[DOCS] Adds security content in the Elasticsearch Reference (#47596)

docs/reference/index.asciidoc

@@ -54,7 +54,7 @@ include::data-rollup-transform.asciidoc[]
 
 include::high-availability.asciidoc[]
 
-include::security/index.asciidoc[]
+include::{xes-repo-dir}/security/index.asciidoc[]
 
 include::{xes-repo-dir}/watcher/index.asciidoc[]
 

docs/reference/security/index.asciidoc

@@ -1,18 +0,0 @@
-[[secure-cluster]]
-= Secure a cluster
-
-[partintro]
---
-The {stack-security-features} enable you to easily secure a cluster. You can
-password-protect your data as well as implement more advanced security
-measures such as encrypting communications, role-based access control,
-IP filtering, and auditing.
-
-* <<elasticsearch-security>>
-* <<configuring-security>>
-
---
-
-include::overview.asciidoc[]
-
-include::{xes-repo-dir}/security/configuring-es.asciidoc[]

x-pack/docs/en/security/auditing/event-types.asciidoc

@@ -18,7 +18,7 @@ The following is a list of the events that can be generated:
                                           realm type.
 | `access_denied`                   | | | Logged when an authenticated user attempts to execute
                                           an action they do not have the necessary
-                                          <<security-reference, privilege>> to perform.
+                                          <<security-privileges,privilege>> to perform.
 | `access_granted`                  | | | Logged when an authenticated user attempts to execute
                                           an action they have the necessary privilege to perform.
                                           When the `system_access_granted` event is included, all system
@@ -28,7 +28,7 @@ The following is a list of the events that can be generated:
                                           another user that they have the necessary privileges to do.
 | `run_as_denied`                   | | | Logged when an authenticated user attempts to <<run-as-privilege, run as>>
                                           another user action they do not have the necessary
-                                          <<security-reference, privilege>> to do so.
+                                          <<security-privileges,privilege>> to do so.
 | `tampered_request`                | | | Logged when the {security-features} detect that the request has
                                           been tampered with. Typically relates to `search/scroll`
                                           requests when the scroll ID is believed to have been

x-pack/docs/en/security/authentication/index.asciidoc

@@ -11,13 +11,8 @@ include::native-realm.asciidoc[]
 include::pki-realm.asciidoc[]
 include::saml-realm.asciidoc[]
 include::kerberos-realm.asciidoc[]
-
-include::{xes-repo-dir}/security/authentication/custom-realm.asciidoc[]
-
-include::{xes-repo-dir}/security/authentication/anonymous-access.asciidoc[]
-
-include::{xes-repo-dir}/security/authentication/user-cache.asciidoc[]
-
-include::{xes-repo-dir}/security/authentication/saml-guide.asciidoc[]
-
-include::{xes-repo-dir}/security/authentication/oidc-guide.asciidoc[]
+include::custom-realm.asciidoc[]
+include::anonymous-access.asciidoc[]
+include::user-cache.asciidoc[]
+include::saml-guide.asciidoc[]
+include::oidc-guide.asciidoc[]

x-pack/docs/en/security/authentication/oidc-guide.asciidoc

@@ -552,7 +552,7 @@ OP or a third party (see <<third-party-login>>). In order to do so, you must exp
 OpenID Connect authentication endpoint within {kib}, so that the {kib} server will
 not reject these external messages.
 
-
+[[oidc-without-kibana]]
 === OpenID Connect without {kib}
 
 The OpenID Connect realm is designed to allow users to authenticate to {kib} and as

x-pack/docs/en/security/authentication/saml-guide.asciidoc

@@ -834,6 +834,7 @@ It is possible to have one or more {kib} instances that use SAML, while other
 instances use basic authentication against another realm type (e.g.
 <<native-realm, Native>> or <<ldap-realm, LDAP>>).
 
+[[saml-troubleshooting]]
 === Troubleshooting SAML Realm Configuration
 
 The SAML 2.0 specification offers a lot of options and flexibility for the implementers

x-pack/docs/en/security/authorization/index.asciidoc

@@ -3,7 +3,7 @@ include::overview.asciidoc[]
 
 include::built-in-roles.asciidoc[]
 
-include::{xes-repo-dir}/security/authorization/managing-roles.asciidoc[]
+include::managing-roles.asciidoc[]
 
 include::privileges.asciidoc[]
 
@@ -11,14 +11,14 @@ include::document-level-security.asciidoc[]
 
 include::field-level-security.asciidoc[]
 
-include::{xes-repo-dir}/security/authorization/alias-privileges.asciidoc[]
+include::alias-privileges.asciidoc[]
 
-include::{xes-repo-dir}/security/authorization/mapping-roles.asciidoc[]
+include::mapping-roles.asciidoc[]
 
-include::{xes-repo-dir}/security/authorization/field-and-document-access-control.asciidoc[]
+include::field-and-document-access-control.asciidoc[]
 
-include::{xes-repo-dir}/security/authorization/run-as-privilege.asciidoc[]
+include::run-as-privilege.asciidoc[]
 
 include::configuring-authorization-delegation.asciidoc[]
 
-include::{xes-repo-dir}/security/authorization/custom-authorization.asciidoc[]
+include::custom-authorization.asciidoc[]

x-pack/docs/en/security/ccs-clients-integrations/index.asciidoc

@@ -32,14 +32,14 @@ be secured as well, or at least communicate with the cluster in a secured way:
 * {kibana-ref}/secure-reporting.html[Reporting]
 * {winlogbeat-ref}/securing-beats.html[Winlogbeat]
 
-include::ccs-clients-integrations/cross-cluster.asciidoc[]
+include::cross-cluster.asciidoc[]
 
-include::ccs-clients-integrations/java.asciidoc[]
+include::java.asciidoc[]
 
-include::ccs-clients-integrations/http.asciidoc[]
+include::http.asciidoc[]
 
-include::ccs-clients-integrations/hadoop.asciidoc[]
+include::hadoop.asciidoc[]
 
-include::ccs-clients-integrations/beats.asciidoc[]
+include::beats.asciidoc[]
 
-include::ccs-clients-integrations/monitoring.asciidoc[]
+include::monitoring.asciidoc[]

x-pack/docs/en/security/ccs-clients-integrations/monitoring.asciidoc

@@ -1,7 +1,7 @@
 [[secure-monitoring]]
 === Monitoring and security
 
-The <<xpack-monitoring,{stack} {monitor-features}>> consist of two components:
+The {stack} {monitor-features} consist of two components:
 an agent that you install on on each {es} and Logstash node, and a Monitoring UI
 in {kib}. The monitoring agent collects and indexes metrics from the nodes
 and you visualize the data through the Monitoring dashboards in {kib}. The agent

x-pack/docs/en/security/configuring-es.asciidoc

@@ -139,13 +139,13 @@ Events are logged to a dedicated `<clustername>_audit.json` file in
 To walk through the configuration of {security-features} in {es}, {kib}, {ls}, and {metricbeat}, see
 {stack-ov}/security-getting-started.html[Getting started with security].
 
-include::{es-repo-dir}/security/securing-communications/securing-elasticsearch.asciidoc[]
+include::securing-communications/securing-elasticsearch.asciidoc[]
 
-include::{es-repo-dir}/security/securing-communications/configuring-tls-docker.asciidoc[]
+include::securing-communications/configuring-tls-docker.asciidoc[]
 
-include::{es-repo-dir}/security/securing-communications/enabling-cipher-suites.asciidoc[]
+include::securing-communications/enabling-cipher-suites.asciidoc[]
 
-include::{es-repo-dir}/security/securing-communications/separating-node-client-traffic.asciidoc[]
+include::securing-communications/separating-node-client-traffic.asciidoc[]
 
 include::authentication/configuring-active-directory-realm.asciidoc[]
 include::authentication/configuring-file-realm.asciidoc[]
@@ -156,6 +156,6 @@ include::authentication/configuring-saml-realm.asciidoc[]
 
 include::authentication/configuring-kerberos-realm.asciidoc[]
 
-include::{es-repo-dir}/security/reference/files.asciidoc[]
+include::reference/files.asciidoc[]
 include::fips-140-compliance.asciidoc[]
 

x-pack/docs/en/security/get-started-security.asciidoc

@@ -19,7 +19,7 @@ IMPORTANT: To complete this tutorial, you must install the default {es} and
 authentication {security-features}. When you install these products, they apply
 basic licenses with no expiration dates. All of the subsequent steps in this
 tutorial assume that you are using a basic license. For more information, see
-{subscriptions} and <<license-management>>.
+{subscriptions} and {stack-ov}/license-management.html[License-management].
 
 --
 

x-pack/docs/en/security/index.asciidoc

@@ -1,113 +1,42 @@
-[role="xpack"]
-[[elasticsearch-security]]
-= Securing the {stack}
+[[secure-cluster]]
+= Secure a cluster
 
 [partintro]
 --
 The {stack-security-features} enable you to easily secure a cluster. You can
 password-protect your data as well as implement more advanced security
 measures such as encrypting communications, role-based access control,
-IP filtering, and auditing. This guide describes how to configure the security
-features you need, and interact with your secured cluster.
-
-Security protects Elasticsearch clusters by:
-
-* <<preventing-unauthorized-access, Preventing unauthorized access>>
-  with password protection, role-based access control, and IP filtering.
-* <<preserving-data-integrity, Preserving the integrity of your data>>
-  with message authentication and SSL/TLS encryption.
-* <<maintaining-audit-trail, Maintaining an audit trail>>
-  so you know who's doing what to your cluster and the data it stores.
-
-[float]
-[[preventing-unauthorized-access]]
-=== Preventing unauthorized access
-
-To prevent unauthorized access to your Elasticsearch cluster, you must have a
-way to _authenticate_ users. This simply means that you need a way to validate
-that a user is who they claim to be. For example, you have to make sure only
-the person named _Kelsey Andorra_ can sign in as the user `kandorra`. The
-{es-security-features} provide a standalone authentication mechanism that enables
-you to quickly password-protect your cluster. If you're already using
-<<ldap-realm, LDAP>>, <<active-directory-realm, Active Directory>>, or
-<<pki-realm, PKI>> to manage users in your organization, the {security-features}
-are able to integrate with those systems to perform user authentication.
-
-In many cases, simply authenticating users isn't enough. You also need a way to
-control what data users have access to and what tasks they can perform. The
-{es-security-features} enable you to _authorize_ users by assigning access
-_privileges_ to _roles_ and assigning those roles to users. For example, this
-<<authorization,role-based access control>> mechanism (a.k.a RBAC) enables
-you to specify that the user `kandorra` can only perform read operations on the
-`events` index and can't do anything at all with other indices.
-
-The {security-features} also support <<ip-filtering, IP-based authorization>>.
-You can whitelist and blacklist specific IP addresses or subnets to control
-network-level access to a server.
-
-[float]
-[[preserving-data-integrity]]
-=== Preserving data integrity
-
-A critical part of security is keeping confidential data confidential.
-Elasticsearch has built-in protections against accidental data loss and
-corruption. However, there's nothing to stop deliberate tampering or data
-interception. The {stack-security-features} preserve the integrity of your
-data by <<ssl-tls, encrypting communications>> to and from nodes. For even
-greater protection, you can increase the <<ciphers, encryption strength>> and
-<<separating-node-client-traffic, separate client traffic from node-to-node communications>>.
-
-
-[float]
-[[maintaining-audit-trail]]
-=== Maintaining an audit trail
-
-Keeping a system secure takes vigilance. By using {stack-security-features} to
-maintain an audit trail, you can easily see who is accessing your cluster and
-what they're doing. By analyzing access patterns and failed attempts to access
-your cluster, you can gain insights into attempted attacks and data breaches.
-Keeping an auditable log of the activity in your cluster can also help diagnose
-operational issues.
-
-[float]
-=== Where to Go Next
-
-* <<security-getting-started, Getting Started>>
-  steps through how to install and start using Security for basic authentication.
-
-* <<how-security-works, How Security Works>>
-  provides more information about how Security supports user authentication,
-  authorization, and encryption.
+IP filtering, and auditing.
 
+* <<elasticsearch-security>>
+* <<configuring-security>>
+* <<how-security-works>>
+* <<setting-up-authentication>>
+* <<saml-guide>>
+* <<oidc-guide>>
+* <<authorization>>
+* <<auditing>>
+* <<encrypting-communications>>
+* <<ip-filtering>>
 * <<ccs-clients-integrations>>
-  shows you how to interact with an Elasticsearch cluster protected by the
-  {stack-security-features}.
+* <<security-getting-started>>
+* <<encrypting-internode-communications>>
+* <<security-troubleshooting>>
+* <<security-limitations>>
 
-[float]
-=== Have Comments, Questions, or Feedback?
-
-Head over to our {security-forum}[Security Discussion Forum]
-to share your experience, questions, and suggestions.
 --
 
+include::overview.asciidoc[]
+include::configuring-es.asciidoc[]
 include::how-security-works.asciidoc[]
-
 include::authentication/index.asciidoc[]
-
 include::authorization/index.asciidoc[]
-
-include::{xes-repo-dir}/security/auditing/index.asciidoc[]
-
-include::{xes-repo-dir}/security/securing-communications.asciidoc[]
-
-include::{xes-repo-dir}/security/using-ip-filtering.asciidoc[]
-
-include::{xes-repo-dir}/security/ccs-clients-integrations.asciidoc[]
-
+include::auditing/index.asciidoc[]
+include::securing-communications/index.asciidoc[]
+include::using-ip-filtering.asciidoc[]
+include::ccs-clients-integrations/index.asciidoc[]
 include::get-started-security.asciidoc[]
-
 include::securing-communications/tutorial-tls-intro.asciidoc[]
-
 include::troubleshooting.asciidoc[]
-
 include::limitations.asciidoc[]
+

x-pack/docs/en/security/securing-communications/enabling-cipher-suites.asciidoc

@@ -1,6 +1,6 @@
 [role="xpack"]
 [[ciphers]]
-=== Enabling Cipher Suites for Stronger Encryption
+=== Enabling cipher suites for stronger encryption
 
 The TLS and SSL protocols use a cipher suite that determines the strength of
 encryption used to protect the data. You may want to increase the strength of

x-pack/docs/en/security/securing-communications/index.asciidoc

@@ -17,14 +17,4 @@ This section shows how to:
 The authentication of new nodes helps prevent a rogue node from joining the
 cluster and receiving data through replication.
 
-include::{es-repo-dir}/security/securing-communications/setting-up-ssl.asciidoc[]
-
-[[ciphers]]
-=== Enabling cipher suites for stronger encryption
-
-See {ref}/ciphers.html[Enabling Cipher Suites for Stronger Encryption].
-
-[[separating-node-client-traffic]]
-=== Separating node-to-node and client traffic
-
-See {ref}/separating-node-client-traffic.html[Separating node-to-node and client traffic].
+include::setting-up-ssl.asciidoc[]

x-pack/docs/en/security/securing-communications/tutorial-tls-internode.asciidoc

@@ -152,7 +152,7 @@ command from the {es} directory:
 NOTE: If you already configured passwords for these users in other tutorials,
 you can skip this step.
 
-include::{stack-repo-dir}/security/get-started-builtin-users.asciidoc[tag=create-users]
+include::{xes-repo-dir}/security/get-started-builtin-users.asciidoc[tag=create-users]
 
 After you setup the password for the `kibana` built-in user,
 <<get-started-kibana-user,configure {kib} to use it>>.
@@ -160,7 +160,7 @@ After you setup the password for the `kibana` built-in user,
 For example, run the following commands to create the {kib} keystore and add the
 `kibana` built-in user and its password in secure settings:
 
-include::{stack-repo-dir}/security/get-started-kibana-users.asciidoc[tag=store-kibana-user]
+include::{xes-repo-dir}/security/get-started-kibana-users.asciidoc[tag=store-kibana-user]
 --
 
 . Start {kib}.

x-pack/docs/en/security/securing-communications/tutorial-tls-intro.asciidoc

@@ -40,7 +40,7 @@ IMPORTANT: To complete this tutorial, you must install the default {es} and
 When you install these products, they apply basic licenses with no expiration
 dates. All of the subsequent steps in this tutorial assume that you are using a
 basic license. For more information, see {subscriptions} and
-<<license-management>>.
+{stack-ov}/license-management.html[License-management].
 
 include::tutorial-tls-certificates.asciidoc[]
 include::tutorial-tls-internode.asciidoc[]

x-pack/docs/en/security/troubleshooting.asciidoc

@@ -22,7 +22,11 @@ answers for frequently asked questions.
 * <<trb-security-path>>
 
 
-include::{stack-repo-dir}/help.asciidoc[tag=get-help]
+For issues that you cannot fix yourself … we’re here to help.
+If you are an existing Elastic customer with a support contract, please create
+a ticket in the
+https://support.elastic.co/customers/s/login/[Elastic Support portal].
+Or post in the https://discuss.elastic.co/[Elastic forum].
 
 [[security-trb-settings]]
 === Some settings are not returned via the nodes settings API