[DOCS] Adds security content in the Elasticsearch Reference

docs/reference/index.asciidoc

@@ -50,7 +50,7 @@ include::data-rollup-transform.asciidoc[]
 
 include::high-availability.asciidoc[]
 
-include::security/index.asciidoc[]
+include::{xes-repo-dir}/security/index.asciidoc[]
 
 include::{xes-repo-dir}/watcher/index.asciidoc[]
 

x-pack/docs/en/security/auditing/event-types.asciidoc

@@ -18,7 +18,7 @@ The following is a list of the events that can be generated:
                                           realm type.
 | `access_denied`                   | | | Logged when an authenticated user attempts to execute
                                           an action they do not have the necessary
-                                          <<security-reference, privilege>> to perform.
+                                          <<security-privileges,privilege>> to perform.
 | `access_granted`                  | | | Logged when an authenticated user attempts to execute
                                           an action they have the necessary privilege to perform.
                                           When the `system_access_granted` event is included, all system
@@ -28,7 +28,7 @@ The following is a list of the events that can be generated:
                                           another user that they have the necessary privileges to do.
 | `run_as_denied`                   | | | Logged when an authenticated user attempts to <<run-as-privilege, run as>>
                                           another user action they do not have the necessary
-                                          <<security-reference, privilege>> to do so.
+                                          <<security-privileges,privilege>> to do so.
 | `tampered_request`                | | | Logged when the {security-features} detect that the request has
                                           been tampered with. Typically relates to `search/scroll`
                                           requests when the scroll ID is believed to have been

x-pack/docs/en/security/authentication/index.asciidoc

@@ -12,13 +12,8 @@ include::native-realm.asciidoc[]
 include::pki-realm.asciidoc[]
 include::saml-realm.asciidoc[]
 include::kerberos-realm.asciidoc[]
-
-include::{xes-repo-dir}/security/authentication/custom-realm.asciidoc[]
-
-include::{xes-repo-dir}/security/authentication/anonymous-access.asciidoc[]
-
-include::{xes-repo-dir}/security/authentication/user-cache.asciidoc[]
-
-include::{xes-repo-dir}/security/authentication/saml-guide.asciidoc[]
-
-include::{xes-repo-dir}/security/authentication/oidc-guide.asciidoc[]
+include::custom-realm.asciidoc[]
+include::anonymous-access.asciidoc[]
+include::user-cache.asciidoc[]
+include::saml-guide.asciidoc[]
+include::oidc-guide.asciidoc[]

x-pack/docs/en/security/authorization/index.asciidoc

@@ -3,22 +3,22 @@ include::overview.asciidoc[]
 
 include::built-in-roles.asciidoc[]
 
-include::{xes-repo-dir}/security/authorization/managing-roles.asciidoc[]
+include::managing-roles.asciidoc[]
 
 include::privileges.asciidoc[]
 
 include::document-level-security.asciidoc[]
 
 include::field-level-security.asciidoc[]
 
-include::{xes-repo-dir}/security/authorization/alias-privileges.asciidoc[]
+include::alias-privileges.asciidoc[]
 
-include::{xes-repo-dir}/security/authorization/mapping-roles.asciidoc[]
+include::mapping-roles.asciidoc[]
 
-include::{xes-repo-dir}/security/authorization/field-and-document-access-control.asciidoc[]
+include::field-and-document-access-control.asciidoc[]
 
-include::{xes-repo-dir}/security/authorization/run-as-privilege.asciidoc[]
+include::run-as-privilege.asciidoc[]
 
 include::configuring-authorization-delegation.asciidoc[]
 
-include::{xes-repo-dir}/security/authorization/custom-authorization.asciidoc[]
+include::custom-authorization.asciidoc[]

x-pack/docs/en/security/ccs-clients-integrations/monitoring.asciidoc

@@ -1,7 +1,7 @@
 [[secure-monitoring]]
 === Monitoring and security
 
-The <<xpack-monitoring,{stack} {monitor-features}>> consist of two components:
+The {stack} {monitor-features} consist of two components:
 an agent that you install on on each {es} and Logstash node, and a Monitoring UI
 in {kib}. The monitoring agent collects and indexes metrics from the nodes
 and you visualize the data through the Monitoring dashboards in {kib}. The agent

x-pack/docs/en/security/configuring-es.asciidoc

@@ -139,11 +139,11 @@ Events are logged to a dedicated `<clustername>_audit.json` file in
 To walk through the configuration of {security-features} in {es}, {kib}, {ls}, and {metricbeat}, see
 {stack-ov}/security-getting-started.html[Getting started with security].
 
-include::{es-repo-dir}/security/securing-communications/securing-elasticsearch.asciidoc[]
+include::securing-communications/securing-elasticsearch.asciidoc[]
 
-include::{es-repo-dir}/security/securing-communications/configuring-tls-docker.asciidoc[]
+include::securing-communications/configuring-tls-docker.asciidoc[]
 
-include::{es-repo-dir}/security/securing-communications/enabling-cipher-suites.asciidoc[]
+include::securing-communications/enabling-cipher-suites.asciidoc[]
 
 include::authentication/configuring-active-directory-realm.asciidoc[]
 include::authentication/configuring-file-realm.asciidoc[]
@@ -154,6 +154,6 @@ include::authentication/configuring-saml-realm.asciidoc[]
 
 include::authentication/configuring-kerberos-realm.asciidoc[]
 
-include::{es-repo-dir}/security/reference/files.asciidoc[]
+include::reference/files.asciidoc[]
 include::fips-140-compliance.asciidoc[]
 

x-pack/docs/en/security/get-started-security.asciidoc

@@ -19,7 +19,8 @@ IMPORTANT: To complete this tutorial, you must install the default {es} and
 authentication {security-features}. When you install these products, they apply
 basic licenses with no expiration dates. All of the subsequent steps in this
 tutorial assume that you are using a basic license. For more information, see
-{subscriptions} and <<license-management>>.
+{subscriptions} and
+{stack-ov}/license-management.html[License-management].
 
 --
 

x-pack/docs/en/security/index.asciidoc

@@ -1,93 +1,22 @@
-[role="xpack"]
-[[elasticsearch-security]]
-= Securing the {stack}
+[[secure-cluster]]
+= Secure a cluster
 
 [partintro]
 --
 The {stack-security-features} enable you to easily secure a cluster. You can
 password-protect your data as well as implement more advanced security
 measures such as encrypting communications, role-based access control,
-IP filtering, and auditing. This guide describes how to configure the security
-features you need, and interact with your secured cluster.
-
-Security protects Elasticsearch clusters by:
-
-* <<preventing-unauthorized-access, Preventing unauthorized access>>
-  with password protection, role-based access control, and IP filtering.
-* <<preserving-data-integrity, Preserving the integrity of your data>>
-  with message authentication and SSL/TLS encryption.
-* <<maintaining-audit-trail, Maintaining an audit trail>>
-  so you know who's doing what to your cluster and the data it stores.
-
-[float]
-[[preventing-unauthorized-access]]
-=== Preventing unauthorized access
-
-To prevent unauthorized access to your Elasticsearch cluster, you must have a
-way to _authenticate_ users. This simply means that you need a way to validate
-that a user is who they claim to be. For example, you have to make sure only
-the person named _Kelsey Andorra_ can sign in as the user `kandorra`. The
-{es-security-features} provide a standalone authentication mechanism that enables
-you to quickly password-protect your cluster. If you're already using
-<<ldap-realm, LDAP>>, <<active-directory-realm, Active Directory>>, or
-<<pki-realm, PKI>> to manage users in your organization, the {security-features}
-are able to integrate with those systems to perform user authentication.
-
-In many cases, simply authenticating users isn't enough. You also need a way to
-control what data users have access to and what tasks they can perform. The
-{es-security-features} enable you to _authorize_ users by assigning access
-_privileges_ to _roles_ and assigning those roles to users. For example, this
-<<authorization,role-based access control>> mechanism (a.k.a RBAC) enables
-you to specify that the user `kandorra` can only perform read operations on the
-`events` index and can't do anything at all with other indices.
-
-The {security-features} also support <<ip-filtering, IP-based authorization>>.
-You can whitelist and blacklist specific IP addresses or subnets to control
-network-level access to a server.
-
-[float]
-[[preserving-data-integrity]]
-=== Preserving data integrity
-
-A critical part of security is keeping confidential data confidential.
-Elasticsearch has built-in protections against accidental data loss and
-corruption. However, there's nothing to stop deliberate tampering or data
-interception. The {stack-security-features} preserve the integrity of your
-data by <<ssl-tls, encrypting communications>> to and from nodes. For even	
-greater protection, you can increase the {ref}/ciphers.html[encryption strength].
-
-[float]
-[[maintaining-audit-trail]]
-=== Maintaining an audit trail
-
-Keeping a system secure takes vigilance. By using {stack-security-features} to
-maintain an audit trail, you can easily see who is accessing your cluster and
-what they're doing. By analyzing access patterns and failed attempts to access
-your cluster, you can gain insights into attempted attacks and data breaches.
-Keeping an auditable log of the activity in your cluster can also help diagnose
-operational issues.
-
-[float]
-=== Where to Go Next
-
-* <<security-getting-started, Getting Started>>
-  steps through how to install and start using Security for basic authentication.
-
-* <<how-security-works, How Security Works>>
-  provides more information about how Security supports user authentication,
-  authorization, and encryption.
-
-* <<ccs-clients-integrations>>
-  shows you how to interact with an Elasticsearch cluster protected by the
-  {stack-security-features}.
-
-[float]
-=== Have Comments, Questions, or Feedback?
-
-Head over to our {security-forum}[Security Discussion Forum]
-to share your experience, questions, and suggestions.
+IP filtering, and auditing.
+
+* <<elasticsearch-security>>
+* <<configuring-security>>
+
 --
 
+include::overview.asciidoc[]
+
+include::configuring-es.asciidoc[]
+
 include::how-security-works.asciidoc[]
 
 include::authentication/index.asciidoc[]

x-pack/docs/en/security/securing-communications.asciidoc

@@ -17,9 +17,5 @@ This section shows how to:
 The authentication of new nodes helps prevent a rogue node from joining the
 cluster and receiving data through replication.
 
-include::{es-repo-dir}/security/securing-communications/setting-up-ssl.asciidoc[]
+include::securing-communications/setting-up-ssl.asciidoc[]
 
-[[ciphers]]
-=== Enabling cipher suites for stronger encryption
-
-See {ref}/ciphers.html[Enabling Cipher Suites for Stronger Encryption].

docs/reference/security/securing-communications/enabling-cipher-suites.asciidoc → x-pack/docs/en/security/securing-communications/enabling-cipher-suites.asciidoc

@@ -1,6 +1,6 @@
 [role="xpack"]
 [[ciphers]]
-=== Enabling Cipher Suites for Stronger Encryption
+=== Enabling cipher suites for stronger encryption
 
 The TLS and SSL protocols use a cipher suite that determines the strength of
 encryption used to protect the data. You may want to increase the strength of

x-pack/docs/en/security/securing-communications/tutorial-tls-intro.asciidoc

@@ -40,7 +40,7 @@ IMPORTANT: To complete this tutorial, you must install the default {es} and
 When you install these products, they apply basic licenses with no expiration
 dates. All of the subsequent steps in this tutorial assume that you are using a
 basic license. For more information, see {subscriptions} and
-<<license-management>>.
+{stack-ov}/license-management.html[License-management].
 
 include::tutorial-tls-certificates.asciidoc[]
 include::tutorial-tls-internode.asciidoc[]

x-pack/docs/en/security/troubleshooting.asciidoc

@@ -22,7 +22,11 @@ answers for frequently asked questions.
 * <<trb-security-path>>
 
 
-include::{stack-repo-dir}/help.asciidoc[tag=get-help]
+For issues that you cannot fix yourself … we’re here to help.
+If you are an existing Elastic customer with a support contract, please create
+a ticket in the
+https://support.elastic.co/customers/s/login/[Elastic Support portal].
+Or post in the https://discuss.elastic.co/[Elastic forum].
 
 [[security-trb-settings]]
 === Some settings are not returned via the nodes settings API