Fixes link ref on Install Elastic Defend page (#6164)

(cherry picked from commit a6c3736)

# Conflicts:
#	docs/serverless/edr-install-config/install-elastic-defend.asciidoc

Author: natasha-moore-elastic

docs/getting-started/install-endpoint.asciidoc

@@ -20,7 +20,7 @@ Like other Elastic integrations, {elastic-defend} is integrated into the {agent}
 [[security-before-you-begin]]
 == Before you begin
 
-If you're using macOS, some versions may require you to grant Full Disk Access to different kernels, system extensions, or files. Refer to <<elastic-endpoint-deploy-reqs, requirements for {elastic-endpoint}>> for more information.
+If you're using macOS, some versions may require you to grant Full Disk Access to different kernels, system extensions, or files. Refer to <<elastic-endpoint-deploy-reqs>> for more information.
 
 NOTE: {elastic-defend} does not support deployment within an {agent} DaemonSet in Kubernetes.
 

docs/serverless/edr-install-config/install-elastic-defend.asciidoc

@@ -0,0 +1,117 @@
+[[security-install-edr]]
+= Install the {elastic-defend} integration
+
+// :description: Start protecting your endpoints with {elastic-defend}.
+// :keywords: serverless, security, how-to
+
+++++
+<titleabbrev>Install Elastic Defend</titleabbrev>
+++++
+
+
+Like other Elastic integrations, {elastic-defend} is integrated into the {agent} using {fleet-guide}/fleet-overview.html[{fleet}]. Upon configuration, the integration allows the {agent} to monitor events on your host and send data to the {security-app}.
+
+.Requirements
+[NOTE]
+====
+* {fleet} is required for {elastic-defend}.
+* To configure the {elastic-defend} integration on the {agent}, you must have permission to use {fleet}.
+* You must have the appropriate user role to configure an integration policy and access the **Endpoints** page.
+
+// Placeholder statement until we know which specific roles are required. Classic statement below for reference.
+
+// * You must have the **{elastic-defend} Policy Management: All** <DocLink slug="/serverless/security/endpoint-management-req">privilege</DocLink> to configure an integration policy, and the **Endpoint List** <DocLink slug="/serverless/security/endpoint-management-req">privilege</DocLink> to access the **Endpoints** page.
+====
+
+[discrete]
+[[security-before-you-begin]]
+== Before you begin
+
+If you're using macOS, some versions may require you to grant Full Disk Access to different kernels, system extensions, or files. Refer to <<security-elastic-endpoint-deploy-reqs>> for more information.
+
+[NOTE]
+====
+{elastic-defend} does not support deployment within an {agent} DaemonSet in Kubernetes.
+====
+
+[discrete]
+[[add-security-integration]]
+== Add the {elastic-defend} integration
+
+. Go to the **Integrations** page, which you can access in several ways:
++
+** The **Add integrations** link at the top of most pages
+** **Assets** → **Browse Integrations**
+** **Project settings** → **Integrations**
++
+[role="screenshot"]
+image::images/install-endpoint/-getting-started-install-endpoint-endpoint-cloud-sec-integrations-page.png[Search result for "{elastic-defend}" on the Integrations page.]
+. Search for and select **{elastic-defend}**, then select **Add {elastic-defend}**. The integration configuration page appears.
++
+[NOTE]
+====
+If this is the first integration you've installed and the **Ready to add your first integration?** page appears instead, select **Add integration only (skip agent installation)** to proceed. You can <<enroll-agent,install {agent}>> after setting up the {elastic-defend} integration.
+====
++
+[role="screenshot"]
+image:images/install-endpoint/-getting-started-install-endpoint-endpoint-cloud-security-configuration.png[Add {elastic-defend} integration page]
+. Configure the {elastic-defend} integration with an **Integration name** and optional **Description**.
+. Select the type of environment you want to protect, either **Traditional Endpoints** or **Cloud Workloads**.
+. Select a configuration preset. Each preset comes with different default settings for {agent} — you can further customize these later by <<security-configure-endpoint-integration-policy,configuring the {elastic-defend} integration policy>>.
++
+|===
+|  |
+
+| **Traditional Endpoint presets**
+a| All traditional endpoint presets _except_ **Data Collection** have these preventions enabled by default: malware, ransomware, memory threat, malicious behavior, and credential theft. Each preset collects the following events:
+
+* **Data Collection:** All events; no preventions
+* **Next-Generation Antivirus (NGAV):** Process events; all preventions
+* **Essential EDR (Endpoint Detection & Response):** Process, Network, File events; all preventions
+* **Complete EDR (Endpoint Detection & Response):** All events; all preventions
+
+| **Cloud Workloads presets**
+a| Both cloud workload presets are intended for monitoring cloud-based Linux hosts. Therefore, <<security-session-view,session data>> collection, which enriches process events, is enabled by default. They both have all preventions disabled by default, and collect process, network, and file events.
+
+* **All events:** Includes data from automated sessions.
+* **Interactive only:** Filters out data from non-interactive sessions by creating an <<security-event-filters,event filter>>.
+|===
+. Enter a name for the agent policy in **New agent policy name**. If other agent policies already exist, you can click the **Existing hosts** tab and select an existing policy instead. For more details on {agent} configuration settings, refer to {fleet-guide}/agent-policy.html[{agent} policies].
+. When you're ready, click **Save and continue**.
+. To complete the integration, select **Add {agent} to your hosts** and continue to the next section to install the {agent} on your hosts.
+
+[discrete]
+[[enroll-security-agent]]
+== Configure and enroll the {agent}
+
+To enable the {elastic-defend} integration, you must enroll agents in the relevant policy using {fleet}.
+
+[IMPORTANT]
+====
+Before you add an {agent}, a {fleet-server} must be running. Refer to {fleet-guide}/add-a-fleet-server.html[Add a {fleet-server}].
+
+{elastic-defend} cannot be integrated with an {agent} in standalone mode.
+====
+
+[discrete]
+[[enroll-agent]]
+=== Add the {agent}
+
+. If you're in the process of installing an {agent} integration (such as {elastic-defend}), the **Add agent** UI opens automatically. Otherwise, go to **Assets** → **{fleet}** → **Agents** → **Add agent**.
++
+[role="screenshot"]
+image::images/install-endpoint/-getting-started-install-endpoint-endpoint-cloud-sec-add-agent.png[Add agent flyout on the Fleet page.]
+. Select an agent policy for the {agent}. You can select an existing policy, or select **Create new agent policy** to create a new one. For more details on {agent} configuration settings, refer to {fleet-guide}/agent-policy.html[{agent} policies].
++
+The selected agent policy should include the integration you want to install on the hosts covered by the agent policy (in this example, {elastic-defend}).
++
+[role="screenshot"]
+image:images/install-endpoint/-getting-started-install-endpoint-endpoint-cloud-sec-add-agent-detail.png[Add agent flyout with {elastic-defend} integration highlighted.]
+. Ensure that the **Enroll in {fleet}** option is selected. {elastic-defend} cannot be integrated with {agent} in standalone mode.
+. Select the appropriate platform or operating system for the host, then copy the provided commands.
+. On the host, open a command-line interface and navigate to the directory where you want to install {agent}. Paste and run the commands from {fleet} to download, extract, enroll, and start {agent}.
+. (Optional) Return to the **Add agent** flyout in {fleet}, and observe the **Confirm agent enrollment** and **Confirm incoming data** steps automatically checking the host connection. It may take a few minutes for data to arrive in {es}.
+. After you have enrolled the {agent} on your host, you can click **View enrolled agents** to access the list of agents enrolled in {fleet}. Otherwise, select **Close**.
++
+The host will now appear on the **Endpoints** page in the {security-app}. It may take another minute or two for endpoint data to appear in {elastic-sec}.
+. For macOS, continue with <<security-install-endpoint-manually,these instructions>> to grant {elastic-endpoint} the required permissions.