adds information about 3p workflows to cloud native sec section

Author: benironside

docs/cloud-native-security/aws-securityhub.asciidoc

@@ -0,0 +1,12 @@
+[[ingest-aws-securityhub-data]]
+= Ingest AWS Security Hub data
+
+In order to enrich your {elastic-sec} workflows with third-party cloud security posture data collected by AWS Security Hub:
+
+* Follow the steps to {integrations-docs}/aws/securityhub[set up the AWS Security Hub integration]. 
+
+* Make sure the integration version is at least xx.xx. 
+
+* Ensure you have `read` privileges for the following indices: `security_solution-*.misconfiguration_latest`, `security_solution-*.vulnerability_latest`.
+
+After you've completed these steps, AWS Security Hub data will appear on the <<cspm-findings-page, Findings>> page, on the <<cspm-posture-dashboard, Cloud Posture dashboard>>, and in the entity details flyouts for <<insights-section, alerts>>, <<user-details-flyout,users>>, and <<host-details-flyout,hosts>>.

docs/cloud-native-security/cloud-native-security-index.asciidoc

@@ -68,4 +68,6 @@ include::cloud-workload-protection.asciidoc[leveloffset=+1]
 include::environment-variable-capture.asciidoc[leveloffset=+1]
 
 include::ingest-cncf-data.asciidoc[leveloffset=+1]
-include::falco-setup.asciidoc[leveloffset=+2]
+include::falco-setup.asciidoc[leveloffset=+2]
+include::aws-securityhub.asciidoc[leveloffset=+2]
+include::wiz.asciidoc[leveloffset=+2]

docs/cloud-native-security/cspm-cloud-posture-dashboard.asciidoc

@@ -3,7 +3,7 @@
 
 = Cloud Security Posture dashboard
 
-The Cloud Security Posture dashboard summarizes your cloud infrastructure's overall performance against <<benchmark-rules,security guidelines>> defined by the Center for Internet Security (CIS). To get started monitoring your security posture, refer to <<cspm-get-started, Get started with Cloud Security Posture Management>> or <<get-started-with-kspm, Get started with Kubernetes Security Posture Management>>.
+The Cloud Security Posture dashboard summarizes your cloud infrastructure's overall performance against <<benchmark-rules,security guidelines>> defined by the Center for Internet Security (CIS). To get started monitoring your security posture, refer to <<cspm-get-started, Get started with Cloud Security Posture Management>>, <<get-started-with-kspm, Get started with Kubernetes Security Posture Management>>, or <<ingest-third-party-cloud-security-data>>.
 
 [role="screenshot"]
 image::images/cloud-sec-dashboard.png[The cloud Security dashboard]

docs/cloud-native-security/cspm-findings.asciidoc

@@ -1,7 +1,7 @@
 [[cspm-findings-page]]
 = Findings page
 
-The **Misconfigurations** tab on the Findings page displays the configuration risks identified by the <<cspm,CSPM>> and <<kspm,KSPM>> integrations.
+The **Misconfigurations** tab on the Findings page displays the configuration risks identified by the <<cspm,CSPM>> and <<kspm,KSPM>> integrations, as well as data from <<ingest-third-party-cloud-security-data, third-party integrations>>.
 
 [role="screenshot"]
 image::images/findings-page.png[Findings page]

docs/cloud-native-security/ingest-cncf-data.asciidoc

@@ -1,6 +1,22 @@
-[[ingest-third-party-cncf]]
+[[ingest-third-party-cloud-security-data]]
 = Ingest third-party cloud security data
 
-This section describes how to ingest cloud security data from third-party tools into {es}. 
+This section describes how to ingest cloud security data from third-party tools into {es}. Once ingested, this data can provide additional context and enrich your {elastic-sec} workflows.
 
-Learn to <<ingest-falco, ingest data from Sysdig Falco>>.
+You can ingest both third party cloud workload protection data and third party security posture and vulnerability data. 
+
+[discrete]
+== Ingest third-party workload protection data
+
+You can ingest third-party cloud security alerts into {elastic-sec} to view them on the <<alerts-page>> and incorporate them into your triage and threat hunting workflows.
+
+* Learn to <<ingest-falco, ingest alerts from Sysdig Falco>>.
+
+[discrete]
+== Ingest third-party security posture and vulnerability data
+
+You can ingest third-party data into {elastic-sec} to review and investigate it alongside data collected by {elastic-sec}'s native cloud security integrations. Once ingested, cloud security posture and vulnerability data appears on the <<cspm-findings-page,Findings>> page, on the <<cspm-posture-dashboard, Cloud Posture dashboard>>, and in the entity details flyouts for <<insights-section, alerts>>, <<user-details-flyout,users>>, and <<host-details-flyout,hosts>>.
+
+* Learn to <<ingest-aws-securityhub-data, ingest cloud security posture data from AWS Security Hub>>.
+
+* Learn to <<ingest-wiz-data, ingest cloud security posture and vulnerability data from Wiz>>.

docs/cloud-native-security/vuln-management-dashboard.asciidoc

@@ -14,7 +14,7 @@ image::images/vuln-management-dashboard.png[The CNVM dashboard]
 .Requirements
 [sidebar]
 --
-* To collect this data, install the <<vuln-management-get-started, Cloud Native Vulnerability Management>> integration.
+* To collect this data, install the <<vuln-management-get-started, Cloud Native Vulnerability Management>> integration or <<ingest-third-party-cloud-security-data,start collecting third-party vulnerability data>>.
 * The CNVM dashboard is available to all Elastic Cloud users. For on-premises deployments, it requires an https://www.elastic.co/pricing[Enterprise subscription].
 --
 

docs/cloud-native-security/vuln-management-findings.asciidoc

@@ -1,7 +1,7 @@
 [[vuln-management-findings]]
 = Findings page
 
-The **Vulnerabilities** tab on the Findings page displays the vulnerabilities detected by the <<vuln-management-overview, CNVM integration>>. 
+The **Vulnerabilities** tab on the Findings page displays the vulnerabilities detected by the <<vuln-management-overview, CNVM integration>>, as well as those identified by <<ingest-third-party-cloud-security-data, third-party integrations>>.
 
 image::images/cnvm-findings-page.png[The Vulnerabilities tab of the Findings page]
 

docs/cloud-native-security/wiz.asciidoc

@@ -0,0 +1,12 @@
+[[ingest-wiz-data]]
+= Ingest Wiz data
+
+In order to enrich your {elastic-sec} workflows with third-party cloud security posture and vulnerability data collected by Wiz:
+
+* Follow the steps to {integrations-docs}/wiz[set up the Wiz integration]. 
+
+* Make sure the integration version is at least xx.xx. 
+
+* Ensure you have `read` privileges for the following indices: `security_solution-*.misconfiguration_latest`, `security_solution-*.vulnerability_latest`.
+
+After you've completed these steps, Wiz data will appear on the <<cspm-findings-page, Misconfiguration Findings>> page, the <<cnvm-findings-page, Vulnerabilities Findings>> page, on the <<cspm-posture-dashboard, Cloud Posture dashboard>>, and in the entity details flyouts for <<insights-section, alerts>>, <<user-details-flyout,users>>, and <<host-details-flyout,hosts>>.

docs/dashboards/cloud-posture.asciidoc

@@ -2,7 +2,7 @@
 // Note: This page is intentionally duplicated by docs/cloud-native-security/cloud-nat-sec-posture.asciidoc. When you update this page, update that page to match. And careful with the anchor links because they should not match.
 
 = Cloud Security Posture dashboard
-The Cloud Security Posture dashboard summarizes your cloud infrastructure's overall performance against <<benchmark-rules,security guidelines>> defined by the Center for Internet Security (CIS). To start collecting this data, refer to <<cspm-get-started, Get started with Cloud Security Posture Management>> or <<get-started-with-kspm, Get started with Kubernetes Security Posture Management>>.
+The Cloud Security Posture dashboard summarizes your cloud infrastructure's overall performance against <<benchmark-rules,security guidelines>> defined by the Center for Internet Security (CIS). To get started monitoring your security posture, refer to <<cspm-get-started, Get started with Cloud Security Posture Management>>, <<get-started-with-kspm, Get started with Kubernetes Security Posture Management>>, or <<ingest-third-party-cloud-security-data>>. 
 
 [role="screenshot"]
 image::images/cloud-sec-dashboard.png[The cloud Security dashboard]