elastic · benironside · Oct 18, 2022 · Oct 12, 2022 · Oct 13, 2022 · Oct 13, 2022
@@ -1,7 +1,7 @@
 [[install-endpoint]]
 = Configure and install the {elastic-defend} integration
 
-Like other Elastic integrations, {elastic-defend} can be integrated into the {agent} through {fleet-guide}/fleet-overview.html[{fleet}]. Upon configuration, the integration allows the {agent} to monitor for events on your host and send data to the {security-app}.
+Like other Elastic integrations, {elastic-defend} can be integrated into the {agent} using {fleet-guide}/fleet-overview.html[{fleet}]. Upon configuration, the integration allows the {agent} to monitor for events on your host and send data to the {security-app}.
 
 NOTE: To configure the {elastic-defend} integration on the {agent}, you must have permission to use {fleet} in {kib}. You must also have admin permissions in {kib} to access the **Endpoints** page in the {security-app}.
 
@@ -18,7 +18,7 @@ If you're using macOS, some versions may require you to grant Full Disk Access t
 . Go to the *Integrations* page, which you can access in several ways:
 
 * In {kib}: *Management* -> *Integrations*
-* In the {security-app}: *Get started* -> *Add security integrations*
+* In the {security-app}: *Security homepage* -> *Add security integrations*
 
 +
 [role="screenshot"]
@@ -30,8 +30,32 @@ image::images/install-endpoint/endpoint-cloud-sec-integrations-page.png[Search r
 image::images/install-endpoint/endpoint-cloud-security-configuration.png[Add {elastic-defend} integration page,75%]
 +
 . Configure the {elastic-defend} integration with an **Integration name** and optional **Description**.
+. Select the type of environment you want to protect, either *Traditional Endpoints* or *Cloud Workloads*.
+. Next, select a configuration preset. Each preset comes with different default settings for {agent} — you can further customize these later. To learn more, refer to {fleet-guide}/agent-policy.html[{agent} policies].
++
+For Traditional Endpoints, there are three presets:
++
+* *Next Generation Antivirus:*
+  - Events collected: Process
+  - Active preventions: Malware, Ransomware, Memory Protection
+* *Essential Endpoint Detection & Response:*
+  - Events collected: Process, Network, File
+  - Active preventions: Malware, Ransomware, Memory Protection
+* *Complete Endpoint Detection & Response:*
+  - Events collected: Process, Network, File, Session Data
+  - Active preventions: Malware, Ransomware, Memory Protection
++
+For Cloud Workloads, there are two presets:
++
+* *All events:*
+  - Events collected: Process, Network, File, Session Data
+  - Preventions: none
+* *Interactive only:*
+  - Events collected: Process, Network, File, Session Data
+  - Preventions: none
+  - Event filter: filters out non-interactive sessions
 . Enter a name for the agent policy in **New agent policy name**. If other agent policies already exist, you can click the **Existing hosts** tab and select an existing policy instead. For more details on {agent} configuration settings, refer to {fleet-guide}/agent-policy.html[{agent} policies].
-. When the configuration is complete, click **Save and continue**.
+. When you're ready, click **Save and continue**.
 . To complete the integration, continue to the next section to install the {agent} on your hosts.
 
 [discrete]