubleshoot/ingest/fleet/common-problems.md) if it isn’t. * Your role must have [Osquery feature privileges](/solutions/security/investigate/osquery.md). diff --git a/solutions/security/investigate/cases-requirements.md b/solutions/security/investigate/cases-requirements.md index 5d49c50cba..405975720c 100644 --- a/solutions/security/investigate/cases-requirements.md +++ b/solutions/security/investigate/cases-requirements.md @@ -14,9 +14,9 @@ products: # Cases requirements [security-cases-requirements] ::::{note} -- To send cases to external systems, ensure you have the appropriate [{{stack}} subscription](https://www.elastic.co/pricing) or [{{serverless-short}} project tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md). +- To send cases to external systems, ensure you have the appropriate [{{stack}} subscription](https://www.elastic.co/pricing) or [{{serverless-short}} project feature tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md). -- You need particular subscriptions and privileges to manage case attachments. For example in {{stack}}, to add alerts to cases, you must have privileges for [managing alerts](/solutions/security/detect-and-alert/detections-requirements.md#enable-detections-ui). In {{serverless-short}}, you need the Security Analytics Complete [project feature](../../../deploy-manage/deploy/elastic-cloud/project-settings.md). +- You need particular subscriptions and privileges to manage case attachments. For example in {{stack}}, to add alerts to cases, you must have privileges for [managing alerts](/solutions/security/detect-and-alert/detections-requirements.md#enable-detections-ui). In {{serverless-short}}, you need the Security Analytics Complete [project feature tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md). - If you have an on-premises deployment and want email notifications and external incident management systems to contain links back to {{kib}}, you must configure the [server.publicBaseUrl](kibana://reference/configuration-reference/general-settings.md#server-publicbaseurl) setting. :::: diff --git a/solutions/security/investigate/configure-case-settings.md b/solutions/security/investigate/configure-case-settings.md index e2713c664c..402d162c1f 100644 --- a/solutions/security/investigate/configure-case-settings.md +++ b/solutions/security/investigate/configure-case-settings.md @@ -50,7 +50,7 @@ You can push {{elastic-sec}} cases to these third-party systems: To push cases, you need to create a connector, which stores the information required to interact with an external system. After you have created a connector, you can set {{elastic-sec}} cases to automatically close when they are sent to external systems. ::::{important} -To create connectors and send cases to external systems, ensure you have the appropriate role privileges and [{{stack}} subscription](https://www.elastic.co/pricing) or [{{serverless-short}} project tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md). For more information, refer to [Cases requirements](/solutions/security/investigate/cases-requirements.md). +To create connectors and send cases to external systems, ensure you have the appropriate role privileges and [{{stack}} subscription](https://www.elastic.co/pricing) or [{{serverless-short}} project feature tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md). For more information, refer to [Cases requirements](/solutions/security/investigate/cases-requirements.md). :::: @@ -138,7 +138,7 @@ If you update or delete templates, existing cases are unaffected. ## Observable types [cases-observable-types] ::::{admonition} Requirements -Ensure you have the appropriate [{{stack}} subscription](https://www.elastic.co/pricing) or [{{serverless-short}} project tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md). +Ensure you have the appropriate [{{stack}} subscription](https://www.elastic.co/pricing) or [{{serverless-short}} project feature tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md). :::: diff --git a/solutions/security/investigate/indicators-of-compromise.md b/solutions/security/investigate/indicators-of-compromise.md index 1a531c1d18..cb66f71878 100644 --- a/solutions/security/investigate/indicators-of-compromise.md +++ b/solutions/security/investigate/indicators-of-compromise.md @@ -17,7 +17,7 @@ The Indicators page collects data from enabled threat intelligence feeds and pro ::::{admonition} Requirements * In {{stack}}, the Indicators page is an [Enterprise subscription](https://www.elastic.co/pricing) feature. -* In serverless, the Indicators page requires the Security Analytics Complete [project feature](/deploy-manage/deploy/elastic-cloud/project-settings.md) +* In serverless, the Indicators page requires the Security Analytics Complete [project feature tier](/deploy-manage/deploy/elastic-cloud/project-settings.md) * You must have *one* of the following installed on the hosts you want to monitor: * **{{agent}}** - Install a [{{fleet}}-managed {{agent}}](/reference/fleet/install-fleet-managed-elastic-agent.md) and ensure the agent’s status is `Healthy`. Refer to [](/troubleshoot/ingest/fleet/common-problems.md) if it isn’t. diff --git a/solutions/security/investigate/manage-integration.md b/solutions/security/investigate/manage-integration.md index 2d78f1b4a5..ec90776cba 100644 --- a/solutions/security/investigate/manage-integration.md +++ b/solutions/security/investigate/manage-integration.md @@ -28,7 +28,7 @@ products: ## Customize Osquery sub-feature privileges [_customize_osquery_sub_feature_privileges] -Depending on your [subscription level](https://www.elastic.co/pricing) or [{{serverless-short}} project tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md), you can further customize the sub-feature privileges for **Osquery Manager**. These include options to grant specific access for running live queries, running saved queries, saving queries, and scheduling packs. For example, you can create roles for users who can only run live or saved queries, but who cannot save or schedule queries. This is useful for teams who need in-depth and detailed control. +Depending on your [subscription level](https://www.elastic.co/pricing) or [{{serverless-short}} project feature tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md), you can further customize the sub-feature privileges for **Osquery Manager**. These include options to grant specific access for running live queries, running saved queries, saving queries, and scheduling packs. For example, you can create roles for users who can only run live or saved queries, but who cannot save or schedule queries. This is useful for teams who need in-depth and detailed control. ## Customize Osquery configuration [osquery-custom-config] diff --git a/solutions/security/investigate/open-manage-cases.md b/solutions/security/investigate/open-manage-cases.md index 7c892b5bbf..a15186be2f 100644 --- a/solutions/security/investigate/open-manage-cases.md +++ b/solutions/security/investigate/open-manage-cases.md @@ -217,7 +217,7 @@ After a visualization has been added to a case, you can modify or interact with ### Add observables [cases-add-observables] ::::{admonition} Requirements -Ensure you have the appropriate [{{stack}} subscription](https://www.elastic.co/pricing) or [{{serverless-short}} project tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md). +Ensure you have the appropriate [{{stack}} subscription](https://www.elastic.co/pricing) or [{{serverless-short}} project feature tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md). :::: diff --git a/solutions/security/investigate/session-view.md b/solutions/security/investigate/session-view.md index e5cb1a1ffc..87f99c01a7 100644 --- a/solutions/security/investigate/session-view.md +++ b/solutions/security/investigate/session-view.md @@ -16,7 +16,7 @@ products: Session View is an investigation tool that allows you to examine Linux process data organized in a tree-like structure according to the Linux logical event model, with processes organized by parentage and time of execution. It displays events in a highly readable format that is inspired by the terminal. This makes it a powerful tool for monitoring and investigating session activity on your Linux infrastructure and understanding user and service behavior. ::::{admonition} Requirements -Ensure you have the appropriate [{{stack}} subscription](https://www.elastic.co/pricing) or [{{serverless-short}} project tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md). +Ensure you have the appropriate [{{stack}} subscription](https://www.elastic.co/pricing) or [{{serverless-short}} project feature tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md). :::: diff --git a/solutions/security/investigate/visual-event-analyzer.md b/solutions/security/investigate/visual-event-analyzer.md index fc410c93e6..6b234469b2 100644 --- a/solutions/security/investigate/visual-event-analyzer.md +++ b/solutions/security/investigate/visual-event-analyzer.md @@ -134,7 +134,7 @@ Access event details by selecting that event’s URL at the top of the process d When you select an `event.category` pill (for example, **_x_ file** or **_x_ registry**), all the events within that category are listed in the preview analyzer panel. To display more details about a specific event, select it from the list. ::::{note} -- You must have the appropriate [{{stack}}](https://www.elastic.co/pricing) subscription or [{{serverless-short}} project tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md) to examine alerts associated with events. +- You must have the appropriate [{{stack}}](https://www.elastic.co/pricing) subscription or [{{serverless-short}} project feature tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md) to examine alerts associated with events. - There is no limit to the number of events that can be associated with a process. :::: diff --git a/solutions/security/manage-elastic-defend/host-isolation-exceptions.md b/solutions/security/manage-elastic-defend/host-isolation-exceptions.md index bc2eca4b0f..3cca81e832 100644 --- a/solutions/security/manage-elastic-defend/host-isolation-exceptions.md +++ b/solutions/security/manage-elastic-defend/host-isolation-exceptions.md @@ -20,7 +20,7 @@ Host isolation exceptions support IPv4 addresses, with optional classless inter- ::::{admonition} Requirements * You must have the **Host Isolation Exceptions** [privilege](/solutions/security/configure-elastic-defend/elastic-defend-feature-privileges.md) or the appropriate user role to access this feature. -* Host isolation requires the appropriate [subscription](https://www.elastic.co/pricing) in {{stack}} or [project feature](/deploy-manage/deploy/elastic-cloud/project-settings.md) in {{serverless-short}}. +* Host isolation requires the appropriate [subscription](https://www.elastic.co/pricing) in {{stack}} or [project feature tier](/deploy-manage/deploy/elastic-cloud/project-settings.md) in {{serverless-short}}. :::: diff --git a/solutions/security/manage-elastic-defend/identify-antivirus-software-on-hosts.md b/solutions/security/manage-elastic-defend/identify-antivirus-software-on-hosts.md index 081e3e9b0d..6f5420ebbd 100644 --- a/solutions/security/manage-elastic-defend/identify-antivirus-software-on-hosts.md +++ b/solutions/security/manage-elastic-defend/identify-antivirus-software-on-hosts.md @@ -25,7 +25,7 @@ After you’ve installed {{elastic-defend}} on one or more hosts, you can use *A ::::{admonition} Requirements To use this feature, you need: -* In serverless, a Security Analytics Complete [subscription](https://www.elastic.co/pricing/serverless-security). +* In serverless, a project with the Security Analytics Complete [feature tier](https://www.elastic.co/pricing/serverless-security). * The **Automatic Troubleshooting: Read** or **Automatic Troubleshooting: All** security [sub-feature privilege](/solutions/security/configure-elastic-defend/elastic-defend-feature-privileges.md). :::{note} In {{stack}} 9.0.0, this privilege is called **Endpoint Insights**.