[Docs]Detection exceptions and lists APIs

.backportrc.json

@@ -1,5 +1,5 @@
 {
   "upstream": "elastic/security-docs",
-  "branches": [{ "name": "7.x", "checked": true }, "7.8"],
+  "branches": [{ "name": "7.x", "checked": true }, "7.9", "7.8"],
   "labels": ["backport"]
 }

.github/ISSUE_TEMPLATE/documentation-issue.md

@@ -20,6 +20,7 @@ If the doc issue includes a procedure, number the steps in sequential order.
 ## Notes
 
 - Add the **"Team:Docs"** label to new issues. 
+- Be sure to add the version number label. 
 - Be sure to add any necessary screenshots for clarity. 
 - Include any conditions or caveats that may affect customers. 
 

docs/breaking-changes.asciidoc

@@ -0,0 +1,17 @@
+[chapter]
+[[breaking-changes]]
+= Breaking changes
+
+[discrete]
+== 7.9 Release
+
+[discrete]
+=== Actions API
+
+When you <<register-connector, create a {sn} connector>> via the Actions API:
+
+* The `casesConfiguration` object is obsolete. Instead, use
+`incidentConfiguration`.
+* To see {sn} connectors in the UI, you must use the `isCaseOwned` field.
+
+IMPORTANT: These changes only apply to {sn} connectors.

docs/getting-started/es-overview.asciidoc

@@ -0,0 +1,20 @@
+[[es-overview]]
+[chapter]
+= Elastic Security overview
+
+Elastic Security combines the threat detection of SIEM and the prevention, detection, and response of Endpoint Security via an autonomous agent into a unified software solution. These analytical and protection capabilities, leveraged by the speed and extensibility of Elasticsearch enables analysts to defend their organization from threats before damage and loss occur.
+
+Elastic Security provides the following security benefits and capabilities:
+
+* A powerful detection engine to identify attacks and system misconfiguration
+* Powerful visualizations to investigate attacks
+* Accelerated response with embedded case management and automated actions
+* Detection of signatureless attacks with machine learning and technique-based methods
+* Prebuilt anomaly detection jobs and detection rules
+
+
+The following diagram provides a comprehensive illustration of the Elastic Security workflow.
+
+[role="screenshot"]
+.Elastic Security workflow
+image::images/workflow.png[Elastic Security workflow]

docs/index.asciidoc

@@ -1,9 +1,13 @@
 :doctype:      book
-:siem-soln:    Elastic Security
-:siem-app:     Elastic Security app
-:siem-ui:      Elastic Security UI
+:es-sec:       Elastic Security
+:es-sec-app:   Elastic Security app
+:es-sec-ui:    Elastic Security UI
+:siem-soln:    {es-sec}
+:siem-app:     {es-sec-app}
+:siem-ui:      {es-sec-ui}
 :ml-dir:       {stack-docs-root}/docs/en/stack/ml
 :sn: ServiceNow
+:ibm-r: IBM Resilient
 
 [[elastic-endpoint]]
 = Elastic Endpoint Security
@@ -27,3 +31,5 @@ include::siem-apis.asciidoc[]
 
 include::siem/reference/ref-index.asciidoc[]
 
+include::breaking-changes.asciidoc[]
+

docs/management/admin/admin-pg-ov.asciidoc

@@ -0,0 +1,77 @@
+[[admin-page-ov]]
+[chapter, role="xpack"]
+= Administration page overview
+The Administration page enables admins to view and manage hosts that are running Elastic Endpoint Security.
+
+NOTE: Ingest Manager must be enabled in a Kibana Space for administrative actions to function correctly.
+
+The *Hosts* list is an enumeration of all hosts and their relevant configuration and integration details, organized in a tabular format. Hosts appear in chronological order, with newly added hosts on top. The Hosts list provides the following data:
+
+* *Hostname:* The system host name. Click the link to view host details in a flyout panel, where you can also reassign an agent configuration.
+
+* *Host Status:* The current host status, which is one of the following:
+
+** *Online:* The Elastic Agent is online and communicating with Kibana.
+
+** *Unenrolling:* The agent is currently unenrolling and will soon be removed from Ingest. Afterward, the host will also unenroll.
+
+** *Offline:* The agent is still enrolled but may be on a machine that is shut down or currently does not have internet access. In this state, the agent is no longer communicating with Kibana on a regular interval.
+
+** *Error:* There is an error with the agent. An *Error* status can also mean that the host is unable to find the parent agent or is missing the agent ID. It is recommended to look at the agent logs in Fleet to find out more information.
+
+* *Integration:* The name of the associated integration when the agent was installed. Click the link to view the Integration details page.
+
+* *Configuration Status:* Lists whether the configuration was a success or failure. Click the link to view configuration response details in a flyout panel.
+
+* *Operating System:* The associated operating system.
+
+* *IP Address:* All IP addresses associated with the host name.
+
+* *Version:* The current Elastic Stack version running.
+
+* *Last Active:* A date and timestamp of the last time the host was active.
+
+[role="screenshot"]
+image::images/admin-pg.png[Admin page]
+
+
+*Hostname details*
+
+Click a *Hostname* link to display host details in a flyout panel. This panel also provides shortcut links to view the associated integration, view the configuration response details, and reassign the configuration if needed.
+
+[role="screenshot"]
+image::images/host-flyout.png[Admin page]
+
+*Integration details*
+
+To view the Integration details page, click the link in the Integration column. If you are viewing host details, you can also click the *Integration* link on the flyout panel.
+
+On this page, you can view and manage protection configuration and event collection settings. In the upper-right corner is a Key Performance Indicator (KPI) widget that provides hosts status data. If you need to update the configuration, make changes as appropriate, then click the *Save* button to save your changes.
+
+NOTE: Users must have permission to read/write to Ingest Manager APIs to make changes to the configuration.
+
+[role="screenshot"]
+image::images/integration-pg.png[Integration page]
+
+*Configuration status*
+
+The status of the configuration appears in the *Configuration Status* column and displays one of the following possibilities:
+
+* *Success:* The configuration applied successfully.
+
+* *Pending or Partially Applied:* The configuration is pending application, or the configuration in its entirety was not applied.
+
+NOTE: In some cases, some actions taken on the endpoint may fail during the configuration application but are not recognized as a critical failure - meaning there may be a failure, but the hosts are still protected. In this case, the configuration status will display as "Partially Applied."
+
+* *Failure:* The configuration did not apply correctly. As such, hosts are not protected.
+
+* *Unknown:* The user interface is waiting for the API response to return, or, in rare cases, the API returns an undefined error or value.
+
+To view configuration status details, click the link and review the data in the flyout panel. In the following image, you can see that the `Agent Connectivity` failed, generating a "Failed" configuration status.
+
+[role="screenshot"]
+image::images/config-status.png[Config status details]
+
+Expand each section and subsection to view individual responses from the agent.
+
+TIP: If you need help troubleshooting a configuration failure, see the {ingest-guide}/ingest-management-troubleshooting.html[Ingest Manager troubleshooting topic].

docs/management/hosts/hosts-overview.asciidoc

@@ -0,0 +1,47 @@
+[[hosts-overview]]
+== Hosts page overview
+The Hosts page provides a comprehensive overview of all hosts and host-related security events. Key Performance Indicator (KPI) charts, data tables, and interactive widgets let you view specific data, drill down for deeper insights, and interact with the Timeline Event Viewer for further investigation.
+
+[role="screenshot"]
+image::images/hosts-ov-pg.png[Hosts page]
+
+[float]
+*Search and filter hosts*
+
+The *{kibana-ref}/kuery-query.html[{kib} Query Language (KQL)]* bar, which appears at the top of each page in the Elastic Security app, is useful to search and filter hosts. Use the timepicker to the right of the KQL bar to select a specific date and time range.
+NOTE: For more information about searching using KQL, see {kibana-ref}/search.html[Search data].
+
+*Host Key Performance Indicators (KPIs) charts*
+
+KPI charts show data metrics for hosts, user authentications, and unique IPs based on the time range specified in the date picker. Data in the KPI charts is depicted via linear or bar graphs.
+NOTE: The default time range is within the last 15 minutes.
+
+*Data tables*
+
+Beneath the KPI charts are data tables, categorized by individual tabs, which are useful for viewing and investigating specific types of data. Select the relative tab to view the following data:
+
+* All hosts: high-level host details
+* Authentications: authentication events
+* Uncommon processes: uncommon processes running on hosts
+* Anomalies: anomalies discovered by machine learning jobs
+* Events: all host events
+* External alerts: alerts received from external monitoring tools
+
+Numerous values in the data tables (e.g., host name, process name, etc.) contain inline options when you hover over them: *Filter for value*, *Filter out value*, *Add to timeline investigation*, and *Copy to Clipboard*.
+
+[role="screenshot"]
+image::images/inline-actions.png[Inline actions in the data table]
+
+*Add data values to the Timeline*
+
+You can add any highlighted value in the data tables to a Timeline query by dragging and dropping the value from the table to the *Timeline* tab on the rightmost side of the page. You can also select the *Add to timeline* inline option if you hover over a highlighted value in the table. If the Timeline panel is already open, drag and drop the value to the *Query* box. Repeat to add additional fields to the query, or click *+Add Field* in the Timeline pane.
+
+[role="screenshot"]
+image::images/drop-to-timeline.png[Drag and drop a value from the data table to the Timeline tab to add it to the query]
+
+*Host detail pages*
+
+Host detail pages display all relative information for a selected host, such as the Host ID, First Seen and Last Seen timestamps, IP addresses, Operating System, and more. To view a host detail page, click on the relative `Host name` link from the *All Hosts* tab.
+
+[role="screenshot"]
+image::images/hosts-detail-pg.png[Hosts detail page]

docs/siem-apis.asciidoc

@@ -73,6 +73,10 @@ how to work with and disable the random path component.
 
 include::siem/detections/api/det-api-index.asciidoc[]
 
+include::siem/detections/api/exceptions-api-index.asciidoc[]
+
+include::siem/detections/api/lists-api-index.asciidoc[]
+
 include::siem/timeline/api/timeline-api-index.asciidoc[]
 
 include::siem/cases/api/cases-api/cases-api-index.asciidoc[]