elastic · joepeeples · Sep 20, 2024 · Aug 30, 2024 · Aug 30, 2024 · Aug 30, 2024
@@ -1,5 +1,5 @@
 [[ers-requirements]]
-= Entity risk scoring prerequisites
+= Entity risk scoring requirements
 
 To use entity risk scoring and asset criticality, your role must have certain cluster, index, and {kib} privileges. These features require a https://www.elastic.co/pricing[Platinum subscription] or higher.
 

@@ -1,5 +1,5 @@
 [[case-permissions]]
-= Cases prerequisites
+= Cases requirements
 
 :frontmatter-description: Learn about the {kib} feature privileges required to access {elastic-sec} cases. 
 :frontmatter-tags-products: [security]
@@ -12,8 +12,7 @@
 //For more information, see
 //{kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges].
 
-You can create roles and define feature privileges at different levels to manage feature access in {kib}. {kib} privileges grant access to features within a specified {kib} space, and you can grant full or partial access. For more information, see
-{kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges].
+You can create roles and define feature privileges at different levels to manage feature access in {kib}. {kib} privileges grant access to features within a specified {kib} space, and you can grant full or partial access. For more information, refer to {kibana-ref}/kibana-role-management.html#adding_kibana_privileges[{kib} privileges].
 
 [NOTE]
 ====
@@ -27,7 +26,7 @@ to {kib}, you must configure the
 
 IMPORTANT: Certain subscriptions and privileges might be required to manage case attachments. For example, to add alerts to cases, you must have privileges for <<enable-detections-ui,managing alerts>>. 
 
-To grant access to cases, set the {kib} space privileges for the *Cases* and *{connectors-feature}* features as follows:
+To grant access to cases, set the privileges for the *Cases* and *{connectors-feature}* features as follows:
 
 [discrete]
 [width="100%",options="header"]
@@ -60,6 +59,3 @@ NOTE: You can customize the sub-feature privileges to allow access to deleting c
 | Revoke all access to cases | **None** for the *Cases* feature under *Security*
 
 |==============================================
-
-[role="screenshot"]
-image::images/case-feature-privs-example.png[Shows privileges needed for cases, actions, and connectors]
@@ -1,5 +1,5 @@
 [[detections-permissions-section]]
-= Detections prerequisites and requirements
+= Detections requirements
 
 To use the <<detection-engine-overview, Detections feature>>, you first need to
 configure a few settings. You also need the https://www.elastic.co/subscriptions[appropriate license] to send
@@ -37,22 +37,24 @@ and restarting {kib}, you must restart all detection rules.
 [[enable-detections-ui]]
 == Enable and access detections
 
-To use the Detections feature, it must be enabled, your role must have access to rules and alerts, and your {kib} space must have **Data View Management** {kibana-ref}/xpack-spaces.html#spaces-control-feature-visibility[feature visibility]. If your role does not have the cluster and index privileges needed to enable this feature, you can request someone who has these privileges to visit your Kibana space, which will turn it on for you. The following table describes the required privileges to access the Detections feature, including rules and alerts.
+To use the Detections feature, it must be enabled, your role must have access to rules and alerts, and your {kib} space must have **Data View Management** {kibana-ref}/xpack-spaces.html#spaces-control-feature-visibility[feature visibility]. If your role doesn't have the cluster and index privileges needed to enable this feature, you can request someone who has these privileges to visit your {kib} space, which will turn it on for you. 
 
-NOTE: For instructions about using Machine Learning jobs and rules, refer to <<ml-requirements, Machine learning job and rule requirements>>.
+NOTE: For instructions about using {ml} jobs and rules, refer to <<ml-requirements, Machine learning job and rule requirements>>.
 
 IMPORTANT: In {stack} version 8.0.0, the `.siem-signals-<space-id>` index was renamed to `.alerts-security.alerts-<space-id>`. Detection alert indices are created for each {kib} space. For the default space, the alerts index is
 named `.alerts-security.alerts-default`. If you're upgrading to 8.0.0 or later, users should have privileges for the `.alerts-security.alerts-<space-id>` AND `.siem-signals-<space-id>` indices. If you're newly installing the {stack}, then users do not need privileges for the `.siem-signals-<space-id>` index.
 
+The following table describes the required privileges to access the Detections feature, including rules and alerts. For more information on {kib} privileges, refer to {kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges].
+
 [discrete]
 [width="100%",options="header"]
 |==============================================
 |Action |Cluster Privileges |Index Privileges |Kibana Privileges
 
-|Enable the Detections feature in your Kibana space
-|The `manage` privilege
+|Enable detections in your space
+|`manage`
 
-a|The `manage`, `write`,`read`, and `view_index_metadata` index privileges for the following system indices and data streams, where `<space-id>` is the {kib} space name:
+a|`manage`, `write`, `read`, and `view_index_metadata` for these system indices and data streams, where `<space-id>` is the space name:
 
 * `.alerts-security.alerts-<space-id>`
 * `.siem-signals-<space-id>` ^1^
@@ -61,15 +63,14 @@ a|The `manage`, `write`,`read`, and `view_index_metadata` index privileges for t
 
 ^1^ *NOTE*: If you're upgrading to {stack} 8.0.0 or later, users should have privileges for the `.alerts-security.alerts-<space-id>` AND `.siem-signals-<space-id>` indices. If you're newly installing the {stack}, then users do not need privileges for the `.siem-signals-<space-id>` index.
 
-|{kib} space `All` privileges for the `Security` feature (refer to
-{kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges])
+|`All` for the `Security` feature
 
-|Enable the Detections feature in all Kibana spaces
+|Enable detections in all spaces
 
-*NOTE*: To turn on the Detections feature, visit the Rules and Alerts pages for each appropriate Kibana space.
+*NOTE*: To turn on detections, visit the Rules and Alerts pages for each space.
 
-|The `manage` privilege
-a|The `manage`, `write`,`read`, and `view_index_metadata` index privileges for the following system indices and data streams:
+|`manage`
+a|`manage`, `write`, `read`, and `view_index_metadata` for these system indices and data streams:
 
 * `.alerts-security.alerts-<space-id>`
 * `.siem-signals-<space-id>` ^1^
@@ -78,22 +79,20 @@ a|The `manage`, `write`,`read`, and `view_index_metadata` index privileges for t
 
 ^1^ *NOTE*: If you're upgrading to {stack} 8.0.0 or later, users should have privileges for the `.alerts-security.alerts-<space-id>` AND `.siem-signals-<space-id>` indices. If you're newly installing the {stack}, then users do not need privileges for the `.siem-signals-<space-id>` index.
 
-|{kib} space `All` privileges for the `Security` feature (refer to
-{kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges])
+|`All` for the `Security` feature
 
 | Preview rules
 |N/A
-a| The `read` privilege for the following indices:
+a| `read` for these indices:
 
 * `.preview.alerts-security.alerts-<space-id>`
 * `.internal.preview.alerts-security.alerts-<space-id>-*`
 
-|{kib} space `All` privileges for the `Security` feature (refer to
-{kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges])
+|`All` for the `Security` feature
 
 |Manage rules
 | N/A
-a|The `manage`, `write`,`read`, and `view_index_metadata` index privileges for the following system indices and data streams, where `<space-id>` is the {kib} space name:
+a|`manage`, `write`, `read`, and `view_index_metadata` for these system indices and data streams, where `<space-id>` is the space name:
 
 * `.alerts-security.alerts-<space-id`
 * `.siem-signals-<space-id>`^1^
@@ -102,8 +101,7 @@ a|The `manage`, `write`,`read`, and `view_index_metadata` index privileges for t
 
 ^1^ *NOTE*: If you're upgrading to {stack} 8.0.0 or later, users should have privileges for the `.alerts-security.alerts-<space-id>` AND `.siem-signals-<space-id>` indices. If you're newly installing the {stack}, then users do not need privileges for the `.siem-signals-<space-id>` index.
 
-a| {kib} space `All` privileges for the `Security` feature (refer to
-{kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges])
+a|`All` for the `Security` feature
 
 *NOTE:* You need additional `Action and Connectors` feature privileges (**Management → Action and Connectors**) to manage rules with actions and connectors:
 
@@ -115,7 +113,7 @@ a| {kib} space `All` privileges for the `Security` feature (refer to
 
 **NOTE**: Allows you to manage alerts, but not modify rules.
 |N/A
-a|The `maintenance`, `write`,`read`, and `view_index_metadata` index privileges for the following system indices and data streams, where `<space-id>` is the {kib} space name:
+a|`maintenance`, `write`, `read`, and `view_index_metadata` for these system indices and data streams, where `<space-id>` is the space name:
 
 * `.alerts-security.alerts-<space-id>`
 * `.internal.alerts-security.alerts-<space-id>-*`
@@ -124,21 +122,19 @@ a|The `maintenance`, `write`,`read`, and `view_index_metadata` index privileges
 * `.items-<space-id>`
 
 ^1^ *NOTE*: If you're upgrading to {stack} 8.0.0 or later, users should have privileges for the `.alerts-security.alerts-<space-id>` AND `.siem-signals-<space-id>` indices. If you're newly installing the {stack}, then users do not need privileges for the `.siem-signals-<space-id>` index.
-|{kib} space `Read` privileges for the `Security` feature (refer to
-{kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges])
+|`Read` for the `Security` feature
 
-|Create the `.lists` and `.items` data streams in your {kib} space
+|Create the `.lists` and `.items` data streams in your space
 
-**NOTE**: To initiate the process that creates the `.lists` and `.items` data streams, you must visit the Rules page for each appropriate {kib} space.
+**NOTE**: To initiate the process that creates the data streams, you must visit the Rules page for each appropriate space.
 
-|The `manage` privilege
-a| The `manage`, `write`,`read`, and `view_index_metadata` index privileges for the following data streams, where `<space-id>` is the {kib} space name:
+|`manage`
+a|`manage`, `write`, `read`, and `view_index_metadata` for these data streams, where `<space-id>` is the space name:
 
 * `.lists-<space-id>`
 * `.items-<space-id>`
 
-|{kib} space `All` privileges for the `Security` and `Saved Objects Management`
-features (refer to {kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges])
+|`All` for the `Security` and `Saved Objects Management` features
 
 |==============================================
 

@@ -20,8 +20,7 @@ pages
 * Whether related integrations are displayed on the Rules page tables
 * The options provided in the alert tag menu  
 
-You need `All` privileges for the *Advanced Settings* feature to change these
-settings (refer to {kibana-ref}/kibana-privileges.html[Kibana privileges]).
+To change these settings, you need `All` privileges for the *Advanced Settings* {kibana-ref}/kibana-privileges.html[{kib} feature].
 
 WARNING: Modifying advanced settings can affect Kibana performance and cause
 problems that are difficult to diagnose. Setting a property value to a blank

@@ -6,19 +6,16 @@
 :frontmatter-tags-content-type: [reference]
 :frontmatter-tags-user-goals: [manage]
 
-You can create user roles and define privileges to manage feature access in {kib}. This allows you to use the principle of least privilege while managing access to {elastic-defend}'s features.
+You can create user roles and define privileges to manage feature access in {elastic-sec}. This allows you to use the principle of least privilege while managing access to {elastic-defend}'s features.
 
-Roles and privileges are configured in *Stack Management* -> *Roles* in {kib}. For more details on using this UI, refer to {kibana-ref}/kibana-role-management.html#adding_kibana_privileges[{kib} privileges]. 
+Configure roles and privileges in *Stack Management* → *Roles* in {kib}. For more details on using this UI, refer to {kibana-ref}/kibana-role-management.html#adding_kibana_privileges[{kib} privileges]. 
 
-NOTE: {elastic-defend}'s feature privileges must be assigned to *All Spaces*. You can't assign them to an individual {kib} space. 
-
-[role="screenshot"]
-image::images/endpoint-privileges.png[Configuring privileges in Kibana,75%]
+NOTE: {elastic-defend}'s feature privileges must be assigned to *All Spaces*. You can't assign them to an individual space. 
 
 To grant access, select *All* for the *Security* feature in the *{kib} privileges* configuration UI, then turn on the *Customize sub-feature privileges* switch. For each of the following sub-feature privileges, select the type of access you want to allow:
 
 * *All*: Users have full access to the feature, which includes performing all available actions and managing configuration.
-* *Read*: Users can view the feature, but can't perform any actions or manage configuration. (Some features don't have this privilege.)
+* *Read*: Users can view the feature, but can't perform any actions or manage configuration (some features don't have this privilege).
 * *None*: Users can't access or view the feature.
 
 [cols="1,1",width="100%"]
@@ -27,10 +24,10 @@ To grant access, select *All* for the *Security* feature in the *{kib} privilege
 | Access the <<admin-page-ov,Endpoints>> page, which lists all hosts running {elastic-defend}, and associated integration details.
 
 | *Trusted Applications*
-| Access the <<trusted-apps-ov,Trusted Applications>> page to remediate conflicts with other software, such as antivirus or endpoint security applications.
+| Access the <<trusted-apps-ov,Trusted applications>> page to remediate conflicts with other software, such as antivirus or endpoint security applications.
 
 | *Host Isolation Exceptions*
-| Access the <<host-isolation-exceptions,Host Isolation Exceptions>> page to add specific IP addresses that isolated hosts can still communicate with.
+| Access the <<host-isolation-exceptions,Host isolation exceptions>> page to add specific IP addresses that isolated hosts can still communicate with.
 
 | *Blocklist*
 | Access the <<blocklist,Blocklist>> page to prevent specified applications from running on hosts, extending the list of processes that {elastic-defend} considers malicious.

@@ -14,7 +14,7 @@ configure `source.geo` and `destination.geo` ECS fields for your indices.
 [float]
 [[prereq-perms]]
 === Permissions required
-In order to view the map, you need at least `Read` privileges for `Maps`. To configure it, you need `All` privileges. Maps privilege settings are under *Kibana privileges* -> *Analytics* -> *Maps*.
+To view the map, you need a role with at least `Read` {kibana-ref}/kibana-role-management.html#adding_kibana_privileges[privileges] for the `Maps` feature.
 
 [float]
 [[kibana-index-pattern]]
@@ -100,8 +100,7 @@ it encounters an event that doesn't have the specified field.
 TIP: An example ingest pipeline that uses the GeoLite2-ASN.mmdb database to add
 autonomous system number (ASN) fields can be found https://github.com/elastic/examples/blob/master/Security%20Analytics/SIEM-examples/Packetbeat/geoip-info.json[here].
 
-. In your Beats configuration files, add the pipeline to the
-`output.elasticsearch`tag:
+. In your Beats configuration files, add the pipeline to the `output.elasticsearch` tag:
 +
 [source,yml]
 ----------------------------------

@@ -1,5 +1,5 @@
 [[sec-requirements]]
-= Elastic Security system requirements
+= {elastic-sec} requirements
 
 {elastic-sec} is an inbuilt part of {kib}. To use {elastic-sec}, you only need an {stack}
 deployment (an {es} cluster and {kib}). 
@@ -23,19 +23,18 @@ To use Elastic Security, at least one node in your Elasticsearch cluster must ha
 Changes might be required if your nodes have customized roles. When updating node roles, nodes are only assigned the roles you specify, and default roles are removed. If you need to reassign the `transform` role to a node, {ref}/modules-node.html#transform-node[create a dedicated transform node].
 
 [discrete]
-== {kib} space and index privileges
+== Space and index privileges
 
-To use {elastic-sec}, you must have at least:
+To use {elastic-sec}, your role must have at least:
 
-* `Read` privilege for the `Security` feature in the {kib} space (see
-{kibana-ref}/xpack-spaces.html[Spaces]). This grants you `Read` access to all features in {elastic-sec} except cases. Additional <<case-permissions, minimum privileges>> are needed to use cases.
+* `Read` privilege for the `Security` feature in the 
+{kibana-ref}/xpack-spaces.html[space]. This grants you `Read` access to all features in {elastic-sec} except cases. You need additional <<case-permissions, minimum privileges>> to use cases.
 * `Read` and `view_index_metadata` privileges for all {elastic-sec} indices, such as
 `filebeat-*`, `packetbeat-*`, `logs-*`, and `endgame-*` indices.
 
 NOTE: <<advanced-settings>> describes how to modify {elastic-sec} indices.
 
-For more information about index privileges, see
-{ref}/security-privileges.html[{es} security privileges].
+For more information about index privileges, refer to {ref}/security-privileges.html[{es} security privileges].
 
 [discrete]
 == Feature-specific requirements
@@ -46,7 +45,7 @@ There are some additional requirements for specific features:
 * <<case-permissions>>
 * <<ers-requirements>>
 * <<ml-requirements>>
-* <<elastic-endpoint-deploy-reqs, {elastic-endpoint} requirements>>
+* <<elastic-endpoint-deploy-reqs>>
 * <<conf-map-ui>>
 
 [discrete]