[Phase 1] Rename "Requirements" into "What do I need to use this integration?" (#15320)

* Appy the new documentation guidelines * Update admin_by_request_epm * Update amazon_security_lake * Update apache_spark * Update armis * Update authentik * Update apigateway * Update awshealth * Update billing * Update cloudfront * Update cloudtrail * Update cloudwatch * Update config * Update dynamodb * More edits on dynamodb * Update ebs * Update ec2 * Update ecs * Update elb * Update emr * Update firewall * Update guardduty * Update kafka * Update more aws packages * Update more aws packages * Add CL entries and bump version in manifest * Update changelog entry * Create a new paragraph in the Agentless section --------- Co-authored-by: subham sarkar <subham.sarkar@elastic.co>

Author: alaudazzi

packages/abnormal_security/_dev/build/docs/README.md

@@ -4,7 +4,7 @@ Abnormal AI is a behavioral AI-based email security platform that learns the beh
 
 The Abnormal AI integration collects data for AI Security Mailbox (formerly known as Abuse Mailbox), Audit, Case, and Threat logs using REST API.
 
-## Data streams
+## What data does this integration collect?
 
 The Abnormal AI integration collects six types of logs:
 
@@ -20,13 +20,13 @@ The Abnormal AI integration collects six types of logs:
 
 - **[Vendor Case](https://app.swaggerhub.com/apis-docs/abnormal-security/abx/1.4.3#/Vendors)** - Get details of Abnormal Vendor Cases.
 
-## Requirements
+## What do I need to use this integration?
 
 Elastic Agent must be installed. For more details, check the Elastic Agent [installation instructions](docs-content://reference/fleet/install-elastic-agents.md).
 
-## Setup
+## How do I deploy this integration?
 
-### To collect data from the Abnormal AI Client API:
+### Collect data from the Abnormal AI Client API
 
 #### Step 1: Go to Portal
 * Visit the [Abnormal AI Portal](https://portal.abnormalsecurity.com/home/settings/integrations) and click on the `Abnormal REST API` setting.
@@ -37,18 +37,17 @@ Elastic Agent must be installed. For more details, check the Elastic Agent [inst
 #### Step 3: IP allowlisting
 * Abnormal AI requires you to restrict API access based on source IP. So in order for the integration to work, user needs to update the IP allowlisting to include the external source IP of the endpoint running the integration via Elastic Agent.
 
-### Enabling the integration in Elastic:
+### Enable the integration in Elastic
 
-1. In Kibana navigate to Management > Integrations.
-2. In "Search for integrations" top bar, search for `Abnormal AI`.
-3. Select the "Abnormal AI" integration from the search results.
-4. Select "Add Abnormal AI" to add the integration.
-5. Add all the required integration configuration parameters, including Access Token, Interval, Initial Interval and Page Size to enable data collection.
-6. Select "Save and continue" to save the integration.
+1. In Kibana navigate to **Management** > **Integrations**.
+2. In the search bar, type **Abnormal AI**.
+3. Select the **Abnormal AI** integration and add it.
+4. Add all the required integration configuration parameters, including Access Token, Interval, Initial Interval and Page Size to enable data collection.
+5. Save the integration.
 
 **Note**: By default, the URL is set to `https://api.abnormalplatform.com`. We have observed that Abnormal AI Base URL changes based on location so find your own base URL.
 
-### Enabling enrichment for Threat events
+### Enable enrichment for Threat events
 
 Introduced in version 1.8.0, the Abnormal AI integration includes a new option called `Enable Attachments and Links enrichment` for the Threat data stream. When enabled, this feature enriches incoming threat events with additional details about any attachments and links included in the original message.
 

packages/abnormal_security/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.11.0"
+ changes:
+ - description: Improve documentation to align with new guidelines.
+ type: enhancement
+ link: https://github.com/elastic/integrations/pull/15320
 - version: "1.10.1"
  changes:
  - description: Fix the precision of large integers in the `ai_security_mailbox_not_analyzed` data stream.

packages/abnormal_security/docs/README.md

@@ -4,7 +4,7 @@ Abnormal AI is a behavioral AI-based email security platform that learns the beh
 
 The Abnormal AI integration collects data for AI Security Mailbox (formerly known as Abuse Mailbox), Audit, Case, and Threat logs using REST API.
 
-## Data streams
+## What data does this integration collect?
 
 The Abnormal AI integration collects six types of logs:
 
@@ -20,13 +20,13 @@ The Abnormal AI integration collects six types of logs:
 
 - **[Vendor Case](https://app.swaggerhub.com/apis-docs/abnormal-security/abx/1.4.3#/Vendors)** - Get details of Abnormal Vendor Cases.
 
-## Requirements
+## What do I need to use this integration?
 
 Elastic Agent must be installed. For more details, check the Elastic Agent [installation instructions](docs-content://reference/fleet/install-elastic-agents.md).
 
-## Setup
+## How do I deploy this integration?
 
-### To collect data from the Abnormal AI Client API:
+### Collect data from the Abnormal AI Client API
 
 #### Step 1: Go to Portal
 * Visit the [Abnormal AI Portal](https://portal.abnormalsecurity.com/home/settings/integrations) and click on the `Abnormal REST API` setting.
@@ -37,18 +37,17 @@ Elastic Agent must be installed. For more details, check the Elastic Agent [inst
 #### Step 3: IP allowlisting
 * Abnormal AI requires you to restrict API access based on source IP. So in order for the integration to work, user needs to update the IP allowlisting to include the external source IP of the endpoint running the integration via Elastic Agent.
 
-### Enabling the integration in Elastic:
+### Enable the integration in Elastic
 
-1. In Kibana navigate to Management > Integrations.
-2. In "Search for integrations" top bar, search for `Abnormal AI`.
-3. Select the "Abnormal AI" integration from the search results.
-4. Select "Add Abnormal AI" to add the integration.
-5. Add all the required integration configuration parameters, including Access Token, Interval, Initial Interval and Page Size to enable data collection.
-6. Select "Save and continue" to save the integration.
+1. In Kibana navigate to **Management** > **Integrations**.
+2. In the search bar, type **Abnormal AI**.
+3. Select the **Abnormal AI** integration and add it.
+4. Add all the required integration configuration parameters, including Access Token, Interval, Initial Interval and Page Size to enable data collection.
+5. Save the integration.
 
 **Note**: By default, the URL is set to `https://api.abnormalplatform.com`. We have observed that Abnormal AI Base URL changes based on location so find your own base URL.
 
-### Enabling enrichment for Threat events
+### Enable enrichment for Threat events
 
 Introduced in version 1.8.0, the Abnormal AI integration includes a new option called `Enable Attachments and Links enrichment` for the Threat data stream. When enabled, this feature enriches incoming threat events with additional details about any attachments and links included in the original message.
 

packages/abnormal_security/manifest.yml

@@ -1,7 +1,7 @@
 format_version: 3.4.0
 name: abnormal_security
 title: Abnormal AI
-version: "1.10.1"
+version: "1.11.0"
 description: Collect logs from Abnormal AI with Elastic Agent.
 type: integration
 categories:

packages/admin_by_request_epm/_dev/build/docs/README.md

@@ -2,7 +2,7 @@
 
 The Elastic integration for [Admin By Request EPM](https://www.adminbyrequest.com/en/endpoint-privilege-management) enables real-time monitoring and analysis of audit logging of privilege elevations, software installations and administrative actions through user portal. This integration collects, processes, and visualizes audit logs and events to enhance security posture, compliance, and operational efficiency.
 
-## Data Streams
+## What data does this integration collect?
 
 - **`auditlog`**: Provides audit data that includes elevation requests, approvals, application installations, and scan results.
 - [Auditlog](https://www.adminbyrequest.com/en/docs/auditlog-api) are records generated when user takes action such as installing a software, running an application with admin privileges, requesting for admin session, approval or denial of requests and scan results.
@@ -12,7 +12,7 @@ The Elastic integration for [Admin By Request EPM](https://www.adminbyrequest.co
 - [Events](https://www.adminbyrequest.com/en/docs/events-api) are records that are generated on various actions done by users and administrators. These include group modifications, policy changes, security violations, and other administrative activities.
 - This data stream leverages the Admin By Request EPM API [`/events`](https://www.adminbyrequest.com/en/docs/events-api) endpoint to retrieve data.
 
-## Requirements
+## What do I need to use this integration?
 
 Elastic Agent must be installed. For more details, check the Elastic Agent [installation instructions](docs-content://reference/fleet/install-elastic-agents.md).
 
@@ -36,7 +36,7 @@ Auditlog documents can be found by setting the following filter:
 
 **ECS Field Reference**
 
-Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+Refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
 
 The following non-ECS fields are used in events documents:
 
@@ -52,10 +52,10 @@ Event documents can be found by setting the following filter:
 
 **ECS Field Reference**
 
-Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+Refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
 
 The following non-ECS fields are used in events documents:
 
 {{fields "events"}}
 
-Events Data stream has field `eventCode` which is a unique identifier for each event type. Please refer to the Event Codes table given on the [Events API documentation](https://www.adminbyrequest.com/en/docs/events-api) for more information on event codes.
+Events Data stream has field `eventCode` which is a unique identifier for each event type. Refer to the Event Codes table given on the [Events API documentation](https://www.adminbyrequest.com/en/docs/events-api) for more information on event codes.

packages/admin_by_request_epm/changelog.yml

@@ -1,3 +1,8 @@
+- version: "1.1.0"
+ changes:
+ - description: Improve documentation to align with new guidelines.
+ type: enhancement
+ link: https://github.com/elastic/integrations/pull/15320
 - version: "1.0.0"
  changes:
  - description: Release package as GA.

packages/admin_by_request_epm/docs/README.md

@@ -2,7 +2,7 @@
 
 The Elastic integration for [Admin By Request EPM](https://www.adminbyrequest.com/en/endpoint-privilege-management) enables real-time monitoring and analysis of audit logging of privilege elevations, software installations and administrative actions through user portal. This integration collects, processes, and visualizes audit logs and events to enhance security posture, compliance, and operational efficiency.
 
-## Data Streams
+## What data does this integration collect?
 
 - **`auditlog`**: Provides audit data that includes elevation requests, approvals, application installations, and scan results.
 - [Auditlog](https://www.adminbyrequest.com/en/docs/auditlog-api) are records generated when user takes action such as installing a software, running an application with admin privileges, requesting for admin session, approval or denial of requests and scan results.
@@ -12,7 +12,7 @@ The Elastic integration for [Admin By Request EPM](https://www.adminbyrequest.co
 - [Events](https://www.adminbyrequest.com/en/docs/events-api) are records that are generated on various actions done by users and administrators. These include group modifications, policy changes, security violations, and other administrative activities.
 - This data stream leverages the Admin By Request EPM API [`/events`](https://www.adminbyrequest.com/en/docs/events-api) endpoint to retrieve data.
 
-## Requirements
+## What do I need to use this integration?
 
 Elastic Agent must be installed. For more details, check the Elastic Agent [installation instructions](docs-content://reference/fleet/install-elastic-agents.md).
 
@@ -135,7 +135,7 @@ An example event for `auditlog` looks as following:
 
 **ECS Field Reference**
 
-Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+Refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
 
 The following non-ECS fields are used in events documents:
 
@@ -310,7 +310,7 @@ An example event for `events` looks as following:
 
 **ECS Field Reference**
 
-Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+Refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
 
 The following non-ECS fields are used in events documents:
 
@@ -360,4 +360,4 @@ The following non-ECS fields are used in events documents:
 | input.type | Input type | keyword |
 
 
-Events Data stream has field `eventCode` which is a unique identifier for each event type. Please refer to the Event Codes table given on the [Events API documentation](https://www.adminbyrequest.com/en/docs/events-api) for more information on event codes.
+Events Data stream has field `eventCode` which is a unique identifier for each event type. Refer to the Event Codes table given on the [Events API documentation](https://www.adminbyrequest.com/en/docs/events-api) for more information on event codes.

packages/admin_by_request_epm/manifest.yml

@@ -1,7 +1,7 @@
 format_version: 3.3.0
 name: admin_by_request_epm
 title: Admin By Request EPM
-version: "1.0.0"
+version: "1.1.0"
 source:
  license: "Elastic-2.0"
 description: "Collect logs from Admin By Request EPM with Elastic Agent."
@@ -60,11 +60,7 @@ policy_templates:
  required: false
  show_user: false
  description: >-
- The request tracer logs requests and responses to the agent's local file-system for debugging configurations.
- Enabling this request tracing compromises security and should only be used for debugging. Disabling the request
- tracer will delete any stored traces.
- See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-cel.html#_resource_tracer_enable)
- for details.
+ The request tracer logs requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. Disabling the request tracer will delete any stored traces. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-cel.html#_resource_tracer_enable) for details.
  - name: http_client_timeout
  type: text
  title: HTTP Client Timeout

packages/amazon_security_lake/_dev/build/docs/README.md

@@ -12,58 +12,55 @@ The Amazon Security Lake integration can be used in two different modes to colle
 
 This module follows the OCSF Schema Version **v1.1.0**.
 
-## Data streams
+## What data does this integration collect?
 
 The Amazon Security Lake integration collects logs from both [Third-party services](https://docs.aws.amazon.com/security-lake/latest/userguide/integrations-third-party.html) and [AWS services](https://docs.aws.amazon.com/security-lake/latest/userguide/open-cybersecurity-schema-framework.html) in an event data stream.
 
-### **NOTE**:
+**NOTE**:
 - The Amazon Security Lake integration supports events collected from [AWS services](https://docs.aws.amazon.com/security-lake/latest/userguide/internal-sources.html) and [third-party services](https://docs.aws.amazon.com/security-lake/latest/userguide/custom-sources.html).
 
 - Due to the nature and structure of the OCSF schema, this integration has limitations on how deep the mappings run. Some important objects like 'Actor', 'User' and 'Product' have more fleshed-out mappings compared to others which get flattened after the initial 2-3 levels of nesting to keep them maintainable and stay within field mapping [limits](https://www.elastic.co/guide/en/elasticsearch/reference/current/mapping-settings-limit.html). This will evolve as needed.
 
-## Requirements
+## What do I need to use this integration?
 
-- Elastic Agent must be installed.
-- Elastic Agent is required to stream data from Amazon Security Lake and ship the data to Elastic, where the events will then be processed via the integration's ingest pipelines.
+Elastic Agent must be installed. For more details, check the Elastic Agent [installation instructions](docs-content://reference/fleet/install-elastic-agents.md). Elastic Agent is required to stream data from Amazon Security Lake and ship the data to Elastic, where the events will then be processed via the integration's ingest pipelines.
 
 ## Setup
 
-### To collect data from Amazon Security Lake follow the below steps:
-
-1. To enable and start Amazon Security Lake, follow the steps mentioned here: [`https://docs.aws.amazon.com/security-lake/latest/userguide/getting-started.html`](https://docs.aws.amazon.com/security-lake/latest/userguide/getting-started.html).
-2. After creating the data lake, follow the steps below to create data subscribers to consume data.
- - Open the [Security Lake console](https://console.aws.amazon.com/securitylake/).
- - By using the AWS Region selector in the upper-right corner of the page, select the Region where you want to create the subscriber.
- - In the navigation pane, choose **Subscribers**.
- - On the Subscribers page, choose **Create subscriber**.
- - For **Subscriber details**, enter **Subscriber name** and an optional Description.
- - For **Log and event sources**, choose which sources the subscriber is authorized to consume.
- - For **Data access method**, choose **S3** to set up data access for the subscriber.
- - For **Subscriber credentials**, provide the subscriber's **AWS account ID** and **external ID**.
- - For **Notification details**, select **SQS queue**.
- - Choose Create.
-3. Above mentioned steps will create and provide the required details such as IAM roles/AWS role ID, external ID and queue URL to configure AWS Security Lake Integration.
-
-### Enabling the integration in Elastic:
-
-1. In Kibana go to Management > Integrations.
-2. In "Search for integrations" search bar, type Amazon Security Lake.
- ![Search](../img/search.png)
-3. Click on the "Amazon Security Lake" integration from the search results.
-4. Click on the Add Amazon Security Lake Integration button to add the integration.
- ![Home Page](../img/home_page.png)
-5. By default collect logs via S3 Bucket toggle will be off and collect logs for AWS SQS.
+### Collect data from Amazon Security Lake
+
+To enable and start Amazon Security Lake, refer to the [AWS getting started](https://docs.aws.amazon.com/security-lake/latest/userguide/getting-started.html).
+
+To create and provide the required details such as IAM roles/AWS role ID, external ID and queue URL to configure AWS Security Lake Integration, follow these steps:
+
+1. Open the [Security Lake console](https://console.aws.amazon.com/securitylake/).
+2. By using the AWS Region selector in the upper-right corner of the page, select the region where you want to create the subscriber.
+3. In the navigation pane, choose **Subscribers**.
+4. On the Subscribers page, choose **Create subscriber**.
+5. In **Subscriber details**, enter **Subscriber name** and an optional description.
+6. In **Log and event sources**, choose which sources the subscriber is authorized to consume.
+7. In **Data access method**, choose **S3** to set up data access for the subscriber.
+8. For **Subscriber credentials**, provide the subscriber's **AWS account ID** and **external ID**.
+9. For **Notification details**, select **SQS queue**.
+10. Click **Create**.
+
+### Enable the integration in Elastic
+
+1. In Kibana navigate to **Management** > **Integrations**.
+2. In the search bar, type **Amazon Security Lake**.
+3. Select the **Amazon Security Lake** integration and add it.
+4. By default collect logs via S3 Bucket toggle will be off and collect logs for AWS SQS.
  - queue url
  ![Queue URL](../img/queue_url.png)
  - collect logs via S3 Bucket toggled off
  - role ARN
  - external id
  ![Role ARN and External ID](../img/role_arn_and_external_id.png)
-
-6. If you want to collect logs via AWS S3, then you have to put the following details:
+5. If you want to collect logs via AWS S3, then you have to put the following details:
  - bucket ARN or access point ARN
  - role ARN
  - external id
+5. Save the integration.
 
 **NOTE**: