removes outdated pic (#6298)

benironside · mergify[bot] · commit af13c6f94586 · 2024-12-13T17:56:47.000Z
(cherry picked from commit b5e6d2e) # Conflicts: # docs/serverless/cloud-native-security/environment-variable-capture.asciidoc
diff --git a/docs/cloud-native-security/environment-variable-capture.asciidoc b/docs/cloud-native-security/environment-variable-capture.asciidoc
@@ -28,9 +28,6 @@ To set up environment variable capture for an {agent} policy:
 . Enter the names of env vars you want to capture, separated by commas. For example: `PATH,USER`
 . Click *Save*.
 
-[role="screenshot"]
-image::images/env-var-capture.png[The "linux.advanced.capture_env_vars" advanced agent policy setting]
-
 [[find-cap-env-vars]]
 [discrete]
 == Find captured environment variables
diff --git a/docs/cloud-native-security/images/env-var-capture.png b/docs/cloud-native-security/images/env-var-capture.png
diff --git a/docs/serverless/cloud-native-security/environment-variable-capture.asciidoc b/docs/serverless/cloud-native-security/environment-variable-capture.asciidoc
@@ -0,0 +1,38 @@
+[[security-environment-variable-capture]]
+= Capture environment variables
+
+// :description: Capture environment variables from monitored Linux sessions.
+// :keywords: serverless, security, overview, cloud security
+
+
+You can configure an {agent} policy to capture up to five environment variables (`env vars`).
+
+[NOTE]
+====
+* Env var names must be no more than 63 characters, and env var values must be no more than 1023 characters. Values outside these limits are silently ignored.
+* Env var names are case sensitive.
+====
+
+To set up environment variable capture for an {agent} policy:
+
+. Find **Policies** in the navigation menu or use the global search field.
+. Select an {agent} policy.
+. Click **Show advanced settings**.
+. Scroll down or search for `linux.advanced.capture_env_vars`, or `mac.advanced.capture_env_vars`.
+. Enter the names of env vars you want to capture, separated by commas. For example: `PATH,USER`
+. Click **Save**.
+
+[discrete]
+[[find-cap-env-vars]]
+== Find captured environment variables
+
+Captured environment variables are associated with process events, and appear in each event's `process.env_vars` field.
+
+To view environment variables in the **Events** table:
+
+. Click the **Events** tab on the **Hosts**, **Network**, or **Users** pages, then click **Fields** in the Events table.
+. Search for the `process.env_vars` field, select it, and click **Close**.
+A new column appears containing captured environment variable data.
+
+[role="screenshot"]
+image::images/environment-variable-capture/-cloud-native-security-env-var-capture-detail.png[The Events table with the "process.env_vars" column highlighted]
