More reordering and renaming for flow

Also matches newer organization scheme in serverless
elastic · Mar 7, 2024 · 13d7e8f · 13d7e8f
1 parent f6bd9d7
commit 13d7e8f
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 6 deletions.
diff --git a/docs/index.asciidoc b/docs/index.asciidoc
@@ -36,6 +36,8 @@ include::cases/cases-index.asciidoc[]
 
 include::osquery/osquery-index.asciidoc[]
 
+include::management/admin/response-actions.asciidoc[]
+
 include::management/manage-intro.asciidoc[]
 
 include::siem-apis.asciidoc[]

diff --git a/docs/management/admin/response-actions.asciidoc b/docs/management/admin/response-actions.asciidoc
@@ -41,28 +41,33 @@ Activity in the response console is persistent, so you can navigate away from th
 
 IMPORTANT: Once you submit a response action, you can't cancel it, even if the action is pending for an offline host.
 
+[discrete]
 [[response-action-commands]]
 == Response action commands
 
 The following response action commands are available in the response console.
 
+[discrete]
 === `isolate`
 <<host-isolation-ov,Isolate the host>>, blocking communication with other hosts on the network. 
 
 Required privilege: *Host Isolation*
 
 Example: `isolate --comment "Isolate host related to detection alerts"`
 
+[discrete]
 === `release`
 Release an isolated host, allowing it to communicate with the network again.
 
 Required privilege: *Host Isolation*
 
 Example: `release --comment "Release host, everything looks OK"`
 
+[discrete]
 === `status`
 Show information about the host's status, including: {agent} status and version, the {elastic-defend} integration's policy status, and when the host was last active.
 
+[discrete]
 === `processes`
 Show a list of all processes running on the host. This action may take a minute or so to complete.
 
@@ -75,6 +80,7 @@ Use this command to get current PID or entity ID values, which are required for
 Entity IDs may be more reliable than PIDs, because entity IDs are unique values on the host, while PID values can be reused by the operating system.
 ====
 
+[discrete]
 === `kill-process`
 
 Terminate a process. You must include one of the following parameters to identify the process to terminate:
@@ -86,6 +92,7 @@ Required privilege: *Process Operations*
 
 Example: `kill-process --pid 123 --comment "Terminate suspicious process"`
 
+[discrete]
 === `suspend-process`
 
 Suspend a process. You must include one of the following parameters to identify the process to suspend:
@@ -97,6 +104,7 @@ Required privilege: *Process Operations*
 
 Example: `suspend-process --pid 123 --comment "Suspend suspicious process"`
 
+[discrete]
 === `get-file`
 
 Retrieve a file from a host. Files are downloaded in a password-protected `.zip` archive to prevent the file from running. Use password `elastic` to open the `.zip` in a safe environment.
@@ -116,6 +124,7 @@ TIP: You can use the <<use-osquery,Osquery manager integration>> to query a host
 When {elastic-defend} prevents file activity due to <<malware-protection,malware prevention>>, the file is quarantined on the host and a malware prevention alert is created. To retrieve this file with `get-file`, copy the path from the alert's *Quarantined file path* field (`file.Ext.quarantine_path`), which appears under *Highlighted fields* in the alert details flyout. Then paste the value into the `--path` parameter. 
 ====
 
+[discrete]
 === `execute`
 
 Run a shell command on the host. The command's output and any errors appear in the response console, up to 2000 characters. The complete output (stdout and stderr) are also saved to a downloadable `.zip` archive (password: `elastic`). Use these parameters:
@@ -139,6 +148,7 @@ Example: `execute --command "ls -al" --timeout 2s --comment "Get list of all fil
 
 WARNING: This response action runs commands on the host using the same user account running the {elastic-defend} integration, which normally has full control over the system. Be careful with any commands that could cause irrevocable changes.
 
+[discrete]
 === `upload`
 
 Upload a file to the host. The file is saved to the location on the host where {elastic-endpoint} is installed. After you run the command, the full path is returned in the console for reference. Use these parameters:
@@ -154,29 +164,35 @@ TIP: You can follow this with the `execute` response action to upload and run sc
 
 NOTE: The default file size maximum is 25 MB, configurable in `kibana.yml` with the `maxUploadResponseActionFileBytes` setting. You must enter the value in bytes (the maximum is `104857600` bytes, or 100 MB).
 
+[discrete]
 [[supporting-commands-parameters]]
 == Supporting commands and parameters
 
+[discrete]
 === `--comment`
 
 Add to a command to include a comment explaining or describing the action. Comments are included in the response actions history.
 
+[discrete]
 === `--help`
 
 Add to a command to get help for that command.
 
 Example: `isolate --help`
 
+[discrete]
 === `clear`
 
 Clear all output from the response console.
 
+[discrete]
 === `help`
 
 List supported commands in the console output area.
 
 TIP: You can also get a list of commands in the <<help-panel,Help panel>>, which stays on the screen independently of the output area.
 
+[discrete]
 [[help-panel]]
 == Help panel
 
@@ -194,11 +210,15 @@ If the endpoint is running an older version of {agent}, some response actions ma
 [role="screenshot"]
 image::images/response-console-unsupported-command.png[Unsupported response action with tooltip,350]
 
-
+[discrete]
 [[actions-log]]
 == Response actions history
 
 Click *Response actions history* to display a log of the response actions performed on the endpoint, such as isolating a host or terminating a process. You can filter the information displayed in this view. Refer to <<response-actions-history>> for more details.
 
 [role="screenshot"]
 image::images/response-actions-history-console.png[Response actions history with a few past actions,85%]
+
+include::host-isolation-ov.asciidoc[leveloffset=+1]
+include::response-actions-history.asciidoc[leveloffset=+1]
+include::response-actions-config.asciidoc[leveloffset=+1]
diff --git a/docs/management/manage-intro.asciidoc b/docs/management/manage-intro.asciidoc
@@ -1,14 +1,10 @@
 [[sec-manage-intro]]
 
-= Endpoint management
+= Manage endpoint protection
 
 The following section provides an overview of the management tools admins can use to manage endpoints, integration policies, trusted applications, event filters, host isolation exceptions, and blocked applications.
 
 include::{security-docs-root}/docs/management/admin/admin-pg-ov.asciidoc[leveloffset=+1]
-include::{security-docs-root}/docs/management/admin/response-actions.asciidoc[leveloffset=+2]
-include::{security-docs-root}/docs/management/admin/host-isolation-ov.asciidoc[leveloffset=+2]
-include::{security-docs-root}/docs/management/admin/response-actions-history.asciidoc[leveloffset=+2]
-include::{security-docs-root}/docs/management/admin/response-actions-config.asciidoc[leveloffset=+2]
 include::{security-docs-root}/docs/management/admin/policy-list.asciidoc[leveloffset=+1]
 include::{security-docs-root}/docs/management/admin/trusted-apps.asciidoc[leveloffset=+1]
 include::{security-docs-root}/docs/management/admin/event-filters.asciidoc[leveloffset=+1]