[cloud][8.13] Enable / Disable benchmark rules (#4936)

* new content and screenshot * updates KSPM benchmarks page, updates title * bugfix * content reorg * minor reorg, adds headings * reorgs other copy of page * bugfix * Incorporates Yarden's review :) * incorporates Nat's and Stash's reviews (cherry picked from commit 0c2aa8e)
elastic · Mar 25, 2024 · 97f7ef4 · 97f7ef4
1 parent 5b80b2f
commit 97f7ef4
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 23 deletions.
diff --git a/docs/cloud-native-security/cspm-benchmark-rules.asciidoc b/docs/cloud-native-security/cspm-benchmark-rules.asciidoc
@@ -1,8 +1,13 @@
 [[cspm-benchmark-rules]]
-= Benchmark rules
-The Benchmark Integrations page lets you view the cloud security posture (CSP) benchmark rules for the <<cspm, Cloud security posture management>> (CSPM) and <<kspm, Kubernetes security posture management>> (KSPM) integrations.
+= Benchmarks
+The Benchmarks page lets you view the cloud security posture (CSP) benchmark rules for the <<cspm, Cloud security posture management>> (CSPM) and <<kspm, Kubernetes security posture management>> (KSPM) integrations.
 
-Benchmark rules are used by these integrations to identify configuration risks in your cloud infrastructure. Benchmark rules are based on the Center for Internet Security's (CIS) https://www.cisecurity.org/cis-benchmarks/[secure configuration benchmarks].
+[role="screenshot"]
+image::images/benchmark-rules.png[Benchmarks page]
+
+[discrete]
+== What are benchmark rules?
+Benchmark rules are used by the CSPM and KSPM integrations to identify configuration risks in your cloud infrastructure. Benchmark rules are based on the Center for Internet Security's (CIS) https://www.cisecurity.org/cis-benchmarks/[secure configuration benchmarks]. 
 
 Each benchmark rule checks to see if a specific type of resource is configured according to a CIS Benchmark. The names of rules describe what they check, for example:
 
@@ -11,21 +16,21 @@ Each benchmark rule checks to see if a specific type of resource is configured a
 * `Ensure IAM policies that allow full "*:*" administrative privileges are not attached`
 * `Ensure the default namespace is not in use`
 
+When benchmark rules are evaluated, the resulting <<findings-page, findings>> data appears on the <<cloud-posture-dashboard, Cloud Security Posture dashboard>>. 
 
-When benchmark rules are evaluated, the resulting <<findings-page, findings>> data appears on the <<cloud-posture-dashboard, Cloud Security Posture dashboard>>.
+NOTE: Benchmark rules are not editable.
 
-To find the Benchmark Integrations page, go to **Rules -> Benchmark rules**. From there, you can view the benchmark rules associated with an existing integration by clicking the integration name.
+[discrete]
+== Review your benchmarks
 
-[role="screenshot"]
-image::images/benchmark-rules.png[Benchmark rules page]
+To access your active benchmarks, go to **Rules -> Benchmarks**. From there, you can click a benchmark's name to view the benchmark rules associated with it. You can click a benchmark rule's name to see details including information about how to remediate it, and related links. 
 
-You can then click on a benchmark rule's name to see details, including information about how to remediate failures and related links.
+Benchmark rules are enabled by default, but you can disable some of them — at the benchmark level — to suit your environment. This means for example that if you have two integrations using the `CIS AWS` benchmark, disabling a rule for that benchmark affects both integrations. To enable or disable a rule, use the **Enabled** toggle on the right of the rules table. 
 
-NOTE: Benchmark rules are not editable.
+NOTE: Disabling a benchmark rule automatically disables any associated detection rules and alerts. Re-enabling a benchmark rule **does not** automatically re-enable them.
 
 [discrete]
 == How benchmark rules work
-
 . When a security posture management integration is deployed, and every four hours after that, {agent} fetches relevant cloud resources.
-. After resources are fetched, they are evaluated against all applicable benchmark rules.
+. After resources are fetched, they are evaluated against all applicable enabled benchmark rules.
 . Finding values of `pass` or `fail` indicate whether the standards defined by benchmark rules were met.
diff --git a/docs/cloud-native-security/images/benchmark-rules.png b/docs/cloud-native-security/images/benchmark-rules.png
diff --git a/docs/cloud-native-security/kspm-benchmark-rules.asciidoc b/docs/cloud-native-security/kspm-benchmark-rules.asciidoc
@@ -1,8 +1,13 @@
 [[benchmark-rules]]
-= Benchmark rules
-The Benchmark Integrations page lets you view the cloud security posture (CSP) benchmark rules for the <<cspm, Cloud security posture mangaement>> (CSPM) and <<kspm, Kubernetes security posture management>> (KSPM) integrations.
+= Benchmarks
+The Benchmarks page lets you view the cloud security posture (CSP) benchmark rules for the <<cspm, Cloud security posture management>> (CSPM) and <<kspm, Kubernetes security posture management>> (KSPM) integrations.
 
-Benchmark rules are used by these integrations to identify configuration risks in your cloud infrastructure. Benchmark rules are based on the Center for Internet Security's (CIS) https://www.cisecurity.org/cis-benchmarks/[secure configuration benchmarks].
+[role="screenshot"]
+image::images/benchmark-rules.png[Benchmarks page]
+
+[discrete]
+== What are benchmark rules?
+Benchmark rules are used by the CSPM and KSPM integrations to identify configuration risks in your cloud infrastructure. Benchmark rules are based on the Center for Internet Security's (CIS) https://www.cisecurity.org/cis-benchmarks/[secure configuration benchmarks]. 
 
 Each benchmark rule checks to see if a specific type of resource is configured according to a CIS Benchmark. The names of rules describe what they check, for example:
 
@@ -11,21 +16,21 @@ Each benchmark rule checks to see if a specific type of resource is configured a
 * `Ensure IAM policies that allow full "*:*" administrative privileges are not attached`
 * `Ensure the default namespace is not in use`
 
+When benchmark rules are evaluated, the resulting <<findings-page, findings>> data appears on the <<cloud-posture-dashboard, Cloud Security Posture dashboard>>. 
 
-When benchmark rules are evaluated, the resulting <<findings-page, findings>> data appears on the <<cloud-posture-dashboard, Cloud Security Posture dashboard>>.
+NOTE: Benchmark rules are not editable.
 
-To find the Benchmark Integrations page, go to **Rules -> Benchmark rules**. From there, you can view the benchmark rules associated with an existing integration by clicking the integration name.
+[discrete]
+== Review your benchmarks
 
-[role="screenshot"]
-image::images/benchmark-rules.png[Benchmark rules page]
+To access your active benchmarks, go to **Rules -> Benchmarks**. From there, you can click a benchmark's name to view the benchmark rules associated with it. You can click a benchmark rule's name to see details including information about how to remediate it, and related links. 
 
-You can then click on a benchmark rule's name to see details, including information about how to remediate failures and related links.
+Benchmark rules are enabled by default, but you can disable some of them — at the benchmark level — to suit your environment. This means for example that if you have two integrations using the `CIS AWS` benchmark, disabling a rule for that benchmark affects both integrations. To enable or disable a rule, use the **Enabled** toggle on the right of the rules table. 
 
-NOTE: Benchmark rules are not editable.
+NOTE: Disabling a benchmark rule automatically disables any associated detection rules and alerts. Re-enabling a benchmark rule **does not** automatically re-enable them.
 
 [discrete]
 == How benchmark rules work
-
 . When a security posture management integration is deployed, and every four hours after that, {agent} fetches relevant cloud resources.
-. After resources are fetched, they are evaluated against all applicable benchmark rules.
+. After resources are fetched, they are evaluated against all applicable enabled benchmark rules.
 . Finding values of `pass` or `fail` indicate whether the standards defined by benchmark rules were met.
diff --git a/docs/getting-started/security-ui.asciidoc b/docs/getting-started/security-ui.asciidoc
@@ -92,7 +92,7 @@ Expand this section to access the following pages:
 [role="screenshot"]
 image::images/all-rules.png[Rules page]
 +
-* <<benchmark-rules, *Benchmark Integrations*>>: View, enable, or disable benchmark rules.
+* <<benchmark-rules, *Benchmarks*>>: View, set up, or configure cloud security benchmarks.
 +
 [role="screenshot"]
 image::images/benchmark-rules.png[Benchmark Integrations page]