[Docs]Security docs 7.9 updates (#75156) (#75250)

* security docs 7.9 updates

* terminology

* updates advanced settings

* terminology

* corrections

Author: benskelker

docs/management/advanced-options.asciidoc

@@ -224,19 +224,19 @@ might increase the search time. This setting is off by default. Users must opt-i
 
 [float]
 [[kibana-siem-settings]]
-==== SIEM
+==== Security Solution
 
 [horizontal]
-`siem:defaultAnomalyScore`:: The threshold above which Machine Learning job anomalies are displayed in the SIEM app.
-`siem:defaultIndex`:: A comma-delimited list of Elasticsearch indices from which the SIEM app collects events.
-`siem:ipReputationLinks`:: A JSON array containing links for verifying the reputation of an IP address. The links are displayed on
-{security-guide}/siem-ui-overview.html#network-ui[IP detail] pages.
-`siem:enableNewsFeed`:: Enables the security news feed on the SIEM *Overview*
+`securitySolution:defaultAnomalyScore`:: The threshold above which Machine Learning job anomalies are displayed in the Security app.
+`securitySolution:defaultIndex`:: A comma-delimited list of Elasticsearch indices from which the Security app collects events.
+`securitySolution:ipReputationLinks`:: A JSON array containing links for verifying the reputation of an IP address. The links are displayed on
+{security-guide}/network-page-overview.html[IP detail] pages.
+`securitySolution:enableNewsFeed`:: Enables the security news feed on the Security *Overview*
 page.
-`siem:newsFeedUrl`:: The URL from which the security news feed content is
+`securitySolution:newsFeedUrl`:: The URL from which the security news feed content is
 retrieved.
-`siem:refreshIntervalDefaults`:: The default refresh interval for the SIEM time filter, in milliseconds.
-`siem:timeDefaults`:: The default period of time in the SIEM time filter.
+`securitySolution:refreshIntervalDefaults`:: The default refresh interval for the Security time filter, in milliseconds.
+`securitySolution:timeDefaults`:: The default period of time in the Security time filter.
 
 [float]
 [[kibana-timelion-settings]]

docs/siem/images/cases-ui.png

@@ -1,19 +1,22 @@
 [role="xpack"]
 [[xpack-siem]]
-= SIEM
+= Elastic Security
 
 [partintro]
 --
 
-The SIEM app in Kibana provides an interactive workspace for security teams to
-triage events and perform initial investigations. It enables analysis of
-host-related and network-related security events as part of alert investigations
-or interactive threat hunting.
+Elastic Security combines SIEM threat detection features with endpoint
+prevention and response capabilities in one solution, including:
 
+* A detection engine to identify attacks and system misconfiguration
+* A workspace for event triage and investigations
+* Interactive visualizations to investigate process relationships
+* Embedded case management and automated actions
+* Detection of signatureless attacks with prebuilt {ml} anomaly jobs and
+detection rules
 
 [role="screenshot"]
-image::siem/images/overview-ui.png[SIEM Overview in Kibana]
-
+image::siem/images/overview-ui.png[Elastic Security in Kibana]
 
 [float]
 == Add data
@@ -31,15 +34,14 @@ https://www.elastic.co/products/beats/winlogbeat[{winlogbeat}], and
 https://www.elastic.co/products/beats/packetbeat[{packetbeat}]
 send security events and other data to Elasticsearch.
 
-The default index patterns for SIEM events are `auditbeat-*`, `winlogbeat-*`,
-`filebeat-*`, `packetbeat-*`, `endgame-*`, and `apm-*-transaction*`. You can 
-change the default index patterns in
-*Kibana > Management > Advanced Settings > siem:defaultIndex*.
+The default index patterns for Elastic Security events are `auditbeat-*`, `winlogbeat-*`,
+`filebeat-*`, `packetbeat-*`, `endgame-*`, `logs-*`, and `apm-*-transaction*`. To change the default pattern patterns, go to *Stack Management > Advanced Settings > securitySolution:defaultIndex*.
 
 [float]
-=== Elastic Endpoint Sensor Management Platform
+=== Elastic Security endpoint agent
 
-The Elastic Endpoint Sensor Management Platform (SMP) ships host and network events directly to the SIEM application, and is fully ECS compliant.
+The agent detects and protects against malware, and ships host and network
+events directly to Elastic Security.
 
 [float]
 === Elastic Common Schema (ECS) for normalizing data
@@ -49,7 +51,7 @@ used for storing event data in Elasticsearch. ECS helps users normalize their
 event data to better analyze, visualize, and correlate the data represented in
 their events.
 
-SIEM can ingest and normalize events from ECS-compatible data sources.
+Elastic Security can ingest and normalize events from ECS-compatible data sources.
 
 --
 

docs/siem/images/detections-ui.png

@@ -3,14 +3,12 @@
 == Anomaly Detection with Machine Learning
 
 For *{ess-trial}[Free Trial]*
-and *https://www.elastic.co/subscriptions[Platinum License]* deployments,
-Machine Learning functionality is available throughout the SIEM app. You can
-view the details of detected anomalies within the `Anomalies` table widget
-shown on the Hosts, Network and associated Details pages, or even narrow to
-the specific daterange of an anomaly from the `Max Anomaly Score` details in
-the overview of the Host and IP Details pages. Each of these interfaces also
-offer the ability to drag and drop details of the anomaly to Timeline, such
-as the `Entity` itself, or any of the associated `Influencers`.
+and *https://www.elastic.co/subscriptions[Platinum subscription]* deployments,
+Machine Learning functionality is available throughout Elastic Security. You can
+view the details of detected anomalies in the `Anomalies` table
+shown on the Hosts, Network and associated details pages. You can drag and drop
+anomaly details to Timeline, such as the `Entity` itself, or any of the
+associated `Influencers`.
 
 [role="screenshot"]
 image::siem/images/ml-ui.png[Machine Learning - Max Anomaly Score]