elastic · benskelker · Aug 17, 2020 · Aug 15, 2020
diff --git a/docs/siem/images/es-architecture.png b/docs/siem/images/es-architecture.png
diff --git a/docs/siem/images/es-architecture.snagproj b/docs/siem/images/es-architecture.snagproj
diff --git a/docs/siem/overview.asciidoc b/docs/siem/overview.asciidoc
@@ -1,24 +1,25 @@
+////
 [[siem-overview]]
 [chapter, role="xpack"]
 = Overview
-
-{siem-soln} enables analysis of host-related and network-related security events
+Elastic Security enables analysis of host-related and network-related security events
 as part of alert investigations or interactive threat hunting.
+////
+
+[[siem-components]]
+[chapter, role="xpack"]
+= Elastic Security components
 
-The {siem-app} in {kib} provides an interactive workspace for security teams to
+The {security-app} in {kib} provides an interactive workspace for security teams to
 triage events and perform initial investigations. Additionally,
 <<machine-learning, {ml} {anomaly-jobs}>> and
 <<detection-engine-overview, detection engine rules>> provide ways to
 automatically detect suspicious activity across your entire fleet of servers
 and workstations.
 
-[float]
-[[siem-components]]
-== SIEM components
-
-SIEM requires the following {stack} components.
+Elastic Security requires the following {stack} components:
 
-image::images/siem-architecture.png[]
+image::images/es-architecture.png[]
 
 *https://www.elastic.co/products/endpoint-security[Elastic Endpoint Security]*
 is an endpoint security platform and agent that provides prevention, detection,
@@ -53,7 +54,7 @@ identify and investigate suspicious activity:
 [[data-sources]]
 == Data sources
 
-SIEM can ingest and analyze data from a variety of sources, including Elastic
+Elastic Security can ingest and analyze data from a variety of sources, including Elastic
 Endpoint Security, Beats and Beats modules,
 {apm-app-ref}/transactions.html[APM transactions], and third-party
 collectors mapped to the {ecs-ref}[Elastic Common Schema (ECS)].
@@ -100,19 +101,18 @@ collectors mapped to the {ecs-ref}[Elastic Common Schema (ECS)].
 
 [discrete]
 [[endpoint-security-platform]]
-==== Elastic Endpoint Sensor Management Platform
+==== Elastic Endpoint and Ingest Manager
 
-The Sensor Management Platform (SMP) ships all relevant host and network data
-directly to the {siem-app}.
+The Elastic Endpoint provides capabilities such as collecting events, detecting and preventing malicious activity, whitelisting and artifact delivery. A single unified agent is used to install the endpoint on hosts. Agents and integrations are managed by the Ingest Manager.
 
 [discrete]
 [[apm-transactions-data]]
 ==== APM transactions
 
-By default, the {siem-app} monitors {apm-app-ref}/apm-getting-started.html[APM]
+By default, the {security-app} monitors {apm-app-ref}/apm-getting-started.html[APM]
 `apm-*-transaction*` indices. To add additional APM indices, update the
-index patterns in the `siem:defaultIndex` setting ({kib} -> Management ->
-Advanced Settings -> `siem:defaultIndex`).
+index patterns in the `securitysolution:defaultIndex` setting ({kib} -> Management ->
+Advanced Settings -> `securitySolution:defaultIndex`).
 
 [float]
 [[ecs]]
@@ -123,7 +123,7 @@ storing event data in Elasticsearch. ECS helps users normalize their event data
 to better analyze, visualize, and correlate the data represented in their
 events.
 
-{siem-soln} can ingest and normalize events from ECS-compatible data sources.
+Elastic Security can ingest and normalize events from ECS-compatible data sources.
 
 [discrete]
 [[host_id]]