From 1522062b8e831acfa0f10ee286fa3b73ae36205a Mon Sep 17 00:00:00 2001 From: Florent Le Borgne Date: Thu, 18 Dec 2025 18:39:53 +0100 Subject: [PATCH 01/10] applies-switch cleanup --- .../_snippets/eck_rcs_expose.md | 4 +-- .../managed-credentials-eck.md | 7 ++--- .../manage-access-to-ai-assistant.md | 22 +++++++-------- explore-analyze/discover/background-search.md | 22 +++++++++------ explore-analyze/visualize/text-panels.md | 2 +- solutions/_snippets/edot-reference-arch.md | 2 +- .../quickstart-elastic-cloud-otel-endpoint.md | 8 +++--- .../create-manage-cases.md | 16 +++++------ solutions/security/ai/attack-discovery.md | 28 +++++++++---------- .../_snippets/agentless-integrations-faq.md | 3 +- .../get-started/automatic-migration.md | 10 +++---- 11 files changed, 62 insertions(+), 62 deletions(-) diff --git a/deploy-manage/remote-clusters/_snippets/eck_rcs_expose.md b/deploy-manage/remote-clusters/_snippets/eck_rcs_expose.md index 5b4da6dc2d..9a539b07ce 100644 --- a/deploy-manage/remote-clusters/_snippets/eck_rcs_expose.md +++ b/deploy-manage/remote-clusters/_snippets/eck_rcs_expose.md @@ -29,9 +29,9 @@ spec: 1. On cloud providers that support external load balancers, setting the type to `LoadBalancer` provisions a load balancer for your service. Alternatively, expose the service `-es-remote-cluster` through one of the Kubernetes Ingress controllers that support TCP services. :::: -::::{applies-item} eck: ga 3.0 +::::{applies-item} eck: ga 3.0-3.2 -In ECK 3.2 and earlier, you can't customize the service that ECK generates for the remote cluster interface, but you can create your own `LoadBalancer` service, `Ingress` object, or use another method available in your environment. +You can't customize the service that ECK generates for the remote cluster interface, but you can create your own `LoadBalancer` service, `Ingress` object, or use another method available in your environment. For example, for a cluster named `quickstart`, the following command creates a separate `LoadBalancer` service named `quickstart-es-remote-cluster-lb`, pointing to the ECK-managed service `quickstart-es-remote-cluster`: diff --git a/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md b/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md index b4ab44c417..d4aa383e7f 100644 --- a/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md +++ b/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md @@ -74,8 +74,7 @@ The following command regenerates auto-generated credentials of **all** {{stack} ::::{applies-switch} -:::{applies-item} { "eck": "ga 3.2" } -In ECK versions 3.2 and beyond: +:::{applies-item} eck: ga 3.2 ```sh kubectl delete secret -l eck.k8s.elastic.co/credentials=true @@ -83,8 +82,7 @@ kubectl delete secret -l eck.k8s.elastic.co/credentials=true ::: -:::{applies-item} { "eck": "ga 3.1" } -In ECK versions prior to 3.2: +:::{applies-item} eck: ga 3.0-3.1 ```sh kubectl delete secret -l eck.k8s.elastic.co/credentials=true,common.k8s.elastic.co/type!=kibana @@ -95,7 +93,6 @@ kubectl delete secret -l eck.k8s.elastic.co/credentials=true,common.k8s.elastic. :::: ### Control the length of auto-generated passwords - ```{applies_to} eck: ga 3.2 ``` diff --git a/explore-analyze/ai-features/manage-access-to-ai-assistant.md b/explore-analyze/ai-features/manage-access-to-ai-assistant.md index 9d20a7836c..5b5bea816a 100644 --- a/explore-analyze/ai-features/manage-access-to-ai-assistant.md +++ b/explore-analyze/ai-features/manage-access-to-ai-assistant.md @@ -28,6 +28,17 @@ To manage these settings, go to the **GenAI Settings** page by using the navigat ::::{applies-switch} +:::{applies-item} serverless: ga + +![GenAI Settings page for Serverless](/explore-analyze/images/ai-assistant-settings-page-serverless.png "") + +The **GenAI Settings** page has the following settings: + +- **Default AI Connector**: Click **Manage connectors** to open the **Connectors** page, where you can create or delete AI connectors. To update these settings, you need the `Actions and connectors: all` [{{kib}} privilege](/deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md). +- **AI feature visibility**: Click **Go to Permissions tab** to access the active {{kib}} space's settings page, where you can specify which features each [user role](/deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md) has access to in your environment. This includes AI-powered features. + +::: + :::{applies-item} stack: ga 9.2 ![GenAI Settings page for Stack](/explore-analyze/images/ai-assistant-settings-page.png "") @@ -48,16 +59,5 @@ The **GenAI Settings** page has the following settings: ::: -:::{applies-item} serverless: - -![GenAI Settings page for Serverless](/explore-analyze/images/ai-assistant-settings-page-serverless.png "") - -The **GenAI Settings** page has the following settings: - -- **Default AI Connector**: Click **Manage connectors** to open the **Connectors** page, where you can create or delete AI connectors. To update these settings, you need the `Actions and connectors: all` [{{kib}} privilege](/deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md). -- **AI feature visibility**: Click **Go to Permissions tab** to access the active {{kib}} space's settings page, where you can specify which features each [user role](/deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md) has access to in your environment. This includes AI-powered features. - -::: - :::: diff --git a/explore-analyze/discover/background-search.md b/explore-analyze/discover/background-search.md index b34488927a..c9d5cf14a3 100644 --- a/explore-analyze/discover/background-search.md +++ b/explore-analyze/discover/background-search.md @@ -35,7 +35,7 @@ This feature is enabled by default. This feature is enabled by default. :::: -::::{applies-item} stack: ga 9.2 +::::{applies-item} stack: ga =9.2 This feature is disabled by default. You can enable background searches by setting [`data.search.sessions.enabled`](kibana://reference/configuration-reference/search-sessions-settings.md) to `true` in the [`kibana.yml`](/deploy-manage/stack-settings.md) configuration file. :::{note} - Exception for search sessions users @@ -43,7 +43,7 @@ If you upgrade to version 9.2 or later with search sessions enabled in the versi ::: :::: -::::{applies-item} stack: ga 9.0 +::::{applies-item} stack: ga 9.0-9.1 This feature is named **Search sessions** and is disabled by default unless you upgraded from a previous version where you were already using the feature. You can enable search sessions by setting [`data.search.sessions.enabled`](kibana://reference/configuration-reference/search-sessions-settings.md) to `true` in the [`kibana.yml`](/deploy-manage/stack-settings.md) configuration file. :::: @@ -55,17 +55,21 @@ This feature is named **Search sessions** and is disabled by default unless you The background searches that you run are personal and only visible by you. To use this feature, you must have the following minimum permissions: -:::::{tab-set} -:group: background search +:::::{applies-switch} + +::::{applies-item} serverless: ga + +To send searches to the background, and to view and interact with the list of background searches from **Discover** and **Dashboards** apps, you must have permissions for **Discover** and **Dashboard**, and for the [Background search subfeature](../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md#kibana-feature-privileges). +:::: + +::::{applies-item} stack: ga 9.2 -::::{tab-item} 9.2 and later -:sync: 92 To send searches to the background, and to view and interact with the list of background searches from **Discover** and **Dashboards** apps, you must have permissions for **Discover** and **Dashboard**, and for the [Background search subfeature](../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md#kibana-feature-privileges). :::: -::::{tab-item} 9.1 and earlier -:sync: 91 -In versions 9.1 and earlier, this feature is named **Search sessions**. +::::{applies-item} stack: ga 9.0-9.1 + +In thee versions, this feature is named **Search sessions**. * To save a session, you must have permissions for **Discover** and **Dashboard**, and the [Search sessions subfeature](../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md#kibana-feature-privileges). * To view and restore a saved session, you must have access to {{stack-manage-app}}. :::: diff --git a/explore-analyze/visualize/text-panels.md b/explore-analyze/visualize/text-panels.md index 5316c325ea..5dee2b212c 100644 --- a/explore-analyze/visualize/text-panels.md +++ b/explore-analyze/visualize/text-panels.md @@ -56,7 +56,7 @@ The following image is displayed: For detailed information about writing on GitHub, click **Syntax help** on the top-right of the Markdown editor. :::: -::::{applies-item} stack: ga 9.0 +::::{applies-item} stack: ga 9.0-9.1 1. From your dashboard, select **Add panel**. 2. In the **Add panel** flyout, select **Text**. A Markdown editor appears and lets you configure the information you want to display. 3. In the **Markdown** field, enter your text, then click **Update**. diff --git a/solutions/_snippets/edot-reference-arch.md b/solutions/_snippets/edot-reference-arch.md index 9324f9ff5a..6959e0d8dc 100644 --- a/solutions/_snippets/edot-reference-arch.md +++ b/solutions/_snippets/edot-reference-arch.md @@ -18,7 +18,7 @@ The following diagrams show the reference architecture for OpenTelemetry with El :alt: APM data ingest path (ECH) ::: -- {applies_to}`stack: ga 9.1` +- {applies_to}`stack: ga =9.1` :::{image} /solutions/images/observability-apm-otel-distro-ech.png :alt: APM data ingest path (ECH) diff --git a/solutions/observability/get-started/quickstart-elastic-cloud-otel-endpoint.md b/solutions/observability/get-started/quickstart-elastic-cloud-otel-endpoint.md index b37be1d397..5614be256f 100644 --- a/solutions/observability/get-started/quickstart-elastic-cloud-otel-endpoint.md +++ b/solutions/observability/get-started/quickstart-elastic-cloud-otel-endpoint.md @@ -23,8 +23,8 @@ The {{motlp}} is designed for the following use cases: Keep reading to learn how to use the {{motlp}} to send logs, metrics, and traces to your Serverless project or {{ech}} cluster. :::{note} -:applies_to: { ess:, stack: preview 9.2 } -The Managed OTLP endpoint might not be available in all {{ech}} regions during the Technical Preview. +:applies_to: ess: preview +On {{ech}}, the Managed OTLP endpoint requires a deployment version 9.2 or later and might not be available in all {{ech}} regions during the Technical Preview. ::: ## Send data to Elastic @@ -46,8 +46,8 @@ To retrieve your {{motlp}} endpoint address and API key, follow these steps: Alternatively, you can retrieve the endpoint from the **Manage project** page and create an API key manually from the **API keys** page. ::: -:::{applies-item} ess: -{applies_to}`stack: preview 9.2` +:::{applies-item} ess: preview +You need an {{ech}} deployment version 9.2 or later. 1. In {{ecloud}}, create an {{ech}} deployment or open an existing one. 2. Go to **Add data**, select **Applications** and then select **OpenTelemetry**. 3. Copy the endpoint and authentication headers values. diff --git a/solutions/observability/incident-management/create-manage-cases.md b/solutions/observability/incident-management/create-manage-cases.md index 4f1f618537..afa9a01e87 100644 --- a/solutions/observability/incident-management/create-manage-cases.md +++ b/solutions/observability/incident-management/create-manage-cases.md @@ -17,16 +17,16 @@ Open a new {{observability}} case to keep track of issues and share the details ::::{applies-switch} -:::{applies-item} stack: +:::{applies-item} serverless: **Requirements** -To access and send cases to external systems, you need the appropriate [subscription](https://www.elastic.co/pricing), and your role must have the required {{kib}} feature privileges. Refer to [](../incident-management/configure-access-to-cases.md) for more information. +For {{observability}} projects, you need the appropriate [feature tier](https://www.elastic.co/pricing), and your role must have the **Editor** role or higher to create and manage cases. To learn more, refer to [Assign user roles and privileges](/deploy-manage/users-roles/cloud-organization/user-roles.md#general-assign-user-roles). ::: -:::{applies-item} serverless: +:::{applies-item} stack: **Requirements** -For {{observability}} projects, you need the appropriate [feature tier](https://www.elastic.co/pricing), and your role must have the **Editor** role or higher to create and manage cases. To learn more, refer to [Assign user roles and privileges](/deploy-manage/users-roles/cloud-organization/user-roles.md#general-assign-user-roles). +To access and send cases to external systems, you need the appropriate [subscription](https://www.elastic.co/pricing), and your role must have the required {{kib}} feature privileges. Refer to [](../incident-management/configure-access-to-cases.md) for more information. ::: :::: @@ -49,14 +49,14 @@ To create a case: ::::{applies-switch} - :::{applies-item} stack: - You can add users only if they meet the necessary [prerequisites](/solutions/observability/incident-management/configure-access-to-cases.md). - ::: - :::{applies-item} serverless: You can add users who are assigned the **Editor** user role (or a more permissive role) for the project. ::: + :::{applies-item} stack: + You can add users only if they meet the necessary [prerequisites](/solutions/observability/incident-management/configure-access-to-cases.md). + ::: + :::: 6. If you defined [custom fields](/solutions/observability/incident-management/configure-case-settings.md#case-custom-fields), they appear in the **Additional fields** section. diff --git a/solutions/security/ai/attack-discovery.md b/solutions/security/ai/attack-discovery.md index a1b34a5011..af7c4fd592 100644 --- a/solutions/security/ai/attack-discovery.md +++ b/solutions/security/ai/attack-discovery.md @@ -26,21 +26,13 @@ To use Attack Discovery, your role needs specific privileges. ::::{applies-switch} -:::{applies-item} { "stack": "ga 9.0" } - -Ensure your role has `All` [{{kib}} privileges](../../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-role-management.md) for the **Security > Attack Discover** {{kib}} feature. - -![attack-discovery-rbac](/solutions/images/security-attck-disc-rbac.png) - -::: - -:::{applies-item} { "stack": "ga 9.1"} +:::{applies-item} { "stack": "ga 9.3", "serverless": "ga" } Ensure your role has: -* `All` [{{kib}} privileges](../../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-role-management.md) for the **Security > Attack Discover** {{kib}} feature. +* `All` [{{kib}} privileges](../../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-role-management.md) for the **Security > Attack Discover** {{kib}} feature and at least `Read` privileges for the **Security > Rules** {{kib}} feature. - ![attack-discovery-rbac](/solutions/images/security-attck-disc-rbac.png) + ![attack-discovery-rules-rbac](/solutions/images/attack-discovery-rules-rbac.png "elasticsearch =60%x60%") * The appropriate [index privileges](../../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-role-management.md#adding_index_privileges), based on what you want to do with Attack Discovery alerts: @@ -51,13 +43,13 @@ Ensure your role has: ::: -:::{applies-item} { "stack": "ga 9.3", "serverless": "ga" } +:::{applies-item} stack: ga =9.1 Ensure your role has: -* `All` [{{kib}} privileges](../../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-role-management.md) for the **Security > Attack Discover** {{kib}} feature and at least `Read` privileges for the **Security > Rules** {{kib}} feature. +* `All` [{{kib}} privileges](../../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-role-management.md) for the **Security > Attack Discover** {{kib}} feature. - ![attack-discovery-rules-rbac](/solutions/images/attack-discovery-rules-rbac.png "elasticsearch =60%x60%") + ![attack-discovery-rbac](/solutions/images/security-attck-disc-rbac.png) * The appropriate [index privileges](../../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-role-management.md#adding_index_privileges), based on what you want to do with Attack Discovery alerts: @@ -68,6 +60,14 @@ Ensure your role has: ::: +:::{applies-item} stack: ga =9.0 + +Ensure your role has `All` [{{kib}} privileges](../../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-role-management.md) for the **Security > Attack Discover** {{kib}} feature. + +![attack-discovery-rbac](/solutions/images/security-attck-disc-rbac.png) + +::: + :::: diff --git a/solutions/security/get-started/_snippets/agentless-integrations-faq.md b/solutions/security/get-started/_snippets/agentless-integrations-faq.md index 1e34ceebc0..727f93a959 100644 --- a/solutions/security/get-started/_snippets/agentless-integrations-faq.md +++ b/solutions/security/get-started/_snippets/agentless-integrations-faq.md @@ -5,7 +5,6 @@ Frequently asked questions and troubleshooting steps for {{elastic-sec}}'s agent After you create a new agentless integration, the new integration policy may show a button that says **Add agent** instead of the associated agent for several minutes during agent enrollment. No action is needed other than refreshing the page once enrollment is complete. ## Why isn't my agentless agent appearing in Fleet? - ```{applies_to} stack: ga 9.1 serverless: ga @@ -20,7 +19,7 @@ Agentless agents (which run on Elastic's infrastructure to enable agentless inte Go to the **Settings** tab of the **Fleet** page. Navigate to the **Advanced Settings** section, and enable **Show agentless resources**. ::: -:::{applies-item} stack: ga 9.1 +:::{applies-item} stack: ga =9.1 Add the following query to the end of the **Fleet** page's URL: `?showAgentless=true`. ::: diff --git a/solutions/security/get-started/automatic-migration.md b/solutions/security/get-started/automatic-migration.md index 879f494735..350a295163 100644 --- a/solutions/security/get-started/automatic-migration.md +++ b/solutions/security/get-started/automatic-migration.md @@ -18,27 +18,27 @@ You can ingest your data before migrating your assets, or migrate your assets fi ::::{applies-switch} -:::{applies-item} { "stack": "ga 9.0" } +:::{applies-item} { "stack": "ga 9.3", "serverless": "ga" } **Requirements** -* `All` [{{kib}} privileges](../../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-role-management.md) for the **Security > SIEM migrations** {{kib}} feature. +* `All` [{{kib}} privileges](../../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-role-management.md) for the **Security > SIEM migrations** {{kib}} feature and at least `Read` privileges for the **Security > Rules** {{kib}} feature. * A working [LLM connector](/explore-analyze/ai-features/llm-guides/llm-connectors.md). * {{stack}} users: an [Enterprise](https://www.elastic.co/pricing) subscription. * {{Stack}} users: {{ml}} must be enabled. * {{serverless-short}} users: a [Security Complete](/deploy-manage/deploy/elastic-cloud/project-settings.md) subscription. * {{ecloud}} users: {{ml}} must be enabled. We recommend a minimum size of 4GB of RAM per {{ml}} zone. - ::: -:::{applies-item} { "stack": "ga 9.3", "serverless": "ga" } +:::{applies-item} stack: ga 9.0-9.2 **Requirements** -* `All` [{{kib}} privileges](../../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-role-management.md) for the **Security > SIEM migrations** {{kib}} feature and at least `Read` privileges for the **Security > Rules** {{kib}} feature. +* `All` [{{kib}} privileges](../../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-role-management.md) for the **Security > SIEM migrations** {{kib}} feature. * A working [LLM connector](/explore-analyze/ai-features/llm-guides/llm-connectors.md). * {{stack}} users: an [Enterprise](https://www.elastic.co/pricing) subscription. * {{Stack}} users: {{ml}} must be enabled. * {{serverless-short}} users: a [Security Complete](/deploy-manage/deploy/elastic-cloud/project-settings.md) subscription. * {{ecloud}} users: {{ml}} must be enabled. We recommend a minimum size of 4GB of RAM per {{ml}} zone. + ::: :::: From b61daad57b00516fcf3ef727507e487339fdc6bb Mon Sep 17 00:00:00 2001 From: florent-leborgne Date: Fri, 19 Dec 2025 11:27:32 +0100 Subject: [PATCH 02/10] Update explore-analyze/discover/background-search.md Co-authored-by: shainaraskas <58563081+shainaraskas@users.noreply.github.com> --- explore-analyze/discover/background-search.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/explore-analyze/discover/background-search.md b/explore-analyze/discover/background-search.md index c9d5cf14a3..034f56c431 100644 --- a/explore-analyze/discover/background-search.md +++ b/explore-analyze/discover/background-search.md @@ -69,7 +69,7 @@ To send searches to the background, and to view and interact with the list of ba ::::{applies-item} stack: ga 9.0-9.1 -In thee versions, this feature is named **Search sessions**. +In these versions, this feature is named **Search sessions**. * To save a session, you must have permissions for **Discover** and **Dashboard**, and the [Search sessions subfeature](../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md#kibana-feature-privileges). * To view and restore a saved session, you must have access to {{stack-manage-app}}. :::: From 75c6cd712c295332ecb3615fab9934a08683d6b5 Mon Sep 17 00:00:00 2001 From: florent-leborgne Date: Fri, 19 Dec 2025 11:29:15 +0100 Subject: [PATCH 03/10] Update deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md Co-authored-by: shainaraskas <58563081+shainaraskas@users.noreply.github.com> --- .../cluster-or-deployment-auth/managed-credentials-eck.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md b/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md index d4aa383e7f..9f2150e7aa 100644 --- a/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md +++ b/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md @@ -74,7 +74,7 @@ The following command regenerates auto-generated credentials of **all** {{stack} ::::{applies-switch} -:::{applies-item} eck: ga 3.2 +:::{applies-item} eck: ga 3.2+ ```sh kubectl delete secret -l eck.k8s.elastic.co/credentials=true From 2416334b7718edd2413aba6de80ffad5df959d26 Mon Sep 17 00:00:00 2001 From: florent-leborgne Date: Tue, 6 Jan 2026 10:07:03 +0100 Subject: [PATCH 04/10] Update solutions/security/ai/attack-discovery.md --- solutions/security/ai/attack-discovery.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/solutions/security/ai/attack-discovery.md b/solutions/security/ai/attack-discovery.md index af7c4fd592..8920209704 100644 --- a/solutions/security/ai/attack-discovery.md +++ b/solutions/security/ai/attack-discovery.md @@ -43,7 +43,7 @@ Ensure your role has: ::: -:::{applies-item} stack: ga =9.1 +:::{applies-item} stack: ga 9.1-9.2 Ensure your role has: From 918353e2b73d462f20f365e39d740ffb51de144b Mon Sep 17 00:00:00 2001 From: florent-leborgne Date: Tue, 6 Jan 2026 10:07:19 +0100 Subject: [PATCH 05/10] Update explore-analyze/discover/background-search.md Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> --- explore-analyze/discover/background-search.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/explore-analyze/discover/background-search.md b/explore-analyze/discover/background-search.md index 034f56c431..70eaf23238 100644 --- a/explore-analyze/discover/background-search.md +++ b/explore-analyze/discover/background-search.md @@ -59,7 +59,7 @@ The background searches that you run are personal and only visible by you. To us ::::{applies-item} serverless: ga -To send searches to the background, and to view and interact with the list of background searches from **Discover** and **Dashboards** apps, you must have permissions for **Discover** and **Dashboard**, and for the [Background search subfeature](../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md#kibana-feature-privileges). +To send searches to the background, and to view and interact with the list of background searches from the **Discover** and **Dashboards** apps, you need permissions for **Discover** and **Dashboard**, and for the [Background search subfeature](../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md#kibana-feature-privileges). :::: ::::{applies-item} stack: ga 9.2 From e69d7d9ac833490432f9c6fe6db090c5e9e7bb52 Mon Sep 17 00:00:00 2001 From: florent-leborgne Date: Tue, 6 Jan 2026 10:07:34 +0100 Subject: [PATCH 06/10] Update solutions/security/ai/attack-discovery.md Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> --- solutions/security/ai/attack-discovery.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/solutions/security/ai/attack-discovery.md b/solutions/security/ai/attack-discovery.md index 8920209704..27cfdcbf8f 100644 --- a/solutions/security/ai/attack-discovery.md +++ b/solutions/security/ai/attack-discovery.md @@ -26,7 +26,7 @@ To use Attack Discovery, your role needs specific privileges. ::::{applies-switch} -:::{applies-item} { "stack": "ga 9.3", "serverless": "ga" } +:::{applies-item} { "stack": "ga 9.3+", "serverless": "ga" } Ensure your role has: From 4d7129b28b05911f1bd87dc3ea1230f20243f219 Mon Sep 17 00:00:00 2001 From: florent-leborgne Date: Wed, 7 Jan 2026 13:53:11 +0100 Subject: [PATCH 07/10] Update solutions/security/ai/attack-discovery.md Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> --- solutions/security/ai/attack-discovery.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/solutions/security/ai/attack-discovery.md b/solutions/security/ai/attack-discovery.md index 5952fa88d2..54e5895256 100644 --- a/solutions/security/ai/attack-discovery.md +++ b/solutions/security/ai/attack-discovery.md @@ -30,7 +30,7 @@ To use Attack Discovery, your role needs specific privileges. Ensure your role has: -* `All` [{{kib}} privileges](../../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-role-management.md) for the **Security > Attack Discover** {{kib}} feature and at least `Read` privileges for the **Security > Rules** {{kib}} feature. +* `All` [{{kib}} privileges](../../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-role-management.md) for the **Security > Attack discovery** {{kib}} feature and at least `Read` privileges for the **Security > Rules** {{kib}} feature. ![attack-discovery-rules-rbac](/solutions/images/attack-discovery-rules-rbac.png "elasticsearch =60%x60%") From 8ff9a2eb43144968a66f742b6a8ad0b809e829bd Mon Sep 17 00:00:00 2001 From: florent-leborgne Date: Wed, 7 Jan 2026 13:53:20 +0100 Subject: [PATCH 08/10] Update solutions/security/ai/attack-discovery.md Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> --- solutions/security/ai/attack-discovery.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/solutions/security/ai/attack-discovery.md b/solutions/security/ai/attack-discovery.md index 54e5895256..a9a1d40e71 100644 --- a/solutions/security/ai/attack-discovery.md +++ b/solutions/security/ai/attack-discovery.md @@ -62,7 +62,7 @@ Ensure your role has: :::{applies-item} stack: ga =9.0 -Ensure your role has `All` [{{kib}} privileges](../../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-role-management.md) for the **Security > Attack Discover** {{kib}} feature. +Ensure your role has `All` [{{kib}} privileges](../../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-role-management.md) for the **Security > Attack discovery** {{kib}} feature. ![attack-discovery-rbac](/solutions/images/security-attck-disc-rbac.png) From d827dd326fbf49b8aeafabf473222215b1c938cc Mon Sep 17 00:00:00 2001 From: florent-leborgne Date: Wed, 7 Jan 2026 13:53:32 +0100 Subject: [PATCH 09/10] Update solutions/security/ai/attack-discovery.md Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> --- solutions/security/ai/attack-discovery.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/solutions/security/ai/attack-discovery.md b/solutions/security/ai/attack-discovery.md index a9a1d40e71..6196ec357f 100644 --- a/solutions/security/ai/attack-discovery.md +++ b/solutions/security/ai/attack-discovery.md @@ -47,7 +47,7 @@ Ensure your role has: Ensure your role has: -* `All` [{{kib}} privileges](../../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-role-management.md) for the **Security > Attack Discover** {{kib}} feature and at least `Read` privileges for the **Security > Rules, Alerts, and Exceptions** {{kib}} feature. +* `All` [{{kib}} privileges](../../../deploy-manage/users-roles/cluster-or-deployment-auth/kibana-role-management.md) for the **Security > Attack discovery** {{kib}} feature and at least `Read` privileges for the **Security > Rules, Alerts, and Exceptions** {{kib}} feature. ![attack-discovery-rbac](/solutions/images/security-attck-disc-rbac.png) From 594bb50f175bcb047de541b004bc4e6b456d07d2 Mon Sep 17 00:00:00 2001 From: Florent Le Borgne Date: Thu, 8 Jan 2026 12:51:24 +0100 Subject: [PATCH 10/10] more fixes --- .../privileged-user-monitoring-setup.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/solutions/security/advanced-entity-analytics/privileged-user-monitoring-setup.md b/solutions/security/advanced-entity-analytics/privileged-user-monitoring-setup.md index e3307def63..d71c0d9874 100644 --- a/solutions/security/advanced-entity-analytics/privileged-user-monitoring-setup.md +++ b/solutions/security/advanced-entity-analytics/privileged-user-monitoring-setup.md @@ -28,7 +28,7 @@ Privileged users typically include accounts with elevated access rights that all You can define privileged users in the following ways: -* {applies_to}`stack: ga 9.3` {applies_to}`stack: preview 9.2` {applies_to}`serverless: ga` [Add a supported integration](#privmon-integrations) with your organization’s user identities. If your environment is already ingesting data from a supported integration, the setup steps are skipped—you're taken directly to the Privileged user monitoring dashboard, where you can start [monitoring user activity](/solutions/security/advanced-entity-analytics/monitor-privileged-user-activitites.md). +* {applies_to}`stack: preview =9.2, ga 9.3+` {applies_to}`serverless: ga` [Add a supported integration](#privmon-integrations) with your organization’s user identities. If your environment is already ingesting data from a supported integration, the setup steps are skipped—you're taken directly to the Privileged user monitoring dashboard, where you can start [monitoring user activity](/solutions/security/advanced-entity-analytics/monitor-privileged-user-activitites.md). * [Select an existing index](#privmon-index) or create a new custom index with privileged user data. * [Bulk-upload](#privmon-upload) a list of privileged users using a CSV or TXT file. * Use the Entity analytics APIs to [mark individual users as privileged]({{kib-apis}}/operation/operation-createprivmonuser) or [bulk-upload multiple privileged users]({{kib-apis}}/operation/operation-privmonbulkuploaduserscsv). @@ -37,7 +37,7 @@ To get started, find the **Privileged user monitoring** page in the navigation m ### Add a supported integration [privmon-integrations] ```yaml {applies_to} -stack: ga 9.3, preview 9.2 +stack: ga 9.3, preview =9.2 serverless: ga ``` @@ -50,7 +50,7 @@ On the **Privileged user monitoring** page, select an integration. The supported :::::{applies-switch} - ::::{applies-item} { stack: ga 9.3, serverless: ga } + ::::{applies-item} { stack: ga 9.3+, serverless: ga } Privileged users are identified by matching the `entityanalytics_ad.user.privileged.group_member` field against privileged Active Directory groups based on [security identifier (SID) group codes](https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-identifiers#well-known-sids). Users in the following Active Directory groups are automatically assigned as privileged: * `512`: Domain Admins @@ -73,7 +73,7 @@ On the **Privileged user monitoring** page, select an integration. The supported :::: % closes applies-item 1 - ::::{applies-item} stack: preview 9.2 + ::::{applies-item} stack: preview =9.2 Users in the following Active Directory groups are automatically assigned as privileged: * Domain Admins @@ -146,7 +146,7 @@ You can use multiple data source types, such as an index and a CSV file, at the On this page, you can: -* {applies_to}`stack: ga 9.3` {applies_to}`stack: preview 9.2` {applies_to}`serverless: preview` Change which integrations you're using as data sources. +* {applies_to}`stack: preview =9.2, ga 9.3+` {applies_to}`serverless: preview` Change which integrations you're using as data sources. * View, remove, and change indices after initially defining them. * Import a new supported file with a list of privileged users.