diff --git a/docs/cloud-native-security/cspm-get-started-aws.asciidoc b/docs/cloud-native-security/cspm-get-started-aws.asciidoc index 43c3aba75f..de9976c2f7 100644 --- a/docs/cloud-native-security/cspm-get-started-aws.asciidoc +++ b/docs/cloud-native-security/cspm-get-started-aws.asciidoc @@ -227,7 +227,7 @@ You can use the AWS CLI to generate temporary credentials. For example, you coul [source,console] ---------------------------------- -sts get-session-token --serial-number arn:aws:iam::1234:mfa/your-email@example.com --duration-seconds 129600 --token-code 123456 +sts get-session-token --serial-number arn:aws:iam::1234:mfa/your-email --duration-seconds 129600 --token-code 123456 ---------------------------------- The output from this command includes the following fields, which you should provide when configuring the CSPM integration: diff --git a/docs/cloud-native-security/kspm-get-started.asciidoc b/docs/cloud-native-security/kspm-get-started.asciidoc index 87c9a41e73..abfacfda0e 100644 --- a/docs/cloud-native-security/kspm-get-started.asciidoc +++ b/docs/cloud-native-security/kspm-get-started.asciidoc @@ -159,7 +159,7 @@ You can use the AWS CLI to generate temporary credentials. For example, you coul [source,console] ---------------------------------- -`sts get-session-token --serial-number arn:aws:iam::1234:mfa/your-email@example.com --duration-seconds 129600 --token-code 123456` +`sts get-session-token --serial-number arn:aws:iam::1234:mfa/your-email@ --duration-seconds 129600 --token-code 123456` ---------------------------------- The output from this command includes the following fields, which you should provide when configuring the KSPM integration: diff --git a/docs/detections/prebuilt-rules/rule-details/multiple-vault-web-credentials-read.asciidoc b/docs/detections/prebuilt-rules/rule-details/multiple-vault-web-credentials-read.asciidoc index d3ade34bb5..8d8cfa3638 100644 --- a/docs/detections/prebuilt-rules/rule-details/multiple-vault-web-credentials-read.asciidoc +++ b/docs/detections/prebuilt-rules/rule-details/multiple-vault-web-credentials-read.asciidoc @@ -69,12 +69,12 @@ sequence by winlog.computer_name, winlog.process.pid with maxspan=1s [any where event.code : "5382" and (winlog.event_data.SchemaFriendlyName : "Windows Web Password Credential" and winlog.event_data.Resource : "http*") and not winlog.event_data.SubjectLogonId : "0x3e7" and - not winlog.event_data.Resource : "http://localhost/"] + not winlog.event_data.Resource : ""] [any where event.code : "5382" and (winlog.event_data.SchemaFriendlyName : "Windows Web Password Credential" and winlog.event_data.Resource : "http*") and not winlog.event_data.SubjectLogonId : "0x3e7" and - not winlog.event_data.Resource : "http://localhost/"] + not winlog.event_data.Resource : ""] ---------------------------------- diff --git a/docs/release-notes/8.8.asciidoc b/docs/release-notes/8.8.asciidoc index bdae3bad98..e4f3da324d 100644 --- a/docs/release-notes/8.8.asciidoc +++ b/docs/release-notes/8.8.asciidoc @@ -36,7 +36,7 @@ NOTE: These instructions only apply to the Google Chrome browser. Modify the ste . Right-click anywhere on the Alerts page, then select *Inspect* to open Chrome's Developer Tools. . Go to *Application -> Storage*, then expand *Local Storage*. -. Click on the name of your Kibana instance, for example, http://localhost:1234. +. Click on the name of your Kibana instance, for example, :1234. . Search for the `detection-engine-alert-table-securitySolution-rule-details-gridView` key and copy its value. The value you copied is the JSON blob that's used to persist the Alerts table's state, including the table's selected columns. . Paste the JSON blob into a text file and edit it as follows: .. Remove the `id:file.name` string from the `columns` array. @@ -259,7 +259,7 @@ NOTE: These instructions only apply to the Google Chrome browser. Modify the ste . Right-click anywhere on the Alerts page, then select *Inspect* to open Chrome's Developer Tools. . Go to *Application -> Storage*, then expand *Local Storage*. -. Click on the name of your Kibana instance, for example, http://localhost:1234. +. Click on the name of your Kibana instance, for example, :1234. . Search for the `detection-engine-alert-table-securitySolution-rule-details-gridView` key and copy its value. The value you copied is the JSON blob that's used to persist the Alerts table's state, including the table's selected columns. . Paste the JSON blob into a text file and edit it as follows: .. Remove the `id:file.name` string from the `columns` array. @@ -413,7 +413,7 @@ NOTE: These instructions only apply to the Google Chrome browser. Modify the ste . Right-click anywhere on the Alerts page, then select *Inspect* to open Chrome's Developer Tools. . Go to *Application -> Storage*, then expand *Local Storage*. -. Click on the name of your Kibana instance, for example, http://localhost:1234. +. Click on the name of your Kibana instance, for example, :1234. . Search for the `detection-engine-alert-table-securitySolution-rule-details-gridView` key and copy its value. The value you copied is the JSON blob that's used to persist the Alerts table's state, including the table's selected columns. . Paste the JSON blob into a text file and edit it as follows: .. Remove the `id:file.name` string from the `columns` array. diff --git a/docs/release-notes/8.9.asciidoc b/docs/release-notes/8.9.asciidoc index d92e0c37f5..eb0ad10611 100644 --- a/docs/release-notes/8.9.asciidoc +++ b/docs/release-notes/8.9.asciidoc @@ -48,7 +48,7 @@ NOTE: These instructions only apply to the Google Chrome browser. Modify the ste . Right-click anywhere on the Alerts page, then select *Inspect* to open Chrome's Developer Tools. . Go to *Application -> Storage*, then expand *Local Storage*. -. Click on the name of your Kibana instance, for example, http://localhost:1234. +. Click on the name of your Kibana instance, for example, :1234. . Search for the `detection-engine-alert-table-securitySolution-rule-details-gridView` key and copy its value. The value you copied is the JSON blob that's used to persist the Alert table's state, including the table's selected columns. . Paste the JSON blob into a text file and edit it as follows: .. Remove the `id:file.name` string from the `columns` array. @@ -115,7 +115,7 @@ NOTE: These instructions only apply to the Google Chrome browser. Modify the ste . Right-click anywhere on the Alerts page, then select *Inspect* to open Chrome's Developer Tools. . Go to *Application -> Storage*, then expand *Local Storage*. -. Click on the name of your Kibana instance, for example, http://localhost:1234. +. Click on the name of your Kibana instance, for example, :1234. . Search for the `detection-engine-alert-table-securitySolution-rule-details-gridView` key and copy its value. The value you copied is the JSON blob that's used to persist the Alert table's state, including the table's selected columns. . Paste the JSON blob into a text file and edit it as follows: .. Remove the `id:file.name` string from the `columns` array.