update doc content

guide/content/_index.md

@@ -1,13 +1,13 @@
 ---
 weight: 1
-title: <Project Name>
-description: <Project Description>
+title: Deepwatch MDR 
+description: Deepwatch Managed Detection and Response (MDR) monitors your AWS Cloud services to detect critical security issues, common configuration errors, and patterns of suspicious behavior.
 ---
 
-# Project title
+# Deepwatch MDR AWS Built-in
 
-The document walks you through the process of <fill-it-up> and is intended for customers who are using the <project-name> AWS Built-In program (ABI) and are building an ABI project.
+This guide is for customers who are building a Deepwatch MDR integration solution using the AWS Built-In (ABI) program. It walks you through the process of configuring your AWS organization with Deepwatch MDR service.
 
-The AWS Built-in program validates partner solutions that are integrated with relevant AWS foundational services such as identity, management, security, and operations. This program helps customers find and deploy a validated partner solution that addresses specific customer use cases while providing visibility and control of AWS native service integrations.
+ABI is a differentiation program that validates AWS Partner solutions that have automated their integrations with relevant AWS foundational services such as identity, management, security, and operations. It helps customers find and deploy a validated partner solution that addresses specific customer use cases while providing deep visibility and control of AWS native service integration.
 
-Choose [Overview](/overview/index.html) to get started.
+Choose [Overview](/overview/index.html).

guide/content/additional-resources.md

@@ -6,15 +6,14 @@ description: Additional resources
 
 ## Partner documentation
 
-* [Deepwatch](https://www.deepwatch.com/)
+* [Deepwatch Knowledge base](https://deepwatch.service-now.com/$knowledge.do?sysparm_kb=dfc19531bf2021003f07e2c1ac0739ab&sysparm_category=55e01aaadb8a205051916a37059619c9&browse_type=categories&sysparm_type_filter=all). An active subscription needed to access this documentation.
 
 ## AWS services
 
 * [Deepwatch MDR ABI](https://github.com/aws-ia/cfn-abi-deepwatch-mdr)
 * [AWS SRA GuardDuty](https://github.com/aws-ia/cfn-abi-amazon-guardduty)
 * [AWS SRA CloudTrail](https://github.com/aws-ia/cfn-abi-aws-cloudtrail)
 
-## FAQs
 
 ## Other resources
 

guide/content/architecture.md

@@ -1,19 +1,33 @@
 ---
 weight: 5
 title: Architecture
-description: Solution architecture
+description: ABI Solution architecture
 ---
 
 Deploying this ABI package with default parameters builds the following architecture:
 
 ![Architecture diagram](/images/overview-architecture.jpg)
 
-As shown in the diagram, this solution sets up AWS CloudFormation to deploy three solutions as one:
+As shown in the diagram, this solution sets up the following:
 
-* Solution A: An AWS CloudFormation nested stack creates an AWS Organizations management account that is encrypted using a customer managed AWS KMS key. The KMS key is managed by an audit account, and logs are delivered to a log archive account. CloudTrail logs all events for all AWS accounts within AWS Organizations.
+#### Enable organization level CloudTrail
+    * [Creates a trail for the organization](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-trail-organization.html) in the management account.
+    * Customer managed KMS key for the AWS Organizations CloudTrail logs and S3 server-side encryption created in the audit account.
+    * AWS Secrets Manager secret containing the customer managed KMS key ARN in the audit account.
+    * S3 bucket where the Organization CloudTrail logs are sent for all accounts in the AWS Organization
 
-* Solution B: An AWS CloudFormation nested stack enables Amazon GuardDuty for all existing accounts within AWS Organizations and turns on the auto-enable feature for future accounts. This solution allows you to choose the Regions in which to enable GuardDuty, and it delegates the GuardDuty administrator role to the audit account. It creates an S3 bucket in the logging account to collect aggregated findings and assigns a lifecycle policy to transition data to Amazon S3 Glacier for storage after 365 days. By default, this solution enables protections for GuardDuty, S3 buckets, and EKS.
+#### Enable Amazon GuardDuty at organization level
 
-* Solution C: A stack set in the logging account stores logs and sets up the required resources to ingest logs to the DeepWatch managed-detection-and-response platform. This includes all necessary Lambda functions, SNS topics, SQS queues, S3 Event Notifications, and IAM roles.
+* Enables GuardDuty for all AWS accounts that are current members of the target organization in AWS Organizations
+* Turns on the Auto-Enable feature in GuardDuty, which automatically enables GuardDuty for any accounts that are added to the target organization in the future
+* Uses the organization’s Audit account as the GuardDuty delegated administrator
+* Creates an Amazon Simple Storage Service (Amazon S3) bucket in the logging account and configures GuardDuty to publish the aggregated findings from all accounts in this bucket
+* Assigns a life-cycle policy that transitions findings from the S3 bucket to Amazon S3 Glacier Flexible Retrieval storage after 365 days, by default
+* Enables GuardDuty S3 protection by default, with the option to enable EKS and Malware protection.
+
+#### Deepwatch Managed Detection and Response (MDR) Integration
+
+* A stack set on the management account that creates the following resources in the Log Archive account:
+    * Create event notifications  and queuing mechanism on CloudTrail and GuardDuty logging buckets to forward the events to the Deepwatch MDR platform. This includes all necessary Lambda functions, SNS topics, SQS queues, S3 Event Notifications, and IAM roles.
 
 **Next:** [Deployment options](/deployment-options/index.html)

guide/content/costandlicenses.md

@@ -4,7 +4,13 @@ title: Costs and licenses
 description: Cost of the solution and licenses required
 ---
 
-There is no AWS cost to use this solution, but you will be billed for any AWS services or resources that this package deploys. For more information about costs, refer to the AWS pricing pages in your Region for the following services:
+## Deepwatch licensing costs
+
+For your cost considerations, deployment of solution presumes that you are already a Deepwatch MDR customer, you can view [Deepwatch service pricing information on the AWS Marketplace](https://aws.amazon.com/marketplace/pp/prodview-7xr5ppn2unxfe?sr=0-1&ref_=beagle&applicationId=AWSMPContessa).
+
+## AWS service costs
+
+There is no additional cost to use this solution, but you will be billed for any AWS services or resources that this package deploys. For more information about costs, refer to the AWS pricing pages in your Region for the following services:
 
 * [Amazon GuardDuty](https://aws.amazon.com/guardduty/pricing/)
 

guide/content/deployment-options.md

@@ -4,13 +4,6 @@ title: Deployment options
 description: 
 ---
 
-This ABI package provides one deployment option:
-
-* [Deploy [[Deepwatch MDR]] for AWS Organizations](quick-link)
-
-This option creates all of the necessary resources for ingestion of AWS security logs into the DeepWatch MDR platform. During the deployment, you can choose which options to enable for the indidivual services.
-
-
 #### Deployment options supported by this ABI package
 
 The following are supported deployment options:
@@ -19,4 +12,4 @@ The following are supported deployment options:
 * Launch using [Customizations for AWS Control Tower (CfCT)](/deployment-steps/index.html#launch-cfct).
 
 
-**Next:** [Predeployment steps](/pre-deployment-steps/index.html)
+**Next:** [Predeployment steps](/pre-deployment-steps/index.html)

guide/content/deployment-steps.md

@@ -5,10 +5,13 @@ description: Deployment steps
 ---
 
 
+
 ## Launch the CloudFormation template in the AWS Organizations management account {#launch-cfn}
 
-1. Download the CloudFormation template from https://github.com/aws-ia/cfn-abi-deepwatch-mdr.
-2. Launch the CloudFormation template from your AWS Control Tower home Region.
+This option creates all of the necessary resources for ingestion of AWS security logs into the DeepWatch MDR platform. During the deployment, you can choose which options to enable for the individual services.
+
+1. Download the [CloudFormation template](https://raw.githubusercontent.com/aws-ia/cfn-abi-deepwatch-mdr/main/templates/deepwatch-root-stack.yaml)
+2. Launch the CloudFormation template from your [AWS Control Tower home Region](https://docs.aws.amazon.com/controltower/latest/userguide/region-how.html).
     * Stack name: `template-deepwatch-enable-integrations`
     * List parameters with [call out default values and update below example as needed]
         * **pDeepwatchRoleName**: `deepwatch-mdr-role`

guide/content/feedback.md

@@ -4,11 +4,23 @@ title: Feedback
 description: Feedback
 ---
 
-To submit feature ideas and report bugs, use the Issues section of the [GitHub repository](https://public-github-repository-link). To submit code, refer to the [Contributor's & Builder's Guide for CloudFormation-based AWS Partner Solutions](https://aws-quickstart.github.io/index.html). To submit documentation feedback, use the following GitHub links:
+To submit feature ideas and report bugs, use the Issues section of the [GitHub repository](https://github.com/aws-ia/cfn-abi-deepwatch-mdr). To submit code, refer to the [AWS Built-in Reference Guide](https://a.co/j72wxaw). To submit documentation feedback, use the following GitHub links:
+
+* [Grammar or spelling](https://github.com/aws-ia/cfn-abi-deepwatch-mdr/issues/new?labels=documentation,grammar+or+spelling&title=Deployment+guide+feedback&body=Section+heading:%0ADocumentation+issue+description:%0A)
+* [Broken link](https://github.com/aws-ia/cfn-abi-deepwatch-mdr/issues/new?labels=documentation,broken+link&title=Deployment+guide+feedback&body=Section+heading:%0ADocumentation+issue+description:%0A)
+* [Inaccurate content](https://github.com/aws-ia/cfn-abi-deepwatch-mdr/issues/new?labels=documentation,inaccurate+content&title=Deployment+guide+feedback&body=Section+heading:%0ADocumentation+issue+description:%0A)
+* [Display or design issues](https://github.com/aws-ia/cfn-abi-deepwatch-mdr/issues/new?labels=documentation,display+and+design&title=Deployment+guide+feedback&body=Section+heading:%0ADocumentation+issue+description:%0A)
+
+**Next:** [Notices](/notices/index.html)
+
+
+
+
+
+
+
+
+
+
 
-* [Grammar or spelling](https-link)
-* [Broken link](https-link)
-* [Inaccurate content](https-link)
-* [Display or design issues](https-link)
 
-**Next:** [Notices](/notices/index.html)

guide/content/overview.md

@@ -1,17 +1,15 @@
 ---
 weight: 2
 title: Overview
-description: 
+description: ABI solution overview
 ---
 
-This ABI deploys `cfn-abi-deepwatch-mdr` integrations for AWS Organizations to the AWS Cloud. It’s for those DeepWatch customers who use AWS CloudTrail and Amazon GuardDuty who want set up the necessary resources to ingest use-case log sources for the Deepwatch MDR service across multiple AWS accounts. If you are unfamiliar with AWS Built-In, refer to [AWS Built-In](https://aws.amazon.com/builtin).
+This ABI deploys `cfn-abi-deepwatch-mdr` integrations for AWS Organizations to the AWS Cloud. It’s for those Deepwatch customers who use AWS CloudTrail and Amazon GuardDuty who want to set up the necessary resources to ingest use-case log sources for the Deepwatch MDR service across multiple AWS accounts. If you are unfamiliar with AWS Built-In, refer to [AWS Built-In](https://aws.amazon.com/partners/built-in-partner-solutions/).
 
 Deploying this ABI package does not guarantee an organization’s compliance with any laws, certifications, policies, or other regulations.
 
-[Expand solution overview here]
-
 ### AWS Marketplace listing
 
-[Partner-product-name-in-aws-marketplace](https://aws.amazon.com/marketplace/pp/prodview-<marketplace-id>)
+[deepwatch Managed Security Services](https://aws.amazon.com/marketplace/pp/prodview-7xr5ppn2unxfe)
 
 **Next:** [Terminology](/terminologies/index.html)

guide/content/post-deployment-steps.md

@@ -5,20 +5,26 @@ description: Postdeployment options
 ---
 
 ## Verifying the solution's functionality
+
 Wait for the stack to finish deploying, and then check the status of the deployment by running the following command:
 
    ```
    aws cloudformation describe-stacks --stack-name <YOUR_STACK_NAME>
    ```
 
-   The stack status is returned in the output.
+   The stack status is returned in the output. Wait until the status is `CREATE_COMPLETE` before proceeding to the next step. When the stack finishes deploying, you can access the created resources via the AWS Management Console or AWS CLI.
+
+After the deployment completes, you will see the root stack and nested stacks in the AWS Control Tower management account.
+![Control Tower Manager Account Stacks](/images/test-deployment.png)
+
+After you deploy the solution, provide your Deepwatch security engineer expert the output values of the `StackSet-deepwatch-logging-resource-configuration-*uuid*` stack. These values will be needed to finish setting up ingestion.
+![Control Tower log archive account stacks](/images/test-deployment2.png)
 
-When the stack finishes deploying, you can access the created resources via the AWS Management Console or AWS CLI.
 
 After you deploy the solution, provide your DeepWatch engineer with the following outputs from the DeepWatch template:
 
 - `oCloudTrailQueueArn`
 - `oGuardDutyQueueArn`
 - `oDeepwatchRoleArn`
 
-**Next:** [Test the Deployment](/test-deployment/index.html)
+**Next:** [Additonal resources](/additional-resources/index.html)

guide/content/pre-deployment-steps.md

@@ -6,13 +6,12 @@ description: Predeployment options
 
 Before deploying this ABI package, complete the following steps:
 
-* Subscribe to the partner's product from AWS Marketplace using <AWS Marketplace Listing>.
-* Be a DeepWatch MDR customer.
-* If you don’t already have an AWS organization, create one. For more information, refer to [Tutorial: Creating and configuring an organization](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tutorials_basic.html).
-* To create an organization trail and enable GuardDuty, ensure that your IAM user has sufficient permissions for the user or role in your management account.
-* Enable trusted access with AWS Organizations. For more information, refer to [Activate trusted access with AWS Organizations](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-orgs-activate-trusted-access.html). Otherwise, because this is a multiaccount deployment, AWS CloudFormation won’t run.
-* If you don’t already have them, create separate security tooling and log archive accounts for your AWS organization.
-* Ensure that GuardDuty has not been enabled by the security tooling account (that is, the delegated administrator). For more information, refer to [Managing GuardDuty accounts with AWS Organizations](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_organizations.html).
-* Review [Additional resources](https://link), later in this guide.
+1. Subscribe to the [deepwatch Managed Security Services](https://aws.amazon.com/marketplace/pp/prodview-7xr5ppn2unxfe) AWS Marketplace Listing.
+2. Have an existing customer agreement signed with Deepwatch.
+3. If you don’t already have an AWS organization, create one. For more information, refer to [Tutorial: Creating and configuring an organization](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tutorials_basic.html).
+4. To create an organization trail and enable GuardDuty, ensure that your IAM user has sufficient permissions for the user or role in your management account.
+5. Enable trusted access with AWS Organizations. For more information, refer to [Activate trusted access with AWS Organizations](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-orgs-activate-trusted-access.html). Otherwise, because this is a multi-account deployment, AWS CloudFormation won’t run.
+6. Ensure that GuardDuty has not been enabled in the security tooling account (that is, the delegated administrator) already. For more information, refer to [Managing GuardDuty accounts with AWS Organizations](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_organizations.html).
+7. Become familiar with the [additional resources](/additional-resources/index.html) later in this guide.
 
 **Next:** [Deployment Steps](/deployment-steps/index.html)

guide/content/troubleshooting.md

@@ -4,7 +4,9 @@ title: Troubleshooting
 description: Troubleshooting
 ---
 
-For troubleshooting common ABI issues, refer to [AWS Built-In General Information Guide](http://link-to-reference-architecture) and [Troubleshooting CloudFormation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/troubleshooting.html).
+For troubleshooting common ABI issues, refer to the [ABI Reference Guide](https://a.co/j72wxaw) and [Troubleshooting CloudFormation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/troubleshooting.html).
+
+To submit feature ideas and report bugs, use the Issues section of the GitHub repository [Deepwatch MDR ABI](https://github.com/aws-ia/cfn-abi-deepwatch-mdr).
 
 
 **Next:** [Feedback](/feedback/index.html)