elastic · natasha-moore-elastic · Oct 8, 2025 · Oct 8, 2025 · Oct 8, 2025 · Oct 8, 2025
@@ -108,7 +108,7 @@ Using Automatic Import allows users to create new third-party data integrations
     :::
 
 14. Click **Add to an agent** to deploy your new integration and start collecting data, or click **View integration** to view detailed information about your new integration.
-15. (Optional) Once you’ve added an integration, you can edit the ingest pipeline by going to **Project Settings → Stack Management → Ingest Pipelines**.
+15. (Optional) Once you’ve added an integration, you can edit the ingest pipeline by going to the **Ingest Pipelines** page using the navigation menu or the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md).
 
 ::::{tip}
 You can use the [Data Quality dashboard](/solutions/security/dashboards/data-quality-dashboard.md) to check the health of your data ingest pipelines and field mappings.

@@ -30,15 +30,6 @@ Filter for alerts, events, processes, and other important security data by enter
 * To save the current KQL query and any applied filters, select **Saved query menu** (![Saved query menu icon](/solutions/images/security-saved-query-menu-icon.png "title =20x20")), enter a name for the saved query, and select **Save saved query**.
 
 
-## Navigation menu [navigation-menu-overview]
-
-The navigation menu contains direct links and expandable groups, identified by the group icon (![Group icon](/solutions/images/security-group-icon.png "title =20x20")).
-
-* Click a top-level link to go directly to its landing page, which contains links and information for related pages.
-* Click a group’s icon (![Group icon](/solutions/images/security-group-icon.png "title =20x20")) to open its flyout menu, which displays links to related pages within that group. Click a link in the flyout to navigate to its landing page.
-* Click the **Collapse side navigation** icon (![Side menu collapse icon](/solutions/images/security-side-button.png "title =20x20")) to collapse and expand the main navigation menu.
-
-
 ## Visualization actions [visualization-actions]
 
 Many {{elastic-sec}} histograms, graphs, and tables display an **Inspect** button (![Inspect icon](/solutions/images/security-inspect-icon.png "title =20x20")) when you hover over them. Click to examine the {{es}} queries used to retrieve data throughout the app.
@@ -101,7 +92,7 @@ Expand this section to access the following dashboards, which provide interactiv
 
 - Overview
 - Detection & Response
-- Kubernetes (in {{stack}})
+- {applies_to}`serverless: unavailable` Kubernetes
 - Cloud Security Posture
 - Cloud Native Vulnerability Management
 - Entity Analytics
@@ -128,33 +119,48 @@ Expand this section to access the following pages:
 View and manage alerts to monitor activity within your network. Refer to [Detections and alerts](/solutions/security/detect-and-alert.md) for more information.
 
 
-### Findings [_findings]
+### Attack discovery
 
-Identify misconfigurations and vulnerabilities in your cloud infrastructure. For setup instructions, refer to [Cloud Security Posture Management](/solutions/security/cloud/cloud-security-posture-management.md), [Kubernetes Security Posture Management](/solutions/security/cloud/kubernetes-security-posture-management.md), or [Cloud Native Vulnerability Management](/solutions/security/cloud/cloud-native-vulnerability-management.md).
+Use large language models (LLMs) to analyze alerts in your environment and identify threats. Refer to [](/solutions/security/ai/attack-discovery.md) for more information.
 
 
-### Cases [_cases]
+### Assets [security-ui-assets]
 
-Open and track security issues. Refer to [Cases](/solutions/security/investigate/cases.md) to learn more.
+The Assets section allows you to manage the following features:
 
+* [{{fleet}}](/reference/fleet/manage-elastic-agents-in-fleet.md)
+* [Endpoint protection](/solutions/security/manage-elastic-defend.md)
 
-### Investigations [security-ui-investigations]
+    * [Endpoints](/solutions/security/manage-elastic-defend/endpoints.md): View and manage hosts running {{elastic-defend}}.
+    * [Policies](/solutions/security/manage-elastic-defend/policies.md): View and manage {{elastic-defend}} integration policies.
+    * [Trusted applications](/solutions/security/manage-elastic-defend/trusted-applications.md): View and manage trusted Windows, macOS, and Linux applications.
+    * [Event filters](/solutions/security/manage-elastic-defend/event-filters.md): View and manage event filters, which allow you to filter endpoint events you don’t need to want stored in {{es}}.
+    * [Host isolation exceptions](/solutions/security/manage-elastic-defend/host-isolation-exceptions.md): View and manage host isolation exceptions, which specify IP addresses that can communicate with your hosts even when those hosts are blocked from your network.
+    * [Blocklist](/solutions/security/manage-elastic-defend/blocklist.md): View and manage the blocklist, which allows you to prevent specified applications from running on hosts, extending the list of processes that {{elastic-defend}} considers malicious.
+    * [Response actions history](/solutions/security/endpoint-response-actions/response-actions-history.md): Find the history of response actions performed on hosts.
 
-Expand this section to access the following pages:
+* [Cloud security](/solutions/security/cloud.md)
 
-* [Timelines](../investigate/timeline.md): Investigate alerts and complex threats — such as lateral movement — in your network. Timelines are interactive and allow you to share your findings with other team members.
 
-    ::::{tip}
-    Click the **Timeline** button at the bottom of the {{security-app}} to start an investigation.
+### Cases [_cases]
 
-    ::::
+Open and track security issues. Refer to [Cases](/solutions/security/investigate/cases.md) to learn more.
 
-* [Osquery](../investigate/osquery.md): Deploy Osquery with {{agent}}, then run and schedule queries.
 
+### Entity analytics
+```yaml {applies_to}
+stack: ga 9.1
+serverless: ga
+```
+
+:::{admonition} Requirements
+To access this section, turn on the `securitySolution:enablePrivilegedUserMonitoring` [advanced setting](/solutions/security/get-started/configure-advanced-settings.md#access-privileged-user-monitoring).
+:::
 
-### Intelligence [_intelligence]
+Expand this section to access the following pages:
 
-The Intelligence section contains the Indicators page, which collects data from enabled threat intelligence feeds and provides a centralized view of indicators of compromise (IoCs). Refer to [Indicators of compromise](/troubleshoot/security/indicators-of-compromise.md) to learn more.
+- [Entity analytics](/solutions/security/advanced-entity-analytics/overview.md): Access a comprehensive overview of entity risk scores and anomalies identified by prebuilt {{anomaly-jobs}}.
+- [Privileged user monitoring](/solutions/security/advanced-entity-analytics/monitor-privileged-user-activitites.md): Set up your privileged users and monitor their activities to identify suspicious behavior. 
 
 
 ### Explore [_explore]
@@ -168,38 +174,30 @@ Expand this section to access the following pages:
 * [Users](/solutions/security/explore/users-page.md): Access a comprehensive overview of user data to help you understand authentication and user behavior within your environment.
 
 
-### Assets [security-ui-assets]
+### Investigations [security-ui-investigations]
 
-The Assets section allows you to manage the following features:
+Expand this section to access the following pages:
 
-* [{{fleet}}](/reference/fleet/manage-elastic-agents-in-fleet.md)
-* [Endpoint protection](/solutions/security/manage-elastic-defend.md)
+* [Timelines](../investigate/timeline.md): Investigate alerts and complex threats — such as lateral movement — in your network. Timelines are interactive and allow you to share your findings with other team members.
 
-    * [Endpoints](/solutions/security/manage-elastic-defend/endpoints.md): View and manage hosts running {{elastic-defend}}.
-    * [Policies](/solutions/security/manage-elastic-defend/policies.md): View and manage {{elastic-defend}} integration policies.
-    * [Trusted applications](/solutions/security/manage-elastic-defend/trusted-applications.md): View and manage trusted Windows, macOS, and Linux applications.
-    * [Event filters](/solutions/security/manage-elastic-defend/event-filters.md): View and manage event filters, which allow you to filter endpoint events you don’t need to want stored in {{es}}.
-    * [Host isolation exceptions](/solutions/security/manage-elastic-defend/host-isolation-exceptions.md): View and manage host isolation exceptions, which specify IP addresses that can communicate with your hosts even when those hosts are blocked from your network.
-    * [Blocklist](/solutions/security/manage-elastic-defend/blocklist.md): View and manage the blocklist, which allows you to prevent specified applications from running on hosts, extending the list of processes that {{elastic-defend}} considers malicious.
-    * [Response actions history](/solutions/security/endpoint-response-actions/response-actions-history.md): Find the history of response actions performed on hosts.
+    ::::{tip}
+    Click the **Timeline** button at the bottom of the {{security-app}} to start an investigation.
 
-* [Cloud security](/solutions/security/cloud.md)
+    ::::
 
+* [Notes](/solutions/security/investigate/notes.md): View and interact with all existing notes.
 
-### Entity analytics
-```yaml {applies_to}
-stack: ga 9.1
-serverless: ga
-```
+* [Osquery](../investigate/osquery.md): Deploy Osquery with {{agent}}, then run and schedule queries.
 
-:::{admonition} Requirements
-To access this section, turn on the `securitySolution:enablePrivilegedUserMonitoring` [advanced setting](/solutions/security/get-started/configure-advanced-settings.md#access-privileged-user-monitoring).
-:::
 
-Expand this section to access the following pages:
+### Findings [_findings]
 
-- [Entity analytics](/solutions/security/advanced-entity-analytics/overview.md): Access a comprehensive overview of entity risk scores and anomalies identified by prebuilt {{anomaly-jobs}}.
-- [Privileged user monitoring](/solutions/security/advanced-entity-analytics/monitor-privileged-user-activitites.md): Set up your privileged users and monitor their activities to identify suspicious behavior. 
+Identify misconfigurations and vulnerabilities in your cloud infrastructure. For setup instructions, refer to [Cloud Security Posture Management](/solutions/security/cloud/cloud-security-posture-management.md), [Kubernetes Security Posture Management](/solutions/security/cloud/kubernetes-security-posture-management.md), or [Cloud Native Vulnerability Management](/solutions/security/cloud/cloud-native-vulnerability-management.md).
+
+
+### Intelligence [_intelligence]
+
+The Intelligence section contains the Indicators page, which collects data from enabled threat intelligence feeds and provides a centralized view of indicators of compromise (IoCs). Refer to [Indicators of compromise](/troubleshoot/security/indicators-of-compromise.md) to learn more.
 
 
 ### {{ml-cap}} [security-ui-ml-cap]
@@ -214,26 +212,15 @@ Quickly add security integrations that can ingest data and monitor your hosts.
 
 Use additional API and analysis tools to interact with your data.
 
-
 ### Management [_manage]
-```yaml {applies_to}
-stack: all
-```
 
-Expand this section to access and manage:
-- Additional security features
-- [Stack monitoring](/deploy-manage/monitor/stack-monitoring.md)
-- [{{integrations}}](/reference/fleet/manage-integrations.md)
-
-### Project Settings
-```yaml {applies_to}
-serverless: all
-```
+Use the management or project settings pages to access and manage:
 
-Expand this section to access and manage:
 - Additional security features
+- {applies_to}`stack: ga` [Stack monitoring](/deploy-manage/monitor/stack-monitoring.md)
 - [{{integrations}}](/reference/fleet/manage-integrations.md)
-- [Billing](/deploy-manage/cloud-organization/billing/serverless-project-billing-dimensions.md) and [subscription](/deploy-manage/cloud-organization/billing/manage-subscription.md) options for your {{serverless-short}} project
+- Indices, data streams, and rollups
+- {applies_to}`serverless: ga` [Billing](/deploy-manage/cloud-organization/billing/serverless-project-billing-dimensions.md) and [subscription](/deploy-manage/cloud-organization/billing/manage-subscription.md) options for your {{serverless-short}} project
 
 
 ## Accessibility features [timeline-accessibility-features]