Merge branch 'main' into 41-remove-tech-preview-badges

Author: joepeeples

.backportrc.json

@@ -1,5 +1,5 @@
 {
   "upstream": "elastic/security-docs",
-  "branches": ["8.x", "8.15", "8.14", "8.13", "8.12", "8.11", "8.10", "8.9", "8.8", "8.7", "8.6", "8.5", "8.4", "8.3", "8.2", "8.1", "8.0", "7.17", "7.16", "7.15", "7.14", "7.13", "7.12", "7.11", "7.10", "7.9", "7.8"],
+  "branches": ["8.x", "8.16", "8.15", "8.14", "8.13", "8.12", "8.11", "8.10", "8.9", "8.8", "8.7", "8.6", "8.5", "8.4", "8.3", "8.2", "8.1", "8.0", "7.17", "7.16", "7.15", "7.14", "7.13", "7.12", "7.11", "7.10", "7.9", "7.8"],
   "labels": ["backport"]
 }

.mergify.yml

@@ -13,6 +13,33 @@ pull_request_rules:
             git merge upstream/{{base}}
             git push upstream {{head}}
             ```
+  - name: backport patches to main branch
+    conditions:
+      - merged
+      - label=backport-main
+    actions:
+      backport:
+        assignees:
+          - "{{ author }}"
+        labels:
+          - "backport"
+        branches:
+          - "main"
+        title: "[{{ destination_branch }}] {{ title }} (backport #{{ number }})"
+  - name: backport patches to 8.17 branch
+    conditions:
+      - merged
+      - base=main
+      - label=v8.17.0
+    actions:
+      backport:
+        assignees:
+          - "{{ author }}"
+        branches:
+          - "8.x"
+        title: "[{{ destination_branch }}] {{ title }} (backport #{{ number }})"
+        labels:
+          - backport
   - name: backport patches to 8.16 branch
     conditions:
       - merged
@@ -23,7 +50,7 @@ pull_request_rules:
         assignees:
           - "{{ author }}"
         branches:
-          - "8.x"
+          - "8.16"
         title: "[{{ destination_branch }}] {{ title }} (backport #{{ number }})"
         labels:
           - backport

README.md

@@ -9,36 +9,32 @@ Documentation Manager: Janeen Roberts (Github: `@jmikell821`)
 
 ## Contributing to Elastic Security docs
 
-You can open an issue using the appropriate [template](https://github.com/elastic/security-docs/issues/new/choose). 
+You can open an issue using the appropriate [template](https://github.com/elastic/security-docs/issues/new/choose).
 
 > [!NOTE]
-> Please report any **known issues** that need to be documented by creating an issue in our [private repo](https://github.com/elastic/security-docs-internal/issues) using the known issue template. 
+> Please report any **known issues** that need to be documented by creating an issue in our [private repo](https://github.com/elastic/security-docs-internal/issues) using the known issue template.
 
 To contribute directly to Elastic Security documentation:
 
-1. Please fork and clone the `security-docs` repo. 
-1. Check out the `main` branch and fetch the latest changes. 
-1. Check out a new branch and make your changes. 
-1. Save your changes and open a pull request. 
-1. Add all appropriate Github users as reviewers.  
-1. Add the appropriate release version label, backport version label if appropriate, and team label to the PR. 
-1. If your PR changes any [serverless docs content](https://github.com/elastic/security-docs/tree/main/docs/serverless), add the label `ci:doc-build` to generate a preview of the serverless docs on the PR.
-1. Once the docs team approves all changes, you can merge it. If a backport version label was added to a PR for stack versions 7.14.0 and newer, mergify will automatically open a backport PR. 
-1. Merge the backport PR once it passes all CI checks. 
+1. Please fork and clone the `security-docs` repo.
+1. Check out the `main` branch and fetch the latest changes.
+1. Check out a new branch and make your changes.
+1. Save your changes and open a pull request.
+1. Add all appropriate Github users as reviewers.
+1. Add the appropriate release version label, backport version label if appropriate, and team label to the PR.
+1. Once the docs team approves all changes, you can merge it. If a backport version label was added to a PR for stack versions 7.14.0 and newer, mergify will automatically open a backport PR.
+1. Merge the backport PR once it passes all CI checks.
 
 ### Preview documentation changes
 
 When you open a pull request, preview links are automatically added as a comment in the PR. Once the CI check builds successfully, the links will be live and you can click them to preview your changes.
 
-For stateful docs, you also might want to add targeted links to help reviewers find specific pages related to your PR. Preview URLs include the following pattern (replace `<YOUR_PR_NUMBER_HERE>` with the PR number):
+You also might want to add targeted links to help reviewers find specific pages related to your PR. Preview URLs include the following pattern (replace `<YOUR_PR_NUMBER_HERE>` with the PR number):
 
 ```
 https://security-docs_bk_<YOUR_PR_NUMBER_HERE>.docs-preview.app.elstc.co/guide/en/security/master/
 ```
 
-> [!NOTE]
-> Serverless docs previews don't allow targeted links, because the id in the URL changes with each rebuild.
-
 ## License
 
 Shield: [![CC BY-NC-ND 4.0][cc-by-nc-nd-shield]][cc-by-nc-nd]

docs/AI-for-security/attack-discovery.asciidoc

@@ -45,10 +45,10 @@ When you access Attack discovery for the first time, you'll need to select an LL
 .Recommended models
 [sidebar]
 --
-While Attack discovery is compatible with many different models, our testing found increased performance with Claude 3 Sonnet and Claude 3 Opus. In general, models with larger context windows are more effective for Attack discovery.
+While Attack discovery is compatible with many different models, our testing found increased performance with Claude 3.5 Sonnet. In general, models with larger context windows are more effective for Attack discovery.
 --
 +
-image::images/select-model-empty-state.png[]
+image::images/attck-disc-select-model-empty-state.png[]
 +
 . Once you've selected a connector, click **Generate** to start the analysis.
 

docs/AI-for-security/connect-to-byo.asciidoc

@@ -180,10 +180,11 @@ Finally, configure the connector:
 1. Log in to your Elastic deployment.
 2. Navigate to **Stack Management → Connectors → Create Connector → OpenAI**. The OpenAI connector enables this use case because LM Studio uses the OpenAI SDK.
 3. Name your connector to help keep track of the model version you are using.
-4. Under **URL**, enter the domain name specified in your Nginx configuration file, followed by `/v1/chat/completions`.
-5. Under **Default model**, enter `local-model`.
-6. Under **API key**, enter the secret token specified in your Nginx configuration file.
-7. Click **Save**.
+4. Under **Select an OpenAI provider**, select **Other (OpenAI Compatible Service)**.
+5. Under **URL**, enter the domain name specified in your Nginx configuration file, followed by `/v1/chat/completions`.
+6. Under **Default model**, enter `local-model`.
+7. Under **API key**, enter the secret token specified in your Nginx configuration file.
+8. Click **Save**.
 
 image::images/lms-edit-connector.png[The Edit connector page in the {security-app}, with appropriate values populated]
 

docs/AI-for-security/images/attck-disc-select-model-empty-state.png

@@ -8,4 +8,4 @@
 For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-entity-analytics-api[Entity Analytics APIs].
 --
 
-You can manage <<asset-criticality, asset criticality>> records through the API. To use this API, you must first turn on the `securitySolution:enableAssetCriticality` <<enable-asset-criticality, advanced setting>>.
+You can manage <<asset-criticality, asset criticality>> records through the API.

docs/AI-for-security/images/lms-edit-connector.png

@@ -4,12 +4,7 @@
 .Requirements
 [sidebar]
 --
-To view and assign asset criticality, you must:
-
-* Have the appropriate user role.
-* Turn on the `securitySolution:enableAssetCriticality` <<enable-asset-criticality, advanced setting>>.
-
-For more information, refer to <<ers-requirements, Entity risk scoring prerequisites>>.
+To view and assign asset criticality, you must have the appropriate user role. For more information, refer to <<ers-requirements, Entity risk scoring prerequisites>>.
 --
 
 The asset criticality feature allows you to classify your organization's entities based on various operational factors that are important to your organization. Through this classification, you can improve your threat detection capabilities by focusing your alert triage, threat-hunting, and investigation activities on high-impact entities.
@@ -30,7 +25,7 @@ Entities do not have a default asset criticality level. You can either assign as
 
 When you assign, change, or unassign an individual entity's asset criticality level, that entity's risk score is immediately recalculated.
 
-NOTE: If you assign asset criticality using the file import feature, risk scores are **not** immediately recalculated. The newly assigned or updated asset criticality levels will impact entity risk scores during the next hourly risk scoring calculation.
+NOTE: If you assign asset criticality using the file import feature, risk scores are **not** immediately recalculated. However, you can trigger an immediate recalculation by clicking **Recalculate entity risk scores now**. Otherwise, the newly assigned or updated asset criticality levels will be factored in during the next hourly risk scoring calculation.
 
 You can view, assign, change, or unassign asset criticality from the following places in the {elastic-sec} app:
 
@@ -78,13 +73,15 @@ host,host-001,extreme_impact
 
 To import a file:
 
-. Go to **Manage** → **Asset criticality**.
+. Find **Entity Store** in the main menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
 . Select or drag and drop the file you want to import.
 +
 NOTE: The file validation step highlights any lines that don't follow the required file structure. The asset criticality levels for those entities won't be assigned. We recommend that you fix any invalid lines and re-upload the file.
 . Click **Assign**. 
 
-This process overwrites any previously assigned asset criticality levels for the entities included in the imported file. The newly assigned or updated asset criticality levels are immediately visible within all asset criticality workflows and will impact entity risk scores during the next risk scoring calculation.
+This process overwrites any previously assigned asset criticality levels for the entities included in the imported file. The newly assigned or updated asset criticality levels are immediately visible within all asset criticality workflows.
+
+You can trigger an immediate recalculation of entity risk scores by clicking **Recalculate entity risk scores now**. Otherwise, the newly assigned or updated asset criticality levels will be factored in during the next hourly risk scoring calculation.
 
 [discrete]
 == Improve your security operations