From 67fe9d18d6641f5a80d7ef37cd56d5fe4ad7093c Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Wed, 15 Oct 2025 14:04:05 -0700 Subject: [PATCH 01/10] Adds AWS Inspector cloud workflows guide & reorganizes docs section --- ...ws-config-integration.md => aws-config.md} | 4 ++-- .../cloud/integrations/aws-inspector.md | 23 +++++++++++++++++++ .../aws-security-hub.md} | 0 .../cncf-falco.md} | 0 .../google-security-command-center.md | 2 +- .../ingest-third-party-cloud-security-data.md | 21 +++++++++++++---- .../qualys.md} | 4 ---- .../rapid7.md} | 3 --- .../tenablevm.md} | 4 ---- .../wiz.md} | 0 solutions/toc.yml | 1 + 11 files changed, 43 insertions(+), 19 deletions(-) rename solutions/security/cloud/integrations/{aws-config-integration.md => aws-config.md} (76%) create mode 100644 solutions/security/cloud/integrations/aws-inspector.md rename solutions/security/cloud/{ingest-aws-security-hub-data.md => integrations/aws-security-hub.md} (100%) rename solutions/security/cloud/{ingest-cncf-falco-data.md => integrations/cncf-falco.md} (100%) rename solutions/security/cloud/{ => integrations}/ingest-third-party-cloud-security-data.md (64%) rename solutions/security/cloud/{integration-qualys.md => integrations/qualys.md} (91%) rename solutions/security/cloud/{integration-rapid7.md => integrations/rapid7.md} (89%) rename solutions/security/cloud/{integration-tenablevm.md => integrations/tenablevm.md} (89%) rename solutions/security/cloud/{ingest-wiz-data.md => integrations/wiz.md} (100%) diff --git a/solutions/security/cloud/integrations/aws-config-integration.md b/solutions/security/cloud/integrations/aws-config.md similarity index 76% rename from solutions/security/cloud/integrations/aws-config-integration.md rename to solutions/security/cloud/integrations/aws-config.md index 212adff71b..43f9b5bdc0 100644 --- a/solutions/security/cloud/integrations/aws-config-integration.md +++ b/solutions/security/cloud/integrations/aws-config.md @@ -12,7 +12,7 @@ products: This page explains how to make data from the AWS Config integration appear in the following places within {{elastic-sec}}: -- **Findings page**: Data appears on the Findings page's [Misconfigurations](/solutions/security/cloud/findings-page.md) tab. +- **Findings page**: Data appears on the [Misconfigurations](/solutions/security/cloud/findings-page.md) tab. - **Alert and Entity details flyouts**: Data appears in the Insights section of the [Alert](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) and [Entity](/solutions/security/advanced-entity-analytics/view-entity-details.md#insights) details flyouts. @@ -20,4 +20,4 @@ In order for AWS Config data to appear in these workflows: * Follow the steps to [set up the AWS Config integration](https://docs.elastic.co/en/integrations/aws/config). * Make sure the integration version is at least 4.0.0. -* Ensure you have `read` privileges for the following indices: `security_solution-*.misconfiguration_latest`. \ No newline at end of file +* Ensure you have `read` privileges for the following index: `security_solution-*.misconfiguration_latest`. \ No newline at end of file diff --git a/solutions/security/cloud/integrations/aws-inspector.md b/solutions/security/cloud/integrations/aws-inspector.md new file mode 100644 index 0000000000..2d2cb18830 --- /dev/null +++ b/solutions/security/cloud/integrations/aws-inspector.md @@ -0,0 +1,23 @@ +--- +applies_to: + stack: ga 9.2 + serverless: + security: all +products: + - id: security + - id: cloud-serverless +--- + +# AWS Inspector + +This page explains how to make data from the AWS Inspector integration appear in the following places within {{elastic-sec}}: + +- **Findings page**: Data appears on the [Vulnerabilities](/solutions/security/cloud/findings-page.md) tab. +- **Alert and Entity details flyouts**: Data appears in the Insights section of the [Alert](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) and [Entity](/solutions/security/advanced-entity-analytics/view-entity-details.md#insights) details flyouts. + + +In order for AWS Inspector data to appear in these workflows: + +* Follow the steps to [set up the AWS Inspector integration](https://www.elastic.co/docs/reference/integrations/aws/inspector). +* Make sure the integration version is at least 4.0.0. +* Ensure you have `read` privileges for the following index: `security_solution-*.vulnerability_latest`. \ No newline at end of file diff --git a/solutions/security/cloud/ingest-aws-security-hub-data.md b/solutions/security/cloud/integrations/aws-security-hub.md similarity index 100% rename from solutions/security/cloud/ingest-aws-security-hub-data.md rename to solutions/security/cloud/integrations/aws-security-hub.md diff --git a/solutions/security/cloud/ingest-cncf-falco-data.md b/solutions/security/cloud/integrations/cncf-falco.md similarity index 100% rename from solutions/security/cloud/ingest-cncf-falco-data.md rename to solutions/security/cloud/integrations/cncf-falco.md diff --git a/solutions/security/cloud/integrations/google-security-command-center.md b/solutions/security/cloud/integrations/google-security-command-center.md index d570a92ede..b970b161f6 100644 --- a/solutions/security/cloud/integrations/google-security-command-center.md +++ b/solutions/security/cloud/integrations/google-security-command-center.md @@ -12,7 +12,7 @@ products: This page explains how to make data from the Google Security Command Center integration appear in the following workflows within {{elastic-sec}}: -- **Findings page**: Data appears on the [Findings page's](/solutions/security/cloud/findings-page.md) **Vulnerabilities** tab and **Misconfigurations** tab. +- **Findings page**: Data appears on the [Vulnerabilities](/solutions/security/cloud/findings-page-3.md) tab and the [Misconfiguations](/solutions/security/cloud/findings-page.md) tab. - **Alert and Entity details flyouts**: Data appears in the **Insights** section of the [Alert](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) and [Entity](/solutions/security/advanced-entity-analytics/view-entity-details.md#insights) details flyouts. diff --git a/solutions/security/cloud/ingest-third-party-cloud-security-data.md b/solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md similarity index 64% rename from solutions/security/cloud/ingest-third-party-cloud-security-data.md rename to solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md index 648edb9543..0a56cb2e4e 100644 --- a/solutions/security/cloud/ingest-third-party-cloud-security-data.md +++ b/solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md @@ -29,10 +29,21 @@ You can ingest third-party cloud security alerts into {{elastic-sec}} to view th You can ingest third-party data into {{elastic-sec}} to review and investigate it alongside data collected by {{elastic-sec}}'s native cloud security integrations. Once ingested, cloud security posture and vulnerability data appears on the [Findings](/solutions/security/cloud/findings-page.md) page, on the [Cloud Posture dashboard](/solutions/security/dashboards/cloud-security-posture-dashboard.md), and in the [entity details](/solutions/security/advanced-entity-analytics/view-entity-details.md#entity-details-flyout) and [alert details](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) flyouts. +::::{note} +Data from third-party integration does not appear on the [CNVM dashboard](/solutions/security/cloud/cnvm-dashboard.md). +:::: + Data from each of the following integrations can feed into at least some of these workflows: -* [AWS Security Hub](/solutions/security/cloud/ingest-aws-security-hub-data.md). -* [Wiz](/solutions/security/cloud/ingest-wiz-data.md). -* [Rapid7 InsightVM](/solutions/security/cloud/integration-rapid7.md). -* [Tenable VM](/solutions/security/cloud/integration-tenablevm.md). -* [Qualys VMDR](/solutions/security/cloud/integration-qualys.md). +* [AWS Config](solutions/security/cloud/integrations/aws-config.md) +* [AWS Inspector](solutions/security/cloud/integrations/aws-inspector.md) +* [AWS Security Hub](/solutions/security/cloud/integrations/aws-security-hub.md). +* [CNCF Falco](/solutions/security/cloud/integrations/cncf-falco.md) +* [Google Security Command Center](/solutions/security/cloud/integrations/google-security-command-center.md) +* [Microsoft Defender for Cloud](/solutions/security/cloud/integrations/microsoft-defender-for-cloud.md). +* [Microsoft Defender for Endpoint](/solutions/security/cloud/integrations/microsoft-defender-for-endpoint.md). +* [Microsoft Defender XDR](/solutions/security/cloud/integrations/microsoft-defender-xdr.md). +* [Qualys VMDR](/solutions/security/cloud/integrations/qualys.md). +* [Rapid7 InsightVM](/solutions/security/cloud/integrations/rapid7.md). +* [Tenable VM](/solutions/security/cloud/integrations/tenablevm.md). +* [Wiz](/solutions/security/cloud/integrations/wiz.md). diff --git a/solutions/security/cloud/integration-qualys.md b/solutions/security/cloud/integrations/qualys.md similarity index 91% rename from solutions/security/cloud/integration-qualys.md rename to solutions/security/cloud/integrations/qualys.md index 76c1518515..0c488b1054 100644 --- a/solutions/security/cloud/integration-qualys.md +++ b/solutions/security/cloud/integrations/qualys.md @@ -15,10 +15,6 @@ This page explains how to make data from the Qualys Vulnerability Management, De - **Findings page**: Data appears on the [Vulnerabilities](/solutions/security/cloud/findings-page-3.md) tab. - **Alert and Entity details flyouts**: Applicable data appears in the [Insights section](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section). -:::{note} -Data from this integration does not appear on the [CNVM dashboard](/solutions/security/cloud/cnvm-dashboard.md). -::: - In order for Qualys VMDR data to appear in these workflows: - Ensure you have read privileges for the following index: `security_solution-*.vulnerability_latest`. diff --git a/solutions/security/cloud/integration-rapid7.md b/solutions/security/cloud/integrations/rapid7.md similarity index 89% rename from solutions/security/cloud/integration-rapid7.md rename to solutions/security/cloud/integrations/rapid7.md index 00d8d504f1..4271bf4777 100644 --- a/solutions/security/cloud/integration-rapid7.md +++ b/solutions/security/cloud/integrations/rapid7.md @@ -15,9 +15,6 @@ This page explains how to make data from the Rapid7 InsightVM integration (Rapid - **Findings page**: Data appears on the [Vulnerabilities](/solutions/security/cloud/findings-page-3.md) tab. - **Alert and Entity details flyouts**: Applicable data appears in the [Insights section](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section). -:::{note} -Data from this integration does not appear on the [CNVM dashboard](/solutions/security/cloud/cnvm-dashboard.md). -::: In order for Rapid7 data to appear in these workflows: diff --git a/solutions/security/cloud/integration-tenablevm.md b/solutions/security/cloud/integrations/tenablevm.md similarity index 89% rename from solutions/security/cloud/integration-tenablevm.md rename to solutions/security/cloud/integrations/tenablevm.md index 823e703097..66df51d172 100644 --- a/solutions/security/cloud/integration-tenablevm.md +++ b/solutions/security/cloud/integrations/tenablevm.md @@ -15,10 +15,6 @@ This page explains how to make data from the Tenable Vulnerability Management in - **Findings page**: Data appears on the [Vulnerabilities](/solutions/security/cloud/findings-page-3.md) tab. - **Alert and Entity details flyouts**: Applicable data appears in the [Insights section](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section). -::::{note} -Data from this integration does not appear on the [CNVM dashboard](/solutions/security/cloud/cnvm-dashboard.md). -:::: - In order for Tenable VM data to appear in these workflows: - Ensure you have read privileges for the following index: `security_solution-*.vulnerability_latest`. diff --git a/solutions/security/cloud/ingest-wiz-data.md b/solutions/security/cloud/integrations/wiz.md similarity index 100% rename from solutions/security/cloud/ingest-wiz-data.md rename to solutions/security/cloud/integrations/wiz.md diff --git a/solutions/toc.yml b/solutions/toc.yml index 4bcdeeb241..f9f9300f82 100644 --- a/solutions/toc.yml +++ b/solutions/toc.yml @@ -684,6 +684,7 @@ toc: - file: security/cloud/integration-tenablevm.md - file: security/cloud/integration-rapid7.md - file: security/cloud/integrations/aws-config-integration.md + - file: security/cloud/integrations/aws-inspector-integration.md - file: security/cloud/integrations/microsoft-defender-for-cloud.md - file: security/cloud/integrations/microsoft-defender-for-endpoint.md - file: security/cloud/integrations/microsoft-defender-xdr.md From 243bf41d551b27ab211fe3d223fda015eda89480 Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Wed, 15 Oct 2025 14:16:09 -0700 Subject: [PATCH 02/10] fixes ToC --- solutions/toc.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/solutions/toc.yml b/solutions/toc.yml index f9f9300f82..350f37f967 100644 --- a/solutions/toc.yml +++ b/solutions/toc.yml @@ -677,14 +677,14 @@ toc: - file: security/cloud/capture-environment-variables.md - file: security/cloud/ingest-third-party-cloud-security-data.md children: - - file: security/cloud/ingest-cncf-falco-data.md - - file: security/cloud/ingest-aws-security-hub-data.md - - file: security/cloud/ingest-wiz-data.md - - file: security/cloud/integration-qualys.md - - file: security/cloud/integration-tenablevm.md - - file: security/cloud/integration-rapid7.md - - file: security/cloud/integrations/aws-config-integration.md - - file: security/cloud/integrations/aws-inspector-integration.md + - file: security/cloud/integrations/cncf-falco.md + - file: security/cloud/integrations/aws-security-hub.md + - file: security/cloud/integrations/wiz.md + - file: security/cloud/integrations/qualys.md + - file: security/cloud/integrations/tenablevm.md + - file: security/cloud/integrations/rapid7.md + - file: security/cloud/integrations/aws-config.md + - file: security/cloud/integrations/aws-inspector.md - file: security/cloud/integrations/microsoft-defender-for-cloud.md - file: security/cloud/integrations/microsoft-defender-for-endpoint.md - file: security/cloud/integrations/microsoft-defender-xdr.md From 449e632b913589123cb91b23ab796c22f1877b98 Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Wed, 15 Oct 2025 14:18:22 -0700 Subject: [PATCH 03/10] fixes broken ref --- solutions/security/cloud/findings-page.md | 2 +- solutions/toc.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/solutions/security/cloud/findings-page.md b/solutions/security/cloud/findings-page.md index 9e781553e1..3c268884b2 100644 --- a/solutions/security/cloud/findings-page.md +++ b/solutions/security/cloud/findings-page.md @@ -18,7 +18,7 @@ products: $$$cspm-findings-page-filter-findings$$$ -The **Misconfigurations** tab on the Findings page displays the configuration risks identified by the [CSPM](/solutions/security/cloud/cloud-security-posture-management.md) and [KSPM](/solutions/security/cloud/kubernetes-security-posture-management.md) integrations, as well as data from [third-party integrations](/solutions/security/cloud/ingest-third-party-cloud-security-data.md). +The **Misconfigurations** tab on the Findings page displays the configuration risks identified by the [CSPM](/solutions/security/cloud/cloud-security-posture-management.md) and [KSPM](/solutions/security/cloud/kubernetes-security-posture-management.md) integrations, as well as data from [third-party integrations](/solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md). :::{image} /solutions/images/security-findings-page.png :alt: Findings page diff --git a/solutions/toc.yml b/solutions/toc.yml index 350f37f967..41f48301f4 100644 --- a/solutions/toc.yml +++ b/solutions/toc.yml @@ -675,7 +675,7 @@ toc: - file: security/cloud/cloud-workload-protection-for-vms.md children: - file: security/cloud/capture-environment-variables.md - - file: security/cloud/ingest-third-party-cloud-security-data.md + - file: security/cloud/integrations/ingest-third-party-cloud-security-data.md children: - file: security/cloud/integrations/cncf-falco.md - file: security/cloud/integrations/aws-security-hub.md From d7b203480f8a332a9da3a0315caa2c2011ced1c4 Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> Date: Wed, 15 Oct 2025 14:19:32 -0700 Subject: [PATCH 04/10] Update solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md --- .../integrations/ingest-third-party-cloud-security-data.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md b/solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md index 0a56cb2e4e..170dd69cc2 100644 --- a/solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md +++ b/solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md @@ -30,7 +30,7 @@ You can ingest third-party cloud security alerts into {{elastic-sec}} to view th You can ingest third-party data into {{elastic-sec}} to review and investigate it alongside data collected by {{elastic-sec}}'s native cloud security integrations. Once ingested, cloud security posture and vulnerability data appears on the [Findings](/solutions/security/cloud/findings-page.md) page, on the [Cloud Posture dashboard](/solutions/security/dashboards/cloud-security-posture-dashboard.md), and in the [entity details](/solutions/security/advanced-entity-analytics/view-entity-details.md#entity-details-flyout) and [alert details](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) flyouts. ::::{note} -Data from third-party integration does not appear on the [CNVM dashboard](/solutions/security/cloud/cnvm-dashboard.md). +Data from third-party integrations does not appear on the [CNVM dashboard](/solutions/security/cloud/cnvm-dashboard.md). :::: Data from each of the following integrations can feed into at least some of these workflows: From 53f03ee2ab5e2be95d8d0be88742f0e3f8f972a6 Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Thu, 16 Oct 2025 18:48:39 -0700 Subject: [PATCH 05/10] Adds redirects and fixes links --- redirects.yml | 11 +++++++++-- .../ingest-third-party-cloud-security-data.md | 4 ++-- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/redirects.yml b/redirects.yml index eb3e257f40..bdab1a275d 100644 --- a/redirects.yml +++ b/redirects.yml @@ -519,5 +519,12 @@ redirects: # Search sessions becoming background search 'explore-analyze/discover/search-sessions.md': 'explore-analyze/discover/background-search.md' - - +# Related to https://github.com/elastic/docs-content/pull/3493 +solutions/security/cloud/ingest-third-party-cloud-security-data.md: solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md +solutions/security/cloud/ingest-cncf-falco-data.md: solutions/security/cloud/integrations/cncf-falco.md +solutions/security/cloud/ingest-wiz-data.md: solutions/security/cloud/integrations/wiz.md +solutions/security/cloud/integration-tenablevm.md: solutions/security/cloud/integrations/tenablevm.md +solutions/security/cloud/integration-rapid7.md: solutions/security/cloud/integrations/rapid7.md +solutions/security/cloud/integration-qualys.md: solutions/security/cloud/integrations/qualys.md +solutions/security/cloud/ingest-aws-security-hub-data.md: solutions/security/cloud/integrations/aws-security-hub.md +solutions/security/cloud/aws-config-integration.md: solutions/security/cloud/integrations/aws-config.md \ No newline at end of file diff --git a/solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md b/solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md index 170dd69cc2..bc1cf70fe7 100644 --- a/solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md +++ b/solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md @@ -35,8 +35,8 @@ Data from third-party integrations does not appear on the [CNVM dashboard](/solu Data from each of the following integrations can feed into at least some of these workflows: -* [AWS Config](solutions/security/cloud/integrations/aws-config.md) -* [AWS Inspector](solutions/security/cloud/integrations/aws-inspector.md) +* [AWS Config](/solutions/security/cloud/integrations/aws-config.md) +* [AWS Inspector](/solutions/security/cloud/integrations/aws-inspector.md) * [AWS Security Hub](/solutions/security/cloud/integrations/aws-security-hub.md). * [CNCF Falco](/solutions/security/cloud/integrations/cncf-falco.md) * [Google Security Command Center](/solutions/security/cloud/integrations/google-security-command-center.md) From a27d8df3e8d96591398fc502b9f8bdf5fc3b80f4 Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Thu, 16 Oct 2025 20:32:26 -0700 Subject: [PATCH 06/10] fixes broken links --- solutions/security/cloud/findings-page-3.md | 2 +- solutions/security/cloud/integrations/cncf-falco.md | 4 ++-- .../integrations/ingest-third-party-cloud-security-data.md | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/solutions/security/cloud/findings-page-3.md b/solutions/security/cloud/findings-page-3.md index 7ed5ef750f..062f24e580 100644 --- a/solutions/security/cloud/findings-page-3.md +++ b/solutions/security/cloud/findings-page-3.md @@ -14,7 +14,7 @@ products: # View and manage CNVM vulnerabilities in Findings [security-vuln-management-findings] -The **Vulnerabilities** tab on the Findings page displays the vulnerabilities detected by the [CNVM integration](cloud-native-vulnerability-management.md), as well as those detected by [third-party integrations](ingest-third-party-cloud-security-data.md). +The **Vulnerabilities** tab on the Findings page displays the vulnerabilities detected by the [CNVM integration](cloud-native-vulnerability-management.md), as well as those detected by [third-party integrations](/integrations/ingest-third-party-cloud-security-data.md). :::{image} /solutions/images/serverless--cloud-native-security-cnvm-findings-page.png :alt: The Vulnerabilities tab of the Findings page diff --git a/solutions/security/cloud/integrations/cncf-falco.md b/solutions/security/cloud/integrations/cncf-falco.md index 763a37d369..a5ad8638b1 100644 --- a/solutions/security/cloud/integrations/cncf-falco.md +++ b/solutions/security/cloud/integrations/cncf-falco.md @@ -40,8 +40,8 @@ Next, to make alerts from Falco appear on {{elastic-sec}}'s Alerts page: You can either: -* [Send Falco data to {{es}} from virtual machines (VMs)](/solutions/security/cloud/ingest-cncf-falco-data.md#ingest-falco-setup-falco-vm); or, -* [Send Falco data to {{es}} from Kubernetes](/solutions/security/cloud/ingest-cncf-falco-data.md#ingest-falco-setup-falco-kubernetes). +* [Send Falco data to {{es}} from virtual machines (VMs)](#ingest-falco-setup-falco-vm); or, +* [Send Falco data to {{es}} from Kubernetes](#ingest-falco-setup-falco-kubernetes). ### Configure Falco and Falcosidekick for VMs [ingest-falco-setup-falco-vm] diff --git a/solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md b/solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md index bc1cf70fe7..576805944c 100644 --- a/solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md +++ b/solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md @@ -22,7 +22,7 @@ You can ingest both third-party cloud workload protection data and third-party s You can ingest third-party cloud security alerts into {{elastic-sec}} to view them on the [Alerts page](/solutions/security/advanced-entity-analytics/view-analyze-risk-score-data.md#alerts-page) and incorporate them into your triage and threat hunting workflows. -* Learn to [ingest alerts from Sysdig Falco](/solutions/security/cloud/ingest-cncf-falco-data.md). +* Learn to [ingest alerts from Sysdig Falco](/solutions/security/cloud/integrations/cncf-falco.md). ## Ingest third-party security posture and vulnerability data [_ingest_third_party_security_posture_and_vulnerability_data] From 8ea425574ee3ce8e5ac98d08886bfb739405a84c Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Thu, 16 Oct 2025 20:35:50 -0700 Subject: [PATCH 07/10] fixes redirect formatting --- redirects.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/redirects.yml b/redirects.yml index bdab1a275d..5b920a1cc7 100644 --- a/redirects.yml +++ b/redirects.yml @@ -520,11 +520,11 @@ redirects: 'explore-analyze/discover/search-sessions.md': 'explore-analyze/discover/background-search.md' # Related to https://github.com/elastic/docs-content/pull/3493 -solutions/security/cloud/ingest-third-party-cloud-security-data.md: solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md -solutions/security/cloud/ingest-cncf-falco-data.md: solutions/security/cloud/integrations/cncf-falco.md -solutions/security/cloud/ingest-wiz-data.md: solutions/security/cloud/integrations/wiz.md -solutions/security/cloud/integration-tenablevm.md: solutions/security/cloud/integrations/tenablevm.md -solutions/security/cloud/integration-rapid7.md: solutions/security/cloud/integrations/rapid7.md -solutions/security/cloud/integration-qualys.md: solutions/security/cloud/integrations/qualys.md -solutions/security/cloud/ingest-aws-security-hub-data.md: solutions/security/cloud/integrations/aws-security-hub.md -solutions/security/cloud/aws-config-integration.md: solutions/security/cloud/integrations/aws-config.md \ No newline at end of file + 'solutions/security/cloud/ingest-third-party-cloud-security-data.md': 'solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md' + 'solutions/security/cloud/ingest-cncf-falco-data.md': 'solutions/security/cloud/integrations/cncf-falco.md' + 'solutions/security/cloud/ingest-wiz-data.md': 'solutions/security/cloud/integrations/wiz.md' + 'solutions/security/cloud/integration-tenablevm.md': 'solutions/security/cloud/integrations/tenablevm.md' + 'solutions/security/cloud/integration-rapid7.md': 'solutions/security/cloud/integrations/rapid7.md' + 'solutions/security/cloud/integration-qualys.md': 'solutions/security/cloud/integrations/qualys.md' + 'solutions/security/cloud/ingest-aws-security-hub-data.md': 'solutions/security/cloud/integrations/aws-security-hub.md' + 'solutions/security/cloud/aws-config-integration.md': 'solutions/security/cloud/integrations/aws-config.md' \ No newline at end of file From a9483e6583a02248d6f4f1d0fed31b2fd05608f3 Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Thu, 16 Oct 2025 20:39:51 -0700 Subject: [PATCH 08/10] fixes one more broken link --- solutions/security/cloud/findings-page-3.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/solutions/security/cloud/findings-page-3.md b/solutions/security/cloud/findings-page-3.md index 062f24e580..353602afec 100644 --- a/solutions/security/cloud/findings-page-3.md +++ b/solutions/security/cloud/findings-page-3.md @@ -14,7 +14,7 @@ products: # View and manage CNVM vulnerabilities in Findings [security-vuln-management-findings] -The **Vulnerabilities** tab on the Findings page displays the vulnerabilities detected by the [CNVM integration](cloud-native-vulnerability-management.md), as well as those detected by [third-party integrations](/integrations/ingest-third-party-cloud-security-data.md). +The **Vulnerabilities** tab on the Findings page displays the vulnerabilities detected by the [CNVM integration](cloud-native-vulnerability-management.md), as well as those detected by [third-party integrations](integrations/ingest-third-party-cloud-security-data.md). :::{image} /solutions/images/serverless--cloud-native-security-cnvm-findings-page.png :alt: The Vulnerabilities tab of the Findings page From 68f1698441a29ef35897cdcbc9d405b14ed66e90 Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Fri, 17 Oct 2025 09:40:59 -0700 Subject: [PATCH 09/10] Incorporates Nick's review --- .../integrations/ingest-third-party-cloud-security-data.md | 5 ++--- solutions/security/cloud/integrations/qualys.md | 2 +- solutions/security/cloud/integrations/rapid7.md | 2 +- solutions/security/cloud/integrations/tenablevm.md | 2 +- 4 files changed, 5 insertions(+), 6 deletions(-) diff --git a/solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md b/solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md index 576805944c..19aade2172 100644 --- a/solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md +++ b/solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md @@ -27,10 +27,10 @@ You can ingest third-party cloud security alerts into {{elastic-sec}} to view th ## Ingest third-party security posture and vulnerability data [_ingest_third_party_security_posture_and_vulnerability_data] -You can ingest third-party data into {{elastic-sec}} to review and investigate it alongside data collected by {{elastic-sec}}'s native cloud security integrations. Once ingested, cloud security posture and vulnerability data appears on the [Findings](/solutions/security/cloud/findings-page.md) page, on the [Cloud Posture dashboard](/solutions/security/dashboards/cloud-security-posture-dashboard.md), and in the [entity details](/solutions/security/advanced-entity-analytics/view-entity-details.md#entity-details-flyout) and [alert details](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) flyouts. +You can ingest third-party data into {{elastic-sec}} to review and investigate it alongside data collected by {{elastic-sec}}'s native cloud security integrations. Once ingested, cloud security posture and vulnerability data appears on the [Findings](/solutions/security/cloud/findings-page.md) page and in the [entity details](/solutions/security/advanced-entity-analytics/view-entity-details.md#entity-details-flyout) and [alert details](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) flyouts. ::::{note} -Data from third-party integrations does not appear on the [CNVM dashboard](/solutions/security/cloud/cnvm-dashboard.md). +Data from third-party integrations does not appear on the [CNVM dashboard](/solutions/security/cloud/cnvm-dashboard.md) or the [Cloud Posture dashboard](/solutions/security/dashboards/cloud-security-posture-dashboard.md), :::: Data from each of the following integrations can feed into at least some of these workflows: @@ -38,7 +38,6 @@ Data from each of the following integrations can feed into at least some of thes * [AWS Config](/solutions/security/cloud/integrations/aws-config.md) * [AWS Inspector](/solutions/security/cloud/integrations/aws-inspector.md) * [AWS Security Hub](/solutions/security/cloud/integrations/aws-security-hub.md). -* [CNCF Falco](/solutions/security/cloud/integrations/cncf-falco.md) * [Google Security Command Center](/solutions/security/cloud/integrations/google-security-command-center.md) * [Microsoft Defender for Cloud](/solutions/security/cloud/integrations/microsoft-defender-for-cloud.md). * [Microsoft Defender for Endpoint](/solutions/security/cloud/integrations/microsoft-defender-for-endpoint.md). diff --git a/solutions/security/cloud/integrations/qualys.md b/solutions/security/cloud/integrations/qualys.md index 0c488b1054..02fca81c95 100644 --- a/solutions/security/cloud/integrations/qualys.md +++ b/solutions/security/cloud/integrations/qualys.md @@ -13,7 +13,7 @@ products: This page explains how to make data from the Qualys Vulnerability Management, Detection and Response integration (Qualys VMDR) appear in the following places within {{elastic-sec}}: - **Findings page**: Data appears on the [Vulnerabilities](/solutions/security/cloud/findings-page-3.md) tab. -- **Alert and Entity details flyouts**: Applicable data appears in the [Insights section](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section). +- **Alert and Entity details flyouts**: Data appears in the Insights section of the [Alert](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) and [Entity](/solutions/security/advanced-entity-analytics/view-entity-details.md#insights) details flyouts. In order for Qualys VMDR data to appear in these workflows: diff --git a/solutions/security/cloud/integrations/rapid7.md b/solutions/security/cloud/integrations/rapid7.md index 4271bf4777..a8c03ad3c4 100644 --- a/solutions/security/cloud/integrations/rapid7.md +++ b/solutions/security/cloud/integrations/rapid7.md @@ -13,7 +13,7 @@ products: This page explains how to make data from the Rapid7 InsightVM integration (Rapid7) appear in the following places within {{elastic-sec}}: - **Findings page**: Data appears on the [Vulnerabilities](/solutions/security/cloud/findings-page-3.md) tab. -- **Alert and Entity details flyouts**: Applicable data appears in the [Insights section](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section). +- **Alert and Entity details flyouts**: Data appears in the Insights section of the [Alert](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) and [Entity](/solutions/security/advanced-entity-analytics/view-entity-details.md#insights) details flyouts. In order for Rapid7 data to appear in these workflows: diff --git a/solutions/security/cloud/integrations/tenablevm.md b/solutions/security/cloud/integrations/tenablevm.md index 66df51d172..361eaf5e0e 100644 --- a/solutions/security/cloud/integrations/tenablevm.md +++ b/solutions/security/cloud/integrations/tenablevm.md @@ -13,7 +13,7 @@ products: This page explains how to make data from the Tenable Vulnerability Management integration (Tenable VM) appear in the following places within {{elastic-sec}}: - **Findings page**: Data appears on the [Vulnerabilities](/solutions/security/cloud/findings-page-3.md) tab. -- **Alert and Entity details flyouts**: Applicable data appears in the [Insights section](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section). +- **Alert and Entity details flyouts**: Data appears in the Insights section of the [Alert](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) and [Entity](/solutions/security/advanced-entity-analytics/view-entity-details.md#insights) details flyouts. In order for Tenable VM data to appear in these workflows: From bd412ad0e7b7a19985c82a4f289973fb25e07d53 Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> Date: Fri, 17 Oct 2025 12:09:57 -0700 Subject: [PATCH 10/10] Apply suggestions from code review Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> --- solutions/security/cloud/findings-page-3.md | 2 +- solutions/security/cloud/findings-page.md | 2 +- .../ingest-third-party-cloud-security-data.md | 18 +++++++++--------- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/solutions/security/cloud/findings-page-3.md b/solutions/security/cloud/findings-page-3.md index 353602afec..7ea4667f12 100644 --- a/solutions/security/cloud/findings-page-3.md +++ b/solutions/security/cloud/findings-page-3.md @@ -14,7 +14,7 @@ products: # View and manage CNVM vulnerabilities in Findings [security-vuln-management-findings] -The **Vulnerabilities** tab on the Findings page displays the vulnerabilities detected by the [CNVM integration](cloud-native-vulnerability-management.md), as well as those detected by [third-party integrations](integrations/ingest-third-party-cloud-security-data.md). +The **Vulnerabilities** tab on the **Findings** page displays the vulnerabilities detected by the [CNVM integration](cloud-native-vulnerability-management.md), as well as those detected by [third-party integrations](integrations/ingest-third-party-cloud-security-data.md). :::{image} /solutions/images/serverless--cloud-native-security-cnvm-findings-page.png :alt: The Vulnerabilities tab of the Findings page diff --git a/solutions/security/cloud/findings-page.md b/solutions/security/cloud/findings-page.md index 3c268884b2..2c919e52ec 100644 --- a/solutions/security/cloud/findings-page.md +++ b/solutions/security/cloud/findings-page.md @@ -18,7 +18,7 @@ products: $$$cspm-findings-page-filter-findings$$$ -The **Misconfigurations** tab on the Findings page displays the configuration risks identified by the [CSPM](/solutions/security/cloud/cloud-security-posture-management.md) and [KSPM](/solutions/security/cloud/kubernetes-security-posture-management.md) integrations, as well as data from [third-party integrations](/solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md). +The **Misconfigurations** tab on the **Findings** page displays the configuration risks identified by the [CSPM](/solutions/security/cloud/cloud-security-posture-management.md) and [KSPM](/solutions/security/cloud/kubernetes-security-posture-management.md) integrations, as well as data from [third-party integrations](/solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md). :::{image} /solutions/images/security-findings-page.png :alt: Findings page diff --git a/solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md b/solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md index 19aade2172..49646b3138 100644 --- a/solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md +++ b/solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md @@ -27,7 +27,7 @@ You can ingest third-party cloud security alerts into {{elastic-sec}} to view th ## Ingest third-party security posture and vulnerability data [_ingest_third_party_security_posture_and_vulnerability_data] -You can ingest third-party data into {{elastic-sec}} to review and investigate it alongside data collected by {{elastic-sec}}'s native cloud security integrations. Once ingested, cloud security posture and vulnerability data appears on the [Findings](/solutions/security/cloud/findings-page.md) page and in the [entity details](/solutions/security/advanced-entity-analytics/view-entity-details.md#entity-details-flyout) and [alert details](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) flyouts. +You can ingest third-party data into {{elastic-sec}} to review and investigate it alongside data collected by {{elastic-sec}}'s native cloud security integrations. Once ingested, cloud security posture and vulnerability data appears on the [**Findings**](/solutions/security/cloud/findings-page.md) page and in the [entity details](/solutions/security/advanced-entity-analytics/view-entity-details.md#entity-details-flyout) and [alert details](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) flyouts. ::::{note} Data from third-party integrations does not appear on the [CNVM dashboard](/solutions/security/cloud/cnvm-dashboard.md) or the [Cloud Posture dashboard](/solutions/security/dashboards/cloud-security-posture-dashboard.md), @@ -37,12 +37,12 @@ Data from each of the following integrations can feed into at least some of thes * [AWS Config](/solutions/security/cloud/integrations/aws-config.md) * [AWS Inspector](/solutions/security/cloud/integrations/aws-inspector.md) -* [AWS Security Hub](/solutions/security/cloud/integrations/aws-security-hub.md). +* [AWS Security Hub](/solutions/security/cloud/integrations/aws-security-hub.md) * [Google Security Command Center](/solutions/security/cloud/integrations/google-security-command-center.md) -* [Microsoft Defender for Cloud](/solutions/security/cloud/integrations/microsoft-defender-for-cloud.md). -* [Microsoft Defender for Endpoint](/solutions/security/cloud/integrations/microsoft-defender-for-endpoint.md). -* [Microsoft Defender XDR](/solutions/security/cloud/integrations/microsoft-defender-xdr.md). -* [Qualys VMDR](/solutions/security/cloud/integrations/qualys.md). -* [Rapid7 InsightVM](/solutions/security/cloud/integrations/rapid7.md). -* [Tenable VM](/solutions/security/cloud/integrations/tenablevm.md). -* [Wiz](/solutions/security/cloud/integrations/wiz.md). +* [Microsoft Defender for Cloud](/solutions/security/cloud/integrations/microsoft-defender-for-cloud.md) +* [Microsoft Defender for Endpoint](/solutions/security/cloud/integrations/microsoft-defender-for-endpoint.md) +* [Microsoft Defender XDR](/solutions/security/cloud/integrations/microsoft-defender-xdr.md) +* [Qualys VMDR](/solutions/security/cloud/integrations/qualys.md) +* [Rapid7 InsightVM](/solutions/security/cloud/integrations/rapid7.md) +* [Tenable VM](/solutions/security/cloud/integrations/tenablevm.md) +* [Wiz](/solutions/security/cloud/integrations/wiz.md)