[DOCS] Updates install endpoint doc for Guided Onboarding epic (#2569) (

#2600) * Updates install endpoint doc for Guided Onboarding epic * tests alternative list structure * Experiment with nested lists * list experimentation * Updates list spacing * adjusts list spacing * Minor tweak * troubleshoot list * troubleshoot list * troubleshoot list * troubleshoot list * list troubleshooting * troubleshoot list * same * same * same * Update docs/getting-started/install-endpoint.asciidoc Co-authored-by: nastasha-solomon <[email protected]> * Update docs/getting-started/install-endpoint.asciidoc Co-authored-by: nastasha-solomon <[email protected]> * list update * replaces list with table * fixes table bug * improves table format * table format update * Adds info about linux focus of Cloud Workload presets * fixes table * fixes bullet points in table * fixes table bullets * Incorporates Joe's feedback * fixes bug * fixes minor bug * Update docs/getting-started/install-endpoint.asciidoc Co-authored-by: Janeen Mikell-Straughn <[email protected]> * Update docs/getting-started/install-endpoint.asciidoc Co-authored-by: Janeen Mikell-Straughn <[email protected]> * Incorporates Janeen's feedback. Co-authored-by: nastasha-solomon <[email protected]> Co-authored-by: Janeen Mikell-Straughn <[email protected]> (cherry picked from commit c838a11) Co-authored-by: Benjamin Ironside Goldstein <[email protected]>
elastic · Oct 18, 2022 · a599118 · a599118
1 parent 78eaddb
commit a599118
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 3 deletions.
diff --git a/...getting-started/images/install-endpoint/endpoint-cloud-sec-add-agent-detail.png b/...getting-started/images/install-endpoint/endpoint-cloud-sec-add-agent-detail.png
diff --git a/docs/getting-started/images/install-endpoint/endpoint-cloud-sec-add-agent.png b/docs/getting-started/images/install-endpoint/endpoint-cloud-sec-add-agent.png
diff --git a/...etting-started/images/install-endpoint/endpoint-cloud-sec-integrations-page.png b/...etting-started/images/install-endpoint/endpoint-cloud-sec-integrations-page.png
diff --git a/...tting-started/images/install-endpoint/endpoint-cloud-security-configuration.png b/...tting-started/images/install-endpoint/endpoint-cloud-security-configuration.png
diff --git a/docs/getting-started/install-endpoint.asciidoc b/docs/getting-started/install-endpoint.asciidoc
@@ -1,7 +1,7 @@
 [[install-endpoint]]
 = Configure and install the {elastic-defend} integration
 
-Like other Elastic integrations, {elastic-defend} can be integrated into the {agent} through {fleet-guide}/fleet-overview.html[{fleet}]. Upon configuration, the integration allows the {agent} to monitor for events on your host and send data to the {security-app}.
+Like other Elastic integrations, {elastic-defend} can be integrated into the {agent} using {fleet-guide}/fleet-overview.html[{fleet}]. Upon configuration, the integration allows the {agent} to monitor events on your host and send data to the {security-app}.
 
 NOTE: To configure the {elastic-defend} integration on the {agent}, you must have permission to use {fleet} in {kib}. You must also have admin permissions in {kib} to access the **Endpoints** page in the {security-app}.
 
@@ -30,8 +30,32 @@ image::images/install-endpoint/endpoint-cloud-sec-integrations-page.png[Search r
 image::images/install-endpoint/endpoint-cloud-security-configuration.png[Add {elastic-defend} integration page,75%]
 +
 . Configure the {elastic-defend} integration with an **Integration name** and optional **Description**.
+. Select the type of environment you want to protect, either *Traditional Endpoints* or *Cloud Workloads*.
+. Select a configuration preset. Each preset comes with different default settings for {agent} — you can further customize these later. To learn more, refer to <<configure-endpoint-integration-policy, configure Elastic Defend integration policies>>.
++
+[cols="2"]
+|===
+|*Traditional Endpoint presets*
+| All traditional endpoint presets have the following preventions enabled by default: machine learning malware, ransomware, memory threat, malicious behavior, and credential theft. Each preset collects the following events:
+
+*Next-Generation Antivirus (NGAV):* Process
+
+*Essential EDR (Endpoint Detection & Response):* Process, Network, File
+
+*Complete EDR (Endpoint Detection & Response):* All
+
+|*Cloud Workloads presets*
+|Both cloud workload presets are intended for monitoring cloud-based Linux hosts. Therefore, <<session-view,session data>> collection, which enriches process events, is enabled by default. They both have all preventions disabled by default, and collect process, network, and file events.
+
+*All events:* Includes data from automated sessions.
+
+*Interactive only:* Filters out data from non-interactive sessions by creating an <<event-filters,event filter>>.
+
+|===
+
+
 . Enter a name for the agent policy in **New agent policy name**. If other agent policies already exist, you can click the **Existing hosts** tab and select an existing policy instead. For more details on {agent} configuration settings, refer to {fleet-guide}/agent-policy.html[{agent} policies].
-. When the configuration is complete, click **Save and continue**.
+. When you're ready, click **Save and continue**.
 . To complete the integration, continue to the next section to install the {agent} on your hosts.
 
 [discrete]
@@ -87,4 +111,4 @@ image::images/install-endpoint/endpoint-cloud-sec-add-agent-detail.png[Add agent
 +
 The host will now appear on the **Endpoints** page in the {security-app}. It may take another minute or two for endpoint data to appear in {elastic-sec}.
 
-. For macOS, continue with <<deploy-elastic-endpoint, these instructions>> to grant {elastic-endpoint} the access it needs.
+. For macOS, continue with <<deploy-elastic-endpoint, these instructions>> to grant {elastic-endpoint} the required permissions.