From 33ea8087f70ce2ff260f8c6e1d3abc8214318cbc Mon Sep 17 00:00:00 2001 From: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com> Date: Tue, 5 Nov 2024 09:36:35 +0000 Subject: [PATCH] =?UTF-8?q?Navigation=20changes:=20Upgrade=20Security,=20p?= =?UTF-8?q?ost-upgrade=20steps,=20endpoint=20pr=E2=80=A6=20(#5980)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Navigation changes: Upgrade Security, post-upgrade steps, endpoint protection, explore, and EA sections * Changes main menu to navigation menu (cherry picked from commit 958fbb8d476b5c364ae851c6c8b55f74614da253) --- .../machine-learning.asciidoc | 8 +++----- .../tune-anomaly-results.asciidoc | 16 ++++++++++------ .../turn-on-risk-engine.asciidoc | 6 +++--- .../agent-tamper-protection.asciidoc | 5 +++-- docs/getting-started/artifact-control.asciidoc | 3 ++- .../configure-integration-policy.asciidoc | 6 +++--- .../create-defend-policy-api.asciidoc | 4 ++-- .../defend-feature-privs.asciidoc | 2 +- .../endpoint-diagnostic-data.asciidoc | 2 +- docs/getting-started/install-endpoint.asciidoc | 8 ++------ .../linux-file-monitoring.asciidoc | 5 +++-- docs/getting-started/net-map-req.asciidoc | 5 ++--- .../self-healing-rollback.asciidoc | 2 +- docs/getting-started/uninstall-agent.asciidoc | 3 ++- ...post-upgrade-deprecated-sn-connector.asciidoc | 2 +- .../post-upgrade-req-cti-alerts.asciidoc | 4 ++-- docs/upgrade/upgrade-7.17-8.x.asciidoc | 4 ++-- 17 files changed, 43 insertions(+), 42 deletions(-) diff --git a/docs/advanced-entity-analytics/machine-learning.asciidoc b/docs/advanced-entity-analytics/machine-learning.asciidoc index 673997ef3b..23b6ec3d8f 100644 --- a/docs/advanced-entity-analytics/machine-learning.asciidoc +++ b/docs/advanced-entity-analytics/machine-learning.asciidoc @@ -49,13 +49,12 @@ interface. They are available when either: * You ship data using https://www.elastic.co/products/beats[Beats] or the <>, and {kib} is configured with the required index -patterns (such as `auditbeat-*`, `filebeat-*`, `packetbeat-*`, or `winlogbeat-*` -in *{kib}* -> *{stack-manage-app}* -> *Data Views*). +patterns (such as `auditbeat-*`, `filebeat-*`, `packetbeat-*`, or `winlogbeat-*`) on the **Data Views** page. To find this page, navigate to **Data Views** in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]. Or * Your shipped data is ECS-compliant, and {kib} is configured with the shipped -data's index patterns in *{kib}* -> *{stack-manage-app}* -> *Data Views*. +data's index patterns on the **Data Views** page. Or @@ -78,6 +77,5 @@ To view the `Anomalies` table widget and `Max Anomaly Score By Job` details, the user must have the `machine_learning_admin` or `machine_learning_user` role. NOTE: To adjust the `score` threshold that determines which anomalies are shown, -you can modify -*{kib}* -> *{stack-manage-app}* -> *Advanced Settings* -> *`securitySolution:defaultAnomalyScore`*. +you can modify the `securitySolution:defaultAnomalyScore` <>. diff --git a/docs/advanced-entity-analytics/tune-anomaly-results.asciidoc b/docs/advanced-entity-analytics/tune-anomaly-results.asciidoc index 1c0d64a399..431e71125b 100644 --- a/docs/advanced-entity-analytics/tune-anomaly-results.asciidoc +++ b/docs/advanced-entity-analytics/tune-anomaly-results.asciidoc @@ -24,7 +24,8 @@ For example, to filter out results from a housekeeping process, named [[create-fiter-list]] === Create a filter list -. Go to *Machine Learning* -> *Anomaly Detection* -> *Settings*. +. Find **Machine Learning** in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]. +. Under **Anomaly Detection**, select **Settings**. . Click *Filter Lists* and then *New*. + The *Create new filter list* pane is displayed. @@ -44,7 +45,8 @@ The new filter appears in the Filter List and can be added to relevant jobs. [[add-job-filter]] === Add the filter to the relevant job -. Go to *Machine Learning* -> *Anomaly Detection* -> *Anomaly Explorer*. +. Find **Machine Learning** in the navigation menu. +. Under **Anomaly Detection**, select **Anomaly Explorer**. . Navigate to the job results for which the filter is required. If the job results are not listed, click *Edit job selection* and select the relevant job. . In the *actions* column, click the gear icon and then select _Configure rules_. @@ -78,7 +80,8 @@ must clone and run the cloned job. IMPORTANT: Running the cloned job can take some time. Only run the job after you have completed all job rule changes. -. Go to *Machine Learning* -> *Anomaly Detection* -> *Job Management*. +. Find **Machine Learning** in the navigation menu. +. Under **Anomaly Detection**, select **Jobs**. . Navigate to the job for which you configured the rule. . Optionally, expand the job row and click *JSON* to verify the configured filter appears under `custom rules` in the JSON code. @@ -121,7 +124,8 @@ Depending on your anomaly detection results, you may want to set a minimum event count threshold for the `packetbeat_dns_tunneling` job: -. Go to *Machine Learning* -> *Anomaly Detection* -> *Anomaly Explorer*. +. Find **Machine Learning** in the navigation menu. +. Under **Anomaly Detection**, select **Anomaly Explorer**. . Navigate to the job results for the `packetbeat_dns_tunneling` job. If the job results are not listed, click *Edit job selection* and select `packetbeat_dns_tunneling`. @@ -139,5 +143,5 @@ _WHEN actual IS GREATER THAN _ + Where `` is the threshold above which anomalies are detected. . Click *Save*. -. To apply the new threshold, rerun the job (*Job Management* -> *Actions* -> -*Start datafeed*). \ No newline at end of file +. To apply the new threshold, rerun the job by selecting *Actions* -> +*Start datafeed* on the **Anomaly Detection Jobs** page. \ No newline at end of file diff --git a/docs/advanced-entity-analytics/turn-on-risk-engine.asciidoc b/docs/advanced-entity-analytics/turn-on-risk-engine.asciidoc index 5391c71fad..7c6227319f 100644 --- a/docs/advanced-entity-analytics/turn-on-risk-engine.asciidoc +++ b/docs/advanced-entity-analytics/turn-on-risk-engine.asciidoc @@ -12,7 +12,7 @@ You can preview risky entities before installing the latest risk engine. The pre NOTE: The preview is limited to two risk scores per {kib} instance. -To preview risky entities, go to **Manage** -> **Entity Risk Score**: +To preview risky entities, find **Entity Risk Score** in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]. [role="screenshot"] image::images/preview-risky-entities.png[Preview of risky entities] @@ -28,7 +28,7 @@ image::images/preview-risky-entities.png[Preview of risky entities] If you're installing the risk scoring engine for the first time: -. Go to **Manage** -> **Entity Risk Score**. +. Find **Entity Risk Score** in the navigation menu. . Turn the **Entity risk score** toggle on. [role="screenshot"] @@ -49,7 +49,7 @@ If you upgraded to 8.11 from an earlier {stack} version, and you have the origin [role="screenshot"] image::images/risk-engine-upgrade-prompt.png[Prompt to upgrade to the latest risk engine] -. Click **Manage** in the upgrade prompt, or go to **Manage** -> **Entity Risk Score**. +. Click **Manage** in the upgrade prompt, or find **Entity Risk Score** in the navigation menu. . On the Entity Risk Score page, click **Start update** next to the **Update available** label. + [role="screenshot"] diff --git a/docs/getting-started/agent-tamper-protection.asciidoc b/docs/getting-started/agent-tamper-protection.asciidoc index b60c453ed5..5728169a87 100644 --- a/docs/getting-started/agent-tamper-protection.asciidoc +++ b/docs/getting-started/agent-tamper-protection.asciidoc @@ -26,7 +26,8 @@ image::images/agent-tamper-protection.png[Agent tamper protection setting highli You can enable Agent tamper protection by configuring the {agent} policy. -. Go to *{fleet}* -> *Agent policies*, then select the Agent policy you want to configure. +. Find *{fleet}* in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]. +. Select *Agent policies*, then select the Agent policy you want to configure. . Select the *Settings* tab on the policy details page. . In the *Agent tamper protection* section, turn on the *Prevent agent tampering* setting. + @@ -43,7 +44,7 @@ If you need the uninstall token to remove {agent} from an endpoint, you can find * *On the Agent policy* — Go to the Agent policy's *Settings* tab, then click the *Get uninstall command* link. The *Uninstall agent* flyout opens, containing the full uninstall command with the token. -* *On the {fleet} page* — Go to *{fleet}* -> *Uninstall tokens* for a list of the uninstall tokens generated for your Agent policies. You can: +* *On the {fleet} page* — Select *Uninstall tokens* for a list of the uninstall tokens generated for your Agent policies. You can: ** Click the *Show token* icon in the *Token* column to reveal a specific token. ** Click the *View uninstall command* icon in the *Actions* column to open the *Uninstall agent* flyout, containing the full uninstall command with the token. diff --git a/docs/getting-started/artifact-control.asciidoc b/docs/getting-started/artifact-control.asciidoc index 406d850bc2..ae9568adba 100644 --- a/docs/getting-started/artifact-control.asciidoc +++ b/docs/getting-started/artifact-control.asciidoc @@ -16,7 +16,8 @@ CAUTION: It is strongly advised to keep automatic updates enabled to ensure the To configure the protection artifacts version deployed in your environment: -. Go to **Manage** → **Policies**, select an {elastic-defend} integration policy, then select the **Protection updates** tab. +. Find **Policies** in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]. +. Select an {elastic-defend} integration policy, then select the **Protection updates** tab. . Turn off the **Enable automatic updates** toggle. . Use the **Version to deploy** date picker to select the date of the protection artifacts you want to use in your environment. . (Optional) Enter a **Note** to explain the reason for selecting a particular version of protection artifacts. diff --git a/docs/getting-started/configure-integration-policy.asciidoc b/docs/getting-started/configure-integration-policy.asciidoc index 7f6d55d08a..f9538cc415 100644 --- a/docs/getting-started/configure-integration-policy.asciidoc +++ b/docs/getting-started/configure-integration-policy.asciidoc @@ -7,7 +7,7 @@ on protected hosts (some features require a Platinum or Enterprise license). If integration policy to configure protection settings, event collection, antivirus settings, trusted applications, event filters, host isolation exceptions, and blocked applications to meet your organization's security needs. -You can also create multiple {elastic-defend} integration policies to maintain unique configuration profiles. To create an additional {elastic-defend} integration policy, go to **Management** -> **Integrations**, then follow the steps for <>. +You can also create multiple {elastic-defend} integration policies to maintain unique configuration profiles. To create an additional {elastic-defend} integration policy, find **Integrations** in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], then follow the steps for <>. .Requirements [sidebar] @@ -19,7 +19,7 @@ TIP: In addition to configuring an {elastic-defend} policy through the {elastic- To configure an integration policy: -1. In the {security-app}, go to **Manage** -> **Policies** to view the **Policies** page. +1. Find **Policies** in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]. 2. Select the integration policy you want to configure. The integration policy configuration page appears. 3. On the **Policy settings** tab, review and configure the following settings as appropriate: * <> @@ -47,7 +47,7 @@ then select an item from the flyout. This view lists any existing artifacts that + NOTE: You can't create a new endpoint policy artifact while configuring an integration policy. To create a new artifact, go to its main page in the {security-app} (for example, -to create a new trusted application, go to **Manage** -> **Trusted applications**). +to create a new trusted application, find **Trusted applications** in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]). 5. Click the *Protection updates* tab to configure how {elastic-defend} receives updates from Elastic with the latest threat detections, malware models, and other protection artifacts. Refer to <> for more information. diff --git a/docs/getting-started/create-defend-policy-api.asciidoc b/docs/getting-started/create-defend-policy-api.asciidoc index 95a7bb4e1d..bc934f0a23 100644 --- a/docs/getting-started/create-defend-policy-api.asciidoc +++ b/docs/getting-started/create-defend-policy-api.asciidoc @@ -80,7 +80,7 @@ Replace these values: . `` with your version of {kib}. . `` with the agent policy ID you received in step 1. -. `` with the latest {elastic-defend} package version (for example, `8.9.1`). To find it, go to **Management** -> **Integrations** and select *{elastic-defend}*. +. `` with the latest {elastic-defend} package version (for example, `8.9.1`). To find it, navigate to **Integrations** in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], and select *{elastic-defend}*. This adds the {elastic-defend} integration to your agent policy with the default settings. @@ -490,7 +490,7 @@ Include the resulting JSON object in the following call to save your customized . `` with the {elastic-defend} policy ID you received in step 2. . `` with your version of {kib}. -. `` with the latest {elastic-defend} package version (for example, `8.9.1`). To find it, go to **Management** -> **Integrations** and select *{elastic-defend}*. +. `` with the latest {elastic-defend} package version (for example, `8.9.1`). To find it, navigate to **Integrations** in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], and select *{elastic-defend}*. [source,console] ---- diff --git a/docs/getting-started/defend-feature-privs.asciidoc b/docs/getting-started/defend-feature-privs.asciidoc index 00ccfd99f7..9abfed2f32 100644 --- a/docs/getting-started/defend-feature-privs.asciidoc +++ b/docs/getting-started/defend-feature-privs.asciidoc @@ -8,7 +8,7 @@ You can create user roles and define privileges to manage feature access in {elastic-sec}. This allows you to use the principle of least privilege while managing access to {elastic-defend}'s features. -Configure roles and privileges in *Stack Management* → *Roles* in {kib}. For more details on using this UI, refer to {kibana-ref}/kibana-role-management.html#adding_kibana_privileges[{kib} privileges]. +To configure roles and privileges, find **Roles** in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]. For more details on using this UI, refer to {kibana-ref}/kibana-role-management.html#adding_kibana_privileges[{kib} privileges]. NOTE: {elastic-defend}'s feature privileges must be assigned to *All Spaces*. You can't assign them to an individual space. diff --git a/docs/getting-started/endpoint-diagnostic-data.asciidoc b/docs/getting-started/endpoint-diagnostic-data.asciidoc index 8bdfe3705e..e8579588ba 100644 --- a/docs/getting-started/endpoint-diagnostic-data.asciidoc +++ b/docs/getting-started/endpoint-diagnostic-data.asciidoc @@ -5,7 +5,7 @@ By default, {elastic-defend} streams diagnostic data to your cluster, which Elas NOTE: {kib} also collects usage telemetry, which includes {elastic-defend} diagnostic data. You can modify telemetry preferences in {kibana-ref}/telemetry-settings-kbn.html[Advanced Settings]. -. In the {security-app}, go to *Manage* -> *Endpoints* to view the Endpoints list. +. To view the Endpoints list, find **Endpoints** in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]. . Locate the endpoint for which you want to disable diagnostic data, then click the integration policy in the *Policy* column. . Scroll down to the bottom of the policy and click *Show advanced settings*. . Enter `false` for these settings: diff --git a/docs/getting-started/install-endpoint.asciidoc b/docs/getting-started/install-endpoint.asciidoc index 04e9c038fb..4b64a45007 100644 --- a/docs/getting-started/install-endpoint.asciidoc +++ b/docs/getting-started/install-endpoint.asciidoc @@ -28,11 +28,7 @@ NOTE: {elastic-defend} does not support deployment within an {agent} DaemonSet i [[add-security-integration]] == Add the {elastic-defend} integration -. Go to the *Integrations* page, which you can access in several ways: - -* In {kib}: *Management* -> *Integrations* -* In the {security-app}: *Get started* -> *Add security integrations* - +. Find **Integrations** in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]. + [role="screenshot"] image::images/install-endpoint/endpoint-cloud-sec-integrations-page.png[Search result for "{elastic-defend}" on the Integrations page.] @@ -100,7 +96,7 @@ If you have upgraded to an {stack} version that includes {fleet-server} 7.13.0 o [[enroll-agent]] === Add the {agent} -. If you're in the process of installing an {agent} integration (such as {elastic-defend}), the **Add agent** UI opens automatically. Otherwise, go to *{fleet}* -> *Agents* -> **Add agent**. +. If you're in the process of installing an {agent} integration (such as {elastic-defend}), the **Add agent** UI opens automatically. Otherwise, find **{fleet}** in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], and select **Agents** → **Add agent**. + [role="screenshot"] image::images/install-endpoint/endpoint-cloud-sec-add-agent.png[Add agent flyout on the Fleet page.] diff --git a/docs/getting-started/linux-file-monitoring.asciidoc b/docs/getting-started/linux-file-monitoring.asciidoc index 73ac60301e..8fa07fe3ba 100644 --- a/docs/getting-started/linux-file-monitoring.asciidoc +++ b/docs/getting-started/linux-file-monitoring.asciidoc @@ -5,7 +5,7 @@ By default, {elastic-defend} monitors specific Linux file system types that Elas CAUTION: Ignoring file systems can create gaps in your security coverage. Use additional security layers for any file systems ignored by {elastic-defend}. -To monitor or ignore additional file systems, configure the following advanced settings related to *fanotify*, a Linux feature that monitors file system events. Go to *Manage* -> *Policies*, click a policy's name, then scroll down and select *Show advanced settings*. +To monitor or ignore additional file systems, configure the following advanced settings related to *fanotify*, a Linux feature that monitors file system events. Find **Policies** in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], click a policy's name, then scroll down and select *Show advanced settings*. NOTE: Even when configured to monitor all file systems (`ignore_unknown_filesystems` is `false`), {elastic-defend} will still ignore specific file systems that Elastic has internally identified as incompatible. The following settings apply to any _other_ file systems. @@ -43,7 +43,8 @@ In a typical setup, when you install {agent}, {filebeat} is installed alongside To find the system file name: -. From the Hosts page (*Explore* -> *Hosts*), search for `message: "Current sync path"` to reveal the file path. +. Find **Hosts** in the navigation menu, or search for `Security/Explore/Hosts` by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]. +. From the Hosts page, search for `message: "Current sync path"` to reveal the file path. . If you have access to the endpoint, run `findmnt -o FSTYPE -T ` to return the file system. For example: + diff --git a/docs/getting-started/net-map-req.asciidoc b/docs/getting-started/net-map-req.asciidoc index a0a776707c..b01354bb2c 100644 --- a/docs/getting-started/net-map-req.asciidoc +++ b/docs/getting-started/net-map-req.asciidoc @@ -21,9 +21,8 @@ To view the map, you need a role with at least `Read` {kibana-ref}/kibana-role-m === Create {kib} data views To display map data, you must define a {kib} -{kibana-ref}/data-views.html[data view] (*Stack Management* -> -*Data Views*) that includes one or more of the indices specified in the `securitysolution:defaultIndex` field -(*{kib}* -> *Stack Management* -> *Advanced Settings* -> *`securitysolution:defaultIndex`*). +{kibana-ref}/data-views.html[data view] that includes one or more of the indices specified in the `securitysolution:defaultIndex` field. To view those indices, find **Stack Management** in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], then go to +*Advanced Settings* -> *`securitysolution:defaultIndex`*. For example, to display data that is stored in indices matching the index pattern `servers-europe-*` on the map, you must use a {kib} data view whose index pattern matches `servers-europe-*`, such as `servers-*`. diff --git a/docs/getting-started/self-healing-rollback.asciidoc b/docs/getting-started/self-healing-rollback.asciidoc index 5a7dfc38bc..6b8e0ed4f6 100644 --- a/docs/getting-started/self-healing-rollback.asciidoc +++ b/docs/getting-started/self-healing-rollback.asciidoc @@ -14,7 +14,7 @@ This feature can cause permanent data loss since it overwrites recent changes an Also, rollback is triggered by _every_ {elastic-defend} prevention alert, so you should tune your system to eliminate false positives before enabling this feature. ==== -. In the {security-app}, go to *Manage* -> *Policies*, then select the integration policy you want to configure. +. Find **Policies** in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], then select the integration policy you want to configure. . Scroll down to the bottom of the policy and click *Show advanced settings*. . Enter `true` for the setting `windows.advanced.alerts.rollback.self_healing.enabled`. . Click *Save*. diff --git a/docs/getting-started/uninstall-agent.asciidoc b/docs/getting-started/uninstall-agent.asciidoc index 2a8cb7b79f..25f940d8e2 100644 --- a/docs/getting-started/uninstall-agent.asciidoc +++ b/docs/getting-started/uninstall-agent.asciidoc @@ -3,7 +3,8 @@ To uninstall {agent} from a host, run the `uninstall` command from the directory where it's running. Refer to the {fleet-guide}/uninstall-elastic-agent.html[{fleet} and {agent} documentation] for more information. -If <> is enabled on the Agent policy for the host, you'll need to include the uninstall token in the command, using the `--uninstall-token` flag. You can <> on the Agent policy or at *{fleet}* -> *Uninstall tokens*. +If <> is enabled on the Agent policy for the host, you'll need to include the uninstall token in the command, using the `--uninstall-token` flag. You can <> on the Agent policy. Alternatively, find *{fleet}* in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], and select *Uninstall tokens*. + For example, to uninstall {agent} on a macOS or Linux host: diff --git a/docs/post-upgrade/post-upgrade-deprecated-sn-connector.asciidoc b/docs/post-upgrade/post-upgrade-deprecated-sn-connector.asciidoc index 812cad91e3..dd9d219a0e 100644 --- a/docs/post-upgrade/post-upgrade-deprecated-sn-connector.asciidoc +++ b/docs/post-upgrade/post-upgrade-deprecated-sn-connector.asciidoc @@ -53,7 +53,7 @@ A CORS rule is required for communication between Elastic and {sn}. To create a Follow these steps: -. Go to *Cases -> Edit external connection*. +. Find **Cases** in the navigation menu, or search for `Security/Cases` by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], then select **Settings**. . From the Incident management system list, select the deprecated connector to open the *Edit connector* flyout. . Click *Update *. . In the warning message, click *Update this connector*. diff --git a/docs/post-upgrade/post-upgrade-req-cti-alerts.asciidoc b/docs/post-upgrade/post-upgrade-req-cti-alerts.asciidoc index edbd774899..d0440c807e 100644 --- a/docs/post-upgrade/post-upgrade-req-cti-alerts.asciidoc +++ b/docs/post-upgrade/post-upgrade-req-cti-alerts.asciidoc @@ -18,7 +18,7 @@ To migrate detection alerts: To deactivate all detection rules: -. Go to *Rules* -> *Detection rules (SIEM)*. +. Find *Detection rules (SIEM)* in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]. . Click the *Select all _x_ rules* option above the rules table. . Click *Bulk actions* -> *Disable*. @@ -28,6 +28,6 @@ To deactivate all detection rules: To reactivate all detection rules: -. Go to *Rules* -> *Detection rules (SIEM)*. +. Find *Detection rules (SIEM)* in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]. . Click the *Select all _x_ rules* option above the rules table. . Click *Bulk actions* -> *Enable*. diff --git a/docs/upgrade/upgrade-7.17-8.x.asciidoc b/docs/upgrade/upgrade-7.17-8.x.asciidoc index 3e51e3648e..ef8bc58a0e 100644 --- a/docs/upgrade/upgrade-7.17-8.x.asciidoc +++ b/docs/upgrade/upgrade-7.17-8.x.asciidoc @@ -79,7 +79,7 @@ NOTE: If you're using Elastic Cloud Hosted or {ece}, this is already included in . Validate that {es} and {kib} are operating as expected by completing the following checks: .. For {es}: ... Check the status of your clusters and ensure that they're green by running a `GET _cat/health` API request. For more information, refer to the {ref}/cat-health.html[cat health API documentation]. -... Ensure that the index and search rate are close to what they were before upgrading. Go to **Stack Monitoring** -> **{es}** -> **Overview**. +... Ensure that the index and search rate are close to what they were before upgrading. To view these, find **Stack Monitoring** in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], then select **{es}** → **Overview**. + TIP: You can also check the index document count using the {ref}/cat-indices.html[cat index API]. ... Verify that {slm} SLM is taking snapshots by {ref}/snapshots-take-snapshot.html#check-slm-history[checking the SLM history]. @@ -114,7 +114,7 @@ The following sections describe procedures to complete after upgrading {elastic- Any active rules when you upgrade from 7.17 to 8.0.1 or newer are automatically disabled, and a tag named `auto_disabled_8.0` is added to those rules for tracking purposes. Once the upgrade is complete, you can filter rules by the new tag, then use bulk actions to re-enable them: -. Go to the Rules page (*Detect -> Rules*). +. Find **Detection rules (SIEM)** in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]. . From the *Tags* dropdown, search for `auto_disabled_8.0`. . Click *Select all _x_ rules*, or individually select the rules you want to re-enable. . Click *Bulk actions -> Enable* to re-enable the rules.