Navigation changes: Upgrade Security, post-upgrade steps, endpoint pr… (

#5980) * Navigation changes: Upgrade Security, post-upgrade steps, endpoint protection, explore, and EA sections * Changes main menu to navigation menu (cherry picked from commit 958fbb8)
elastic · Nov 5, 2024 · 7b6ec56 · 7b6ec56
1 parent 07de2a2
commit 7b6ec56
Show file tree

Hide file tree

Showing 17 changed files with 43 additions and 42 deletions.
diff --git a/docs/advanced-entity-analytics/machine-learning.asciidoc b/docs/advanced-entity-analytics/machine-learning.asciidoc
@@ -49,13 +49,12 @@ interface. They are available when either:
 
 * You ship data using https://www.elastic.co/products/beats[Beats] or the
 <<install-endpoint,{agent}>>, and {kib} is configured with the required index
-patterns (such as `auditbeat-*`, `filebeat-*`, `packetbeat-*`, or `winlogbeat-*`
-in *{kib}* -> *{stack-manage-app}* -> *Data Views*).
+patterns (such as `auditbeat-*`, `filebeat-*`, `packetbeat-*`, or `winlogbeat-*`) on the **Data Views** page. To find this page, navigate to **Data Views** in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
 
 Or
 
 * Your shipped data is ECS-compliant, and {kib} is configured with the shipped
-data's index patterns in *{kib}* -> *{stack-manage-app}* -> *Data Views*.
+data's index patterns on the **Data Views** page.
 
 Or
 
@@ -78,6 +77,5 @@ To view the `Anomalies` table widget and `Max Anomaly Score By Job` details,
 the user must have the `machine_learning_admin` or `machine_learning_user` role.
 
 NOTE: To adjust the `score` threshold that determines which anomalies are shown,
-you can modify
-*{kib}* -> *{stack-manage-app}* -> *Advanced Settings* -> *`securitySolution:defaultAnomalyScore`*.
+you can modify the `securitySolution:defaultAnomalyScore` <<advanced-settings,advanced setting>>.
 
diff --git a/docs/advanced-entity-analytics/tune-anomaly-results.asciidoc b/docs/advanced-entity-analytics/tune-anomaly-results.asciidoc
@@ -24,7 +24,8 @@ For example, to filter out results from a housekeeping process, named
 [[create-fiter-list]]
 === Create a filter list
 
-. Go to *Machine Learning* -> *Anomaly Detection* -> *Settings*.
+. Find **Machine Learning** in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
+. Under **Anomaly Detection**, select **Settings**.
 . Click *Filter Lists* and then *New*.
 +
 The *Create new filter list* pane is displayed.
@@ -44,7 +45,8 @@ The new filter appears in the Filter List and can be added to relevant jobs.
 [[add-job-filter]]
 === Add the filter to the relevant job
 
-. Go to *Machine Learning* -> *Anomaly Detection* -> *Anomaly Explorer*.
+. Find **Machine Learning** in the navigation menu.
+. Under **Anomaly Detection**, select **Anomaly Explorer**.
 . Navigate to the job results for which the filter is required. If the job results
 are not listed, click *Edit job selection* and select the relevant job.
 . In the *actions* column, click the gear icon and then select _Configure rules_.
@@ -78,7 +80,8 @@ must clone and run the cloned job.
 IMPORTANT: Running the cloned job can take some time. Only run the job after you
 have completed all job rule changes.
 
-. Go to *Machine Learning* -> *Anomaly Detection* -> *Job Management*.
+. Find **Machine Learning** in the navigation menu.
+. Under **Anomaly Detection**, select **Jobs**.
 . Navigate to the job for which you configured the rule.
 . Optionally, expand the job row and click *JSON* to verify the configured filter
 appears under `custom rules` in the JSON code.
@@ -121,7 +124,8 @@ Depending on your anomaly detection results, you may want to set a
 minimum event count threshold for the `packetbeat_dns_tunneling` job:
 
 
-. Go to *Machine Learning* -> *Anomaly Detection* -> *Anomaly Explorer*.
+. Find **Machine Learning** in the navigation menu.
+. Under **Anomaly Detection**, select **Anomaly Explorer**.
 . Navigate to the job results for the `packetbeat_dns_tunneling` job. If the 
 job results are not listed, click *Edit job selection* and select 
 `packetbeat_dns_tunneling`.
@@ -139,5 +143,5 @@ _WHEN actual IS GREATER THAN <X>_
 +
 Where `<X>` is the threshold above which anomalies are detected.
 . Click *Save*.
-. To apply the new threshold, rerun the job (*Job Management* -> *Actions* ->
-*Start datafeed*).
+. To apply the new threshold, rerun the job by selecting *Actions* ->
+*Start datafeed* on the **Anomaly Detection Jobs** page.
diff --git a/docs/advanced-entity-analytics/turn-on-risk-engine.asciidoc b/docs/advanced-entity-analytics/turn-on-risk-engine.asciidoc
@@ -12,7 +12,7 @@ You can preview risky entities before installing the latest risk engine. The pre
 
 NOTE: The preview is limited to two risk scores per {kib} instance.
 
-To preview risky entities, go to **Manage** -> **Entity Risk Score**:
+To preview risky entities, find **Entity Risk Score** in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
 
 [role="screenshot"]
 image::images/preview-risky-entities.png[Preview of risky entities]
@@ -28,7 +28,7 @@ image::images/preview-risky-entities.png[Preview of risky entities]
 
 If you're installing the risk scoring engine for the first time:
 
-. Go to **Manage** -> **Entity Risk Score**.
+. Find **Entity Risk Score** in the navigation menu.
 . Turn the **Entity risk score** toggle on.
 
 [role="screenshot"]
@@ -49,7 +49,7 @@ If you upgraded to 8.11 from an earlier {stack} version, and you have the origin
 [role="screenshot"]
 image::images/risk-engine-upgrade-prompt.png[Prompt to upgrade to the latest risk engine]
 
-. Click **Manage** in the upgrade prompt, or go to **Manage** -> **Entity Risk Score**.
+. Click **Manage** in the upgrade prompt, or find **Entity Risk Score** in the navigation menu.
 . On the Entity Risk Score page, click **Start update** next to the **Update available** label.
 +
 [role="screenshot"]

diff --git a/docs/getting-started/agent-tamper-protection.asciidoc b/docs/getting-started/agent-tamper-protection.asciidoc
@@ -26,7 +26,8 @@ image::images/agent-tamper-protection.png[Agent tamper protection setting highli
 
 You can enable Agent tamper protection by configuring the {agent} policy.
 
-. Go to *{fleet}* -> *Agent policies*, then select the Agent policy you want to configure.
+. Find *{fleet}* in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
+. Select *Agent policies*, then select the Agent policy you want to configure.
 . Select the *Settings* tab on the policy details page.
 . In the *Agent tamper protection* section, turn on the *Prevent agent tampering* setting.
 +
@@ -43,7 +44,7 @@ If you need the uninstall token to remove {agent} from an endpoint, you can find
 
 * *On the Agent policy* — Go to the Agent policy's *Settings* tab, then click the *Get uninstall command* link. The *Uninstall agent* flyout opens, containing the full uninstall command with the token.
 
-* *On the {fleet} page* — Go to *{fleet}* -> *Uninstall tokens* for a list of the uninstall tokens generated for your Agent policies. You can:
+* *On the {fleet} page* — Select *Uninstall tokens* for a list of the uninstall tokens generated for your Agent policies. You can:
 
 ** Click the *Show token* icon in the *Token* column to reveal a specific token.
 ** Click the *View uninstall command* icon in the *Actions* column to open the *Uninstall agent* flyout, containing the full uninstall command with the token.
diff --git a/docs/getting-started/artifact-control.asciidoc b/docs/getting-started/artifact-control.asciidoc
@@ -16,7 +16,8 @@ CAUTION: It is strongly advised to keep automatic updates enabled to ensure the
 
 To configure the protection artifacts version deployed in your environment:
 
-. Go to **Manage** → **Policies**, select an {elastic-defend} integration policy, then select the **Protection updates** tab.
+. Find **Policies** in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
+. Select an {elastic-defend} integration policy, then select the **Protection updates** tab.
 . Turn off the **Enable automatic updates** toggle.
 . Use the **Version to deploy** date picker to select the date of the protection artifacts you want to use in your environment.
 . (Optional) Enter a **Note** to explain the reason for selecting a particular version of protection artifacts.

diff --git a/docs/getting-started/configure-integration-policy.asciidoc b/docs/getting-started/configure-integration-policy.asciidoc
@@ -7,7 +7,7 @@ on protected hosts (some features require a Platinum or Enterprise license). If
 integration policy to configure protection settings, event collection, antivirus settings, trusted applications,
 event filters, host isolation exceptions, and blocked applications to meet your organization's security needs.
 
-You can also create multiple {elastic-defend} integration policies to maintain unique configuration profiles. To create an additional {elastic-defend} integration policy, go to **Management** -> **Integrations**, then follow the steps for <<add-security-integration, adding the {elastic-defend} integration>>.
+You can also create multiple {elastic-defend} integration policies to maintain unique configuration profiles. To create an additional {elastic-defend} integration policy, find **Integrations** in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], then follow the steps for <<add-security-integration, adding the {elastic-defend} integration>>.
 
 .Requirements
 [sidebar]
@@ -19,7 +19,7 @@ TIP: In addition to configuring an {elastic-defend} policy through the {elastic-
 
 To configure an integration policy:
 
-1. In the {security-app}, go to **Manage** -> **Policies** to view the **Policies** page.
+1. Find **Policies** in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
 2. Select the integration policy you want to configure. The integration policy configuration page appears.
 3. On the **Policy settings** tab, review and configure the following settings as appropriate:
 * <<malware-protection>>
@@ -47,7 +47,7 @@ then select an item from the flyout. This view lists any existing artifacts that
 +
 NOTE: You can't create a new endpoint policy artifact while configuring an integration policy.
 To create a new artifact, go to its main page in the {security-app} (for example,
-to create a new trusted application, go to **Manage** -> **Trusted applications**).
+to create a new trusted application, find **Trusted applications** in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]).
 
 5. Click the *Protection updates* tab to configure how {elastic-defend} receives updates from Elastic with the latest threat detections, malware models, and other protection artifacts. Refer to <<artifact-control>> for more information.
 

diff --git a/docs/getting-started/create-defend-policy-api.asciidoc b/docs/getting-started/create-defend-policy-api.asciidoc
@@ -80,7 +80,7 @@ Replace these values:
 
 . `<KIBANA-VERSION>` with your version of {kib}.
 . `<POLICY-ID>` with the agent policy ID you received in step 1.
-. `<LATEST-ELASTIC-DEFEND-PACKAGE-VERSION>` with the latest {elastic-defend} package version (for example, `8.9.1`). To find it, go to **Management** -> **Integrations** and select *{elastic-defend}*.
+. `<LATEST-ELASTIC-DEFEND-PACKAGE-VERSION>` with the latest {elastic-defend} package version (for example, `8.9.1`). To find it, navigate to **Integrations** in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], and select *{elastic-defend}*.
 
 This adds the {elastic-defend} integration to your agent policy with the default settings.
 
@@ -490,7 +490,7 @@ Include the resulting JSON object in the following call to save your customized
 
 . `<PACKAGE-POLICY-ID>` with the {elastic-defend} policy ID you received in step 2.
 . `<KIBANA-VERSION>` with your version of {kib}.
-. `<LATEST-ELASTIC-DEFEND-PACKAGE-VERSION>` with the latest {elastic-defend} package version (for example, `8.9.1`). To find it, go to **Management** -> **Integrations** and select *{elastic-defend}*.
+. `<LATEST-ELASTIC-DEFEND-PACKAGE-VERSION>` with the latest {elastic-defend} package version (for example, `8.9.1`). To find it, navigate to **Integrations** in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], and select *{elastic-defend}*.
 
 [source,console]
 ----

diff --git a/docs/getting-started/defend-feature-privs.asciidoc b/docs/getting-started/defend-feature-privs.asciidoc
@@ -8,7 +8,7 @@
 
 You can create user roles and define privileges to manage feature access in {elastic-sec}. This allows you to use the principle of least privilege while managing access to {elastic-defend}'s features.
 
-Configure roles and privileges in *Stack Management* → *Roles* in {kib}. For more details on using this UI, refer to {kibana-ref}/kibana-role-management.html#adding_kibana_privileges[{kib} privileges]. 
+To configure roles and privileges, find **Roles** in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]. For more details on using this UI, refer to {kibana-ref}/kibana-role-management.html#adding_kibana_privileges[{kib} privileges]. 
 
 NOTE: {elastic-defend}'s feature privileges must be assigned to *All Spaces*. You can't assign them to an individual space. 
 

diff --git a/docs/getting-started/endpoint-diagnostic-data.asciidoc b/docs/getting-started/endpoint-diagnostic-data.asciidoc
@@ -5,7 +5,7 @@ By default, {elastic-defend} streams diagnostic data to your cluster, which Elas
 
 NOTE: {kib} also collects usage telemetry, which includes {elastic-defend} diagnostic data. You can modify telemetry preferences in {kibana-ref}/telemetry-settings-kbn.html[Advanced Settings].
 
-. In the {security-app}, go to *Manage* -> *Endpoints* to view the Endpoints list.
+. To view the Endpoints list, find **Endpoints** in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
 . Locate the endpoint for which you want to disable diagnostic data, then click the integration policy in the *Policy* column.
 . Scroll down to the bottom of the policy and click *Show advanced settings*.
 . Enter `false` for these settings:

diff --git a/docs/getting-started/install-endpoint.asciidoc b/docs/getting-started/install-endpoint.asciidoc
@@ -28,11 +28,7 @@ NOTE: {elastic-defend} does not support deployment within an {agent} DaemonSet i
 [[add-security-integration]]
 == Add the {elastic-defend} integration
 
-. Go to the *Integrations* page, which you can access in several ways:
-
-* In {kib}: *Management* -> *Integrations*
-* In the {security-app}: *Get started* -> *Add security integrations*
-
+. Find **Integrations** in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
 +
 [role="screenshot"]
 image::images/install-endpoint/endpoint-cloud-sec-integrations-page.png[Search result for "{elastic-defend}" on the Integrations page.]
@@ -100,7 +96,7 @@ If you have upgraded to an {stack} version that includes {fleet-server} 7.13.0 o
 [[enroll-agent]]
 === Add the {agent}
 
-. If you're in the process of installing an {agent} integration (such as {elastic-defend}), the **Add agent** UI opens automatically. Otherwise, go to *{fleet}* -> *Agents* -> **Add agent**.
+. If you're in the process of installing an {agent} integration (such as {elastic-defend}), the **Add agent** UI opens automatically. Otherwise, find **{fleet}** in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], and select **Agents** → **Add agent**.
 +
 [role="screenshot"]
 image::images/install-endpoint/endpoint-cloud-sec-add-agent.png[Add agent flyout on the Fleet page.]

diff --git a/docs/getting-started/linux-file-monitoring.asciidoc b/docs/getting-started/linux-file-monitoring.asciidoc
@@ -5,7 +5,7 @@ By default, {elastic-defend} monitors specific Linux file system types that Elas
 
 CAUTION: Ignoring file systems can create gaps in your security coverage. Use additional security layers for any file systems ignored by {elastic-defend}.
 
-To monitor or ignore additional file systems, configure the following advanced settings related to *fanotify*, a Linux feature that monitors file system events. Go to *Manage* -> *Policies*, click a policy's name, then scroll down and select *Show advanced settings*.
+To monitor or ignore additional file systems, configure the following advanced settings related to *fanotify*, a Linux feature that monitors file system events. Find **Policies** in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], click a policy's name, then scroll down and select *Show advanced settings*.
 
 NOTE: Even when configured to monitor all file systems (`ignore_unknown_filesystems` is `false`), {elastic-defend} will still ignore specific file systems that Elastic has internally identified as incompatible. The following settings apply to any _other_ file systems.
 
@@ -43,7 +43,8 @@ In a typical setup, when you install {agent}, {filebeat} is installed alongside
 
 To find the system file name:
 
-. From the Hosts page (*Explore* -> *Hosts*), search for `message: "Current sync path"` to reveal the file path.
+. Find **Hosts** in the navigation menu, or search for `Security/Explore/Hosts` by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
+. From the Hosts page, search for `message: "Current sync path"` to reveal the file path.
 
 . If you have access to the endpoint, run `findmnt -o FSTYPE -T <file path>` to return the file system. For example:
 +

diff --git a/docs/getting-started/net-map-req.asciidoc b/docs/getting-started/net-map-req.asciidoc
@@ -21,9 +21,8 @@ To view the map, you need a role with at least `Read` {kibana-ref}/kibana-role-m
 === Create {kib} data views
 
 To display map data, you must define a {kib}
-{kibana-ref}/data-views.html[data view] (*Stack Management* ->
-*Data Views*) that includes one or more of the indices specified in the `securitysolution:defaultIndex` field
-(*{kib}* -> *Stack Management* -> *Advanced Settings* -> *`securitysolution:defaultIndex`*).
+{kibana-ref}/data-views.html[data view] that includes one or more of the indices specified in the `securitysolution:defaultIndex` field. To view those indices, find **Stack Management** in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], then go to 
+*Advanced Settings* -> *`securitysolution:defaultIndex`*.
 
 For example, to display data that is stored in indices matching the index pattern `servers-europe-*` on the map, you must use a {kib} data view whose index pattern matches `servers-europe-*`, such as `servers-*`.
 

diff --git a/docs/getting-started/self-healing-rollback.asciidoc b/docs/getting-started/self-healing-rollback.asciidoc
@@ -14,7 +14,7 @@ This feature can cause permanent data loss since it overwrites recent changes an
 Also, rollback is triggered by _every_ {elastic-defend} prevention alert, so you should tune your system to eliminate false positives before enabling this feature.
 ====
 
-. In the {security-app}, go to *Manage* -> *Policies*, then select the integration policy you want to configure.
+. Find **Policies** in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], then select the integration policy you want to configure.
 . Scroll down to the bottom of the policy and click *Show advanced settings*.
 . Enter `true` for the setting `windows.advanced.alerts.rollback.self_healing.enabled`.
 . Click *Save*.
diff --git a/docs/getting-started/uninstall-agent.asciidoc b/docs/getting-started/uninstall-agent.asciidoc
@@ -3,7 +3,8 @@
 
 To uninstall {agent} from a host, run the `uninstall` command from the directory where it's running. Refer to the {fleet-guide}/uninstall-elastic-agent.html[{fleet} and {agent} documentation] for more information.
 
-If <<agent-tamper-protection,Agent tamper protection>> is enabled on the Agent policy for the host, you'll need to include the uninstall token in the command, using the `--uninstall-token` flag. You can <<fleet-uninstall-tokens,find the uninstall token>> on the Agent policy or at *{fleet}* -> *Uninstall tokens*.
+If <<agent-tamper-protection,Agent tamper protection>> is enabled on the Agent policy for the host, you'll need to include the uninstall token in the command, using the `--uninstall-token` flag. You can <<fleet-uninstall-tokens,find the uninstall token>> on the Agent policy. Alternatively, find *{fleet}* in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], and select *Uninstall tokens*.
+
 
 For example, to uninstall {agent} on a macOS or Linux host:
 

diff --git a/docs/post-upgrade/post-upgrade-deprecated-sn-connector.asciidoc b/docs/post-upgrade/post-upgrade-deprecated-sn-connector.asciidoc
@@ -53,7 +53,7 @@ A CORS rule is required for communication between Elastic and {sn}. To create a
 
 Follow these steps:
 
-. Go to *Cases -> Edit external connection*.
+. Find **Cases** in the navigation menu, or search for `Security/Cases` by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], then select **Settings**.
 . From the Incident management system list, select the deprecated connector to open the *Edit connector* flyout.
 . Click *Update <connector name>*.
 . In the warning message, click *Update this connector*.