Updates to Security Get Started guides #3556
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
benironside
reviewed
Oct 21, 2025
| :::::{{step}} Choose your deployment type | ||
|
|
||
| To use {{elastic-sec}}, at minimum, you'll need to install {{es}} and {{kib}}—the core components of the {{stack}}. Elastic provides several self-managed or Elastic-managed installation options. For simplicity and speed, we recommend one of our [{{ecloud}}](/deploy-manage/deploy/elastic-cloud.md) options—either {{ech}} or {{serverless-full}}. However, if you prefer to install Elastic on your own infrastructure, you can deploy a [self-managed cluster](/deploy-manage/deploy/self-managed.md). Check out our [deployment types](/deploy-manage/deploy.md#choosing-your-deployment-type) to learn more. | ||
| Elastic provides several self-managed and Elastic-managed options. For simplicity and speed, we recommend [](./elastic-security-serverless.md), which enables you to run {{elastic-sec}} in fully managed environment so you don’t have to manage the underlying {{es}} cluster and {{kib}} instances. |
There was a problem hiding this comment.
Suggested change
| Elastic provides several self-managed and Elastic-managed options. For simplicity and speed, we recommend [](./elastic-security-serverless.md), which enables you to run {{elastic-sec}} in fully managed environment so you don’t have to manage the underlying {{es}} cluster and {{kib}} instances. | |
| Elastic provides several self-managed and Elastic-managed options. For simplicity and speed, we recommend [](./elastic-security-serverless.md), which enables you to run {{elastic-sec}} in a fully managed environment so you don’t have to manage the underlying {{es}} cluster and {{kib}} instances. |
| ::::{dropdown} Create an Elastic Security Serverless project | ||
|
|
||
| There are two options to create serverless projects: | ||
| - If you're a new user, [sign up for a free 14-day trial](https://cloud.elastic.co/serverless-registration) to create a serverless project. For more information about {{ecloud}} trials, check out [Trial information](/deploy-manage/deploy/elastic-cloud/create-an-organization.md#general-sign-up-trial-what-is-included-in-my-trial). |
There was a problem hiding this comment.
Suggested change
| - If you're a new user, [sign up for a free 14-day trial](https://cloud.elastic.co/serverless-registration) to create a serverless project. For more information about {{ecloud}} trials, check out [Trial information](/deploy-manage/deploy/elastic-cloud/create-an-organization.md#general-sign-up-trial-what-is-included-in-my-trial). | |
| - If you're a new user, [sign up for a free 14-day trial](https://cloud.elastic.co/serverless-registration). For more information about {{ecloud}} trials, check out [Trial information](/deploy-manage/deploy/elastic-cloud/create-an-organization.md#general-sign-up-trial-what-is-included-in-my-trial). |
Since the previous line said it too
|
|
||
|
|
||
| After you've deployed {{elastic-sec}}, the next step is to get data into the product before you can search, analyze, or use any visualization tools. The easiest way to get data into {{elastic-sec}} is through one of our [Security integrations](https://www.elastic.co/integrations/data-integrations?solution=security)—pre-packaged collections of assets that allows you to easily collect, store, and visualize any data from any source. You can add an integration directly from the **Get Started** page within the **Ingest your data** section. Choose from one of our recommended integrations, or select another tab to browse by category. Elastic also provides different [ingestion tools](../../manage-data/ingest/tools.md) to meet your infrastructure needs. | ||
| After you've deployed {{elastic-sec}}, the next step is to get data into the product before you can search, analyze, or use any visualization tools. The easiest way to get data into {{elastic-sec}} is through one of our integrations—a pre-packaged collection of assets that allows you to easily collect, store, and visualize any data from any source. You can add an integration directly from the **Get Started** page within the **Ingest your data** section: |
There was a problem hiding this comment.
Suggested change
| After you've deployed {{elastic-sec}}, the next step is to get data into the product before you can search, analyze, or use any visualization tools. The easiest way to get data into {{elastic-sec}} is through one of our integrations—a pre-packaged collection of assets that allows you to easily collect, store, and visualize any data from any source. You can add an integration directly from the **Get Started** page within the **Ingest your data** section: | |
| After you've deployed {{elastic-sec}}, the next step is to get data into the product before you can search, analyze, or use any visualization tools. The easiest way to get data into {{elastic-sec}} is through one of our hundreds of ready-made integrations. You can add an integration directly from the **Get Started** page within the **Ingest your data** section: |
I think "any data from any source" might be too strong a claim
| After you've deployed {{elastic-sec}}, the next step is to get data into the product before you can search, analyze, or use any visualization tools. The easiest way to get data into {{elastic-sec}} is through one of our [Security integrations](https://www.elastic.co/integrations/data-integrations?solution=security)—pre-packaged collections of assets that allows you to easily collect, store, and visualize any data from any source. You can add an integration directly from the **Get Started** page within the **Ingest your data** section. Choose from one of our recommended integrations, or select another tab to browse by category. Elastic also provides different [ingestion tools](../../manage-data/ingest/tools.md) to meet your infrastructure needs. | ||
| After you've deployed {{elastic-sec}}, the next step is to get data into the product before you can search, analyze, or use any visualization tools. The easiest way to get data into {{elastic-sec}} is through one of our integrations—a pre-packaged collection of assets that allows you to easily collect, store, and visualize any data from any source. You can add an integration directly from the **Get Started** page within the **Ingest your data** section: | ||
| 1. At the top of page, click **Set up Security**. | ||
| 2. In the Ingest your data section, click Add data with integrations. |
There was a problem hiding this comment.
Suggested change
| 2. In the Ingest your data section, click Add data with integrations. | |
| 2. In the Ingest your data section, click **Add data with integrations**. |
|
|
||
| :::{{tip}} | ||
| If you have data from a source that doesn't yet have an integration, you can use our [Automatic Import tool](/solutions/security/get-started/automatic-import.md). | ||
| If you have data from a source that doesn't yet have an integration, you can use our [Automatic Import tool](/solutions/security/get-started/automatic-import.md). |
There was a problem hiding this comment.
Suggested change
| If you have data from a source that doesn't yet have an integration, you can use our [Automatic Import tool](/solutions/security/get-started/automatic-import.md). | |
| If you have data from a source that doesn't yet have an integration, you can use [Automatic Import](/solutions/security/get-started/automatic-import.md) to create one using AI. |
|
|
||
| To learn how to view and manage all detection rules, refer to [Manage detection rules](/solutions/security/detect-and-alert/manage-detection-rules.md). | ||
| ::::{tip} | ||
| {{elastic-sec}} regularly updates prebuilt rules to ensure they detect the latest threats. However, you must manually update these rules with the latest version. To learn how to do this, refer to [Update prebuilt rules](/solutions/security/detect-and-alert/install-manage-elastic-prebuilt-rules.md#update-prebuilt-rules). To learn how to view and manage all detection rules, refer to [Manage detection rules](/solutions/security/detect-and-alert/manage-detection-rules.md). |
There was a problem hiding this comment.
Suggested change
| {{elastic-sec}} regularly updates prebuilt rules to ensure they detect the latest threats. However, you must manually update these rules with the latest version. To learn how to do this, refer to [Update prebuilt rules](/solutions/security/detect-and-alert/install-manage-elastic-prebuilt-rules.md#update-prebuilt-rules). To learn how to view and manage all detection rules, refer to [Manage detection rules](/solutions/security/detect-and-alert/manage-detection-rules.md). | |
| {{elastic-sec}} regularly updates prebuilt rules to ensure they detect the latest threats. However, you must manually update these rules to the latest version. To learn how to do this, refer to [Update prebuilt rules](/solutions/security/detect-and-alert/install-manage-elastic-prebuilt-rules.md#update-prebuilt-rules). To learn how to view and manage all detection rules, refer to [Manage detection rules](/solutions/security/detect-and-alert/manage-detection-rules.md). |
| * Access to an {{sec-serverless}} project. If you don't have one yet, refer to [Create a Security project](/solutions/security/get-started/create-security-project.md) to learn how to create one. | ||
| * Ensure you have the appropriate [{{elastic-defend}} feature privileges](/solutions/security/configure-elastic-defend/elastic-defend-feature-privileges.md). | ||
| * Ensure you have the appropriate user role to configure an integration policy and access the **Endpoints** page. | ||
| * You can follow this guide using any deployment. To get up and running quickly, we recommend [](/solutions/security/elastic-security-serverless.md) with the **Security Analytics Complete** [feature tier](/deploy-manage/deploy/elastic-cloud/project-settings.md#elastic-sec-project-features). To see all deployment options, refer to [](/deploy-manage/deploy.md#choosing-your-deployment-type). |
There was a problem hiding this comment.
Suggested change
| * You can follow this guide using any deployment. To get up and running quickly, we recommend [](/solutions/security/elastic-security-serverless.md) with the **Security Analytics Complete** [feature tier](/deploy-manage/deploy/elastic-cloud/project-settings.md#elastic-sec-project-features). To see all deployment options, refer to [](/deploy-manage/deploy.md#choosing-your-deployment-type). | |
| * You can follow this guide using any deployment. To get up and running quickly, we recommend [](/solutions/security/elastic-security-serverless.md) with the **Security Analytics Complete** [feature tier](/deploy-manage/deploy/elastic-cloud/project-settings.md#elastic-sec-project-features). For an exhaustive list of deployment options, refer to [](/deploy-manage/deploy.md#choosing-your-deployment-type). |
| * Ensure you have the appropriate [{{elastic-defend}} feature privileges](/solutions/security/configure-elastic-defend/elastic-defend-feature-privileges.md). | ||
| * Ensure you have the appropriate user role to configure an integration policy and access the **Endpoints** page. | ||
| * You can follow this guide using any deployment. To get up and running quickly, we recommend [](/solutions/security/elastic-security-serverless.md) with the **Security Analytics Complete** [feature tier](/deploy-manage/deploy/elastic-cloud/project-settings.md#elastic-sec-project-features). To see all deployment options, refer to [](/deploy-manage/deploy.md#choosing-your-deployment-type). | ||
| * Ensure you have the minimum system requirements to install {{elastic-defend}}. Refer to [](/solutions/security/configure-elastic-defend/elastic-defend-requirements.md) for more information. |
There was a problem hiding this comment.
Suggested change
| * Ensure you have the minimum system requirements to install {{elastic-defend}}. Refer to [](/solutions/security/configure-elastic-defend/elastic-defend-requirements.md) for more information. | |
| * Ensure you have the minimum [system requirements](/solutions/security/configure-elastic-defend/elastic-defend-requirements.md) to install {{elastic-defend}}. |
| * Ensure you have the appropriate user role to configure an integration policy and access the **Endpoints** page. | ||
| * You can follow this guide using any deployment. To get up and running quickly, we recommend [](/solutions/security/elastic-security-serverless.md) with the **Security Analytics Complete** [feature tier](/deploy-manage/deploy/elastic-cloud/project-settings.md#elastic-sec-project-features). To see all deployment options, refer to [](/deploy-manage/deploy.md#choosing-your-deployment-type). | ||
| * Ensure you have the minimum system requirements to install {{elastic-defend}}. Refer to [](/solutions/security/configure-elastic-defend/elastic-defend-requirements.md) for more information. | ||
| * Ensure you grant the appropriate [{{elastic-defend}} sub-feature privileges](/solutions/security/configure-elastic-defend/elastic-defend-feature-privileges.md). We recommend granting them all, but at minimum, you need `All` access for the **Endpoint List** and **Elastic Defend Policy Management** sub-features. |
There was a problem hiding this comment.
Suggested change
| * Ensure you grant the appropriate [{{elastic-defend}} sub-feature privileges](/solutions/security/configure-elastic-defend/elastic-defend-feature-privileges.md). We recommend granting them all, but at minimum, you need `All` access for the **Endpoint List** and **Elastic Defend Policy Management** sub-features. | |
| * Ensure you grant the appropriate [{{elastic-defend}} sub-feature privileges](/solutions/security/configure-elastic-defend/elastic-defend-feature-privileges.md). We recommend granting them all, but you need at least `All` access for the **Endpoint List** and **Elastic Defend Policy Management** sub-features. |
|
|
||
| ## Manage endpoints | ||
| Now that you've got endpoint protection enabled, it's important not only to monitor your environment for alerts, but to manage your hosts to ensure they're healthy and have all appropriate security settings. | ||
| Now that you've got endpoint protection turned on, it's important not only to monitor your environment for alerts, but to manage your hosts to ensure they're healthy and have all appropriate security settings. |
There was a problem hiding this comment.
Suggested change
| Now that you've got endpoint protection turned on, it's important not only to monitor your environment for alerts, but to manage your hosts to ensure they're healthy and have all appropriate security settings. | |
| Now that you've turned on endpoint protection, it's important not only to monitor your environment for alerts, but to manage your hosts to ensure they're healthy and have all appropriate security settings. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Makes some enhancements to the Security GS guides.