[Security][Alerting]: Add docs for installing and updating prebuilt rules in air-gapped environments #4972
Merged
nastasha-solomon merged 16 commits intomainfrom Mar 2, 2026
Merged
Conversation
Contributor
Vale Linting ResultsSummary: 1 warning, 1 suggestion found
|
| File | Line | Rule | Message |
|---|---|---|---|
| solutions/security/detect-and-alert/prebuilt-rules-airgapped.md | 21 | Elastic.Spelling | 'prebundled' is a possible misspelling. |
💡 Suggestions (1)
| File | Line | Rule | Message |
|---|---|---|---|
| solutions/security/detect-and-alert/prebuilt-rules-airgapped.md | 209 | Elastic.Wordiness | Consider using 'drag' instead of 'Drag and drop'. |
The Vale linter checks documentation changes against the Elastic Docs style guide.
To use Vale locally or report issues, refer to Elastic style guide for Vale.
Contributor
natasha-moore-elastic
approved these changes
Feb 20, 2026
Contributor
natasha-moore-elastic
left a comment
natasha-moore-elastic
left a comment
There was a problem hiding this comment.
Left a few minor comments and suggestions, looks great overall!
solutions/security/detect-and-alert/prebuilt-rules-airgapped.md
Outdated
Show resolved
Hide resolved
|
|
||
| ::::{step} Choose your registry image | ||
|
|
||
| The {{package-registry}} is available as a Docker image with different tags. Choose the appropriate image based on your update strategy. |
Contributor
There was a problem hiding this comment.
I don't know a lot about Elastic Package Registry, but this leaves me wondering how/where users can view all the available images that they can choose from?
Contributor
Author
There was a problem hiding this comment.
@pborgonovi can you offer some guidance here?
solutions/security/detect-and-alert/prebuilt-rules-airgapped.md
Outdated
Show resolved
Hide resolved
solutions/security/detect-and-alert/prebuilt-rules-airgapped.md
Outdated
Show resolved
Hide resolved
solutions/security/detect-and-alert/prebuilt-rules-airgapped.md
Outdated
Show resolved
Hide resolved
solutions/security/detect-and-alert/prebuilt-rules-airgapped.md
Outdated
Show resolved
Hide resolved
pborgonovi
reviewed
Feb 25, 2026
pborgonovi
left a comment
pborgonovi
left a comment
There was a problem hiding this comment.
Hey @nastasha-solomon
I reviewed the doc content and from a technical perspective it's correct. I added 2 minor notes for some extra information, if you could take a look.
Co-authored-by: natasha-moore-elastic <[email protected]>
Co-authored-by: natasha-moore-elastic <[email protected]>
Co-authored-by: natasha-moore-elastic <[email protected]>
nastasha-solomon
added a commit
that referenced
this pull request
Mar 3, 2026
…rules in air-gapped environments (#4972) <!-- Thank you for contributing to the Elastic Docs! 🎉 Use this template to help us efficiently review your contribution. --> <!-- Describe what your PR changes or improves. If your PR fixes an issue, link it here. If your PR does not fix an issue, describe the reason you are making the change. --> This PR creates [a dedicated page](https://docs-v3-preview.elastic.dev/elastic/docs-content/pull/4972/solutions/security/detect-and-alert/prebuilt-rules-airgapped) for installing and updating Elastic prebuilt detection rules in air-gapped environments. The following methods are covered: - Using a self-hosted Package Registry (recommended) - Manually transferring prebuilt rules using the export/import process Fixes: - elastic/security-docs#4652 - elastic/security-docs#2932 <!-- To help us ensure compliance with the Elastic open source and documentation guidelines, please answer the following: --> 1. Did you use a generative AI (GenAI) tool to assist in creating this contribution? - [x] Yes - [ ] No <!-- 2. If you answered "Yes" to the previous question, please specify the tool(s) and model(s) used (e.g., Google Gemini, OpenAI ChatGPT-4, etc.). Tool(s) and model(s) used: --> Cursor, claude-4.5-opus-high --------- Co-authored-by: natasha-moore-elastic <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR creates a dedicated page for installing and updating Elastic prebuilt detection rules in air-gapped environments. The following methods are covered:
Fixes:
Generative AI disclosure
Cursor, claude-4.5-opus-high