Skip to content

Commit

Permalink
Merge branch 'main' into internal-43-crowdstrike-reqs-known-issue
Browse files Browse the repository at this point in the history
  • Loading branch information
joepeeples authored Sep 24, 2024
2 parents 5c0afea + 670868d commit 540ec59
Show file tree
Hide file tree
Showing 4 changed files with 49 additions and 5 deletions.
40 changes: 40 additions & 0 deletions .github/ISSUE_TEMPLATE/breaking-change.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
name: "Breaking change report"
description: "Report a breaking change in Elastic Security"
title: "[BREAKING CHANGE] "
labels: "breaking-change"
body:
- type: markdown
attributes:
value: |
Hello! Use this form to report a breaking change in Elastic Security software to the [@elastic/security-docs](https://github.com/orgs/elastic/teams/security-docs) team. We will add it to the release notes for the version that introduces the breaking change.
- type: textarea
id: description
attributes:
label: Description
description: What feature will break? Any more details about how it will break? Please include any recommendations for users who were using the feature with the breaking change.
validations:
required: true
- type: dropdown
id: doc-set
attributes:
label: Which deployment types are affected?
description: ESS (classic), serverless, or both?
options:
- ESS and serverless
- ESS only
- Serverless only
- Unknown
default: 0
validations:
required: true
- type: textarea
id: software-version
attributes:
label: Release version
description: If you selected ESS above, please list which Stack version(s) this breaking change applies to.
placeholder: |
For example:
"This breaking change applies to Stack versions 8.10 and newer."
"N/A"
validations:
required: false
8 changes: 6 additions & 2 deletions docs/getting-started/index.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,13 @@
[[getting-started]]
= Get started with {elastic-sec}

Looking to get started with {elastic-sec}? This section describes the {elastic-sec} UI in {kib}, the system requirements required to run the {agent} with the {elastic-defend} integration, and instructions on how to configure and install {elastic-sec} on your host.
This section describes how to set up {elastic-sec}, install {agent} and the {elastic-defend} integration on your hosts, and use the {elastic-sec} UI in {kib}.
To get started, click on one of the following tutorials, depending on your use case:

* https://www.elastic.co/getting-started/security/detect-threats-in-my-data-with-siem[Detect threats in my data with SIEM]
* https://www.elastic.co/getting-started/security/secure-my-hosts-with-endpoint-security[Secure my hosts with endpoint security]
* https://www.elastic.co/getting-started/security/secure-my-cloud-assets-with-cloud-security-posture-management[Secure my cloud assets with cloud posture management (CSPM)]

TIP: View the https://www.elastic.co/training/elastic-security-quick-start[{elastic-sec} Quick Start video] to learn how to configure your endpoints with {elastic-sec} so you can stream, detect, and visualize threats in real time on {ecloud}.

include::sec-app-requirements.asciidoc[leveloffset=+1]

Expand Down
2 changes: 1 addition & 1 deletion docs/management/admin/automated-response-actions.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ Add {elastic-defend}'s <<response-actions,response actions>> to detection rules
--
* Automated response actions require an https://www.elastic.co/pricing[Enterprise subscription].
* Hosts must have {agent} installed with the {elastic-defend} integration.
* Your user role must have the ability to create detection rules and the <<endpoint-management-req,privilege>> to perform specific response actions (for example, the **Host Isolation** privilege to isolate hosts).
* Your user role must have the ability to create detection rules and the privilege to perform <<response-action-commands,specific response actions>> (for example, the **Host Isolation** privilege to isolate hosts).
* You can only add automated response actions to custom query rules.
--

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,9 @@ Add ((elastic-defend))'s <DocLink slug="/serverless/security/response-actions">r

<DocCallOut title="Requirements">

- Automated response actions require an [Enterprise subscription](https://www.elastic.co/pricing).
- Automated response actions require the Endpoint Protection Complete <DocLink slug="/serverless/elasticsearch/manage-project" text="project feature"/>.
- Hosts must have ((agent)) installed with the ((elastic-defend)) integration.
- Your user role must have the ability to create detection rules and to perform <DocLink slug="/serverless/security/response-actions" section="response-action-commands">specific response actions</DocLink>.
- Your user role must have the ability to create detection rules and the privilege to perform <DocLink slug="/serverless/security/response-actions" section="response-action-commands">specific response actions</DocLink> (for example, custom roles require the **Host Isolation** privilege to isolate hosts).
- You can only add automated response actions to custom query rules.

</DocCallOut>
Expand Down

0 comments on commit 540ec59

Please sign in to comment.