[Website]: Consistent Terminology for "Elastic Defend" vs "Elastic Endpoint" #4451
Description
Type of issue
Inaccurate
What documentation page is affected
https://www.elastic.co/docs/solutions/security/
What happened?
Consistent Terminology for "Elastic Defend" vs "Elastic Endpoint"
Summary
The Core Concepts section on the Security overview page distinguishes between these two terms:
| Term | What It Is | Where It Exists |
|---|---|---|
| Elastic Defend | A Fleet Integration (policy/configuration) | Fleet UI, Kibana |
| Elastic Endpoint | The security process that runs on hosts | Host filesystem, process list |
A few other pages use these terms interchangeably, which could cause confusion. This issue collects those instances with suggested alternatives.
Instances
1. "System requirements to install Elastic Defend"
Locations:
- https://www.elastic.co/docs/solutions/security/get-started/get-started-detect-with-siem
- https://www.elastic.co/docs/solutions/security/get-started/get-started-endpoint-security
Current:
"Ensure you have the minimum system requirements to install Elastic Defend."
Suggested:
"Ensure your hosts meet the minimum system requirements to run Elastic Endpoint."
2. "Installing Elastic Defend on macOS"
Location:
Current:
"If you're installing Elastic Defend on macOS..."
Suggested:
"If you're deploying Elastic Agent with the Defend integration to macOS hosts..."
3. "Elastic Defend generates an alert"
Locations:
- https://www.elastic.co/docs/solutions/security/get-started/get-started-endpoint-security
- https://www.elastic.co/docs/solutions/security/get-started/get-started-detect-with-siem
Current:
"If any of these behaviors are detected, Elastic Defend generates an alert..."
Suggested:
"If any of these behaviors are detected, Elastic Endpoint generates an alert..."
(Some pages already use "Elastic Endpoint" for this context.)
4. "Endpoints running Elastic Defend"
Location:
Current:
"The Endpoints page allows administrators to view and manage endpoints that are running the Elastic Defend integration."
Suggested:
"The Endpoints page allows administrators to view and manage endpoints protected by the Elastic Defend integration."
5. "Elastic Defend requirements" page
Location:
The content covers host-level requirements for Elastic Endpoint (OS versions, macOS permissions, etc.). Consider adding a clarifying intro:
"These are the system requirements for hosts to run Elastic Endpoint, the component deployed by the Elastic Defend integration."
6. "Install" vs "Add" for integrations
Location:
Current:
"In the Add agent flyout that appears after you install the Elastic Defend integration..."
Suggested:
"In the Add agent flyout that appears after you add the Elastic Defend integration..."
7. Mixed terminology in same paragraph
Location:
Current:
"...you may require you to grant Elastic Endpoint Full Disk Access... Refer to Elastic Defend requirements"
The sentence uses "Elastic Endpoint" but links to "Elastic Defend requirements."
References
- Core Concepts (correct definitions): https://www.elastic.co/docs/solutions/security
- Endpoint command reference (consistent usage): https://www.elastic.co/docs/reference/security/endpoint-command-reference
- Discuss thread with user confusion: https://discuss.elastic.co/t/integration/326744
Additional info
No response