[8.11] Replace placeholder URLs (backport #6990) (#6998)

mergify[bot] · natasha-moore-elastic · web-flow · commit e5ba9370a6c9 · 2025-07-31T17:54:38.000+01:00
* Replace placeholder URLs (#6990) (cherry picked from commit 1633469) # Conflicts: # docs/AI-for-security/connect-to-byo.asciidoc # docs/detections/prebuilt-rules/rule-details/multiple-vault-web-credentials-read.asciidoc # docs/release-notes/8.16.asciidoc * resolve conflict --------- Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com> Co-authored-by: natasha-moore-elastic <natasha.moore@elastic.co>
diff --git a/docs/cloud-native-security/cspm-get-started-aws.asciidoc b/docs/cloud-native-security/cspm-get-started-aws.asciidoc
@@ -227,7 +227,7 @@ You can use the AWS CLI to generate temporary credentials. For example, you coul
 
 [source,console]
 ----------------------------------
-sts get-session-token --serial-number arn:aws:iam::1234:mfa/your-email@example.com --duration-seconds 129600 --token-code 123456
+sts get-session-token --serial-number arn:aws:iam::1234:mfa/your-email<example-url> --duration-seconds 129600 --token-code 123456
 ----------------------------------
 
 The output from this command includes the following fields, which you should provide when configuring the CSPM integration:
diff --git a/docs/cloud-native-security/kspm-get-started.asciidoc b/docs/cloud-native-security/kspm-get-started.asciidoc
@@ -159,7 +159,7 @@ You can use the AWS CLI to generate temporary credentials. For example, you coul
 
 [source,console]
 ----------------------------------
-`sts get-session-token --serial-number arn:aws:iam::1234:mfa/your-email@example.com --duration-seconds 129600 --token-code 123456`
+`sts get-session-token --serial-number arn:aws:iam::1234:mfa/your-email@<example-url> --duration-seconds 129600 --token-code 123456`
 ----------------------------------
 
 The output from this command includes the following fields, which you should provide when configuring the KSPM integration:
diff --git a/docs/detections/prebuilt-rules/rule-details/multiple-vault-web-credentials-read.asciidoc b/docs/detections/prebuilt-rules/rule-details/multiple-vault-web-credentials-read.asciidoc
@@ -68,12 +68,12 @@ sequence by winlog.computer_name, winlog.process.pid with maxspan=1s
  [any where event.code : "5382" and
   (winlog.event_data.SchemaFriendlyName : "Windows Web Password Credential" and winlog.event_data.Resource : "http*") and
   not winlog.event_data.SubjectLogonId : "0x3e7" and 
-  not winlog.event_data.Resource : "http://localhost/"]
+  not winlog.event_data.Resource : "<LOCAL_HOST_URL>"]
 
  [any where event.code : "5382" and
   (winlog.event_data.SchemaFriendlyName : "Windows Web Password Credential" and winlog.event_data.Resource : "http*") and
   not winlog.event_data.SubjectLogonId : "0x3e7" and 
-  not winlog.event_data.Resource : "http://localhost/"]
+  not winlog.event_data.Resource : "<LOCAL_HOST_URL>"]
 
 ----------------------------------
 
diff --git a/docs/release-notes/8.8.asciidoc b/docs/release-notes/8.8.asciidoc
@@ -36,7 +36,7 @@ NOTE: These instructions only apply to the Google Chrome browser. Modify the ste
 
 . Right-click anywhere on the Alerts page, then select *Inspect* to open Chrome's Developer Tools.
 . Go to *Application -> Storage*, then expand *Local Storage*. 
-. Click on the name of your Kibana instance, for example, http://localhost:1234. 
+. Click on the name of your Kibana instance, for example, <LOCAL_HOST_URL>:1234. 
 . Search for the `detection-engine-alert-table-securitySolution-rule-details-gridView` key and copy its value. The value you copied is the JSON blob that's used to persist the Alerts table's state, including the table's selected columns.
 . Paste the JSON blob into a text file and edit it as follows: 
 .. Remove the `id:file.name` string from the `columns` array.  
@@ -259,7 +259,7 @@ NOTE: These instructions only apply to the Google Chrome browser. Modify the ste
 
 . Right-click anywhere on the Alerts page, then select *Inspect* to open Chrome's Developer Tools.
 . Go to *Application -> Storage*, then expand *Local Storage*. 
-. Click on the name of your Kibana instance, for example, http://localhost:1234. 
+. Click on the name of your Kibana instance, for example, <LOCAL_HOST_URL>:1234. 
 . Search for the `detection-engine-alert-table-securitySolution-rule-details-gridView` key and copy its value. The value you copied is the JSON blob that's used to persist the Alerts table's state, including the table's selected columns. 
 . Paste the JSON blob into a text file and edit it as follows: 
 .. Remove the `id:file.name` string from the `columns` array.  
@@ -413,7 +413,7 @@ NOTE: These instructions only apply to the Google Chrome browser. Modify the ste
 
 . Right-click anywhere on the Alerts page, then select *Inspect* to open Chrome's Developer Tools.
 . Go to *Application -> Storage*, then expand *Local Storage*. 
-. Click on the name of your Kibana instance, for example, http://localhost:1234. 
+. Click on the name of your Kibana instance, for example, <LOCAL_HOST_URL>:1234. 
 . Search for the `detection-engine-alert-table-securitySolution-rule-details-gridView` key and copy its value. The value you copied is the JSON blob that's used to persist the Alerts table's state, including the table's selected columns. 
 . Paste the JSON blob into a text file and edit it as follows: 
 .. Remove the `id:file.name` string from the `columns` array.  
diff --git a/docs/release-notes/8.9.asciidoc b/docs/release-notes/8.9.asciidoc
@@ -48,7 +48,7 @@ NOTE: These instructions only apply to the Google Chrome browser. Modify the ste
 
 . Right-click anywhere on the Alerts page, then select *Inspect* to open Chrome's Developer Tools.
 . Go to *Application -> Storage*, then expand *Local Storage*. 
-. Click on the name of your Kibana instance, for example, http://localhost:1234. 
+. Click on the name of your Kibana instance, for example, <LOCAL_HOST_URL>:1234. 
 . Search for the `detection-engine-alert-table-securitySolution-rule-details-gridView` key and copy its value. The value you copied is the JSON blob that's used to persist the Alert table's state, including the table's selected columns. 
 . Paste the JSON blob into a text file and edit it as follows: 
 .. Remove the `id:file.name` string from the `columns` array.  
@@ -115,7 +115,7 @@ NOTE: These instructions only apply to the Google Chrome browser. Modify the ste
 
 . Right-click anywhere on the Alerts page, then select *Inspect* to open Chrome's Developer Tools.
 . Go to *Application -> Storage*, then expand *Local Storage*. 
-. Click on the name of your Kibana instance, for example, http://localhost:1234. 
+. Click on the name of your Kibana instance, for example, <LOCAL_HOST_URL>:1234. 
 . Search for the `detection-engine-alert-table-securitySolution-rule-details-gridView` key and copy its value. The value you copied is the JSON blob that's used to persist the Alert table's state, including the table's selected columns. 
 . Paste the JSON blob into a text file and edit it as follows: 
 .. Remove the `id:file.name` string from the `columns` array.  
