Updates CSPM deployment guides (#7074)

benironside · web-flow · commit c838d34191c0 · 2025-10-27T16:47:53.000Z
diff --git a/docs/cloud-native-security/cspm-get-started-aws.asciidoc b/docs/cloud-native-security/cspm-get-started-aws.asciidoc
@@ -32,7 +32,7 @@ You can set up CSPM for AWS either by enrolling a single cloud account, or by en
 . Click *Add Cloud Security Posture Management (CSPM)*.
 . Select *AWS*, then either *AWS Organization* to onboard multiple accounts, or *Single Account* to onboard an individual account.
 . Give your integration a name that matches the purpose or team of the AWS account/organization you want to monitor, for example, `dev-aws-account`.
-. Click **Advanced options**, then select **Agentless (BETA)**.
+. For **Deployment options**, select **Agentless**.
 . Next, you'll need to authenticate to AWS. Two methods are available:
 .. Option 1: Direct access keys/CloudFormation (Recommended). Under **Preferred method**, select **Direct access keys**. Expand the **Steps to Generate AWS Account Credentials** section, then follow the displayed instructions to automatically create the necessary credentials using CloudFormation.
 +
@@ -250,7 +250,7 @@ You can use the AWS CLI to generate temporary credentials. For example, you coul
 
 [source,console]
 ----------------------------------
-sts get-session-token --serial-number arn:aws:iam::1234:mfa/your-email<example-url> --duration-seconds 129600 --token-code 123456
+sts get-session-token --serial-number arn:aws:iam::1234:mfa/your-email@example.com --duration-seconds 129600 --token-code 123456
 ----------------------------------
 
 The output from this command includes the following fields, which you should provide when configuring the CSPM integration:
diff --git a/docs/cloud-native-security/cspm-get-started-azure.asciidoc b/docs/cloud-native-security/cspm-get-started-azure.asciidoc
@@ -32,7 +32,7 @@ You can set up CSPM for Azure by by enrolling an Azure organization (management
 . Click *Add Cloud Security Posture Management (CSPM)*.
 . Select *Azure*, then either *Azure Organization* to onboard your whole organization, or *Single Subscription* to onboard an individual subscription.
 . Give your integration a name that matches the purpose or team of the Azure subscription/organization you want to monitor, for example, `dev-azure-account`.
-. Click **Advanced options**, then select **Agentless (BETA)**.
+. For **Deployment options**, select **Agentless**.
 . Next, you'll need to authenticate to Azure by providing a **Client ID**, **Tenant ID**, and **Client Secret**. To learn how to generate them, refer to <<cspm-azure-client-secret, Service principal with client secret>>.
 . Once you've provided the necessary credentials, click **Save and continue** to finish deployment. Your data should start to appear within a few minutes.
 
diff --git a/docs/cloud-native-security/cspm-get-started-gcp.asciidoc b/docs/cloud-native-security/cspm-get-started-gcp.asciidoc
@@ -21,7 +21,7 @@ This page explains how to get started monitoring the security posture of your GC
 [[cspm-setup-gcp]]
 == Set up CSPM for GCP
 
-You can set up CSPM for GCP either by enrolling a single project, or by enrolling an organization containing multiple projects. Either way, you need to first add the CSPM integration, then enable cloud account access. Two deployment technologies are available: agentless, and agent-based. <<cspm-gcp-agentless, Agentless deployment>> allows you to collect cloud posture data without having to manage the deployment of an agent in your cloud. <<cspm-gcp-agent-based, Agent-based deployment>> requires you to deploy and manage an agent in the cloud account you want to monitor. 
+You can set up CSPM for GCP either by enrolling a single project, or by enrolling an organization containing multiple projects. Either way, you need to first add the CSPM integration, then enable access. Two deployment technologies are available: agentless, and agent-based. <<cspm-gcp-agentless, Agentless deployment>> allows you to collect cloud posture data without having to manage the deployment of an agent in your cloud. <<cspm-gcp-agent-based, Agent-based deployment>> requires you to deploy and manage an agent in the cloud project you want to monitor. 
 
 [discrete]
 [[cspm-gcp-agentless]]
@@ -30,9 +30,9 @@ You can set up CSPM for GCP either by enrolling a single project, or by enrollin
 . Find **Integrations** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
 . Search for `CSPM`, then click on the result.
 . Click *Add Cloud Security Posture Management (CSPM)*.
-. Select *GCP*, then either *GCP Organization* to onboard your whole organization, or *Single Account* to onboard an individual account.
-. Give your integration a name that matches the purpose or team of the GCP subscription/organization you want to monitor, for example, `dev-gcp-account`.
-. Click **Advanced options**, then select **Agentless (BETA)**.
+. Select *GCP*, then either *GCP Organization* to onboard your whole organization, or *Single Project* to onboard an individual project.
+. Give your integration a name that matches the purpose or team of the GCP subscription/organization you want to monitor, for example, `dev-gcp-project`.
+. For **Deployment options**, select **Agentless**.
 . Next, you'll need to authenticate to GCP. Expand the **Steps to Generate GCP Account Credentials** section, then follow the instructions that appear to automatically create the necessary credentials using Google Cloud Shell.
 . Once you've provided the necessary credentials, click **Save and continue** to finish deployment. Your data should start to appear within a few minutes.
 
@@ -48,8 +48,8 @@ IMPORTANT: Agentless deployment does not work if you are using {cloud}/ec-traffi
 . Find **Integrations** in the navigation menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
 . Search for `CSPM`, then click on the result.
 . Click *Add Cloud Security Posture Management (CSPM)*.
-. Under *Configure integration*, select *GCP*, then either *GCP Organization* (recommended) or *Single Account*.
-. Give your integration a name that matches the purpose or team of the GCP account you want to monitor, for example, `dev-gcp-project`.
+. Under *Configure integration*, select *GCP*, then either *GCP Organization* (recommended) or *Single Project*.
+. Give your integration a name that matches the purpose or team of the GCP project you want to monitor, for example, `dev-gcp-project`.
 
 
 [discrete]
@@ -58,7 +58,7 @@ IMPORTANT: Agentless deployment does not work if you are using {cloud}/ec-traffi
 
 NOTE: To set up CSPM for a GCP project, you need admin privileges for the project.
 
-For most users, the simplest option is to use a Google Cloud Shell script to automatically provision the necessary resources and permissions in your GCP account. This method, as well as two manual options, are described below.
+For most users, the simplest option is to use a Google Cloud Shell script to automatically provision the necessary GCP resources and permissions. This method, as well as two manual options, are described below.
 
 [discrete]
 [[cspm-set-up-cloudshell]]
@@ -67,8 +67,8 @@ For most users, the simplest option is to use a Google Cloud Shell script to aut
 . Under **Setup Access**, select **Google Cloud Shell**. Enter your GCP Project ID, and for GCP Organization deployments, your GCP Organization ID.
 . Under **Where to add this integration**:
 .. Select **New Hosts**.
-.. Name the {agent} policy. Use a name that matches the purpose or team of the cloud account or accounts you want to monitor. For example, `dev-gcp-account`.
-.. Click **Save and continue**, then **Add {agent} to your hosts**. The **Add agent** wizard appears and provides {agent} binaries, which you can download and deploy to a VM in your GCP account.
+.. Name the {agent} policy. Use a name that matches the purpose or team of the cloud project or projects you want to monitor. For example, `dev-gcp-project`.
+.. Click **Save and continue**, then **Add {agent} to your hosts**. The **Add agent** wizard appears and provides {agent} binaries, which you can download and deploy to a VM in GCP.
 . Click **Save and continue**.
 . Copy the command that appears, then click **Launch Google Cloud Shell**. It opens in a new window.
 . Check the box to trust Elastic's `cloudbeat` repo, then click **Confirm**
@@ -125,7 +125,7 @@ Provide credentials to the CSPM integration:
 . Enter your GCP **Organization ID**. Enter the GCP **Project ID** of the project where you want to provision the compute instance that will run CSPM. 
 . Select **Credentials JSON**, and enter the value you generated earlier.
 . Under **Where to add this integration**, select **New Hosts**.
-. Name the {agent} policy. Use a name that matches the purpose or team of the cloud account or accounts you want to monitor. For example, `dev-gcp-account`.
+. Name the {agent} policy. Use a name that matches the purpose or team of the cloud project or project you want to monitor. For example, `dev-gcp-project`.
 . Click **Save and continue**, then follow the instructions to install {agent} in your chosen GCP project.
 
 Wait for the confirmation that {kib} received data from your new integration. Then you can click **View Assets** to see your data.
@@ -172,7 +172,7 @@ Provide credentials to the CSPM integration:
 . Enter your GCP **Project ID**.
 . Select **Credentials JSON**, and enter the value you generated earlier.
 . Under **Where to add this integration**, select **New Hosts**.
-. Name the {agent} policy. Use a name that matches the purpose or team of the cloud account or accounts you want to monitor. For example, `dev-gcp-account`.
+. Name the {agent} policy. Use a name that matches the purpose or team of the cloud project or projects you want to monitor. For example, `dev-gcp-project`.
 . Click **Save and continue**, then follow the instructions to install {agent} in your chosen GCP project.
 
 Wait for the confirmation that {kib} received data from your new integration. Then you can click **View Assets** to see your data.
