Adds AWS Inspector cloud workflows guide & reorganizes docs section (elastic#3493)

Fixes elastic/docs-content-internal/issues/367 by adding a guide for how
to get AWS Inspector data into our cloud security workflows (Findings &
entity insights). Updated the "Ingest third-party cloud security data"
page to include references to all the currently supported integrations.

I also reorganized the source files for the cloud security integrations
section and made some minor edits to them for consistency.

---------

Co-authored-by: Nastasha Solomon <[email protected]>

Author: 2 people

redirects.yml

@@ -537,6 +537,16 @@ redirects:
 # Search sessions becoming background search
   'explore-analyze/discover/search-sessions.md': 'explore-analyze/discover/background-search.md'
 
+# Related to https://github.com/elastic/docs-content/pull/3493
+  'solutions/security/cloud/ingest-third-party-cloud-security-data.md': 'solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md'
+  'solutions/security/cloud/ingest-cncf-falco-data.md': 'solutions/security/cloud/integrations/cncf-falco.md'
+  'solutions/security/cloud/ingest-wiz-data.md': 'solutions/security/cloud/integrations/wiz.md'
+  'solutions/security/cloud/integration-tenablevm.md': 'solutions/security/cloud/integrations/tenablevm.md'
+  'solutions/security/cloud/integration-rapid7.md': 'solutions/security/cloud/integrations/rapid7.md'
+  'solutions/security/cloud/integration-qualys.md': 'solutions/security/cloud/integrations/qualys.md'
+  'solutions/security/cloud/ingest-aws-security-hub-data.md': 'solutions/security/cloud/integrations/aws-security-hub.md'
+  'solutions/security/cloud/aws-config-integration.md': 'solutions/security/cloud/integrations/aws-config.md'
+  
 # Deduplicate canvas function reference
   'reference/data-analysis/kibana/canvas-functions.md': 'explore-analyze/visualize/canvas/canvas-function-reference.md'
   'reference/data-analysis/kibana/tinymath-functions.md': 'explore-analyze/visualize/canvas/canvas-tinymath-functions.md'

solutions/security/cloud/findings-page-3.md

@@ -14,7 +14,7 @@ products:
 
 # View and manage CNVM vulnerabilities in Findings [security-vuln-management-findings]
 
-The **Vulnerabilities** tab on the Findings page displays the vulnerabilities detected by the [CNVM integration](cloud-native-vulnerability-management.md), as well as those detected by [third-party integrations](ingest-third-party-cloud-security-data.md).
+The **Vulnerabilities** tab on the **Findings** page displays the vulnerabilities detected by the [CNVM integration](cloud-native-vulnerability-management.md), as well as those detected by [third-party integrations](integrations/ingest-third-party-cloud-security-data.md).
 
 :::{image} /solutions/images/serverless--cloud-native-security-cnvm-findings-page.png
 :alt: The Vulnerabilities tab of the Findings page

solutions/security/cloud/findings-page.md

@@ -18,7 +18,7 @@ products:
 
 $$$cspm-findings-page-filter-findings$$$
 
-The **Misconfigurations** tab on the Findings page displays the configuration risks identified by the [CSPM](/solutions/security/cloud/cloud-security-posture-management.md) and [KSPM](/solutions/security/cloud/kubernetes-security-posture-management.md) integrations, as well as data from [third-party integrations](/solutions/security/cloud/ingest-third-party-cloud-security-data.md).
+The **Misconfigurations** tab on the **Findings** page displays the configuration risks identified by the [CSPM](/solutions/security/cloud/cloud-security-posture-management.md) and [KSPM](/solutions/security/cloud/kubernetes-security-posture-management.md) integrations, as well as data from [third-party integrations](/solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md).
 
 :::{image} /solutions/images/security-findings-page.png
 :alt: Findings page

solutions/security/cloud/ingest-third-party-cloud-security-data.md

@@ -12,12 +12,12 @@ products:
 
 This page explains how to make data from the AWS Config integration appear in the following places within {{elastic-sec}}:
 
-- **Findings page**: Data appears on the Findings page's [Misconfigurations](/solutions/security/cloud/findings-page.md) tab.
+- **Findings page**: Data appears on the [Misconfigurations](/solutions/security/cloud/findings-page.md) tab.
 - **Alert and Entity details flyouts**: Data appears in the Insights section of the [Alert](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) and [Entity](/solutions/security/advanced-entity-analytics/view-entity-details.md#insights) details flyouts.
 
 
 In order for AWS Config data to appear in these workflows:
 
 * Follow the steps to [set up the AWS Config integration](https://docs.elastic.co/en/integrations/aws/config).
 * Make sure the integration version is at least 4.0.0.
-* Ensure you have `read` privileges for the following indices: `security_solution-*.misconfiguration_latest`.
+* Ensure you have `read` privileges for the following index: `security_solution-*.misconfiguration_latest`.

solutions/security/cloud/integrations/aws-config-integration.md renamed to solutions/security/cloud/integrations/aws-config.md

@@ -0,0 +1,23 @@
+---
+applies_to:
+  stack: ga 9.2
+  serverless:
+    security: all
+products:
+  - id: security
+  - id: cloud-serverless
+---
+
+# AWS Inspector
+
+This page explains how to make data from the AWS Inspector integration appear in the following places within {{elastic-sec}}:
+
+- **Findings page**: Data appears on the [Vulnerabilities](/solutions/security/cloud/findings-page.md) tab.
+- **Alert and Entity details flyouts**: Data appears in the Insights section of the [Alert](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) and [Entity](/solutions/security/advanced-entity-analytics/view-entity-details.md#insights) details flyouts.
+
+
+In order for AWS Inspector data to appear in these workflows:
+
+* Follow the steps to [set up the AWS Inspector integration](https://www.elastic.co/docs/reference/integrations/aws/inspector).
+* Make sure the integration version is at least 4.0.0.
+* Ensure you have `read` privileges for the following index: `security_solution-*.vulnerability_latest`.

solutions/security/cloud/integrations/aws-inspector.md

@@ -40,8 +40,8 @@ Next, to make alerts from Falco appear on {{elastic-sec}}'s Alerts page:
 
 You can either:
 
-* [Send Falco data to {{es}} from virtual machines (VMs)](/solutions/security/cloud/ingest-cncf-falco-data.md#ingest-falco-setup-falco-vm); or,
-* [Send Falco data to {{es}} from Kubernetes](/solutions/security/cloud/ingest-cncf-falco-data.md#ingest-falco-setup-falco-kubernetes).
+* [Send Falco data to {{es}} from virtual machines (VMs)](#ingest-falco-setup-falco-vm); or,
+* [Send Falco data to {{es}} from Kubernetes](#ingest-falco-setup-falco-kubernetes).
 
 
 ### Configure Falco and Falcosidekick for VMs [ingest-falco-setup-falco-vm]

solutions/security/cloud/ingest-aws-security-hub-data.md renamed to solutions/security/cloud/integrations/aws-security-hub.md

@@ -12,7 +12,7 @@ products:
 
 This page explains how to make data from the Google Security Command Center integration appear in the following workflows within {{elastic-sec}}:
 
-- **Findings page**: Data appears on the [Findings page's](/solutions/security/cloud/findings-page.md) **Vulnerabilities** tab and **Misconfigurations** tab.
+- **Findings page**: Data appears on the [Vulnerabilities](/solutions/security/cloud/findings-page-3.md) tab and the [Misconfiguations](/solutions/security/cloud/findings-page.md) tab.
 - **Alert and Entity details flyouts**: Data appears in the **Insights** section of the [Alert](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) and [Entity](/solutions/security/advanced-entity-analytics/view-entity-details.md#insights) details flyouts.
 
 

solutions/security/cloud/ingest-cncf-falco-data.md renamed to solutions/security/cloud/integrations/cncf-falco.md

@@ -0,0 +1,48 @@
+---
+mapped_pages:
+  - https://www.elastic.co/guide/en/security/current/ingest-third-party-cloud-security-data.html
+  - https://www.elastic.co/guide/en/serverless/current/ingest-third-party-cloud-security-data.html
+applies_to:
+  stack: all
+  serverless:
+    security: all
+products:
+  - id: security
+  - id: cloud-serverless
+---
+
+# Ingest third-party cloud security data
+
+This section describes how to ingest cloud security data from third-party tools into {{es}}. Once ingested, this data can provide additional context and enrich your {{elastic-sec}} workflows.
+
+You can ingest both third-party cloud workload protection data and third-party security posture and vulnerability data.
+
+
+## Ingest third-party workload protection data [_ingest_third_party_workload_protection_data]
+
+You can ingest third-party cloud security alerts into {{elastic-sec}} to view them on the [Alerts page](/solutions/security/advanced-entity-analytics/view-analyze-risk-score-data.md#alerts-page) and incorporate them into your triage and threat hunting workflows.
+
+* Learn to [ingest alerts from Sysdig Falco](/solutions/security/cloud/integrations/cncf-falco.md).
+
+
+## Ingest third-party security posture and vulnerability data [_ingest_third_party_security_posture_and_vulnerability_data]
+
+You can ingest third-party data into {{elastic-sec}} to review and investigate it alongside data collected by {{elastic-sec}}'s native cloud security integrations. Once ingested, cloud security posture and vulnerability data appears on the [**Findings**](/solutions/security/cloud/findings-page.md) page and in the [entity details](/solutions/security/advanced-entity-analytics/view-entity-details.md#entity-details-flyout) and [alert details](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) flyouts.
+
+::::{note}
+Data from third-party integrations does not appear on the [CNVM dashboard](/solutions/security/cloud/cnvm-dashboard.md) or the [Cloud Posture dashboard](/solutions/security/dashboards/cloud-security-posture-dashboard.md),
+::::
+
+Data from each of the following integrations can feed into at least some of these workflows:
+
+* [AWS Config](/solutions/security/cloud/integrations/aws-config.md)
+* [AWS Inspector](/solutions/security/cloud/integrations/aws-inspector.md)
+* [AWS Security Hub](/solutions/security/cloud/integrations/aws-security-hub.md)
+* [Google Security Command Center](/solutions/security/cloud/integrations/google-security-command-center.md)
+* [Microsoft Defender for Cloud](/solutions/security/cloud/integrations/microsoft-defender-for-cloud.md)
+* [Microsoft Defender for Endpoint](/solutions/security/cloud/integrations/microsoft-defender-for-endpoint.md)
+* [Microsoft Defender XDR](/solutions/security/cloud/integrations/microsoft-defender-xdr.md)
+* [Qualys VMDR](/solutions/security/cloud/integrations/qualys.md)
+* [Rapid7 InsightVM](/solutions/security/cloud/integrations/rapid7.md)
+* [Tenable VM](/solutions/security/cloud/integrations/tenablevm.md)
+* [Wiz](/solutions/security/cloud/integrations/wiz.md)