Merge branch 'main' into issues-5516-5517

docs/AI-for-security/ai-for-security.asciidoc

@@ -15,6 +15,7 @@ include::connector-guides-landing-pg.asciidoc[leveloffset=+1]
 include::connect-to-azure-openai.asciidoc[leveloffset=+2]
 include::connect-to-bedrock.asciidoc[leveloffset=+2]
 include::connect-to-openai.asciidoc[leveloffset=+2]
+include::connect-to-vertex.asciidoc[leveloffset=+2]
 include::connect-to-byo.asciidoc[leveloffset=+2]
 
 

docs/AI-for-security/connect-to-vertex.asciidoc

@@ -0,0 +1,119 @@
+[[connect-to-vertex]]
+= Connect to Google Vertex
+
+:frontmatter-description: Set up a Google Vertex LLM connector.
+:frontmatter-tags-products: [security]
+:frontmatter-tags-content-type: [guide]
+:frontmatter-tags-user-goals: [get-started]
+
+This page provides step-by-step instructions for setting up a Google Vertex AI connector for the first time. This connector type enables you to leverage Vertex AI's large language models (LLMs) within {elastic-sec}. You'll first need to enable Vertex AI, then generate an API key, and finally configure the connector in your {elastic-sec} project.
+
+IMPORTANT: Before continuing, you should have an active project in one of Google Vertex AI's https://cloud.google.com/vertex-ai/docs/general/locations#feature-availability[supported regions]. 
+
+[discrete]
+== Enable the Vertex AI API
+
+1. Log in to the GCP console and navigate to **Vertex AI → Vertex AI Studio → Overview**. 
+2. If you're new to Vertex AI, the **Get started with Vertex AI Studio** popup appears. Click **Vertex AI API**, then click **ENABLE**.
+
+The following video demonstrates these steps.
+
+=======
+++++
+<script type="text/javascript" async src="https://play.vidyard.com/embed/v4.js"></script>
+<img
+  style="width: 100%; margin: auto; display: block;"
+  class="vidyard-player-embed"
+  src="https://play.vidyard.com/vFhtbiCZiKhvdZGy2FjyeT.jpg"
+  data-uuid="vFhtbiCZiKhvdZGy2FjyeT"
+  data-v="4"
+  data-type="inline"
+/>
+</br>
+++++
+=======
+
+NOTE: For more information about enabling the Vertex AI API, refer to https://cloud.google.com/vertex-ai/docs/start/cloud-environment[Google's documentation].
+
+[discrete] 
+== Create a Vertex AI service account
+
+1. In the GCP console, navigate to **APIs & Services → Library**.
+2. Search for **Vertex AI API**, select it, and click **MANAGE**.
+3. In the left menu, navigate to **Credentials** then click **+ CREATE CREDENTIALS** and select **Service account**.
+4. Name the new service account, then click **CREATE AND CONTINUE**. 
+5. Under **Select a role**, select **Vertex AI User**, then click **CONTINUE**.
+6. Click **Done**.
+
+The following video demonstrates these steps.
+
+=======
+++++
+<script type="text/javascript" async src="https://play.vidyard.com/embed/v4.js"></script>
+<img
+  style="width: 100%; margin: auto; display: block;"
+  class="vidyard-player-embed"
+  src="https://play.vidyard.com/tmresYYiags2w2nTv3Gac8.jpg"
+  data-uuid="tmresYYiags2w2nTv3Gac8"
+  data-v="4"
+  data-type="inline"
+/>
+</br>
+++++
+=======
+
+[discrete] 
+== Generate an API key
+
+1. Return to Vertex AI's **Credentials** menu and click **Manage service accounts**.
+2. Search for the service account you just created, select it, then click the link that appears under **Email**.
+3. Go to the **KEYS** tab, click **ADD KEY**, then select **Create new key**.
+4. Select **JSON**, then click **CREATE** to download the key. Keep it somewhere secure.
+
+The following video demonstrates these steps.
+
+=======
+++++
+<script type="text/javascript" async src="https://play.vidyard.com/embed/v4.js"></script>
+<img
+  style="width: 100%; margin: auto; display: block;"
+  class="vidyard-player-embed"
+  src="https://play.vidyard.com/hrcy3F9AodwhJcV1i2yqbG.jpg"
+  data-uuid="hrcy3F9AodwhJcV1i2yqbG"
+  data-v="4"
+  data-type="inline"
+/>
+</br>
+++++
+=======
+
+[discrete]
+== Configure the Google Gemini connector
+
+Finally, configure the connector in your Elastic deployment:
+
+1. Log in to your Elastic deployment.
+2. Navigate to **Stack Management → Connectors → Create Connector → Google Gemini**.
+3. Name your connector to help keep track of the model version you are using.
+4. Under **URL**, enter the URL for your region.
+5. Enter your **GCP Region** and **GCP Project ID**.
+6. Under **Default model**, specify either `gemini-1.5.pro` or `gemini-1.5-flash`. https://cloud.google.com/vertex-ai/generative-ai/docs/learn/models[Learn more about the models].
+7. Under **Authentication**, enter your API key.
+8. Click **Save**.
+
+The following video demonstrates these steps.
+
+=======
+++++
+<script type="text/javascript" async src="https://play.vidyard.com/embed/v4.js"></script>
+<img
+  style="width: 100%; margin: auto; display: block;"
+  class="vidyard-player-embed"
+  src="https://play.vidyard.com/8L2WPm2HKN1cH872Gs5uvL.jpg"
+  data-uuid="8L2WPm2HKN1cH872Gs5uvL"
+  data-v="4"
+  data-type="inline"
+/>
+</br>
+++++
+=======

docs/AI-for-security/connector-guides-landing-pg.asciidoc

@@ -8,4 +8,5 @@ Setup guides are available for the following LLM providers:
 * <<assistant-connect-to-azure-openai, Azure OpenAI>>
 * <<assistant-connect-to-bedrock, Amazon Bedrock>>
 * <<assistant-connect-to-openai, OpenAI>>
+* <<connect-to-vertex, Google Vertex>>
 * <<connect-to-byo-llm, LM Studio (custom local LLM)>>

docs/cloud-native-security/cspm-get-started-gcp.asciidoc

@@ -60,11 +60,6 @@ For most users, the simplest option is to use a Google Cloud Shell script to aut
 +
 image::images/cspm-cloudshell-trust.png[The cloud shell confirmation popup]
 +
-NOTE: Google has deprecated its old Cloud Shell editor. If you continue to use it, you may encounter the following message:
-+
-image::images/cspm-cloudshell-old-editor.png[The cloud shell switch editor popup]
-+
-If the message appears, click **X** or **Try the new Editor** and follow the next steps. When you switch to the new editor, your context should remain unchanged.
 . In Google Cloud Shell, execute the command you copied. Once it finishes, return to {kib} and wait for the confirmation of data received from your new integration. Then you can click **View Assets** to see your data.
 
 NOTE: If you encounter any issues running the command, return to {kib} and navigate again to Google Cloud Shell.

docs/getting-started/configure-integration-policy.asciidoc

@@ -212,7 +212,9 @@ register {elastic-sec} as your hosts' antivirus software by enabling **Register
 
 NOTE: Windows Server versions are not supported. Antivirus registration requires Windows Security Center, which is not included in Windows Server operating systems.
 
-You can also choose **Sync with malware protection level** to automatically set antivirus registration based on how you've configured {elastic-defend}'s <<malware-protection,malware protection>>. If malware protection is turned on and set to **Prevent**, antivirus registration will also be enabled; in any other case, antivirus registration will be disabled.
+By default, the **Sync with malware protection level** is selected to automatically set antivirus registration to match how you've configured {elastic-defend}'s <<malware-protection,malware protection>>. If malware protection is turned on _and_ set to **Prevent**, antivirus registration will also be enabled; in any other case, antivirus registration will be disabled.
+
+If you don't want to sync antivirus registration, you can set it manually with **Enabled** or **Disabled**.
 
 [role="screenshot"]
 image::images/register-as-antivirus.png[Detail of Register as antivirus option.]

docs/getting-started/data-views-in-sec.asciidoc

@@ -28,7 +28,7 @@ image::images/dataview-filter-example.gif[video showing how to filter the active
 
 This only allows you to add index patterns that match indices that currently contain data (other index patterns are unavailable). Note that any changes made are saved in the current browser window and won't persist if you open a new tab.
 
-NOTE: You cannot update the data view for the Alerts page. It always shows data from `.alerts-security.alerts-default`.
+NOTE: You cannot update the data view for the Alerts page. This includes referencing a cross-cluster search (CCS) data view or any other data view. The Alerts page always shows data from `.alerts-security.alerts-default`.
 
 [discrete]
 [[default-data-view-security]]

docs/serverless/cloud-native-security/vuln-management-faq.mdx

@@ -19,6 +19,10 @@ The CNVM integration uses various security data sources. The complete list can b
 
 CNVM uses the open source scanner [Trivy](https://github.com/aquasecurity/trivy) v0.35.
 
+**What system architectures are supported?**
+
+Because of Trivy's limitations, CNVM can only be deployed on ARM-based VMs. However, it can scan hosts regardless of system architecture.
+
 **How often are the security data sources synchronized?**
 
 The CNVM integration fetches the latest data sources at the beginning of every scan cycle to ensure up-to-date vulnerability information.

docs/serverless/cloud-native-security/vuln-management-get-started.mdx

@@ -15,6 +15,7 @@ This page explains how to set up Cloud Native Vulnerability Management (CNVM).
 
 * CNVM only works in the `Default` ((kib)) space. Installing the CNVM integration on a different ((kib)) space will not work. 
 * Requires ((agent)) version 8.8 or higher.
+* CNVM can only be deployed on ARM-based VMs. 
 * To view vulnerability scan findings, you need the appropriate user role to read the following indices:
     * `logs-cloud_security_posture.vulnerabilities-*`
     * `logs-cloud_security_posture.vulnerabilities_latest-*`

docs/serverless/edr-install-config/configure-endpoint-integration-policy.mdx

@@ -249,7 +249,9 @@ register ((elastic-sec)) as your hosts' antivirus software by enabling **Registe
 Windows Server is not supported. Antivirus registration requires Windows Security Center, which is not included in Windows Server operating systems.
 </DocCallOut>
 
-You can also choose **Sync with malware protection level** to automatically set antivirus registration based on how you've configured ((elastic-defend))'s <DocLink slug="/serverless/security/configure-endpoint-integration-policy" section="malware-protection">malware protection</DocLink>. If malware protection is turned on and set to **Prevent**, antivirus registration will also be enabled; in any other case, antivirus registration will be disabled.
+By default, the **Sync with malware protection level** is selected to automatically set antivirus registration to match how you've configured ((elastic-defend))'s <DocLink slug="/serverless/security/configure-endpoint-integration-policy" section="malware-protection">malware protection</DocLink>. If malware protection is turned on _and_ set to **Prevent**, antivirus registration will also be enabled; in any other case, antivirus registration will be disabled.
+
+If you don't want to sync antivirus registration, you can set it manually with **Enabled** or **Disabled**.
 
 ![Detail of Register as antivirus option.](../images/configure-endpoint-integration-policy/-getting-started-register-as-antivirus.png)