diff --git a/docs/en/secops/images/secops-architecture.png b/docs/en/secops/images/secops-architecture.png deleted file mode 100644 index 35eb9db6d..000000000 Binary files a/docs/en/secops/images/secops-architecture.png and /dev/null differ diff --git a/docs/en/secops/index.asciidoc b/docs/en/secops/index.asciidoc deleted file mode 100644 index ef6afe363..000000000 --- a/docs/en/secops/index.asciidoc +++ /dev/null @@ -1,17 +0,0 @@ -:doctype: book -:sec: SecOps -:sec-soln: security monitoring -:sec-ui: SecOps - -= Security Monitoring Guide - -include::{asciidoc-dir}/../../shared/versions.asciidoc[] - -include::{asciidoc-dir}/../../shared/attributes.asciidoc[] - -include::overview.asciidoc[] - -include::installation.asciidoc[] - -include::sec-ui.asciidoc[] - diff --git a/docs/en/secops/overview.asciidoc b/docs/en/secops/overview.asciidoc deleted file mode 100644 index 562149c6f..000000000 --- a/docs/en/secops/overview.asciidoc +++ /dev/null @@ -1,20 +0,0 @@ -[[sec-monitoring-overview]] -[role="xpack"] -== Overview - -beta[] - -{sec} gives you a comprehensive view into your security operations. - -The UI in {kib} UI to brings together data -from a variety of sources, making it easier for you -to identify and resolve security issues. - -[float] -[[secops-components]] -=== Security monitoring components - -Security monitoring requires the following {stack} components. - -image::images/secops-architecture.png[] - diff --git a/docs/en/secops/sec-ui.asciidoc b/docs/en/secops/sec-ui.asciidoc deleted file mode 100644 index eb00180a0..000000000 --- a/docs/en/secops/sec-ui.asciidoc +++ /dev/null @@ -1,14 +0,0 @@ -[[sec-ui-overview]] -[role="xpack"] -== {sec-ui} UI - -beta[] - -After you have security monitoring <> and data is streaming to {es}, use the {sec-ui} UI in {kib} to monitor -and identify security problems in real time. - -For more information about working with the {sec-ui} UI, see the -{kib} documentation. - - diff --git a/docs/en/siem/hosts/hosts-ui.asciidoc b/docs/en/siem/hosts/hosts-ui.asciidoc new file mode 100644 index 000000000..1e4e4fbc5 --- /dev/null +++ b/docs/en/siem/hosts/hosts-ui.asciidoc @@ -0,0 +1,14 @@ +[[hosts-ui-overview]] +[role="xpack"] +== Hosts UI + +beta[] + +After you have security monitoring <> and data is streaming to {es}, use the Hosts UI in {kib} to monitor +and identify security problems in real time. + +For more information about working with the Hosts UI, see the +{kib} documentation. + + diff --git a/docs/en/siem/hosts/images/hosts-security-architecture.png b/docs/en/siem/hosts/images/hosts-security-architecture.png new file mode 100644 index 000000000..b051cb379 Binary files /dev/null and b/docs/en/siem/hosts/images/hosts-security-architecture.png differ diff --git a/docs/en/siem/hosts/index.asciidoc b/docs/en/siem/hosts/index.asciidoc new file mode 100644 index 000000000..936263571 --- /dev/null +++ b/docs/en/siem/hosts/index.asciidoc @@ -0,0 +1,17 @@ +:doctype: book +//:hosts-soln-cap: Hosts monitoring +//:hosts-soln: hosts monitoring +//:hosts-ui: Hosts UI + += Hosts Monitoring Guide + +//include::{asciidoc-dir}/../../shared/versions.asciidoc[] + +include::{asciidoc-dir}/../../shared/attributes.asciidoc[] + +include::overview.asciidoc[] + +include::installation.asciidoc[] + +include::hosts-ui.asciidoc[] + diff --git a/docs/en/secops/installation.asciidoc b/docs/en/siem/hosts/installation.asciidoc similarity index 95% rename from docs/en/secops/installation.asciidoc rename to docs/en/siem/hosts/installation.asciidoc index 1c1bafe3f..dd00695fa 100644 --- a/docs/en/secops/installation.asciidoc +++ b/docs/en/siem/hosts/installation.asciidoc @@ -1,4 +1,4 @@ -[[install-sec-monitoring]] +[[install-hosts-monitoring]] [role="xpack"] == Get up and running @@ -27,7 +27,7 @@ such as the index pattern used to query the data, and the timestamp field used for sorting. For more information, see {kib}. [float] -[[install-beats-for-sec]] +[[install-beats-for-host-sec]] === Install {beats} shippers To populate the security UI with metrics and diff --git a/docs/en/siem/hosts/overview.asciidoc b/docs/en/siem/hosts/overview.asciidoc new file mode 100644 index 000000000..f885805c4 --- /dev/null +++ b/docs/en/siem/hosts/overview.asciidoc @@ -0,0 +1,34 @@ +[[hosts-monitoring-overview]] +[role="xpack"] +== Overview + +beta[] + +Host monitoring gives you a comprehensive view into your security operations. + +The UI in {kib} brings together data from a variety of sources, making it easier +for you to identify and resolve security issues. + +[float] +[[hosts-components]] +=== Hosts monitoring components + +Security monitoring requires the following {stack} components. + +image::images/hosts-security-architecture.png[] + +*https://www.elastic.co/products/beats[{beats}]* are open source data +shippers that you install as agents on your servers to send operational data to +{es}. + +*https://www.elastic.co/products/elasticsearch[{es}]* is a real-time, +distributed storage, search, and analytics engine. {es} excels is indexing +streams of semi-structured data, such as logs or metrics. + +*https://www.elastic.co/products/kibana[{kib}]* is an open source analytics and +visualization platform designed to work with {es}. You use {kib} to search, +view, and interact with data stored in {es} indices. You can easily perform +advanced data analysis and visualize your data in a variety of charts, tables, +and maps. + +{kib} Hosts UI provides a dedicated user interface for visualizing host security. diff --git a/docs/en/siem/network/images/network-security-architecture.png b/docs/en/siem/network/images/network-security-architecture.png new file mode 100644 index 000000000..b051cb379 Binary files /dev/null and b/docs/en/siem/network/images/network-security-architecture.png differ diff --git a/docs/en/siem/network/index.asciidoc b/docs/en/siem/network/index.asciidoc new file mode 100644 index 000000000..4b3012ed4 --- /dev/null +++ b/docs/en/siem/network/index.asciidoc @@ -0,0 +1,17 @@ +:doctype: book +//:sec: SecOps +//:sec-soln: security monitoring +//:sec-ui: SecOps + += Network Monitoring Guide + +//include::{asciidoc-dir}/../../shared/versions.asciidoc[] + +include::{asciidoc-dir}/../../shared/attributes.asciidoc[] + +include::overview.asciidoc[] + +include::installation.asciidoc[] + +include::network-ui.asciidoc[] + diff --git a/docs/en/siem/network/installation.asciidoc b/docs/en/siem/network/installation.asciidoc new file mode 100644 index 000000000..46a901c8e --- /dev/null +++ b/docs/en/siem/network/installation.asciidoc @@ -0,0 +1,42 @@ +[[install-network-monitoring]] +[role="xpack"] +== Get up and running + +beta[] + +To get up and running with network monitoring, you need: + +* An Elasticsearch cluster and Kibana (version 6.x or later) with a basic +license. To learn how to get started quickly, see +{stack-gs}/get-started-elastic-stack.html[Getting started with the {stack}]. ++ +[TIP] +============== +You can skip installing {es} and {kib} by using our +https://www.elastic.co/cloud/elasticsearch-service[hosted {es} Service] on +Elastic Cloud. The {es} Service is available on both AWS and GCP. +https://www.elastic.co/cloud/elasticsearch-service/signup[Try the {es} +Service for free]. +============== + +* {beats} shippers (version 6.x or later) installed on each system you want to +monitor + +You might need to modify UI settings in {kib} to change default behaviors, +such as the index pattern used to query the data, and the timestamp field used +for sorting. For more information, see {kib}. + +[float] +[[install-beats-for-network-sec]] +=== Install {beats} shippers + +To populate the Network UI with metrics and +log data, you need to install and configure the following shippers: + +* https://www.elastic.co/products/beats/packetbeat[{packetbeat}] for analyzing +network packets +* https://www.elastic.co/products/beats/filebeat[{filebeat}] for forwarding and +centralizing logs and files +* https://www.elastic.co/products/beats/auditbeat[{auditbeat}] for monitoring +directories for file changes + diff --git a/docs/en/siem/network/network-ui.asciidoc b/docs/en/siem/network/network-ui.asciidoc new file mode 100644 index 000000000..0b42f4794 --- /dev/null +++ b/docs/en/siem/network/network-ui.asciidoc @@ -0,0 +1,14 @@ +[[network-ui-overview]] +[role="xpack"] +== Network UI + +beta[] + +After you have network monitoring <> and data is streaming to {es}, use the Network UI in {kib} to monitor +and identify security problems in real time. + +For more information about working with the Network UI, see the +{kib} documentation. + + diff --git a/docs/en/siem/network/overview.asciidoc b/docs/en/siem/network/overview.asciidoc new file mode 100644 index 000000000..9a3c33211 --- /dev/null +++ b/docs/en/siem/network/overview.asciidoc @@ -0,0 +1,36 @@ +[[network-monitoring-overview]] +[role="xpack"] +== Overview + +beta[] + +Network monitoring gives you a comprehensive view into your network security +operations. + +The Network UI in {kib} brings together data from a variety of sources, making +it easier for you to identify and resolve security issues. + +[float] +[[network-sec-components]] +=== Network monitoring components + +Network monitoring requires the following {stack} components. + +image::images/network-security-architecture.png[] + +*https://www.elastic.co/products/beats[{beats}]* are open source data +shippers that you install as agents on your servers to send operational data to +{es}. + +*https://www.elastic.co/products/elasticsearch[{es}]* is a real-time, +distributed storage, search, and analytics engine. {es} excels is indexing +streams of semi-structured data, such as logs or metrics. + +*https://www.elastic.co/products/kibana[{kib}]* is an open source analytics and +visualization platform designed to work with {es}. You use {kib} to search, +view, and interact with data stored in {es} indices. You can easily perform +advanced data analysis and visualize your data in a variety of charts, tables, +and maps. + +{kib} Network UI provides a dedicated user interface for visualizing host security. +