Nav changes for "Manage Elastic Defend" and "Endpoint response actions" sections (#6073)

joepeeples · nastasha-solomon · web-flow · commit 5f71cc157e32 · 2024-11-11T16:31:20.000-05:00
* Update "Trusted applications"

* Update "Event filters"

* Update "Host isolation exceptions"

* Update "Blocklist"

* Update "Isolate a host"

* Update "Response actions history"

* Update "Configure third-party response actions"

* Fix "Configure third-party response actions"

* Apply suggestions from Nastasha's review

Co-authored-by: Nastasha Solomon &lt;79124755+nastasha-solomon@users.noreply.github.com&gt;

* Revise to "navigation menu"

---------

Co-authored-by: Nastasha Solomon &lt;79124755+nastasha-solomon@users.noreply.github.com&gt;
diff --git a/docs/management/admin/blocklist.asciidoc b/docs/management/admin/blocklist.asciidoc
@@ -16,7 +16,7 @@ The blocklist is not intended to broadly block benign applications for non-secur
 
 By default, a blocklist entry is recognized globally across all hosts running {elastic-defend}. If you have a https://www.elastic.co/pricing[Platinum or Enterprise subscription], you can also assign a blocklist entry to specific {elastic-defend} integration policies, which blocks the process only on hosts assigned to that policy.
 
-. Go to **Manage** -> **Blocklist**.
+. Find **Blocklist** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
 
 . Click **Add blocklist entry**. The **Add blocklist** flyout appears.
 
@@ -49,7 +49,7 @@ NOTE: You can also select the `Per Policy` option without immediately assigning
 . Click **Add blocklist**. The new entry is added to the **Blocklist** page.
 
 . When you're done adding entries to the blocklist, ensure that the blocklist is enabled for the {elastic-defend} integration policies that you just assigned:
-.. Go to **Manage** -> **Policies**, then click on an integration policy.
+.. Go to the **Policies** page, then click on an integration policy.
 .. On the **Policy settings** tab, ensure that the **Malware protections** and **Blocklist** toggles are switched on. Both settings are enabled by default.
 
 [discrete]
diff --git a/docs/management/admin/event-filters.asciidoc b/docs/management/admin/event-filters.asciidoc
@@ -22,7 +22,6 @@ Create event filters from the Hosts page or the Event filters page.
 +
 --
 * To create an event filter from the Hosts page:
-.. Go to *Explore* -> *Hosts*.
 .. Select the *Events* tab to view the Events table.
 +
 .. Find the event to filter, click the *More actions* menu (*...*), then select *Add Endpoint event filter*.
@@ -31,8 +30,7 @@ TIP: Since you can only create filters for endpoint events, be sure to filter th
 For example, in the KQL search bar, enter the following query to find endpoint network events: `event.dataset : endpoint.events.network`.
 
 * To create an event filter from the Event filters page:
-.. Go to *Manage* -> *Event filters*.
-.. Click *Add event filter*. The *Add event filter* flyout opens.
+.. Cick *Add event filter*, which opens a flyout.
 --
 +
 [role="screenshot"]
diff --git a/docs/management/admin/host-isolation-exceptions.asciidoc b/docs/management/admin/host-isolation-exceptions.asciidoc
@@ -21,7 +21,7 @@ You must have the *Host Isolation Exceptions* <<endpoint-management-req,privileg
 
 Host isolation is a https://www.elastic.co/pricing[Platinum or Enterprise subscription] feature. By default, a host isolation exception is recognized globally across all hosts running {elastic-defend}. You can also assign a host isolation exception to a specific {elastic-defend} integration policy, affecting only the hosts assigned to that policy.
 
-. Go to **Manage** -> **Host isolation exceptions**.
+. Find **Host isolation exceptions** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
 . Click **Add Host isolation exception**.
 . Fill in these fields in the **Add Host isolation exception** flyout:
 .. `Name your host isolation exceptions`: Enter a name to identify the host isolation exception.
diff --git a/docs/management/admin/host-isolation-ov.asciidoc b/docs/management/admin/host-isolation-ov.asciidoc
@@ -55,7 +55,7 @@ All actions executed on a host are tracked in the host’s response actions hist
 .Isolate a host from an endpoint
 [%collapsible]
 ====
-. Go to *Manage -> Endpoints*, then either:
+. Find **Endpoints** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], then either:
     * Select the appropriate endpoint in the *Endpoint* column, and click *Take action -> Isolate host* in the endpoint details flyout.
     * Click the *Actions* menu (*...*) on the appropriate endpoint, then select *Isolate host*.
 . Enter a comment describing why you’re isolating the host (optional).
@@ -112,7 +112,7 @@ image::images/host-isolated-notif.png[Host isolated notification message,350]
 .Release a host from an endpoint
 [%collapsible]
 ====
-. Go to *Manage -> Endpoints*, then either:
+. Find **Endpoints** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], then either:
     * Select the appropriate endpoint in the *Endpoint* column, and click *Take action -> Release host* in the endpoint details flyout.
     * Click the *Actions* menu (*...*) on the appropriate endpoint, then select *Release host*.
 . Enter a comment describing why you're releasing the host (optional).
@@ -142,7 +142,7 @@ image::images/host-released-notif.png[Host released notification message,350]
 
 To confirm if a host has been successfully isolated or released, check the response actions history, which logs the response actions performed on a host.
 
-Go to *Manage* -> *Endpoints*, click an endpoint's name, then click the *Response action history* tab. You can filter the information displayed in this view. Refer to <<response-actions-history>> for more details.
+Go to the *Endpoints* page, click an endpoint's name, then click the *Response action history* tab. You can filter the information displayed in this view. Refer to <<response-actions-history>> for more details.
 
 [role="screenshot"]
 image::images/response-actions-history-endpoint-details.png[Response actions history page UI,75%]
diff --git a/docs/management/admin/response-actions-config.asciidoc b/docs/management/admin/response-actions-config.asciidoc
@@ -51,7 +51,7 @@ Expand a section below for your endpoint security system:
 . **Install the CrowdStrike integration and {agent}.** Elastic's {integrations-docs}/crowdstrike[CrowdStrike integration]
  collects and ingests logs into {elastic-sec}.
 +
-.. Go to **Integrations**, search for and select **CrowdStrike**, then select **Add CrowdStrike**.
+.. Find **Integrations** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], search for and select **CrowdStrike**, then select **Add CrowdStrike**.
 .. Configure the integration with an **Integration name** and optional **Description**.
 .. Select **Collect CrowdStrike logs via API**, and enter the required **Settings**:
    - **Client ID**: Client ID for the API client used to read CrowdStrike data.
@@ -66,7 +66,7 @@ Expand a section below for your endpoint security system:
 +
 IMPORTANT: Do not create more than one CrowdStrike connector.
 +
-.. Go to **Stack Management** → **Connectors**, then select **Create connector**.
+.. Find **Connectors** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], then select **Create connector**.
 .. Select the CrowdStrike connector.
 .. Enter the configuration information:
    - **Connector name**: A name to identify the connector.
@@ -100,7 +100,7 @@ Refer to the {integrations-docs}/sentinel_one[SentinelOne integration docs] or S
 
 . **Install the SentinelOne integration and {agent}.** Elastic's {integrations-docs}/sentinel_one[SentinelOne integration] collects and ingests logs into {elastic-sec}.
 +
-.. Go to **Integrations**, search for and select **SentinelOne**, then select **Add SentinelOne**.
+.. Find **Integrations** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], search for and select **SentinelOne**, then select **Add SentinelOne**.
 .. Configure the integration with an **Integration name** and optional **Description**.
 .. Ensure that **Collect SentinelOne logs via API** is selected, and enter the required **Settings**:
    - **URL**: The SentinelOne console URL.
@@ -113,7 +113,7 @@ Refer to the {integrations-docs}/sentinel_one[SentinelOne integration docs] or S
 +
 IMPORTANT: Do not create more than one SentinelOne connector.
 
-.. Go to **Stack Management** → **Connectors**, then select **Create connector**.
+.. Find **Connectors** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], then select **Create connector**.
 .. Select the **SentinelOne** connector.
 .. Enter the configuration information:
    - **Connector name**: A name to identify the connector.
diff --git a/docs/management/admin/response-actions-history.asciidoc b/docs/management/admin/response-actions-history.asciidoc
@@ -14,7 +14,7 @@
 You must have the *Response Actions History* <<endpoint-management-req,privilege>> to access this feature.
 --
 
-To access the response actions history for all endpoints, go to *Manage* -> *Response actions history*. You can also access the response actions history for an individual endpoint from these areas:
+To access the response actions history for all endpoints, find **Response actions history** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]. You can also access the response actions history for an individual endpoint from these areas:
 
 * *Endpoints* page: Click an endpoint's name to open the details flyout, then click the *Response actions history* tab.
 * *Response console* page: Click the *Response actions history* button.
diff --git a/docs/management/admin/trusted-apps.asciidoc b/docs/management/admin/trusted-apps.asciidoc
@@ -22,7 +22,7 @@ By default, a trusted application is recognized globally across all hosts runnin
 
 To add a trusted application:
 
-. Go to *Manage* -> *Trusted applications*.
+. Find **Trusted applications** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
 
 . Click *Add trusted application*.
 
diff --git a/docs/serverless/edr-manage/blocklist.asciidoc b/docs/serverless/edr-manage/blocklist.asciidoc
@@ -5,7 +5,7 @@
 
 preview:[]
 
-The blocklist (**Assets** → **Blocklist**) allows you to prevent specified applications from running on hosts, extending the list of processes that {elastic-defend} considers malicious. This helps ensure that known malicious processes aren't accidentally executed by end users.
+The blocklist allows you to prevent specified applications from running on hosts, extending the list of processes that {elastic-defend} considers malicious. This helps ensure that known malicious processes aren't accidentally executed by end users.
 
 The blocklist is not intended to broadly block benign applications for non-security reasons; only use it to block potentially harmful applications. To compare the blocklist with other endpoint artifacts, refer to <<security-optimize-edr>>.
 
@@ -22,7 +22,7 @@ The blocklist is not intended to broadly block benign applications for non-secur
 
 By default, a blocklist entry is recognized globally across all hosts running {elastic-defend}. You can also assign a blocklist entry to specific {elastic-defend} integration policies, which blocks the process only on hosts assigned to that policy.
 
-. Go to **Assets** → **Blocklist**.
+. Find **Blocklist** in the navigation menu or use the global search field.
 . Click **Add blocklist entry**. The **Add blocklist** flyout appears.
 . Fill in these fields in the **Details** section:
 +
@@ -60,14 +60,14 @@ You can also select the `Per Policy` option without immediately assigning a poli
 . Click **Add blocklist**. The new entry is added to the **Blocklist** page.
 . When you're done adding entries to the blocklist, ensure that the blocklist is enabled for the {elastic-defend} integration policies that you just assigned:
 +
-.. Go to **Assets** → **Policies**, then click on an integration policy.
+.. Go to the **Policies** page, then click on an integration policy.
 .. On the **Policy settings** tab, ensure that the **Malware protections** and **Blocklist** toggles are switched on. Both settings are enabled by default.
 
 [discrete]
 [[manage-blocklist]]
 == View and manage the blocklist
 
-The **Blocklist** page (**Assets** → **Blocklist**) displays all the blocklist entries that have been added to the {security-app}. To refine the list, use the search bar to search by name, description, or field value.
+The **Blocklist** page displays all the blocklist entries that have been added to the {security-app}. To refine the list, use the search bar to search by name, description, or field value.
 
 [role="screenshot"]
 image::images/blocklist/-management-admin-blocklist.png[]
diff --git a/docs/serverless/edr-manage/event-filters.asciidoc b/docs/serverless/edr-manage/event-filters.asciidoc
@@ -5,7 +5,7 @@
 
 preview:[]
 
-Event filters (**Assets** → **Event filters**) allow you to filter out endpoint events that you don't want stored in {es} — for example, high-volume events. By creating event filters, you can optimize your storage in {es}.
+Event filters allow you to filter out endpoint events that you don't want stored in {es} — for example, high-volume events. By creating event filters, you can optimize your storage in {es}.
 
 Event filters do not lower CPU usage on hosts; {elastic-endpoint} still monitors events to detect and prevent possible threats, but without writing event data to {es}. To compare event filters with other endpoint artifacts, refer to <<security-optimize-edr>>.
 
@@ -32,7 +32,6 @@ Create event filters from the Hosts page or the Event filters page.
 +
 ** To create an event filter from the Hosts page:
 +
-... Go to **Explore** → **Hosts**.
 ... Select the **Events** tab to view the Events table.
 ... Find the event to filter, click the **More actions** menu (image:images/icons/boxesHorizontal.svg[More actions menu icon]), then select **Add Endpoint event filter**.
 +
@@ -43,8 +42,7 @@ For example, in the KQL search bar, enter the following query to find endpoint n
 ====
 ** To create an event filter from the Event filters page:
 +
-... Go to **Assets** → **Event filters**.
-... Click **Add event filter**. The **Add event filter** flyout opens.
+... Click **Add event filter**, which opens a flyout.
 +
 [role="screenshot"]
 image::images/event-filters/-management-admin-event-filter.png[]
diff --git a/docs/serverless/edr-manage/host-isolation-exceptions.asciidoc b/docs/serverless/edr-manage/host-isolation-exceptions.asciidoc
@@ -5,7 +5,7 @@
 
 preview:[]
 
-You can configure host isolation exceptions (**Assets** → **Host isolation exceptions**) for specific IP addresses that <<security-isolate-host,isolated hosts>> are still allowed to communicate with, even when blocked from the rest of your network. Isolated hosts can still send data to {elastic-sec}, so you don't need to set up host isolation exceptions for them.
+You can configure host isolation exceptions for specific IP addresses that <<security-isolate-host,isolated hosts>> are still allowed to communicate with, even when blocked from the rest of your network. Isolated hosts can still send data to {elastic-sec}, so you don't need to set up host isolation exceptions for them.
 
 Host isolation exceptions support IPv4 addresses, with optional classless inter-domain routing (CIDR) notation.
 
@@ -27,7 +27,7 @@ You must have the appropriate user role to use this feature.
 
 Host isolation requires the Endpoint Protection Complete <<elasticsearch-manage-project,project feature>>. By default, a host isolation exception is recognized globally across all hosts running {elastic-defend}. You can also assign a host isolation exception to a specific {elastic-defend} integration policy, affecting only the hosts assigned to that policy.
 
-. Go to **Assets** → **Host isolation exceptions**.
+. Find **Host isolation exceptions** in the navigation menu or use the global search field.
 . Click **Add Host isolation exception**.
 . Fill in these fields in the **Add Host isolation exception** flyout:
 +
diff --git a/docs/serverless/edr-manage/trusted-apps-ov.asciidoc b/docs/serverless/edr-manage/trusted-apps-ov.asciidoc
@@ -10,7 +10,7 @@ preview:[]
 If you use {elastic-defend} along with other antivirus (AV) software, you might need to configure the other system to trust {elastic-endpoint}. Refer to <<security-allowlist-endpoint>> for more information.
 ====
 
-On the **Trusted applications** page (**Assets** → **Trusted applications**), you can add Windows, macOS, and Linux applications that should be trusted, such as other antivirus or endpoint security applications. Trusted applications are designed to help mitigate performance issues and incompatibilities with other endpoint software installed on your hosts. Trusted applications apply only to hosts running the {elastic-defend} integration.
+You can add Windows, macOS, and Linux applications that should be trusted, such as other antivirus or endpoint security applications. Trusted applications are designed to help mitigate performance issues and incompatibilities with other endpoint software installed on your hosts. Trusted applications apply only to hosts running the {elastic-defend} integration.
 
 .Requirements
 [NOTE]
@@ -32,7 +32,7 @@ By default, a trusted application is recognized globally across all hosts runnin
 
 To add a trusted application:
 
-. Go to **Manage** → **Trusted applications**.
+. Find **Trusted applications** in the navigation menu or use the global search field.
 . Click **Add trusted application**.
 . Fill in the following fields in the **Add trusted application** flyout:
 +
diff --git a/docs/serverless/endpoint-response-actions/host-isolation-ov.asciidoc b/docs/serverless/endpoint-response-actions/host-isolation-ov.asciidoc
@@ -55,7 +55,7 @@ All actions executed on a host are tracked in the host’s response actions hist
 .Isolate a host from an endpoint
 [%collapsible]
 =====
-. Go to **Assets → Endpoints**, then either:
+. Find **Endpoints** in the navigation menu or use the global search field, then either:
 +
 ** Select the appropriate endpoint in the **Endpoint** column, and click **Take action → Isolate host** in the endpoint details flyout.
 ** Click the **Actions** menu (_..._) on the appropriate endpoint, then select **Isolate host**.
@@ -124,7 +124,7 @@ image::images/host-isolation-ov/-management-admin-host-isolated-notif.png[Host i
 .Release a host from an endpoint
 [%collapsible]
 =====
-. Go to **Assets → Endpoints**, then either:
+. Find **Endpoints** in the navigation menu or use the global search field, then either:
 +
 ** Select the appropriate endpoint in the **Endpoint** column, and click **Take action → Release host** in the endpoint details flyout.
 ** Click the **Actions** menu (_..._) on the appropriate endpoint, then select **Release host**.
@@ -158,7 +158,7 @@ image::images/host-isolation-ov/-management-admin-host-released-notif.png[Host r
 
 To confirm if a host has been successfully isolated or released, check the response actions history, which logs the response actions performed on a host.
 
-Go to **Assets** → **Endpoints**, click an endpoint's name, then click the **Response action history** tab. You can filter the information displayed in this view. Refer to <<security-response-actions-history,Response actions history>> for more details.
+Go to the **Endpoints** page, click an endpoint's name, then click the **Response action history** tab. You can filter the information displayed in this view. Refer to <<security-response-actions-history,Response actions history>> for more details.
 
 [role="screenshot"]
 image::images/host-isolation-ov/-management-admin-response-actions-history-endpoint-details.png[Response actions history page UI]
diff --git a/docs/serverless/endpoint-response-actions/response-actions-config.asciidoc b/docs/serverless/endpoint-response-actions/response-actions-config.asciidoc
diff --git a/docs/serverless/endpoint-response-actions/response-actions-history.asciidoc b/docs/serverless/endpoint-response-actions/response-actions-history.asciidoc

Original file line number	Diff line number	Diff line change
`@@ -22,7 +22,6 @@ Create event filters from the Hosts page or the Event filters page.`
`22`	`22`	`+`
`23`	`23`	`--`
`24`	`24`	`* To create an event filter from the Hosts page:`
`25`		`-.. Go to Explore -> Hosts.`
`26`	`25`	`.. Select the Events tab to view the Events table.`
`27`	`26`	`+`
`28`	`27`	`.. Find the event to filter, click the More actions menu (...), then select Add Endpoint event filter.`
`@@ -31,8 +30,7 @@ TIP: Since you can only create filters for endpoint events, be sure to filter th`
`31`	`30`	For example, in the KQL search bar, enter the following query to find endpoint network events: `event.dataset : endpoint.events.network`.
`32`	`31`
`33`	`32`	`* To create an event filter from the Event filters page:`
`34`		`-.. Go to Manage -> Event filters.`
`35`		`-.. Click Add event filter. The Add event filter flyout opens.`
	`33`	`+.. Cick Add event filter, which opens a flyout.`
`36`	`34`	`--`
`37`	`35`	`+`
`38`	`36`	`[role="screenshot"]`
Original file line number	Diff line number	Diff line change
`@@ -5,7 +5,7 @@`
`5`	`5`
`6`	`6`	`preview:[]`
`7`	`7`
`8`		`-Event filters (Assets → Event filters) allow you to filter out endpoint events that you don't want stored in {es} — for example, high-volume events. By creating event filters, you can optimize your storage in {es}.`
	`8`	`+Event filters allow you to filter out endpoint events that you don't want stored in {es} — for example, high-volume events. By creating event filters, you can optimize your storage in {es}.`
`9`	`9`
`10`	`10`	`Event filters do not lower CPU usage on hosts; {elastic-endpoint} still monitors events to detect and prevent possible threats, but without writing event data to {es}. To compare event filters with other endpoint artifacts, refer to <<security-optimize-edr>>.`
`11`	`11`
`@@ -32,7 +32,6 @@ Create event filters from the Hosts page or the Event filters page.`
`32`	`32`	`+`
`33`	`33`	`** To create an event filter from the Hosts page:`
`34`	`34`	`+`
`35`		`-... Go to Explore → Hosts.`
`36`	`35`	`... Select the Events tab to view the Events table.`
`37`	`36`	`... Find the event to filter, click the More actions menu (image:images/icons/boxesHorizontal.svg[More actions menu icon]), then select Add Endpoint event filter.`
`38`	`37`	`+`
`@@ -43,8 +42,7 @@ For example, in the KQL search bar, enter the following query to find endpoint n`
`43`	`42`	`====`
`44`	`43`	`** To create an event filter from the Event filters page:`
`45`	`44`	`+`
`46`		`-... Go to Assets → Event filters.`
`47`		`-... Click Add event filter. The Add event filter flyout opens.`
	`45`	`+... Click Add event filter, which opens a flyout.`
`48`	`46`	`+`
`49`	`47`	`[role="screenshot"]`
`50`	`48`	`image::images/event-filters/-management-admin-event-filter.png[]`