[8.16] Nav changes for "Manage Elastic Defend" and "Endpoint response…

… actions" sections (backport #6073) (#6118) * Nav changes for "Manage Elastic Defend" and "Endpoint response actions" sections (#6073) * Update "Trusted applications" * Update "Event filters" * Update "Host isolation exceptions" * Update "Blocklist" * Update "Isolate a host" * Update "Response actions history" * Update "Configure third-party response actions" * Fix "Configure third-party response actions" * Apply suggestions from Nastasha's review Co-authored-by: Nastasha Solomon <[email protected]> * Revise to "navigation menu" --------- Co-authored-by: Nastasha Solomon <[email protected]> (cherry picked from commit 5f71cc1) # Conflicts: # docs/serverless/edr-manage/blocklist.asciidoc # docs/serverless/edr-manage/event-filters.asciidoc # docs/serverless/edr-manage/host-isolation-exceptions.asciidoc # docs/serverless/edr-manage/trusted-apps-ov.asciidoc # docs/serverless/endpoint-response-actions/host-isolation-ov.asciidoc # docs/serverless/endpoint-response-actions/response-actions-config.asciidoc # docs/serverless/endpoint-response-actions/response-actions-history.asciidoc * Delete docs/serverless directory and its contents --------- Co-authored-by: Joe Peeples <[email protected]> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
elastic · Nov 11, 2024 · 614d4d8 · 614d4d8
1 parent d267579
commit 614d4d8
Show file tree

Hide file tree

Showing 7 changed files with 13 additions and 15 deletions.
diff --git a/docs/management/admin/blocklist.asciidoc b/docs/management/admin/blocklist.asciidoc
@@ -16,7 +16,7 @@ The blocklist is not intended to broadly block benign applications for non-secur
 
 By default, a blocklist entry is recognized globally across all hosts running {elastic-defend}. If you have a https://www.elastic.co/pricing[Platinum or Enterprise subscription], you can also assign a blocklist entry to specific {elastic-defend} integration policies, which blocks the process only on hosts assigned to that policy.
 
-. Go to **Manage** -> **Blocklist**.
+. Find **Blocklist** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
 
 . Click **Add blocklist entry**. The **Add blocklist** flyout appears.
 
@@ -49,7 +49,7 @@ NOTE: You can also select the `Per Policy` option without immediately assigning
 . Click **Add blocklist**. The new entry is added to the **Blocklist** page.
 
 . When you're done adding entries to the blocklist, ensure that the blocklist is enabled for the {elastic-defend} integration policies that you just assigned:
-.. Go to **Manage** -> **Policies**, then click on an integration policy.
+.. Go to the **Policies** page, then click on an integration policy.
 .. On the **Policy settings** tab, ensure that the **Malware protections** and **Blocklist** toggles are switched on. Both settings are enabled by default.
 
 [discrete]

diff --git a/docs/management/admin/event-filters.asciidoc b/docs/management/admin/event-filters.asciidoc
@@ -22,7 +22,6 @@ Create event filters from the Hosts page or the Event filters page.
 +
 --
 * To create an event filter from the Hosts page:
-.. Go to *Explore* -> *Hosts*.
 .. Select the *Events* tab to view the Events table.
 +
 .. Find the event to filter, click the *More actions* menu (*...*), then select *Add Endpoint event filter*.
@@ -31,8 +30,7 @@ TIP: Since you can only create filters for endpoint events, be sure to filter th
 For example, in the KQL search bar, enter the following query to find endpoint network events: `event.dataset : endpoint.events.network`.
 
 * To create an event filter from the Event filters page:
-.. Go to *Manage* -> *Event filters*.
-.. Click *Add event filter*. The *Add event filter* flyout opens.
+.. Cick *Add event filter*, which opens a flyout.
 --
 +
 [role="screenshot"]

diff --git a/docs/management/admin/host-isolation-exceptions.asciidoc b/docs/management/admin/host-isolation-exceptions.asciidoc
@@ -21,7 +21,7 @@ You must have the *Host Isolation Exceptions* <<endpoint-management-req,privileg
 
 Host isolation is a https://www.elastic.co/pricing[Platinum or Enterprise subscription] feature. By default, a host isolation exception is recognized globally across all hosts running {elastic-defend}. You can also assign a host isolation exception to a specific {elastic-defend} integration policy, affecting only the hosts assigned to that policy.
 
-. Go to **Manage** -> **Host isolation exceptions**.
+. Find **Host isolation exceptions** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
 . Click **Add Host isolation exception**.
 . Fill in these fields in the **Add Host isolation exception** flyout:
 .. `Name your host isolation exceptions`: Enter a name to identify the host isolation exception.

diff --git a/docs/management/admin/host-isolation-ov.asciidoc b/docs/management/admin/host-isolation-ov.asciidoc
@@ -55,7 +55,7 @@ All actions executed on a host are tracked in the host’s response actions hist
 .Isolate a host from an endpoint
 [%collapsible]
 ====
-. Go to *Manage -> Endpoints*, then either:
+. Find **Endpoints** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], then either:
     * Select the appropriate endpoint in the *Endpoint* column, and click *Take action -> Isolate host* in the endpoint details flyout.
     * Click the *Actions* menu (*...*) on the appropriate endpoint, then select *Isolate host*.
 . Enter a comment describing why you’re isolating the host (optional).
@@ -112,7 +112,7 @@ image::images/host-isolated-notif.png[Host isolated notification message,350]
 .Release a host from an endpoint
 [%collapsible]
 ====
-. Go to *Manage -> Endpoints*, then either:
+. Find **Endpoints** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], then either:
     * Select the appropriate endpoint in the *Endpoint* column, and click *Take action -> Release host* in the endpoint details flyout.
     * Click the *Actions* menu (*...*) on the appropriate endpoint, then select *Release host*.
 . Enter a comment describing why you're releasing the host (optional).
@@ -142,7 +142,7 @@ image::images/host-released-notif.png[Host released notification message,350]
 
 To confirm if a host has been successfully isolated or released, check the response actions history, which logs the response actions performed on a host.
 
-Go to *Manage* -> *Endpoints*, click an endpoint's name, then click the *Response action history* tab. You can filter the information displayed in this view. Refer to <<response-actions-history>> for more details.
+Go to the *Endpoints* page, click an endpoint's name, then click the *Response action history* tab. You can filter the information displayed in this view. Refer to <<response-actions-history>> for more details.
 
 [role="screenshot"]
 image::images/response-actions-history-endpoint-details.png[Response actions history page UI,75%]
diff --git a/docs/management/admin/response-actions-config.asciidoc b/docs/management/admin/response-actions-config.asciidoc
@@ -51,7 +51,7 @@ Expand a section below for your endpoint security system:
 . **Install the CrowdStrike integration and {agent}.** Elastic's {integrations-docs}/crowdstrike[CrowdStrike integration]
  collects and ingests logs into {elastic-sec}.
 +
-.. Go to **Integrations**, search for and select **CrowdStrike**, then select **Add CrowdStrike**.
+.. Find **Integrations** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], search for and select **CrowdStrike**, then select **Add CrowdStrike**.
 .. Configure the integration with an **Integration name** and optional **Description**.
 .. Select **Collect CrowdStrike logs via API**, and enter the required **Settings**:
    - **Client ID**: Client ID for the API client used to read CrowdStrike data.
@@ -66,7 +66,7 @@ Expand a section below for your endpoint security system:
 +
 IMPORTANT: Do not create more than one CrowdStrike connector.
 +
-.. Go to **Stack Management** → **Connectors**, then select **Create connector**.
+.. Find **Connectors** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], then select **Create connector**.
 .. Select the CrowdStrike connector.
 .. Enter the configuration information:
    - **Connector name**: A name to identify the connector.
@@ -100,7 +100,7 @@ Refer to the {integrations-docs}/sentinel_one[SentinelOne integration docs] or S
 
 . **Install the SentinelOne integration and {agent}.** Elastic's {integrations-docs}/sentinel_one[SentinelOne integration] collects and ingests logs into {elastic-sec}.
 +
-.. Go to **Integrations**, search for and select **SentinelOne**, then select **Add SentinelOne**.
+.. Find **Integrations** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], search for and select **SentinelOne**, then select **Add SentinelOne**.
 .. Configure the integration with an **Integration name** and optional **Description**.
 .. Ensure that **Collect SentinelOne logs via API** is selected, and enter the required **Settings**:
    - **URL**: The SentinelOne console URL.
@@ -113,7 +113,7 @@ Refer to the {integrations-docs}/sentinel_one[SentinelOne integration docs] or S
 +
 IMPORTANT: Do not create more than one SentinelOne connector.
 
-.. Go to **Stack Management** → **Connectors**, then select **Create connector**.
+.. Find **Connectors** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], then select **Create connector**.
 .. Select the **SentinelOne** connector.
 .. Enter the configuration information:
    - **Connector name**: A name to identify the connector.

diff --git a/docs/management/admin/response-actions-history.asciidoc b/docs/management/admin/response-actions-history.asciidoc
@@ -14,7 +14,7 @@
 You must have the *Response Actions History* <<endpoint-management-req,privilege>> to access this feature.
 --
 
-To access the response actions history for all endpoints, go to *Manage* -> *Response actions history*. You can also access the response actions history for an individual endpoint from these areas:
+To access the response actions history for all endpoints, find **Response actions history** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]. You can also access the response actions history for an individual endpoint from these areas:
 
 * *Endpoints* page: Click an endpoint's name to open the details flyout, then click the *Response actions history* tab.
 * *Response console* page: Click the *Response actions history* button.

diff --git a/docs/management/admin/trusted-apps.asciidoc b/docs/management/admin/trusted-apps.asciidoc
@@ -22,7 +22,7 @@ By default, a trusted application is recognized globally across all hosts runnin
 
 To add a trusted application:
 
-. Go to *Manage* -> *Trusted applications*.
+. Find **Trusted applications** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
 
 . Click *Add trusted application*.