Skip to content

[Docs migration] Cleans up getting started files - Pt. 2 #618

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 8 commits into from
Mar 3, 2025
Merged

[Docs migration] Cleans up getting started files - Pt. 2 #618

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
b683416
Sec reqs
nastasha-solomon Feb 27, 2025
097cf16
Merge branch 'main' into getting-started-pt2
nastasha-solomon Feb 27, 2025
82fb6cb
Merge branch 'main' into getting-started-pt2
nastasha-solomon Feb 27, 2025
3c689c1
Merge branch 'main' into getting-started-pt2
nastasha-solomon Feb 28, 2025
6e3e700
Merge branch 'main' into getting-started-pt2
nastasha-solomon Mar 2, 2025
a298c26
headers
nastasha-solomon Mar 2, 2025
71cbc5f
Nat's feedback
nastasha-solomon Mar 3, 2025
fb062ab
Merge branch 'main' into getting-started-pt2
nastasha-solomon Mar 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
50 changes: 0 additions & 50 deletions raw-migrated-files/docs-content/serverless/security-requirements-overview.md
View file
Open in desktop

This file was deleted.

1 change: 0 additions & 1 deletion raw-migrated-files/toc.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -235,7 +235,6 @@ toc:
- file: docs-content/serverless/security-prebuilt-rules-management.md
- file: docs-content/serverless/security-query-alert-indices.md
- file: docs-content/serverless/security-reduce-notifications-alerts.md
- file: docs-content/serverless/security-requirements-overview.md
- file: docs-content/serverless/security-response-actions-config.md
- file: docs-content/serverless/security-response-actions-history.md
- file: docs-content/serverless/security-response-actions.md
Expand Down
49 changes: 30 additions & 19 deletions solutions/security/get-started/elastic-security-requirements.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,59 +4,66 @@ mapped_urls:
- https://www.elastic.co/guide/en/serverless/current/security-requirements-overview.html
---

# Elastic Security requirements
# Elastic Security requirements [security-requirements-overview]

% What needs to be done: Align serverless/stateful
The [Support Matrix](https://www.elastic.co/support/matrix) page lists officially supported operating systems, platforms, and browsers on which components such as {{beats}}, {{agent}}, {{elastic-defend}}, and {{elastic-endpoint}} have been tested.

% Use migrated content from existing pages that map to this page:
## {{stack}} requirements [elastic-stack-requirements]

% - [x] ./raw-migrated-files/security-docs/security/sec-requirements.md
% - [ ] ./raw-migrated-files/docs-content/serverless/security-requirements-overview.md
```yaml {applies_to}
stack:
```

{{elastic-sec}} is an inbuilt part of {{kib}}. To use {{elastic-sec}}, you only need an {{stack}} deployment (an {{es}} cluster and {{kib}}).

{{ecloud}} offers all of the features of {{es}}, {{kib}}, and {{elastic-sec}} as a hosted service available on AWS, GCP, and Azure. To get started, sign up for a [free {{ecloud}} trial](https://cloud.elastic.co/registration?page=docs&placement=docs-body).

For information about installing and managing the {{stack}} yourself, see [Installing the {{stack}}](/get-started/the-stack.md).

The [Support Matrix](https://www.elastic.co/support/matrix) page lists officially supported operating systems, platforms, and browsers on which {{es}}, {{kib}}, {{beats}}, and Elastic Endpoint have been tested.
### Node role requirements [node-role-requirements]

```yaml {applies_to}
stack:
```

## Node role requirements [node-role-requirements]

To use Elastic Security, at least one node in your Elasticsearch cluster must have the [`transform` role](asciidocalypse://docs/elasticsearch/docs/reference/elasticsearch/configuration-reference/transforms-settings.md). Nodes are automatically given this role when they’re created, so changes are not required if default role settings remain the same. This applies to on-premise and cloud deployments.
To use {{elastic-sec}}, at least one node in your Elasticsearch cluster must have the [`transform` role](asciidocalypse://docs/elasticsearch/docs/reference/elasticsearch/configuration-reference/transforms-settings.md). Nodes are automatically given this role when they’re created, so changes are not required if default role settings remain the same. This applies to on-premise and cloud deployments.

Changes might be required if your nodes have customized roles. When updating node roles, nodes are only assigned the roles you specify, and default roles are removed. If you need to reassign the `transform` role to a node, [create a dedicated transform node](asciidocalypse://docs/elasticsearch/docs/reference/elasticsearch/configuration-reference/node-settings.md#transform-node).


## Space and index privileges [_space_and_index_privileges]


To use {{elastic-sec}}, your role must have at least:

* `Read` privilege for the `Security` feature in the [space](/deploy-manage/manage-spaces.md). This grants you `Read` access to all features in {{elastic-sec}} except cases. You need additional [minimum privileges](/solutions/security/investigate/cases-requirements.md) to use cases.
* `Read` and `view_index_metadata` privileges for all {{elastic-sec}} indices, such as `filebeat-*`, `packetbeat-*`, `logs-*`, and `endgame-*` indices.

::::{note}
[*Configure advanced settings*](/solutions/security/get-started/configure-advanced-settings.md) describes how to modify {{elastic-sec}} indices.
[Configure advanced settings](/solutions/security/get-started/configure-advanced-settings.md) describes how to modify {{elastic-sec}} indices.
::::


For more information about index privileges, refer to [{{es}} security privileges](/deploy-manage/users-roles/cluster-or-deployment-auth/elasticsearch-privileges.md).


## Feature-specific requirements [_feature_specific_requirements]
## Feature-specific requirements [security-requirements-overview-feature-specific-requirements]

There are some additional requirements for specific features:

* [*Detections requirements*](/solutions/security/detect-and-alert/detections-requirements.md)
* [Detections requirements](/solutions/security/detect-and-alert/detections-requirements.md)
* [Cases requirements](/solutions/security/investigate/cases-requirements.md)
* [Entity risk scoring requirements](/solutions/security/advanced-entity-analytics/entity-risk-scoring-requirements.md)
* [Machine learning job and rule requirements](/solutions/security/advanced-entity-analytics/machine-learning-job-rule-requirements.md)
* [*{{elastic-defend}} requirements*](/solutions/security/configure-elastic-defend/elastic-defend-requirements.md)
* [{{elastic-defend}} requirements](/solutions/security/configure-elastic-defend/elastic-defend-requirements.md)
* [Configure network map data](/solutions/security/explore/configure-network-map-data.md)


## License requirements [_license_requirements]
## License requirements [security-license-requirements]

```yaml {applies_to}
stack:
```

All features are available as part of the free Basic plan **except**:

Expand All @@ -67,22 +74,26 @@ All features are available as part of the free Basic plan **except**:
[Elastic Stack subscriptions](https://www.elastic.co/subscriptions) lists the required subscription plans for all features.


## Advanced configuration and UI options [_advanced_configuration_and_ui_options]
## Advanced configuration and UI options [security-requirements-overview-advanced-configuration-and-ui-options]

[*Configure advanced settings*](/solutions/security/get-started/configure-advanced-settings.md) describes how to modify advanced settings, such as the {{elastic-sec}} indices, default time intervals used in filters, and IP reputation links.
[Configure advanced settings](/solutions/security/get-started/configure-advanced-settings.md) describes how to modify advanced settings, such as the {{elastic-sec}} indices, default time intervals used in filters, and IP reputation links.


## Third-party collectors mapped to ECS [_third_party_collectors_mapped_to_ecs]
## Third-party collectors mapped to ECS [security-requirements-overview-third-party-collectors-mapped-to-ecs]

The [Elastic Common Schema (ECS)](https://www.elastic.co/guide/en/ecs/current) defines a common set of fields to be used for storing event data in Elasticsearch. ECS helps users normalize their event data to better analyze, visualize, and correlate the data represented in their events. {{elastic-sec}} can ingest and normalize events from any ECS-compliant data source.

::::{important}
{{elastic-sec}} requires [ECS-compliant data](https://www.elastic.co/guide/en/ecs/current). If you use third-party data collectors to ship data to {{es}}, the data must be mapped to ECS. [*Elastic Security ECS field reference*](asciidocalypse://docs/docs-content/docs/reference/security/fields-and-object-schemas/siem-field-reference.md) lists ECS fields used in {{elastic-sec}}.
{{elastic-sec}} requires [ECS-compliant data](https://www.elastic.co/guide/en/ecs/current). If you use third-party data collectors to ship data to {{es}}, the data must be mapped to ECS. [{{elastic-sec}} ECS field reference](asciidocalypse://docs/docs-content/docs/reference/security/fields-and-object-schemas/siem-field-reference.md) lists ECS fields used in {{elastic-sec}}.
::::



## Cross-cluster searches [_cross_cluster_searches]
## Cross-cluster searches [security-cross-cluster-searches]

```yaml {applies_to}
stack:
```

For information on how to perform cross-cluster searches on {{elastic-sec}} indices, see:

Expand Down