diff --git a/docs/cloud-native-security/session-view.asciidoc b/docs/cloud-native-security/session-view.asciidoc index 7c2084dac0..aa96f64a86 100644 --- a/docs/cloud-native-security/session-view.asciidoc +++ b/docs/cloud-native-security/session-view.asciidoc @@ -33,11 +33,11 @@ but this data is not always collected by default. To confirm that Session View d . Go to *Manage* -> *Policies*, and edit one or more of your {elastic-defend} integration policies. . Select the *Policy settings* tab, then scroll down to the Linux event collection section near the bottom. -. Check the box for *Process* events, and turn on the *Include session data* toggle. +. Check the box for *Process* events, and turn on the *Collect session data* toggle. . If you want to include file and network alerts in Session View, check the boxes for *Network* and *File* events. . If you want to enable terminal output capture, turn on the *Capture terminal output* toggle. -Session View can only display data that was collected by {elastic-defend} when *Include session data* was enabled. When this setting is enabled, {elastic-defend} includes additional process context data in captured process, file, and network events. For more information about the additional +Session View can only display data that was collected by {elastic-defend} when *Collect session data* was enabled. When this setting is enabled, {elastic-defend} includes additional process context data in captured process, file, and network events. For more information about the additional fields collected when this setting is enabled, refer to the https://github.com/elastic/ecs/blob/main/rfcs/text/0030-linux-event-model.md[Linux event model RFC]. @@ -127,7 +127,7 @@ To enable terminal output data capture: . Go to *Manage* -> *Policies*, then select one or more of your {elastic-defend} integration policies to edit. . On the *Policy settings* tab, scroll down to the Linux event collection section near the bottom of the page -and select the *Include session data* and *Capture terminal output* options. +and select the *Collect session data* and *Capture terminal output* options. You can configure several additional settings by clicking *Advanced settings* at the bottom of the page: diff --git a/docs/detections/alerts-view-details.asciidoc b/docs/detections/alerts-view-details.asciidoc index 51192bc970..d0aeca2c37 100644 --- a/docs/detections/alerts-view-details.asciidoc +++ b/docs/detections/alerts-view-details.asciidoc @@ -249,7 +249,7 @@ preview::[] * **Related cases**: Shows cases to which the alert has been added. Click a case's name to open its details. * **Alerts related by source event**: Shows alerts created by the same source event. This can help you find alerts with a shared origin and provide more context about the source event. Click the *Investigate in timeline* button to examine related alerts in Timeline. -* **Alerts related by session**: Shows alerts generated during the same <>. These alerts share the same session ID, which is a unique ID for tracking a given Linux session. To use this feature, you must enable the *Include session data* setting in your {elastic-defend} integration policy. Refer to <> for more information. +* **Alerts related by session**: Shows alerts generated during the same <>. These alerts share the same session ID, which is a unique ID for tracking a given Linux session. To use this feature, you must enable the *Collect session data* setting in your {elastic-defend} integration policy. Refer to <> for more information. * **Alerts related by ancestry**: Shows alerts that are related by process events on the same linear branch. Note that alerts generated from processes on child or related branches are not shown. To further examine alerts, click *Investigate in timeline*. [discrete] diff --git a/docs/getting-started/images/install-endpoint/behavior-protection.png b/docs/getting-started/images/install-endpoint/behavior-protection.png index b8417efd3e..a9fa3d5551 100644 Binary files a/docs/getting-started/images/install-endpoint/behavior-protection.png and b/docs/getting-started/images/install-endpoint/behavior-protection.png differ diff --git a/docs/getting-started/images/install-endpoint/event-collection.png b/docs/getting-started/images/install-endpoint/event-collection.png index 8497821bb0..b408295e7b 100644 Binary files a/docs/getting-started/images/install-endpoint/event-collection.png and b/docs/getting-started/images/install-endpoint/event-collection.png differ diff --git a/docs/getting-started/images/install-endpoint/memory-protection.png b/docs/getting-started/images/install-endpoint/memory-protection.png index 70afdd172e..b5fae9f154 100644 Binary files a/docs/getting-started/images/install-endpoint/memory-protection.png and b/docs/getting-started/images/install-endpoint/memory-protection.png differ diff --git a/docs/getting-started/images/install-endpoint/ransomware-protection.png b/docs/getting-started/images/install-endpoint/ransomware-protection.png index 9bf86788fd..824194f19b 100644 Binary files a/docs/getting-started/images/install-endpoint/ransomware-protection.png and b/docs/getting-started/images/install-endpoint/ransomware-protection.png differ diff --git a/docs/management/admin/blocklist.asciidoc b/docs/management/admin/blocklist.asciidoc index fb7e951761..d303c8f26b 100644 --- a/docs/management/admin/blocklist.asciidoc +++ b/docs/management/admin/blocklist.asciidoc @@ -50,7 +50,7 @@ NOTE: You can also select the `Per Policy` option without immediately assigning . When you're done adding entries to the blocklist, ensure that the blocklist is enabled for the {elastic-defend} integration policies that you just assigned: .. Go to **Manage** -> **Policies**, then click on an integration policy. -.. On the **Policy settings** tab, ensure that the **Malware protections enabled** and **Blocklist enabled** toggles are switched on. Both settings are enabled by default. +.. On the **Policy settings** tab, ensure that the **Malware protections** and **Blocklist** toggles are switched on. Both settings are enabled by default. [discrete] [[manage-blocklist]]