Merge pull request #34 from annaone/main

TW edits to text and diagram

guide/content/_index.md

@@ -1,13 +1,13 @@
 ---
 weight: 1
 title: CrowdStrike Falcon Horizon
-description: CrowdStrike Falcon Horizon monitors your AWS cloud services to detect critical security issues, common configuration errors, and patterns of suspicious behavior. 
+description: CrowdStrike Falcon Horizon monitors your AWS Cloud services to detect critical security issues, common configuration errors, and patterns of suspicious behavior.
 ---
 
 # CrowdStrike Falcon Horizon
 
-The purpose of this document is to walk you through the process of onboarding your AWS Organization with CrowdStrike Falcon Horizon. This document is intended for Customers who are using the CrowdStrike Falcon Horizon AWS Built In program(ABI) and in process of building an ABI project.
+This guide is for customers who are building a CrowdStrike Falcon Horizon integration solution using the AWS Built-In (ABI) program. It walks you through the process of onboarding your AWS organization with CrowdStrike Falcon Horizon.
 
-The AWS Built-in program is a differentiation program that validates Partner solutions which have automated their solution integrations with relevant AWS foundational services like identity, management, security and operations.  This program helps customers find and deploy a validated Partner solution that addresses specific customer use cases while providing deep visibility and control of AWS native service integration.
+ABI is a differentiation program that validates AWS Partner solutions that have automated their integrations with relevant AWS foundational services such as identity, management, security, and operations. It helps customers find and deploy a validated partner solution that addresses specific customer use cases while providing deep visibility and control of AWS native service integration.
 
-Choose [Overview](/overview/index.html) to get started.
+Choose [Overview](/overview/index.html).

guide/content/additional-resources.md

@@ -1,20 +1,20 @@
 ---
 weight: 11
-title: Additional Resources
-description: Additional Resources
+title: Additional resources
+description: Additional resources.
 ---
 
 ## Partner documentation
 
-* In CrowdStrike Falcon Console, navigate to Documentation/Falcon Horizon Overview
+* In the CrowdStrike Falcon console, navigate to **Documentation > Falcon Horizon Overview**.
 
-## AWS Services
+## AWS services
 
-* [CloudFormation StackSets](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/what-is-cfnstacksets.html)
-* [Lambda](https://docs.aws.amazon.com/lambda/latest/dg/welcome.html)
-* [IAM Roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html)
-* [EventBridge](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-what-is.html)
-* [Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html)
+* [Working with AWS CloudFormation StackSets](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/what-is-cfnstacksets.html)
+* [What is AWS Lambda?](https://docs.aws.amazon.com/lambda/latest/dg/welcome.html)
+* [IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html)
+* [What is Amazon EventBridge?](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-what-is.html)
+* [What is AWS Secrets Manager?](https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html)
 
 ## Frequently asked questions (FAQs)
 

guide/content/architecture.md

@@ -4,36 +4,29 @@ title: Architecture
 description: Solution architecture.
 ---
 
-Deploying this ABI package with default parameters builds the following architecture.
+Deploying this ABI solution with default parameters builds the following architecture.
 
-![Architecture diagram](/images/architecture.png)
+![Architecture diagram](/images/abi-crowdstrike-architecture-diagram.png)
 
-As shown in the diagram, the Quick Start sets up the following:
+As shown in the diagram, the solution sets up the following:
 
-* In all current and AWS accounts in your AWS organization:    
-    * IAM Role for Horizon to perform Read-Only activities.
-    * IAM Role too allow EventBridge to PutEvents against CrowdStrike's EventBus.
-    * EventBridge Rules in each region with CrowdStrike EventBus as target.
+* In all current Horizon accounts in your AWS organization:
+    * IAM role that allows Horizon to perform read-only activities.
+    * IAM role that allows Amazon EventBridge to perform PutEvents actions against CrowdStrike's event bus.
+    * EventBridge rules in each Region with CrowdStrike event bus as the target.
 
 * In the management account:
-    * Secrets Manager Secret to store CrowdStrike API Keys.
-    * IAM Role for Horizon to perform Read-Only activities.
-    * IAM Role for EventBridge to PutEvents against CrowdStrike's EventBus.
-    * IAM Role for Lambda Execution.
-    * Lambda function to perform account registration with CrowdStrike.
-    * Custom CloudFormation Resource to trigger Lambda Function.
-    * CloudFormation StackSet to create EventBridge Rules in each region.
-    * CloudFormation StackSet to create IAM Roles in member accounts.
-    * CloudFormation StackSet to create EventBridge Rules in member accounts.
-
-* In the log archive account:
-    * IAM Role for Horizon to perform Read-Only activities.
-    * IAM Role to allow EventBridge to PutEvents against CrowdStrike's EventBus.
-    * EventBridge Rules in each region with CrowdStrike EventBus as target.
-
-* In the security tooling account:
-    * IAM Role for Horizon to perform Read-Only activities.
-    * IAM Role to allow EventBridge to PutEvents against CrowdStrike's EventBus.
-    * EventBridge Rules in each region with CrowdStrike EventBus as target.
-
-**Next:** Choose [Deployment Options](/deployment-options/index.html) to get started.
+    * IAM role that allows Horizon to perform read-only activities.
+    * IAM role that allows EventBridge to perform PutEvents actions against CrowdStrike's event bus.
+    * IAM role for running the AWS Lambda function.
+    * In the primary Region, AWS Secrets Manager secret for storing CrowdStrike API keys and a Lambda function to perform account registration with CrowdStrike.
+    * EventBridge rules in both primary and additional Regions.
+    * A custom AWS CloudFormation resource to trigger the Lambda function.
+    * AWS CloudFormation StackSets to create EventBridge rules in each Region and to create IAM roles and EventBridge rules in member accounts.
+
+* In the child AWS accounts (log archive and security tooling accounts):
+    * EventBridge rules in each Region with CrowdStrike event bus as the target.
+    * IAM role that allows Horizon to perform read-only activities.
+    * IAM role that allows EventBridge to perform PutEvents actions against CrowdStrike's event bus.
+
+**Next:** Choose [Deployment options](/deployment-options/index.html).

guide/content/cleanup-instructions.md

@@ -1,8 +1,8 @@
 ---
 weight: 99
-title: Cleanup Instructions
-description: Instructions to cleanup the resources created by the ABI package
+title: Cleanup instructions
+description: Instructions to clean up the resources created by the ABI solution.
 ---
-## Cleanup Instructions
+## Cleanup instructions
 
-![Under Construction](/images/under_construction.jpeg)
+![Under construction](/images/under_construction.jpeg)

guide/content/costandlicenses.md

@@ -4,14 +4,14 @@ title: Cost and licenses
 description: Cost of the solution and licenses required.
 ---
 
-[CrowdStrike Bundles and Pricing](https://www.crowdstrike.com/products/?ct-q2-2023-bn-products-nav)
+[CrowdStrike bundles and pricing](https://www.crowdstrike.com/products/?ct-q2-2023-bn-products-nav)
 
-<AWS Service cost>
+<AWS service cost>
 
 <Any other costs>
 
-[CrowdStrike End User License Agreement](https://s3.amazonaws.com/EULA/314ae52f-b319-4413-9052-fe03bfbd6b21-Crowdstrike-EULA.pdf)
+[CrowdStrike terms and conditions](https://s3.amazonaws.com/EULA/314ae52f-b319-4413-9052-fe03bfbd6b21-Crowdstrike-EULA.pdf)
 
 <ABI license>
 
-**Next:** Choose [Architecture](/architecture/index.html) to get started.
+**Next:** Choose [Architecture](/architecture/index.html).

guide/content/deployment-options.md

@@ -1,22 +1,15 @@
 ---
 weight: 6
-title: Deployment Options
-description: 
+title: Deployment options
+description: Deployment options.
 ---
 
-This ABI package provides one deployment option:
+#### Deployment options supported by this ABI solution
 
-* [Deploy [[Partner Name-Product Name]] for AWS Organizations](quick-link)
+The following deployment options are supported by this ABI solution:
 
-This option builds <>.
+* Launch the [CloudFormation template in the AWS Management Console](/launch-using-cloudformation/index.html).
+* Launch using [Customizations for AWS Control Tower (CfCT)](/launch-using-cfct/index.html).
 
 
-#### Deployment options supported by this ABI package
-
-Following are the deployment options supported by this ABI package:
-
-* Launch the [CloudFormation Template in the Management Account](/launch-using-cloudformation/index.html).
-* Launch using [Customizations for Control Tower (CfCT)](/launch-using-cfct/index.html).
-
-
-**Next:** Choose [Pre Deployment Steps](/pre-deployment-steps/index.html) to get started.
+**Next:** Choose [Predeployment steps](/pre-deployment-steps/index.html).

guide/content/deployment-steps.md

@@ -1,46 +1,43 @@
 ---
 weight: 8
 title: Deployment steps
-description: Deployment steps
+description: Deployment steps.
 ---
 
+## Launch the CloudFormation template in the AWS Organizations management account
 
-## Launch the CloudFormation Template in the Management Account
 
-
-1. Download the cloudformation template from source: https://<abi-template-location>
-2. Launch CloudFormation template in your AWS Control Tower home region.
+1. Download the [Cloudformation template](https://raw.githubusercontent.com/aws-ia/cfn-abi-crowdstrike-fcs/main/templates/horizon_init_stack.yaml?token=GHSAT0AAAAAAB7Y2HOOS42IEBM5LBHOQOWWZFIJEBA).
+2. Launch the CloudFormation template in your AWS Control Tower home Region.
     * Stack name: `template-crowdstrike-enable-integrations`
-    * List Parameters with [call out default values and update below example as needed]
+    * List parameters with default values and update examples as needed:
         * **EnableIntegrationsStackName**: `template-crowdstrike-enable-integrations`
         * **EnableIntegrationsStackRegion**: `us-east-1`
         * **EnableIntegrationsStackSetAdminRoleName**: `AWSCloudFormationStackSetAdministrationRole`
         * **EnableIntegrationsStackSetExecutionRoleName**: `AWSCloudFormationStackSetExecutionRole`
         * **EnableIntegrationsStackSetExecutionRoleArn**: `arn:aws:iam::<account-id>:role/AWSCloudFormationStackSetExecutionRole`
 
-3. Choose both the **Capabilities** and select **Submit** to launch the stack.
+3. Select both of the following capabilities and choose **Submit** to launch the stack.
 
     [] I acknowledge that AWS CloudFormation might create IAM resources with custom names.
 
-    [] I acknowledge that AWS CloudFormation might require the following capability: CAPABILITY_AUTO_EXPAND    
+    [] I acknowledge that AWS CloudFormation might require the following capability: CAPABILITY_AUTO_EXPAND
 
 Wait for the CloudFormation status to change to `CREATE_COMPLETE` state.
 
 
-## Launch using Customizations for Control Tower (CfCT)
-
+## Launch using Customizations for Control Tower
 
-[Customizations for AWS Control Tower](https://aws.amazon.com/solutions/implementations/customizations-for-aws-control-tower/) combines AWS Control Tower and other highly-available, trusted AWS services to help customers more quickly set up a secure, multi-account AWS environment using AWS best practices. You can easily add customizations to your AWS Control Tower landing zone using an AWS CloudFormation template and service control policies (SCPs). You can deploy the custom template and policies to individual accounts and organizational units (OUs) within your organization. It also integrates with AWS Control Tower lifecycle events to ensure that resource deployments stay in sync with your landing zone. For example, when a new account is created using the AWS Control Tower account factory, Customizations for AWS Control Tower ensures that all resources attached to the account's OUs will be automatically deployed.
 
-The templates provided as part of the ABI packages are deployable using Customizations for Control Tower. Please check below for additional details.
+[Customizations for AWS Control Tower](https://aws.amazon.com/solutions/implementations/customizations-for-aws-control-tower/) (CfCT) combines AWS Control Tower and other AWS services to help you set up an AWS environment. You can deploy the templates provided with the ABI solution using CfCT.
 
-#### Pre-requisites
+#### Prerequisites
 
-1. The CfCT solution, do not have ability to launch resources on the Management account. Hence, you need to create the role with required permissions in the Management account.
+Create an IAM role with the required permissions in the AWS management account to allow the CfCT solution to launch resources.
 
 #### How it works
 
-To deploy this sample partner integration page using CfCT solution, add the following blurb to the `manifest.yaml` file from your CfCT solution and update the account/ou names as needed.
+To deploy the sample partner integration page, add the following blurb to the `manifest.yaml` file from your CfCT solution and update the account and organizational unit (OU) names as needed.
 
 ```
 resources:
@@ -60,4 +57,4 @@ resources:
 ```
 
 
-**Next:** Choose [Postdeployment Options](/post-deployment-steps/index.html) to get started.
+**Next:** Choose [Postdeployment options](/post-deployment-steps/index.html).

guide/content/faqs.md

@@ -1,26 +1,26 @@
 ---
 weight: 100
 title: FAQs
-description: Frequently asked questions
+description: Frequently asked questions.
 ---
 
 ## How frequently will CrowdStrike Horizon scan my environment for Configuration (IOM) assessment?
 
-You may configure your settings to determine how often the assessments will occur. The default rate is 2 hours after the last successfull assessment. Optional intervals: 6 hours, 12 hours and 24 hours
+You can configure your settings to determine the frequency of assessments. The default rate is two hours after the last successful assessment. Optional intervals are six, 12, and 24 hours.
 
 ## How frequently will CrowdStrike Horizon scan my environment for Behavioral (IOA) assessment?
 
-IOA findings are not generated by scheduled scans, but instead are forwarded to CrowdStrike at the time of the event via EventBridge.  This means IOA findings will appear in your Falcon Horizon console in near-real time.
+Indicator of Attack (IOA) findings are not generated by scheduled scans, but instead are forwarded to CrowdStrike at the time of the event via EventBridge. IOA findings will appear in your Falcon Horizon console in near real time.
 
 ## Can I create custom policies with CrowdStrike Falcon Horizon?
 
 You can create custom policies for misconfiguration detections in your cloud accounts in Horizon. By defining your own rules, you get more coverage with fine-tuned policies that meet your own security and compliance requirements.
 
-## Can I contribute to this repository? 
+## Can I contribute to this repository?
 
-Yes, this shared under Apache License, version 2.0 (the "License"). Please submit a GitHub issue if you see an issues or improvements. If you like to build and contribute a fix or enhancement, please submit a GitHub pull request with your changes.
+You can submit a GitHub issue if you encounter a problem or want to suggest improvements. To build and contribute a fix or enhancement, submit a GitHub pull request with your changes.
 
-All pull requests will go through auto validations and human reviews before it is merged.
+All pull requests go through automatic validations and human reviews before being merged.
 
 
 

guide/content/feedback.md

@@ -1,10 +1,10 @@
 ---
 weight: 13
 title: Feedback
-description: Feedback
+description: Feedback.
 ---
 
-To submit feature ideas and report bugs, use the Issues section of the [GitHub repository](https://public-github-repository-link) for this Quick Start. To submit code, refer to the [Quick Start Contributor’s Guide](https://link-to-reference-guide). To submit feedback on this deployment guide, use the following GitHub links:
+To submit feature ideas and report bugs, use the **Issues** section of the [GitHub repository](https://github.com/aws-ia/cfn-abi-crowdstrike-fcs) for this solution. To submit code, refer to the [ABI Reference Guide](https://aws-abi-pilot.s3.amazonaws.com/guide/cfn-abi-aws-reference-guide/overview/index.html). To submit feedback on this deployment guide, use the following GitHub links:
 
 * [Grammar or spelling](https-link)
 * [Broken link](https-link)

guide/content/notices.md

@@ -1,7 +1,7 @@
 ---
 weight: 14
 title: Notices
-description: Notices
+description: Notices.
 ---
 
 This document is provided for informational purposes only. It represents current AWS product offerings and practices as of the date of issue of this document, which are subject to change without notice. Customers are responsible for making their own independent assessment of the information in this document and any use of AWS products or services, each of which is provided "as is" without warranty of any kind, whether expressed or implied. This document does not create any warranties, representations, contractual commitments, conditions, or assurances from AWS, its affiliates, suppliers, or licensors. The responsibilities and liabilities of AWS to its customers are controlled by AWS agreements, and this document is not part of, nor does it modify, any agreement between AWS and its customers.