[Security] [Serverless: Oct 07] Entity analytics workflow + privmon (#2853)

Resolves #2281 by
documenting privileged user monitoring and the EA overview page for
serverless.

Lifecycle states:
- Privileged user monitoring: Tech preview
- Overview page: GA 

Main content changes are on the Privileged user monitoring requirements
page – other pages only have updates to the `applies_to` badges.

Preview: [Privileged user monitoring
requirements](https://docs-v3-preview.elastic.dev/elastic/docs-content/pull/2853/solutions/security/advanced-entity-analytics/privileged-user-monitoring-requirements)

Author: natasha-moore-elastic

solutions/security/advanced-entity-analytics.md

@@ -19,5 +19,5 @@ Advanced Entity Analytics provides the following key capabilities:
 
 * [](advanced-entity-analytics/entity-risk-scoring.md)
 * [](advanced-entity-analytics/advanced-behavioral-detections.md)
-* {applies_to}`stack: preview 9.1` {applies_to}`serverless: unavailable`	
+* {applies_to}`stack: preview 9.1` {applies_to}`serverless: preview`	
  [](/solutions/security/advanced-entity-analytics/privileged-user-monitoring.md)

solutions/security/advanced-entity-analytics/asset-criticality.md

@@ -68,7 +68,7 @@ You can view, assign, change, or unassign asset criticality from the following p
 
 If you have enabled the [entity store](entity-store.md), you can also view asset criticality assignments in the **Entities** section on the following pages:
 
-* {applies_to}`stack: ga 9.1` {applies_to}`serverless: unavailable` [Entity analytics](/solutions/security/advanced-entity-analytics/overview.md)
+* {applies_to}`stack: ga 9.1` {applies_to}`serverless: ga` [Entity analytics](/solutions/security/advanced-entity-analytics/overview.md)
 * [Entity analytics dashboard](/solutions/security/dashboards/entity-analytics-dashboard.md)
 
 :::{image} /solutions/images/security-entities-section.png

solutions/security/advanced-entity-analytics/entity-store.md

@@ -45,7 +45,7 @@ To enable the entity store:
 
 Once you enable the entity store, the **Entities** section appears on the following pages:
 
-* {applies_to}`stack: ga 9.1` {applies_to}`serverless: unavailable` [Entity analytics](/solutions/security/advanced-entity-analytics/overview.md)
+* {applies_to}`stack: ga 9.1` {applies_to}`serverless: ga` [Entity analytics](/solutions/security/advanced-entity-analytics/overview.md)
 * [Entity analytics dashboard](/solutions/security/dashboards/entity-analytics-dashboard.md)
 
 ## Clear entity store data [clear-entity-store]

solutions/security/advanced-entity-analytics/monitor-privileged-user-activitites.md

@@ -1,6 +1,8 @@
 ---
 applies_to:
   stack: preview 9.1
+  serverless:
+    security: preview
 products:
   - id: security
   - id: cloud-serverless

solutions/security/advanced-entity-analytics/overview.md

@@ -1,6 +1,8 @@
 ---
 applies_to:
   stack: ga 9.1
+  serverless:
+    security: ga
 products:
   - id: security
   - id: cloud-serverless

solutions/security/advanced-entity-analytics/privileged-user-monitoring-requirements.md

@@ -1,6 +1,8 @@
 ---
 applies_to:
   stack: preview 9.1
+  serverless:
+    security: preview
 products:
   - id: security
   - id: cloud-serverless
@@ -10,11 +12,15 @@ products:
 
 This page covers the requirements for using the privileged user monitoring feature, as well as its known limitations.
 
-* Privileged user monitoring feature requires the appropriate [subscription](https://www.elastic.co/pricing).
+The privileged user monitoring feature requires:
+  * {applies_to}`stack: ` The appropriate [subscription](https://www.elastic.co/subscriptions)
+  * {applies_to}`serverless: ` The appropriate [feature tier](https://www.elastic.co/pricing/serverless-security)
 
-* To enable this feature, turn on the `securitySolution:enablePrivilegedUserMonitoring` [advanced setting](/solutions/security/get-started/configure-advanced-settings.md#access-privileged-user-monitoring).
+To enable this feature, turn on the `securitySolution:enablePrivilegedUserMonitoring` [advanced setting](/solutions/security/get-started/configure-advanced-settings.md#access-privileged-user-monitoring).
 
-* To use these features , your role must have certain [privileges](#privmon_privs).
+To use this feature, you need:
+  * {applies_to}`stack: ` A role with the appropriate [privileges](#privmon_privs)
+  * {applies_to}`serverless: ` Either the appropriate [predefined Security user role](#privmon_roles) or a [custom role](/deploy-manage/users-roles/cloud-organization/user-roles.md) with the right [privileges](#privmon_privs)
 
 ## Privileges [privmon_privs]
 
@@ -23,6 +29,16 @@ This page covers the requirements for using the privileged user monitoring featu
 | Enable the privileged user monitoring feature | N/A | **All** for the **Security** feature |
 | View the Privileged user monitoring dashboard | `Read` for the following indices:<br> - `.entity_analytics.monitoring.users-<space-id>`<br> - `risk-score.risk-score-*`<br> - `.alerts-security.alerts-<space-id>`<br> -  `.ml-anomalies-shared`<br> - Security data view indices | **Read** for the **Security** feature |
 
+## Predefined roles [privmon_roles]
+```yaml {applies_to}
+serverless: 
+```
+
+| Action | Predefined role |
+| --- | --- |
+| Enable privileged user monitoring | - Platform engineer<br>- Admin |
+| View the Privileged user monitoring dashboard | - Tier 1 analyst<br>- Tier 2 analyst<br>- Tier 3 analyst<br>- Rule author<br>- SOC manager<br>- Platform engineer<br>- Detections admin<br>- Admin |
+
 ## Known limitations
 
 * Currently, none of the privileged user monitoring visualizations support [cross-cluster search](/solutions/search/cross-cluster-search.md) as part of the data that they query from. 

solutions/security/advanced-entity-analytics/privileged-user-monitoring-setup.md

@@ -2,6 +2,8 @@
 navigation_title: Set up privileged user monitoring
 applies_to:
   stack: preview 9.1
+  serverless:
+    security: preview
 products:
   - id: security
   - id: cloud-serverless

solutions/security/advanced-entity-analytics/privileged-user-monitoring.md

@@ -1,6 +1,8 @@
 ---
 applies_to:
   stack: preview 9.1
+  serverless:
+    security: preview
 products:
   - id: security
   - id: cloud-serverless

solutions/security/advanced-entity-analytics/view-analyze-risk-score-data.md

@@ -26,7 +26,7 @@ In the Entity Analytics overview, you can view entity key performance indicators
 If you have enabled the [entity store](entity-store.md), you'll also get access to the **Entities** section, where you can view all hosts, users, and services along with their risk and asset criticality data.
 
 Access the Entity Analytics overview from the following pages:
-* {applies_to}`stack: ga 9.1` {applies_to}`serverless: unavailable` [Entity analytics](/solutions/security/advanced-entity-analytics/overview.md) 
+* {applies_to}`stack: ga 9.1` {applies_to}`serverless: ga` [Entity analytics](/solutions/security/advanced-entity-analytics/overview.md) 
 * [Entity analytics dashboard](/solutions/security/dashboards/entity-analytics-dashboard.md)
 
 

solutions/security/get-started/configure-advanced-settings.md

@@ -239,8 +239,8 @@ Even when the `excludedDataTiersForRuleExecution` advanced setting is enabled, i
 
 ## Access privileged user monitoring
 ```yaml {applies_to}
-stack: preview 9.1
-serverless: unavailable
+stack: ga 9.1
+serverless: ga
 ```
 
 The `securitySolution:enablePrivilegedUserMonitoring` setting allows you to access the [Entity analytics overview page](/solutions/security/advanced-entity-analytics/overview.md) and the [privileged user monitoring](/solutions/security/advanced-entity-analytics/privileged-user-monitoring.md) feature. This setting is turned off by default.