diff --git a/redirects.yml b/redirects.yml index ac381b7cd7..6c31e86c9c 100644 --- a/redirects.yml +++ b/redirects.yml @@ -537,6 +537,16 @@ redirects: # Search sessions becoming background search 'explore-analyze/discover/search-sessions.md': 'explore-analyze/discover/background-search.md' +# Related to https://github.com/elastic/docs-content/pull/3493 + 'solutions/security/cloud/ingest-third-party-cloud-security-data.md': 'solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md' + 'solutions/security/cloud/ingest-cncf-falco-data.md': 'solutions/security/cloud/integrations/cncf-falco.md' + 'solutions/security/cloud/ingest-wiz-data.md': 'solutions/security/cloud/integrations/wiz.md' + 'solutions/security/cloud/integration-tenablevm.md': 'solutions/security/cloud/integrations/tenablevm.md' + 'solutions/security/cloud/integration-rapid7.md': 'solutions/security/cloud/integrations/rapid7.md' + 'solutions/security/cloud/integration-qualys.md': 'solutions/security/cloud/integrations/qualys.md' + 'solutions/security/cloud/ingest-aws-security-hub-data.md': 'solutions/security/cloud/integrations/aws-security-hub.md' + 'solutions/security/cloud/aws-config-integration.md': 'solutions/security/cloud/integrations/aws-config.md' + # Deduplicate canvas function reference 'reference/data-analysis/kibana/canvas-functions.md': 'explore-analyze/visualize/canvas/canvas-function-reference.md' 'reference/data-analysis/kibana/tinymath-functions.md': 'explore-analyze/visualize/canvas/canvas-tinymath-functions.md' diff --git a/solutions/security/cloud/findings-page-3.md b/solutions/security/cloud/findings-page-3.md index 7ed5ef750f..7ea4667f12 100644 --- a/solutions/security/cloud/findings-page-3.md +++ b/solutions/security/cloud/findings-page-3.md @@ -14,7 +14,7 @@ products: # View and manage CNVM vulnerabilities in Findings [security-vuln-management-findings] -The **Vulnerabilities** tab on the Findings page displays the vulnerabilities detected by the [CNVM integration](cloud-native-vulnerability-management.md), as well as those detected by [third-party integrations](ingest-third-party-cloud-security-data.md). +The **Vulnerabilities** tab on the **Findings** page displays the vulnerabilities detected by the [CNVM integration](cloud-native-vulnerability-management.md), as well as those detected by [third-party integrations](integrations/ingest-third-party-cloud-security-data.md). :::{image} /solutions/images/serverless--cloud-native-security-cnvm-findings-page.png :alt: The Vulnerabilities tab of the Findings page diff --git a/solutions/security/cloud/findings-page.md b/solutions/security/cloud/findings-page.md index 9e781553e1..2c919e52ec 100644 --- a/solutions/security/cloud/findings-page.md +++ b/solutions/security/cloud/findings-page.md @@ -18,7 +18,7 @@ products: $$$cspm-findings-page-filter-findings$$$ -The **Misconfigurations** tab on the Findings page displays the configuration risks identified by the [CSPM](/solutions/security/cloud/cloud-security-posture-management.md) and [KSPM](/solutions/security/cloud/kubernetes-security-posture-management.md) integrations, as well as data from [third-party integrations](/solutions/security/cloud/ingest-third-party-cloud-security-data.md). +The **Misconfigurations** tab on the **Findings** page displays the configuration risks identified by the [CSPM](/solutions/security/cloud/cloud-security-posture-management.md) and [KSPM](/solutions/security/cloud/kubernetes-security-posture-management.md) integrations, as well as data from [third-party integrations](/solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md). :::{image} /solutions/images/security-findings-page.png :alt: Findings page diff --git a/solutions/security/cloud/ingest-third-party-cloud-security-data.md b/solutions/security/cloud/ingest-third-party-cloud-security-data.md deleted file mode 100644 index 648edb9543..0000000000 --- a/solutions/security/cloud/ingest-third-party-cloud-security-data.md +++ /dev/null @@ -1,38 +0,0 @@ ---- -mapped_pages: - - https://www.elastic.co/guide/en/security/current/ingest-third-party-cloud-security-data.html - - https://www.elastic.co/guide/en/serverless/current/ingest-third-party-cloud-security-data.html -applies_to: - stack: all - serverless: - security: all -products: - - id: security - - id: cloud-serverless ---- - -# Ingest third-party cloud security data - -This section describes how to ingest cloud security data from third-party tools into {{es}}. Once ingested, this data can provide additional context and enrich your {{elastic-sec}} workflows. - -You can ingest both third-party cloud workload protection data and third-party security posture and vulnerability data. - - -## Ingest third-party workload protection data [_ingest_third_party_workload_protection_data] - -You can ingest third-party cloud security alerts into {{elastic-sec}} to view them on the [Alerts page](/solutions/security/advanced-entity-analytics/view-analyze-risk-score-data.md#alerts-page) and incorporate them into your triage and threat hunting workflows. - -* Learn to [ingest alerts from Sysdig Falco](/solutions/security/cloud/ingest-cncf-falco-data.md). - - -## Ingest third-party security posture and vulnerability data [_ingest_third_party_security_posture_and_vulnerability_data] - -You can ingest third-party data into {{elastic-sec}} to review and investigate it alongside data collected by {{elastic-sec}}'s native cloud security integrations. Once ingested, cloud security posture and vulnerability data appears on the [Findings](/solutions/security/cloud/findings-page.md) page, on the [Cloud Posture dashboard](/solutions/security/dashboards/cloud-security-posture-dashboard.md), and in the [entity details](/solutions/security/advanced-entity-analytics/view-entity-details.md#entity-details-flyout) and [alert details](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) flyouts. - -Data from each of the following integrations can feed into at least some of these workflows: - -* [AWS Security Hub](/solutions/security/cloud/ingest-aws-security-hub-data.md). -* [Wiz](/solutions/security/cloud/ingest-wiz-data.md). -* [Rapid7 InsightVM](/solutions/security/cloud/integration-rapid7.md). -* [Tenable VM](/solutions/security/cloud/integration-tenablevm.md). -* [Qualys VMDR](/solutions/security/cloud/integration-qualys.md). diff --git a/solutions/security/cloud/integrations/aws-config-integration.md b/solutions/security/cloud/integrations/aws-config.md similarity index 76% rename from solutions/security/cloud/integrations/aws-config-integration.md rename to solutions/security/cloud/integrations/aws-config.md index 212adff71b..43f9b5bdc0 100644 --- a/solutions/security/cloud/integrations/aws-config-integration.md +++ b/solutions/security/cloud/integrations/aws-config.md @@ -12,7 +12,7 @@ products: This page explains how to make data from the AWS Config integration appear in the following places within {{elastic-sec}}: -- **Findings page**: Data appears on the Findings page's [Misconfigurations](/solutions/security/cloud/findings-page.md) tab. +- **Findings page**: Data appears on the [Misconfigurations](/solutions/security/cloud/findings-page.md) tab. - **Alert and Entity details flyouts**: Data appears in the Insights section of the [Alert](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) and [Entity](/solutions/security/advanced-entity-analytics/view-entity-details.md#insights) details flyouts. @@ -20,4 +20,4 @@ In order for AWS Config data to appear in these workflows: * Follow the steps to [set up the AWS Config integration](https://docs.elastic.co/en/integrations/aws/config). * Make sure the integration version is at least 4.0.0. -* Ensure you have `read` privileges for the following indices: `security_solution-*.misconfiguration_latest`. \ No newline at end of file +* Ensure you have `read` privileges for the following index: `security_solution-*.misconfiguration_latest`. \ No newline at end of file diff --git a/solutions/security/cloud/integrations/aws-inspector.md b/solutions/security/cloud/integrations/aws-inspector.md new file mode 100644 index 0000000000..2d2cb18830 --- /dev/null +++ b/solutions/security/cloud/integrations/aws-inspector.md @@ -0,0 +1,23 @@ +--- +applies_to: + stack: ga 9.2 + serverless: + security: all +products: + - id: security + - id: cloud-serverless +--- + +# AWS Inspector + +This page explains how to make data from the AWS Inspector integration appear in the following places within {{elastic-sec}}: + +- **Findings page**: Data appears on the [Vulnerabilities](/solutions/security/cloud/findings-page.md) tab. +- **Alert and Entity details flyouts**: Data appears in the Insights section of the [Alert](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) and [Entity](/solutions/security/advanced-entity-analytics/view-entity-details.md#insights) details flyouts. + + +In order for AWS Inspector data to appear in these workflows: + +* Follow the steps to [set up the AWS Inspector integration](https://www.elastic.co/docs/reference/integrations/aws/inspector). +* Make sure the integration version is at least 4.0.0. +* Ensure you have `read` privileges for the following index: `security_solution-*.vulnerability_latest`. \ No newline at end of file diff --git a/solutions/security/cloud/ingest-aws-security-hub-data.md b/solutions/security/cloud/integrations/aws-security-hub.md similarity index 100% rename from solutions/security/cloud/ingest-aws-security-hub-data.md rename to solutions/security/cloud/integrations/aws-security-hub.md diff --git a/solutions/security/cloud/ingest-cncf-falco-data.md b/solutions/security/cloud/integrations/cncf-falco.md similarity index 95% rename from solutions/security/cloud/ingest-cncf-falco-data.md rename to solutions/security/cloud/integrations/cncf-falco.md index 763a37d369..a5ad8638b1 100644 --- a/solutions/security/cloud/ingest-cncf-falco-data.md +++ b/solutions/security/cloud/integrations/cncf-falco.md @@ -40,8 +40,8 @@ Next, to make alerts from Falco appear on {{elastic-sec}}'s Alerts page: You can either: -* [Send Falco data to {{es}} from virtual machines (VMs)](/solutions/security/cloud/ingest-cncf-falco-data.md#ingest-falco-setup-falco-vm); or, -* [Send Falco data to {{es}} from Kubernetes](/solutions/security/cloud/ingest-cncf-falco-data.md#ingest-falco-setup-falco-kubernetes). +* [Send Falco data to {{es}} from virtual machines (VMs)](#ingest-falco-setup-falco-vm); or, +* [Send Falco data to {{es}} from Kubernetes](#ingest-falco-setup-falco-kubernetes). ### Configure Falco and Falcosidekick for VMs [ingest-falco-setup-falco-vm] diff --git a/solutions/security/cloud/integrations/google-security-command-center.md b/solutions/security/cloud/integrations/google-security-command-center.md index d570a92ede..b970b161f6 100644 --- a/solutions/security/cloud/integrations/google-security-command-center.md +++ b/solutions/security/cloud/integrations/google-security-command-center.md @@ -12,7 +12,7 @@ products: This page explains how to make data from the Google Security Command Center integration appear in the following workflows within {{elastic-sec}}: -- **Findings page**: Data appears on the [Findings page's](/solutions/security/cloud/findings-page.md) **Vulnerabilities** tab and **Misconfigurations** tab. +- **Findings page**: Data appears on the [Vulnerabilities](/solutions/security/cloud/findings-page-3.md) tab and the [Misconfiguations](/solutions/security/cloud/findings-page.md) tab. - **Alert and Entity details flyouts**: Data appears in the **Insights** section of the [Alert](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) and [Entity](/solutions/security/advanced-entity-analytics/view-entity-details.md#insights) details flyouts. diff --git a/solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md b/solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md new file mode 100644 index 0000000000..49646b3138 --- /dev/null +++ b/solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md @@ -0,0 +1,48 @@ +--- +mapped_pages: + - https://www.elastic.co/guide/en/security/current/ingest-third-party-cloud-security-data.html + - https://www.elastic.co/guide/en/serverless/current/ingest-third-party-cloud-security-data.html +applies_to: + stack: all + serverless: + security: all +products: + - id: security + - id: cloud-serverless +--- + +# Ingest third-party cloud security data + +This section describes how to ingest cloud security data from third-party tools into {{es}}. Once ingested, this data can provide additional context and enrich your {{elastic-sec}} workflows. + +You can ingest both third-party cloud workload protection data and third-party security posture and vulnerability data. + + +## Ingest third-party workload protection data [_ingest_third_party_workload_protection_data] + +You can ingest third-party cloud security alerts into {{elastic-sec}} to view them on the [Alerts page](/solutions/security/advanced-entity-analytics/view-analyze-risk-score-data.md#alerts-page) and incorporate them into your triage and threat hunting workflows. + +* Learn to [ingest alerts from Sysdig Falco](/solutions/security/cloud/integrations/cncf-falco.md). + + +## Ingest third-party security posture and vulnerability data [_ingest_third_party_security_posture_and_vulnerability_data] + +You can ingest third-party data into {{elastic-sec}} to review and investigate it alongside data collected by {{elastic-sec}}'s native cloud security integrations. Once ingested, cloud security posture and vulnerability data appears on the [**Findings**](/solutions/security/cloud/findings-page.md) page and in the [entity details](/solutions/security/advanced-entity-analytics/view-entity-details.md#entity-details-flyout) and [alert details](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) flyouts. + +::::{note} +Data from third-party integrations does not appear on the [CNVM dashboard](/solutions/security/cloud/cnvm-dashboard.md) or the [Cloud Posture dashboard](/solutions/security/dashboards/cloud-security-posture-dashboard.md), +:::: + +Data from each of the following integrations can feed into at least some of these workflows: + +* [AWS Config](/solutions/security/cloud/integrations/aws-config.md) +* [AWS Inspector](/solutions/security/cloud/integrations/aws-inspector.md) +* [AWS Security Hub](/solutions/security/cloud/integrations/aws-security-hub.md) +* [Google Security Command Center](/solutions/security/cloud/integrations/google-security-command-center.md) +* [Microsoft Defender for Cloud](/solutions/security/cloud/integrations/microsoft-defender-for-cloud.md) +* [Microsoft Defender for Endpoint](/solutions/security/cloud/integrations/microsoft-defender-for-endpoint.md) +* [Microsoft Defender XDR](/solutions/security/cloud/integrations/microsoft-defender-xdr.md) +* [Qualys VMDR](/solutions/security/cloud/integrations/qualys.md) +* [Rapid7 InsightVM](/solutions/security/cloud/integrations/rapid7.md) +* [Tenable VM](/solutions/security/cloud/integrations/tenablevm.md) +* [Wiz](/solutions/security/cloud/integrations/wiz.md) diff --git a/solutions/security/cloud/integration-qualys.md b/solutions/security/cloud/integrations/qualys.md similarity index 78% rename from solutions/security/cloud/integration-qualys.md rename to solutions/security/cloud/integrations/qualys.md index 76c1518515..02fca81c95 100644 --- a/solutions/security/cloud/integration-qualys.md +++ b/solutions/security/cloud/integrations/qualys.md @@ -13,11 +13,7 @@ products: This page explains how to make data from the Qualys Vulnerability Management, Detection and Response integration (Qualys VMDR) appear in the following places within {{elastic-sec}}: - **Findings page**: Data appears on the [Vulnerabilities](/solutions/security/cloud/findings-page-3.md) tab. -- **Alert and Entity details flyouts**: Applicable data appears in the [Insights section](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section). - -:::{note} -Data from this integration does not appear on the [CNVM dashboard](/solutions/security/cloud/cnvm-dashboard.md). -::: +- **Alert and Entity details flyouts**: Data appears in the Insights section of the [Alert](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) and [Entity](/solutions/security/advanced-entity-analytics/view-entity-details.md#insights) details flyouts. In order for Qualys VMDR data to appear in these workflows: diff --git a/solutions/security/cloud/integration-rapid7.md b/solutions/security/cloud/integrations/rapid7.md similarity index 74% rename from solutions/security/cloud/integration-rapid7.md rename to solutions/security/cloud/integrations/rapid7.md index 00d8d504f1..a8c03ad3c4 100644 --- a/solutions/security/cloud/integration-rapid7.md +++ b/solutions/security/cloud/integrations/rapid7.md @@ -13,11 +13,8 @@ products: This page explains how to make data from the Rapid7 InsightVM integration (Rapid7) appear in the following places within {{elastic-sec}}: - **Findings page**: Data appears on the [Vulnerabilities](/solutions/security/cloud/findings-page-3.md) tab. -- **Alert and Entity details flyouts**: Applicable data appears in the [Insights section](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section). +- **Alert and Entity details flyouts**: Data appears in the Insights section of the [Alert](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) and [Entity](/solutions/security/advanced-entity-analytics/view-entity-details.md#insights) details flyouts. -:::{note} -Data from this integration does not appear on the [CNVM dashboard](/solutions/security/cloud/cnvm-dashboard.md). -::: In order for Rapid7 data to appear in these workflows: diff --git a/solutions/security/cloud/integration-tenablevm.md b/solutions/security/cloud/integrations/tenablevm.md similarity index 74% rename from solutions/security/cloud/integration-tenablevm.md rename to solutions/security/cloud/integrations/tenablevm.md index 823e703097..361eaf5e0e 100644 --- a/solutions/security/cloud/integration-tenablevm.md +++ b/solutions/security/cloud/integrations/tenablevm.md @@ -13,11 +13,7 @@ products: This page explains how to make data from the Tenable Vulnerability Management integration (Tenable VM) appear in the following places within {{elastic-sec}}: - **Findings page**: Data appears on the [Vulnerabilities](/solutions/security/cloud/findings-page-3.md) tab. -- **Alert and Entity details flyouts**: Applicable data appears in the [Insights section](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section). - -::::{note} -Data from this integration does not appear on the [CNVM dashboard](/solutions/security/cloud/cnvm-dashboard.md). -:::: +- **Alert and Entity details flyouts**: Data appears in the Insights section of the [Alert](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) and [Entity](/solutions/security/advanced-entity-analytics/view-entity-details.md#insights) details flyouts. In order for Tenable VM data to appear in these workflows: diff --git a/solutions/security/cloud/ingest-wiz-data.md b/solutions/security/cloud/integrations/wiz.md similarity index 100% rename from solutions/security/cloud/ingest-wiz-data.md rename to solutions/security/cloud/integrations/wiz.md diff --git a/solutions/toc.yml b/solutions/toc.yml index 54e397d37a..55e56bf5c6 100644 --- a/solutions/toc.yml +++ b/solutions/toc.yml @@ -677,15 +677,16 @@ toc: - file: security/cloud/cloud-workload-protection-for-vms.md children: - file: security/cloud/capture-environment-variables.md - - file: security/cloud/ingest-third-party-cloud-security-data.md - children: - - file: security/cloud/ingest-cncf-falco-data.md - - file: security/cloud/ingest-aws-security-hub-data.md - - file: security/cloud/ingest-wiz-data.md - - file: security/cloud/integration-qualys.md - - file: security/cloud/integration-tenablevm.md - - file: security/cloud/integration-rapid7.md - - file: security/cloud/integrations/aws-config-integration.md + - file: security/cloud/integrations/ingest-third-party-cloud-security-data.md + children: + - file: security/cloud/integrations/cncf-falco.md + - file: security/cloud/integrations/aws-security-hub.md + - file: security/cloud/integrations/wiz.md + - file: security/cloud/integrations/qualys.md + - file: security/cloud/integrations/tenablevm.md + - file: security/cloud/integrations/rapid7.md + - file: security/cloud/integrations/aws-config.md + - file: security/cloud/integrations/aws-inspector.md - file: security/cloud/integrations/microsoft-defender-for-cloud.md - file: security/cloud/integrations/microsoft-defender-for-endpoint.md - file: security/cloud/integrations/microsoft-defender-xdr.md