[DOCS] Update configure-integration-policy.asciidoc (#3141)

* [DOCS] Update configure-integration-policy.asciidoc It is unclear that Notify User pushes notification to host OS's notification system. To make it clear suggest adding the tip TIP: **Notify User** option pushes a notification to the host OS's notification system. Otherwise it is confusing and expectation might be to look at kibana alert notifcations from a rule or something different then host OS notification * Update explanation of "Notify user" option * Update screenshot --------- Co-authored-by: Joe Peeples <joe.peeples@elastic.co>
elastic · Apr 17, 2023 · 2508e1d · 2508e1d
1 parent f981252
commit 2508e1d
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 15 deletions.
diff --git a/docs/getting-started/configure-integration-policy.asciidoc b/docs/getting-started/configure-integration-policy.asciidoc
@@ -58,10 +58,10 @@ Malware protection levels are:
 
 * **Detect**: Detects malware on the host and generates an alert. The agent will **not** block malware.
 You must pay attention to and analyze any malware alerts that are generated.
-Notifications do not appear by default. Select the **Notify User** option to enable them.
 * **Prevent** (Default): Detects malware on the host, blocks it from executing, and generates an alert.
-Notifications appear by default. Deselect the **Notify User** option to disable them.
-+
+
+Select **Notify user** to send a push notification in the host operating system when activity is detected or prevented. Notifications are enabled by default for the *Prevent* option.
+
 TIP: Platinum and Enterprise customers can customize these notifications using the `Elastic Security {action} {filename}` syntax.
 
 Malware protection also allows you to manage a blocklist to prevent specified applications from running on hosts,
@@ -85,11 +85,12 @@ If you upgrade to a Platinum or Enterprise license from Basic or Gold, ransomwar
 Ransomware protection levels are:
 
 * **Detect**: Detects ransomware on the host and generates an alert. The {agent}
-will **not** block ransomware. Select the **Notify User** option to enable user notifications.
+will **not** block ransomware. You must pay attention to and analyze any ransomware alerts that are generated.
 * **Prevent** (Default): Detects ransomware on the host, blocks it from executing,
-and generates an alert. User notifications are enabled by default.
-Deselect the **Notify User** option to disable them.
-+
+and generates an alert.
+
+Select **Notify user** to send a push notification in the host operating system when activity is detected or prevented. Notifications are enabled by default for the *Prevent* option.
+
 TIP: Platinum and Enterprise customers can customize these notifications using the `Elastic Security {action} {filename}` syntax.
 
 [role="screenshot"]
@@ -109,12 +110,12 @@ If you upgrade to a Platinum or Enterprise license from Basic or Gold, memory th
 Memory threat protection levels are:
 
 * **Detect**: Detects memory threat activity on the host and generates an alert.
-The {agent} will **not** block the in-memory activity. Select the **Notify User** option
-to enable user notifications.
+The {agent} will **not** block the in-memory activity. You must pay attention to and analyze any alerts that are generated.
 * **Prevent** (Default): Detects memory threat activity on the host, forces the process
-or thread to stop, and generates an alert. User notifications are enabled by default.
-Deselect the **Notify User** option to disable them.
-+
+or thread to stop, and generates an alert.
+
+Select **Notify user** to send a push notification in the host operating system when activity is detected or prevented. Notifications are enabled by default for the *Prevent* option.
+
 TIP: Platinum and Enterprise customers can customize these notifications using the `Elastic Security {action} {rule}` syntax.
 
 [role="screenshot"]
@@ -136,10 +137,12 @@ malicious behavior protection will be disabled by default.
 Malicious behavior protection levels are:
 
 * **Detect**: Detects malicious behavior on the host and generates an alert.
-The {agent} will **not** block the malicious behavior. Select the **Notify User** option to enable user notifications.
+The {agent} will **not** block the malicious behavior. You must pay attention to and analyze any alerts that are generated.
 * **Prevent** (Default): Detects malicious behavior on the host, forces the process to stop,
-and generates an alert. User notifications are enabled by default. Deselect the **Notify User** option to disable them.
-+
+and generates an alert.
+
+Select **Notify user** to send a push notification in the host operating system when activity is detected or prevented. Notifications are enabled by default for the *Prevent* option.
+
 TIP: Platinum and Enterprise customers can customize these notifications using the `Elastic Security {action} {rule}` syntax.
 
 [role="screenshot"]

diff --git a/docs/getting-started/images/install-endpoint/ransomware-protection.png b/docs/getting-started/images/install-endpoint/ransomware-protection.png