elastic · natasha-moore-elastic · Jan 11, 2024 · Jan 4, 2024 · Jan 8, 2024 · Jan 8, 2024
@@ -42,16 +42,8 @@ image::images/solution-advanced-settings.png[]
 == Update default Elastic Security indices
 
 The `securitySolution:defaultIndex` field defines which {es} indices the
-{security-app} uses to collect data. By default, these index patterns are used to
-match {es} indices:
-
-* `apm-*-transaction*`
-* `auditbeat-*`
-* `endgame-*`
-* `filebeat-*`
-* `logs-*`
-* `packetbeat-*`
-* `winlogbeat-*`
+{security-app} uses to collect data. By default, index patterns are used to
+match sets of {es} indices.
 
 NOTE: Index patterns use wildcards to specify a set of indices. For example, the
 `filebeat-*` index pattern means all indices starting with `filebeat-` are
@@ -64,7 +56,7 @@ data shipped via {beats} and the {agent} is automatically added to the
 
 You can add or remove any indices and index patterns as required. For background information on {es} indices, refer to {ref}/documents-indices.html[Data in: documents and indices].
 
-NOTE: If you leave the `logs-*` index selected, by default, all Elastic cloud logs are excluded from all queries in the {security-app}. This is to avoid adding data from cloud monitoring to the app.
+NOTE: If you leave the `-*elastic-cloud-logs-*` index pattern selected, all Elastic cloud logs are excluded from all queries in the {security-app} by default. This is to avoid adding data from cloud monitoring to the app.
 
 IMPORTANT: {elastic-sec} requires {ecs-ref}[ECS-compliant data]. If you use third-party data
 collectors to ship data to {es}, the data must be mapped to ECS.