Merge pull request #73 from elastic/cleanup-install-defend

Install and configure Elastic Defend cleanup
elastic · Aug 31, 2023 · 53d94d3 · 53d94d3
2 parents 363459a + a56fce7
commit 53d94d3
Showing 1 changed file with 12 additions and 13 deletions.
diff --git a/docs/edr-install-config/install-elastic-defend.mdx b/docs/edr-install-config/install-elastic-defend.mdx
@@ -2,7 +2,7 @@
 id: serverlessSecurityInstallDefend
 slug: /serverless/security/install-edr
 title: Install and configure the ((elastic-defend)) integration
-# description: Description to be written
+description: Learn how to install and configure ((elastic-defend)).
 tags: [ 'serverless', 'security', 'how-to' ]
 status: rough content
 ---
@@ -19,9 +19,9 @@ Like other Elastic integrations, ((elastic-defend)) is integrated into the ((age
 
 * ((fleet)) is required for ((elastic-defend)).
 
-* To configure the ((elastic-defend)) integration on the ((agent)), you must have permission to use ((fleet)) in ((kib)).
+* To configure the ((elastic-defend)) integration on the ((agent)), you must have permission to use ((fleet)).
 
-* You must have the **((elastic-defend)) Policy Management : All** <DocLink id="serverlessSecurityEndpointManagementReq">privilege</DocLink> to configure an integration policy, and the **Endpoint List** <DocLink id="serverlessSecurityEndpointManagementReq">privilege</DocLink> to access the **Endpoints** page.
+* You must have the **((elastic-defend)) Policy Management: All** <DocLink id="serverlessSecurityEndpointManagementReq">privilege</DocLink> to configure an integration policy, and the **Endpoint List** <DocLink id="serverlessSecurityEndpointManagementReq">privilege</DocLink> to access the **Endpoints** page.
 
 </DocCallOut>
 
@@ -37,19 +37,18 @@ If you're using macOS, some versions may require you to grant Full Disk Access t
 
 1. Go to the **Integrations** page, which you can access in several ways:
 
-* In ((kib)): **Management** -> **Integrations**
-* In the ((security-app)): **Get started** -> **Add security integrations**
+    * In ((kib)): **Management** -> **Integrations**
+    * In the ((security-app)): **Get started** -> **Add security integrations**
 
     ![Search result for "((elastic-defend))" on the Integrations page.](../images/install-endpoint/-getting-started-install-endpoint-endpoint-cloud-sec-integrations-page.png)
 
 1. Search for and select **((elastic-defend))**, then select **Add ((elastic-defend))**. The integration configuration page appears.
 
-<DocCallOut title="Note">
-If this is the first integration you've installed and the **Ready to add your first integration?** page appears instead, select **Add integration only (skip agent installation)** to proceed. You can <DocLink id="serverlessSecurityInstallDefend" section="add-the-((agent))">install ((agent))</DocLink> after setting up the ((elastic-defend)) integration.
-
-<DocImage size="xl" url="../images/install-endpoint/-getting-started-install-endpoint-endpoint-cloud-security-configuration.png" alt="Add ((elastic-defend)) integration page" />
+    <DocCallOut title="Note">
+    If this is the first integration you've installed and the **Ready to add your first integration?** page appears instead, select **Add integration only (skip agent installation)** to proceed. You can <DocLink id="serverlessSecurityInstallDefend" section="add-the-((agent))">install ((agent))</DocLink> after setting up the ((elastic-defend)) integration.
+    </DocCallOut>
 
-</DocCallOut>
+    <DocImage size="xl" url="../images/install-endpoint/-getting-started-install-endpoint-endpoint-cloud-security-configuration.png" alt="Add ((elastic-defend)) integration page" />
 
 1. Configure the ((elastic-defend)) integration with an **Integration name** and optional **Description**.
 1. Select the type of environment you want to protect, either **Traditional Endpoints** or **Cloud Workloads**.
@@ -58,11 +57,11 @@ If this is the first integration you've installed and the **Ready to add your fi
     <DocTable columns={[
     {
     "title": "",
-    "width": "50%"
+    "width": "30%"
     },
     {
     "title": "",
-    "width": "50%"
+    "width": "70%"
     }
     ]}>
     <DocRow>
@@ -71,7 +70,7 @@ If this is the first integration you've installed and the **Ready to add your fi
 
     </DocCell>
     <DocCell>
-    All traditional endpoint presets _except **Data Collection**_ have these preventions enabled by default: malware, ransomware, memory threat, malicious behavior, and credential theft. Each preset collects the following events:
+    All traditional endpoint presets _except_ **Data Collection** have these preventions enabled by default: malware, ransomware, memory threat, malicious behavior, and credential theft. Each preset collects the following events:
 
     * **Data Collection:** All events; no preventions
     * **Next-Generation Antivirus (NGAV):** Process events; all preventions