From 4ca852819f797ac0a8f9691bdbee0d9fd7648c11 Mon Sep 17 00:00:00 2001
From: Amit Galitzky <amgalitz@amazon.com>
Date: Fri, 6 Sep 2024 07:58:48 -0700
Subject: [PATCH 01/24] adding documentation for remote index use in AD

Signed-off-by: Amit Galitzky <amgalitz@amazon.com>
---
 _observing-your-data/ad/index.md | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/_observing-your-data/ad/index.md b/_observing-your-data/ad/index.md
index 5dfa1b8f1a7..986f4647cc4 100644
--- a/_observing-your-data/ad/index.md
+++ b/_observing-your-data/ad/index.md
@@ -29,9 +29,14 @@ A detector is an individual anomaly detection task. You can define multiple dete
 1. Add in the detector details.
    - Enter a name and brief description. Make sure the name is unique and descriptive enough to help you to identify the purpose of the detector.
 1. Specify the data source.   
-   - For **Data source**, choose the index you want to use as the data source. You can optionally use index patterns to choose multiple indexes.
+   - For **Data source**, choose the index/indices you want to use as the data source. You can also optionally use an alias or an index patterns to choose multiple indexes. 
+   - Detectors also support remote indices, you can utilize the same `cluster-name:index-name` pattern used by [cross-cluster search](https://opensearch.org/docs/latest/search-plugins/cross-cluster-search/) or by utilizing OpenSearch Dashboards 2.17 or later to choose the clusters and indices you want to use.
    - (Optional) For **Data filter**, filter the index you chose as the data source. From the **Data filter** menu, choose **Add data filter**, and then design your filter query by selecting **Field**, **Operator**, and **Value**, or choose **Use query DSL** and add your own JSON filter query. Only [Boolean queries]({{site.url}}{{site.baseurl}}/query-dsl/compound/bool/) are supported for query domain-specific language (DSL).
 
+
+The following [permissions]({{site.url}}{{site.baseurl}}/security/access-control/permissions/) are required in order to create a cross-cluster detector through the dashboards UI: `indices:data/read/field_caps`, `indices:admin/resolve/index`, and `cluster:monitor/remote/info`.
+{: .note}
+
 #### Example filter using query DSL
 The query is designed to retrieve documents in which the `urlPath.keyword` field matches one of the following specified values:
    

From aa16e9ac32b1360fb65a3072c718d922a2da9f97 Mon Sep 17 00:00:00 2001
From: Melissa Vagi <vagimeli@amazon.com>
Date: Fri, 6 Sep 2024 11:23:27 -0600
Subject: [PATCH 02/24] Update _observing-your-data/ad/index.md

Signed-off-by: Melissa Vagi <vagimeli@amazon.com>
---
 _observing-your-data/ad/index.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_observing-your-data/ad/index.md b/_observing-your-data/ad/index.md
index 986f4647cc4..6b3225920c9 100644
--- a/_observing-your-data/ad/index.md
+++ b/_observing-your-data/ad/index.md
@@ -29,7 +29,7 @@ A detector is an individual anomaly detection task. You can define multiple dete
 1. Add in the detector details.
    - Enter a name and brief description. Make sure the name is unique and descriptive enough to help you to identify the purpose of the detector.
 1. Specify the data source.   
-   - For **Data source**, choose the index/indices you want to use as the data source. You can also optionally use an alias or an index patterns to choose multiple indexes. 
+   - For **Data source**, choose the index or indexes you want to use as the data source. You can also optionally use an alias or an index patterns to choose multiple indexes. 
    - Detectors also support remote indices, you can utilize the same `cluster-name:index-name` pattern used by [cross-cluster search](https://opensearch.org/docs/latest/search-plugins/cross-cluster-search/) or by utilizing OpenSearch Dashboards 2.17 or later to choose the clusters and indices you want to use.
    - (Optional) For **Data filter**, filter the index you chose as the data source. From the **Data filter** menu, choose **Add data filter**, and then design your filter query by selecting **Field**, **Operator**, and **Value**, or choose **Use query DSL** and add your own JSON filter query. Only [Boolean queries]({{site.url}}{{site.baseurl}}/query-dsl/compound/bool/) are supported for query domain-specific language (DSL).
 

From 351c8f0bf1f8338c61b5e4e62873f152ccff49d8 Mon Sep 17 00:00:00 2001
From: Melissa Vagi <vagimeli@amazon.com>
Date: Fri, 6 Sep 2024 11:35:51 -0600
Subject: [PATCH 03/24] Update _observing-your-data/ad/index.md

Signed-off-by: Melissa Vagi <vagimeli@amazon.com>
---
 _observing-your-data/ad/index.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_observing-your-data/ad/index.md b/_observing-your-data/ad/index.md
index 6b3225920c9..aa5cca3ef59 100644
--- a/_observing-your-data/ad/index.md
+++ b/_observing-your-data/ad/index.md
@@ -30,7 +30,7 @@ A detector is an individual anomaly detection task. You can define multiple dete
    - Enter a name and brief description. Make sure the name is unique and descriptive enough to help you to identify the purpose of the detector.
 1. Specify the data source.   
    - For **Data source**, choose the index or indexes you want to use as the data source. You can also optionally use an alias or an index patterns to choose multiple indexes. 
-   - Detectors also support remote indices, you can utilize the same `cluster-name:index-name` pattern used by [cross-cluster search](https://opensearch.org/docs/latest/search-plugins/cross-cluster-search/) or by utilizing OpenSearch Dashboards 2.17 or later to choose the clusters and indices you want to use.
+   - Detectors can use remote indexes. You can access them using the `cluster-name:index-name` pattern, as used in [cross-cluster search](https://opensearch.org/docs/latest/search-plugins/cross-cluster-search/). Alternatively, you can select the clusters and indexes you want to use through OpenSearch Dashboards 2.17 or later.
    - (Optional) For **Data filter**, filter the index you chose as the data source. From the **Data filter** menu, choose **Add data filter**, and then design your filter query by selecting **Field**, **Operator**, and **Value**, or choose **Use query DSL** and add your own JSON filter query. Only [Boolean queries]({{site.url}}{{site.baseurl}}/query-dsl/compound/bool/) are supported for query domain-specific language (DSL).
 
 

From 08bc9d6ffe66a699ab9725921e1ad2b850182553 Mon Sep 17 00:00:00 2001
From: Melissa Vagi <vagimeli@amazon.com>
Date: Fri, 6 Sep 2024 11:44:49 -0600
Subject: [PATCH 04/24] Update _observing-your-data/ad/index.md

Signed-off-by: Melissa Vagi <vagimeli@amazon.com>
---
 _observing-your-data/ad/index.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_observing-your-data/ad/index.md b/_observing-your-data/ad/index.md
index aa5cca3ef59..f5ba54b98b0 100644
--- a/_observing-your-data/ad/index.md
+++ b/_observing-your-data/ad/index.md
@@ -34,7 +34,7 @@ A detector is an individual anomaly detection task. You can define multiple dete
    - (Optional) For **Data filter**, filter the index you chose as the data source. From the **Data filter** menu, choose **Add data filter**, and then design your filter query by selecting **Field**, **Operator**, and **Value**, or choose **Use query DSL** and add your own JSON filter query. Only [Boolean queries]({{site.url}}{{site.baseurl}}/query-dsl/compound/bool/) are supported for query domain-specific language (DSL).
 
 
-The following [permissions]({{site.url}}{{site.baseurl}}/security/access-control/permissions/) are required in order to create a cross-cluster detector through the dashboards UI: `indices:data/read/field_caps`, `indices:admin/resolve/index`, and `cluster:monitor/remote/info`.
+To create a cross-cluster detector through OpenSearch Dashboards, the following [permissions]({{site.url}}{{site.baseurl}}/security/access-control/permissions/) are required: `indices:data/read/field_caps`, `indices:admin/resolve/index`, and `cluster:monitor/remote/info`.
 {: .note}
 
 #### Example filter using query DSL

From addce3ba238fba4022b178b79b7ac3877e36238f Mon Sep 17 00:00:00 2001
From: Melissa Vagi <vagimeli@amazon.com>
Date: Fri, 6 Sep 2024 11:45:55 -0600
Subject: [PATCH 05/24] Update _observing-your-data/ad/index.md

Signed-off-by: Melissa Vagi <vagimeli@amazon.com>
---
 _observing-your-data/ad/index.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_observing-your-data/ad/index.md b/_observing-your-data/ad/index.md
index f5ba54b98b0..67964c88797 100644
--- a/_observing-your-data/ad/index.md
+++ b/_observing-your-data/ad/index.md
@@ -29,7 +29,7 @@ A detector is an individual anomaly detection task. You can define multiple dete
 1. Add in the detector details.
    - Enter a name and brief description. Make sure the name is unique and descriptive enough to help you to identify the purpose of the detector.
 1. Specify the data source.   
-   - For **Data source**, choose the index or indexes you want to use as the data source. You can also optionally use an alias or an index patterns to choose multiple indexes. 
+   - For **Data source**, choose the index or indexes you want to use as the data source. Alternatively, you can use an alias or index patterns to choose multiple indexes. 
    - Detectors can use remote indexes. You can access them using the `cluster-name:index-name` pattern, as used in [cross-cluster search](https://opensearch.org/docs/latest/search-plugins/cross-cluster-search/). Alternatively, you can select the clusters and indexes you want to use through OpenSearch Dashboards 2.17 or later.
    - (Optional) For **Data filter**, filter the index you chose as the data source. From the **Data filter** menu, choose **Add data filter**, and then design your filter query by selecting **Field**, **Operator**, and **Value**, or choose **Use query DSL** and add your own JSON filter query. Only [Boolean queries]({{site.url}}{{site.baseurl}}/query-dsl/compound/bool/) are supported for query domain-specific language (DSL).
 

From 6eac47fd095408b70ca7c487f912e7b2e5c1ff1b Mon Sep 17 00:00:00 2001
From: Amit Galitzky <amgalitz@amazon.com>
Date: Tue, 10 Sep 2024 08:58:00 -0700
Subject: [PATCH 06/24] adding additional security information

Signed-off-by: Amit Galitzky <amgalitz@amazon.com>
---
 _observing-your-data/ad/index.md    |  2 +-
 _observing-your-data/ad/security.md | 35 +++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/_observing-your-data/ad/index.md b/_observing-your-data/ad/index.md
index 67964c88797..3242d1c8a33 100644
--- a/_observing-your-data/ad/index.md
+++ b/_observing-your-data/ad/index.md
@@ -30,7 +30,7 @@ A detector is an individual anomaly detection task. You can define multiple dete
    - Enter a name and brief description. Make sure the name is unique and descriptive enough to help you to identify the purpose of the detector.
 1. Specify the data source.   
    - For **Data source**, choose the index or indexes you want to use as the data source. Alternatively, you can use an alias or index patterns to choose multiple indexes. 
-   - Detectors can use remote indexes. You can access them using the `cluster-name:index-name` pattern, as used in [cross-cluster search](https://opensearch.org/docs/latest/search-plugins/cross-cluster-search/). Alternatively, you can select the clusters and indexes you want to use through OpenSearch Dashboards 2.17 or later.
+   - Detectors can use remote indexes. You can access them using the `cluster-name:index-name` pattern, as used in [cross-cluster search](https://opensearch.org/docs/latest/search-plugins/cross-cluster-search/). Alternatively, you can select the clusters and indexes you want to use through OpenSearch Dashboards 2.17 or later. For more information on configuring remote indices with the security plugin enabled, you can view [here](https://opensearch.org/docs/latest/observing-your-data/ad/security/#-selecting-remote-indices-with fine-grained-access-control)
    - (Optional) For **Data filter**, filter the index you chose as the data source. From the **Data filter** menu, choose **Add data filter**, and then design your filter query by selecting **Field**, **Operator**, and **Value**, or choose **Use query DSL** and add your own JSON filter query. Only [Boolean queries]({{site.url}}{{site.baseurl}}/query-dsl/compound/bool/) are supported for query domain-specific language (DSL).
 
 
diff --git a/_observing-your-data/ad/security.md b/_observing-your-data/ad/security.md
index 8eeaa3df41a..666e86e629e 100644
--- a/_observing-your-data/ad/security.md
+++ b/_observing-your-data/ad/security.md
@@ -23,6 +23,11 @@ As an admin user, you can use the Security plugin to assign specific permissions
 
 The Security plugin has two built-in roles that cover most anomaly detection use cases: `anomaly_full_access` and `anomaly_read_access`. For descriptions of each, see [Predefined roles]({{site.url}}{{site.baseurl}}/security/access-control/users-roles#predefined-roles).
 
+If you are using OpenSearch Dashboards to create your anomaly detectors you might notice issues creating a detector even with `anomaly_full_access`, this has been mitigated in OpenSearch 2.17. In order to mitigate this issue in prior versions, you should add these additional permissions:
+
+- `indices:data/read/search` - You need the search permission because the Anomaly Detection plugin needs to search the data source in order to validate if there is enough data to train the model.
+- `indices:admin/mappings/fields/get` and `indices:admin/mappings/fields/get*` - You need field mapping permissions since as part of detector creation we validate if the given data source has a valid timefield and categorical field (in case of creating a high cardinality detector)
+
 If these roles don't meet your needs, mix and match individual anomaly detection [permissions]({{site.url}}{{site.baseurl}}/security/access-control/permissions/) to suit your use case. Each action corresponds to an operation in the REST API. For example, the `cluster:admin/opensearch/ad/detector/delete` permission lets you delete detectors.
 
 ### A note on alerts and fine-grained access control
@@ -31,6 +36,36 @@ When a trigger generates an alert, the detector and monitor configurations, the
 
 To reduce the chances of unintended users viewing metadata that could describe an index, we recommend that administrators enable role-based access control and keep these kinds of design elements in mind when assigning permissions to the intended group of users. See [Limit access by backend role](#advanced-limit-access-by-backend-role) for details.
 
+
+### Selecting remote indices with fine-grained access control
+
+In order to specify a remote index as the data source for a detector you must follow similar instruction as mentioned in the cross-cluster search documentation. By utilizing a role that exists in the both the remote and local cluster.The remote cluster will need to have the mapping between the chosen role and the same user name as in the local cluster. 
+
+For example:
+
+Create a new user on the local cluster from which you’ll create detectors from:
+
+```
+curl -XPUT -k -u 'admin:<custom-admin-password>' 'https://localhost:9200/_plugins/_security/api/internalusers/anomalyuser' -H 'Content-Type: application/json' -d '{"password":"password"}'
+```
+
+Map the new user to the anomaly_full_access role:
+
+```
+curl -XPUT -k -u 'admin:<custom-admin-password>' -H 'Content-Type: application/json' 'https://localhost:9200/_plugins/_security/api/rolesmapping/anomaly_full_access' -d '{"users" : ["anomalyuser"]}'
+```
+
+On the remote cluster, create the same user, and map anomaly_full_access to that role:
+
+```
+curl -XPUT -k -u 'admin:<custom-admin-password>' 'https://localhost:9250/_plugins/_security/api/internalusers/anomalyuser' -H 'Content-Type: application/json' -d '{"password":"password"}'
+curl -XPUT -k -u 'admin:<custom-admin-password>' -H 'Content-Type: application/json' 'https://localhost:9250/_plugins/_security/api/rolesmapping/anomaly_full_access' -d '{"users" : ["anomalyuser"]}'
+```
+
+### Custom result index
+
+In order to use a custom result index users will need to have additional permissions that aren't part of the default roles that opensearch security plugin offers. Users will have to add additional permissions as mentioned in the custom result index setup [step](https://opensearch.org/docs/latest/observing-your-data/ad/index/#example-filter-using-query-dsl:~:text=Specify%20custom%20results%20index.).
+
 ## (Advanced) Limit access by backend role
 
 Use backend roles to configure fine-grained access to individual detectors based on roles. For example, users of different departments in an organization can view detectors owned by their own department.

From 39bebb1c3c02a7a502820db2c2fec8b8c54283ff Mon Sep 17 00:00:00 2001
From: Amit Galitzky <amgalitz@amazon.com>
Date: Tue, 10 Sep 2024 10:28:00 -0700
Subject: [PATCH 07/24] fixing formatting issues

Signed-off-by: Amit Galitzky <amgalitz@amazon.com>
---
 _observing-your-data/ad/index.md    | 2 +-
 _observing-your-data/ad/security.md | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/_observing-your-data/ad/index.md b/_observing-your-data/ad/index.md
index 3242d1c8a33..8f0185693ae 100644
--- a/_observing-your-data/ad/index.md
+++ b/_observing-your-data/ad/index.md
@@ -30,7 +30,7 @@ A detector is an individual anomaly detection task. You can define multiple dete
    - Enter a name and brief description. Make sure the name is unique and descriptive enough to help you to identify the purpose of the detector.
 1. Specify the data source.   
    - For **Data source**, choose the index or indexes you want to use as the data source. Alternatively, you can use an alias or index patterns to choose multiple indexes. 
-   - Detectors can use remote indexes. You can access them using the `cluster-name:index-name` pattern, as used in [cross-cluster search](https://opensearch.org/docs/latest/search-plugins/cross-cluster-search/). Alternatively, you can select the clusters and indexes you want to use through OpenSearch Dashboards 2.17 or later. For more information on configuring remote indices with the security plugin enabled, you can view [here](https://opensearch.org/docs/latest/observing-your-data/ad/security/#-selecting-remote-indices-with fine-grained-access-control)
+   - Detectors can use remote indexes. You can access them using the `cluster-name:index-name` pattern, as used in [cross-cluster search]({{site.url}}{{site.baseurl}}/search-plugins/cross-cluster-search/). Alternatively, you can select the clusters and indexes you want to use through OpenSearch Dashboards 2.17 or later. For more information about configuring remote indexes with the Security plugin enabled, you can view [here]({{site.url}}{{site.baseurl}}/observing-your-data/ad/security/#selecting-remote-indexes-with-fine-grained-access-control)
    - (Optional) For **Data filter**, filter the index you chose as the data source. From the **Data filter** menu, choose **Add data filter**, and then design your filter query by selecting **Field**, **Operator**, and **Value**, or choose **Use query DSL** and add your own JSON filter query. Only [Boolean queries]({{site.url}}{{site.baseurl}}/query-dsl/compound/bool/) are supported for query domain-specific language (DSL).
 
 
diff --git a/_observing-your-data/ad/security.md b/_observing-your-data/ad/security.md
index 666e86e629e..8e038418919 100644
--- a/_observing-your-data/ad/security.md
+++ b/_observing-your-data/ad/security.md
@@ -26,7 +26,7 @@ The Security plugin has two built-in roles that cover most anomaly detection use
 If you are using OpenSearch Dashboards to create your anomaly detectors you might notice issues creating a detector even with `anomaly_full_access`, this has been mitigated in OpenSearch 2.17. In order to mitigate this issue in prior versions, you should add these additional permissions:
 
 - `indices:data/read/search` - You need the search permission because the Anomaly Detection plugin needs to search the data source in order to validate if there is enough data to train the model.
-- `indices:admin/mappings/fields/get` and `indices:admin/mappings/fields/get*` - You need field mapping permissions since as part of detector creation we validate if the given data source has a valid timefield and categorical field (in case of creating a high cardinality detector)
+- `indices:admin/mappings/fields/get` and `indices:admin/mappings/fields/get*` - You need field mapping permissions since as part of detector creation we validate if the given data source has a valid timestamp field and categorical field (in case of creating a high cardinality detector)
 
 If these roles don't meet your needs, mix and match individual anomaly detection [permissions]({{site.url}}{{site.baseurl}}/security/access-control/permissions/) to suit your use case. Each action corresponds to an operation in the REST API. For example, the `cluster:admin/opensearch/ad/detector/delete` permission lets you delete detectors.
 
@@ -37,9 +37,9 @@ When a trigger generates an alert, the detector and monitor configurations, the
 To reduce the chances of unintended users viewing metadata that could describe an index, we recommend that administrators enable role-based access control and keep these kinds of design elements in mind when assigning permissions to the intended group of users. See [Limit access by backend role](#advanced-limit-access-by-backend-role) for details.
 
 
-### Selecting remote indices with fine-grained access control
+### Selecting remote indexes with fine-grained access control
 
-In order to specify a remote index as the data source for a detector you must follow similar instruction as mentioned in the cross-cluster search documentation. By utilizing a role that exists in the both the remote and local cluster.The remote cluster will need to have the mapping between the chosen role and the same user name as in the local cluster. 
+In order to specify a remote index as the data source for a detector you must follow similar instruction as mentioned in the cross-cluster search [documentation]({{site.url}}{{site.baseurl}}/search-plugins/cross-cluster-search/#authentication-flow). By utilizing a role that exists in the both the remote and local cluster.The remote cluster will need to have the mapping between the chosen role and the same user name as in the local cluster. 
 
 For example:
 
@@ -64,7 +64,7 @@ curl -XPUT -k -u 'admin:<custom-admin-password>' -H 'Content-Type: application/j
 
 ### Custom result index
 
-In order to use a custom result index users will need to have additional permissions that aren't part of the default roles that opensearch security plugin offers. Users will have to add additional permissions as mentioned in the custom result index setup [step](https://opensearch.org/docs/latest/observing-your-data/ad/index/#example-filter-using-query-dsl:~:text=Specify%20custom%20results%20index.).
+In order to use a custom result index users will need to have additional permissions that aren't part of the default roles that OpenSearch Security plugin offers. Users will have to add additional permissions as mentioned in the custom result index set up step in [define detector]({{site.url}}{{site.baseurl}}/observing-your-data/ad/index/#step-1-define-a-detector).
 
 ## (Advanced) Limit access by backend role
 

From c923eecd000172f81fe3e421f9ebb596e91fcdcd Mon Sep 17 00:00:00 2001
From: Melissa Vagi <vagimeli@amazon.com>
Date: Wed, 11 Sep 2024 08:42:56 -0600
Subject: [PATCH 08/24] Update _observing-your-data/ad/index.md

Co-authored-by: Nathan Bower <nbower@amazon.com>
Signed-off-by: Melissa Vagi <vagimeli@amazon.com>
---
 _observing-your-data/ad/index.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_observing-your-data/ad/index.md b/_observing-your-data/ad/index.md
index 8f0185693ae..a78147025e7 100644
--- a/_observing-your-data/ad/index.md
+++ b/_observing-your-data/ad/index.md
@@ -29,7 +29,7 @@ A detector is an individual anomaly detection task. You can define multiple dete
 1. Add in the detector details.
    - Enter a name and brief description. Make sure the name is unique and descriptive enough to help you to identify the purpose of the detector.
 1. Specify the data source.   
-   - For **Data source**, choose the index or indexes you want to use as the data source. Alternatively, you can use an alias or index patterns to choose multiple indexes. 
+   - For **Data source**, choose one or more indexes to use as the data source. Alternatively, you can use an alias or index patterns to choose multiple indexes. 
    - Detectors can use remote indexes. You can access them using the `cluster-name:index-name` pattern, as used in [cross-cluster search]({{site.url}}{{site.baseurl}}/search-plugins/cross-cluster-search/). Alternatively, you can select the clusters and indexes you want to use through OpenSearch Dashboards 2.17 or later. For more information about configuring remote indexes with the Security plugin enabled, you can view [here]({{site.url}}{{site.baseurl}}/observing-your-data/ad/security/#selecting-remote-indexes-with-fine-grained-access-control)
    - (Optional) For **Data filter**, filter the index you chose as the data source. From the **Data filter** menu, choose **Add data filter**, and then design your filter query by selecting **Field**, **Operator**, and **Value**, or choose **Use query DSL** and add your own JSON filter query. Only [Boolean queries]({{site.url}}{{site.baseurl}}/query-dsl/compound/bool/) are supported for query domain-specific language (DSL).
 

From 167224014ae8745d473d902fb147c6f3b776a263 Mon Sep 17 00:00:00 2001
From: Melissa Vagi <vagimeli@amazon.com>
Date: Wed, 11 Sep 2024 08:43:12 -0600
Subject: [PATCH 09/24] Update _observing-your-data/ad/index.md

Co-authored-by: Nathan Bower <nbower@amazon.com>
Signed-off-by: Melissa Vagi <vagimeli@amazon.com>
---
 _observing-your-data/ad/index.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_observing-your-data/ad/index.md b/_observing-your-data/ad/index.md
index a78147025e7..55b703ba2f3 100644
--- a/_observing-your-data/ad/index.md
+++ b/_observing-your-data/ad/index.md
@@ -30,7 +30,7 @@ A detector is an individual anomaly detection task. You can define multiple dete
    - Enter a name and brief description. Make sure the name is unique and descriptive enough to help you to identify the purpose of the detector.
 1. Specify the data source.   
    - For **Data source**, choose one or more indexes to use as the data source. Alternatively, you can use an alias or index patterns to choose multiple indexes. 
-   - Detectors can use remote indexes. You can access them using the `cluster-name:index-name` pattern, as used in [cross-cluster search]({{site.url}}{{site.baseurl}}/search-plugins/cross-cluster-search/). Alternatively, you can select the clusters and indexes you want to use through OpenSearch Dashboards 2.17 or later. For more information about configuring remote indexes with the Security plugin enabled, you can view [here]({{site.url}}{{site.baseurl}}/observing-your-data/ad/security/#selecting-remote-indexes-with-fine-grained-access-control)
+   - Detectors can use remote indexes. You can access them using the `cluster-name:index-name` pattern, as used in [cross-cluster search]({{site.url}}{{site.baseurl}}/search-plugins/cross-cluster-search/). Alternatively, you can select clusters and indexes in OpenSearch Dashboards 2.17 or later. For more information about configuring remote indexes with the Security plugin enabled, see [here]({{site.url}}{{site.baseurl}}/observing-your-data/ad/security/#selecting-remote-indexes-with-fine-grained-access-control).
    - (Optional) For **Data filter**, filter the index you chose as the data source. From the **Data filter** menu, choose **Add data filter**, and then design your filter query by selecting **Field**, **Operator**, and **Value**, or choose **Use query DSL** and add your own JSON filter query. Only [Boolean queries]({{site.url}}{{site.baseurl}}/query-dsl/compound/bool/) are supported for query domain-specific language (DSL).
 
 

From 1586c9e69e2160b16b3b67705fd902bd295e1937 Mon Sep 17 00:00:00 2001
From: Melissa Vagi <vagimeli@amazon.com>
Date: Wed, 11 Sep 2024 08:50:43 -0600
Subject: [PATCH 10/24] Update _observing-your-data/ad/index.md

Co-authored-by: Nathan Bower <nbower@amazon.com>
Signed-off-by: Melissa Vagi <vagimeli@amazon.com>
---
 _observing-your-data/ad/index.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_observing-your-data/ad/index.md b/_observing-your-data/ad/index.md
index 55b703ba2f3..7aa3d808262 100644
--- a/_observing-your-data/ad/index.md
+++ b/_observing-your-data/ad/index.md
@@ -34,7 +34,7 @@ A detector is an individual anomaly detection task. You can define multiple dete
    - (Optional) For **Data filter**, filter the index you chose as the data source. From the **Data filter** menu, choose **Add data filter**, and then design your filter query by selecting **Field**, **Operator**, and **Value**, or choose **Use query DSL** and add your own JSON filter query. Only [Boolean queries]({{site.url}}{{site.baseurl}}/query-dsl/compound/bool/) are supported for query domain-specific language (DSL).
 
 
-To create a cross-cluster detector through OpenSearch Dashboards, the following [permissions]({{site.url}}{{site.baseurl}}/security/access-control/permissions/) are required: `indices:data/read/field_caps`, `indices:admin/resolve/index`, and `cluster:monitor/remote/info`.
+To create a cross-cluster detector in OpenSearch Dashboards, the following [permissions]({{site.url}}{{site.baseurl}}/security/access-control/permissions/) are required: `indices:data/read/field_caps`, `indices:admin/resolve/index`, and `cluster:monitor/remote/info`.
 {: .note}
 
 #### Example filter using query DSL

From b909911e88a595014d2dc22b1b9fabdeb6b5d0a2 Mon Sep 17 00:00:00 2001
From: Melissa Vagi <vagimeli@amazon.com>
Date: Wed, 11 Sep 2024 08:50:50 -0600
Subject: [PATCH 11/24] Update _observing-your-data/ad/security.md

Co-authored-by: Nathan Bower <nbower@amazon.com>
Signed-off-by: Melissa Vagi <vagimeli@amazon.com>
---
 _observing-your-data/ad/security.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_observing-your-data/ad/security.md b/_observing-your-data/ad/security.md
index 8e038418919..9ac66adea29 100644
--- a/_observing-your-data/ad/security.md
+++ b/_observing-your-data/ad/security.md
@@ -62,7 +62,7 @@ curl -XPUT -k -u 'admin:<custom-admin-password>' 'https://localhost:9250/_plugin
 curl -XPUT -k -u 'admin:<custom-admin-password>' -H 'Content-Type: application/json' 'https://localhost:9250/_plugins/_security/api/rolesmapping/anomaly_full_access' -d '{"users" : ["anomalyuser"]}'
 ```
 
-### Custom result index
+### Custom results index
 
 In order to use a custom result index users will need to have additional permissions that aren't part of the default roles that OpenSearch Security plugin offers. Users will have to add additional permissions as mentioned in the custom result index set up step in [define detector]({{site.url}}{{site.baseurl}}/observing-your-data/ad/index/#step-1-define-a-detector).
 

From 8a04f3959819af293cf03574222fd47694b61cbc Mon Sep 17 00:00:00 2001
From: Melissa Vagi <vagimeli@amazon.com>
Date: Wed, 11 Sep 2024 08:51:01 -0600
Subject: [PATCH 12/24] Update _observing-your-data/ad/security.md

Co-authored-by: Nathan Bower <nbower@amazon.com>
Signed-off-by: Melissa Vagi <vagimeli@amazon.com>
---
 _observing-your-data/ad/security.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_observing-your-data/ad/security.md b/_observing-your-data/ad/security.md
index 9ac66adea29..ab51f724801 100644
--- a/_observing-your-data/ad/security.md
+++ b/_observing-your-data/ad/security.md
@@ -64,7 +64,7 @@ curl -XPUT -k -u 'admin:<custom-admin-password>' -H 'Content-Type: application/j
 
 ### Custom results index
 
-In order to use a custom result index users will need to have additional permissions that aren't part of the default roles that OpenSearch Security plugin offers. Users will have to add additional permissions as mentioned in the custom result index set up step in [define detector]({{site.url}}{{site.baseurl}}/observing-your-data/ad/index/#step-1-define-a-detector).
+In order to use a custom results index, users need additional permissions that aren't included in the default roles provided by the OpenSearch Security plugin. Users need to add additional permissions, as mentioned in the custom result index setup step in [define detector]({{site.url}}{{site.baseurl}}/observing-your-data/ad/index/#step-1-define-a-detector).
 
 ## (Advanced) Limit access by backend role
 

From 85ea3c84141b50a74ca76380128eb5d2ebd87d63 Mon Sep 17 00:00:00 2001
From: Melissa Vagi <vagimeli@amazon.com>
Date: Wed, 11 Sep 2024 08:51:13 -0600
Subject: [PATCH 13/24] Update _observing-your-data/ad/security.md

Co-authored-by: Nathan Bower <nbower@amazon.com>
Signed-off-by: Melissa Vagi <vagimeli@amazon.com>
---
 _observing-your-data/ad/security.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_observing-your-data/ad/security.md b/_observing-your-data/ad/security.md
index ab51f724801..586594b1a98 100644
--- a/_observing-your-data/ad/security.md
+++ b/_observing-your-data/ad/security.md
@@ -55,7 +55,7 @@ Map the new user to the anomaly_full_access role:
 curl -XPUT -k -u 'admin:<custom-admin-password>' -H 'Content-Type: application/json' 'https://localhost:9200/_plugins/_security/api/rolesmapping/anomaly_full_access' -d '{"users" : ["anomalyuser"]}'
 ```
 
-On the remote cluster, create the same user, and map anomaly_full_access to that role:
+On the remote cluster, create the same user and map `anomaly_full_access` to that role:
 
 ```
 curl -XPUT -k -u 'admin:<custom-admin-password>' 'https://localhost:9250/_plugins/_security/api/internalusers/anomalyuser' -H 'Content-Type: application/json' -d '{"password":"password"}'

From d0f494e75a77c80d331f6f85837e263997474c85 Mon Sep 17 00:00:00 2001
From: Melissa Vagi <vagimeli@amazon.com>
Date: Wed, 11 Sep 2024 08:51:22 -0600
Subject: [PATCH 14/24] Update _observing-your-data/ad/security.md

Co-authored-by: Nathan Bower <nbower@amazon.com>
Signed-off-by: Melissa Vagi <vagimeli@amazon.com>
---
 _observing-your-data/ad/security.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_observing-your-data/ad/security.md b/_observing-your-data/ad/security.md
index 586594b1a98..4aadb592a34 100644
--- a/_observing-your-data/ad/security.md
+++ b/_observing-your-data/ad/security.md
@@ -49,7 +49,7 @@ Create a new user on the local cluster from which you’ll create detectors from
 curl -XPUT -k -u 'admin:<custom-admin-password>' 'https://localhost:9200/_plugins/_security/api/internalusers/anomalyuser' -H 'Content-Type: application/json' -d '{"password":"password"}'
 ```
 
-Map the new user to the anomaly_full_access role:
+Map the new user to the `anomaly_full_access` role:
 
 ```
 curl -XPUT -k -u 'admin:<custom-admin-password>' -H 'Content-Type: application/json' 'https://localhost:9200/_plugins/_security/api/rolesmapping/anomaly_full_access' -d '{"users" : ["anomalyuser"]}'

From bdf6b035983aac65ee3a96d22e93fde6341e472e Mon Sep 17 00:00:00 2001
From: Melissa Vagi <vagimeli@amazon.com>
Date: Wed, 11 Sep 2024 08:51:38 -0600
Subject: [PATCH 15/24] Update _observing-your-data/ad/security.md

Co-authored-by: Nathan Bower <nbower@amazon.com>
Signed-off-by: Melissa Vagi <vagimeli@amazon.com>
---
 _observing-your-data/ad/security.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_observing-your-data/ad/security.md b/_observing-your-data/ad/security.md
index 4aadb592a34..ede391bac50 100644
--- a/_observing-your-data/ad/security.md
+++ b/_observing-your-data/ad/security.md
@@ -23,7 +23,7 @@ As an admin user, you can use the Security plugin to assign specific permissions
 
 The Security plugin has two built-in roles that cover most anomaly detection use cases: `anomaly_full_access` and `anomaly_read_access`. For descriptions of each, see [Predefined roles]({{site.url}}{{site.baseurl}}/security/access-control/users-roles#predefined-roles).
 
-If you are using OpenSearch Dashboards to create your anomaly detectors you might notice issues creating a detector even with `anomaly_full_access`, this has been mitigated in OpenSearch 2.17. In order to mitigate this issue in prior versions, you should add these additional permissions:
+If you are using OpenSearch Dashboards to create your anomaly detectors, you may experience issues even with `anomaly_full_access`. This has been mitigated in OpenSearch 2.17. In order to mitigate this issue in prior versions, you should add these additional permissions:
 
 - `indices:data/read/search` - You need the search permission because the Anomaly Detection plugin needs to search the data source in order to validate if there is enough data to train the model.
 - `indices:admin/mappings/fields/get` and `indices:admin/mappings/fields/get*` - You need field mapping permissions since as part of detector creation we validate if the given data source has a valid timestamp field and categorical field (in case of creating a high cardinality detector)

From 563a6101f7e8724eb2d483a01013e1587e363bc2 Mon Sep 17 00:00:00 2001
From: Melissa Vagi <vagimeli@amazon.com>
Date: Wed, 11 Sep 2024 09:55:06 -0600
Subject: [PATCH 16/24] doc review new content and address editorial review
 comments

Signed-off-by: Melissa Vagi <vagimeli@amazon.com>
---
 _observing-your-data/ad/index.md    |  4 ++--
 _observing-your-data/ad/security.md | 24 +++++++++++++++---------
 2 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/_observing-your-data/ad/index.md b/_observing-your-data/ad/index.md
index 7aa3d808262..f846153f893 100644
--- a/_observing-your-data/ad/index.md
+++ b/_observing-your-data/ad/index.md
@@ -10,7 +10,7 @@ redirect_from:
 
 # Anomaly detection
 
-An anomaly in OpenSearch is any unusual behavior change in your time-series data. Anomalies can provide valuable insights into your data. For example, for IT infrastructure data, an anomaly in the memory usage metric might help you uncover early signs of a system failure.
+An _anomaly_ in OpenSearch is any unusual behavior change in your time-series data. Anomalies can provide valuable insights into your data. For example, for IT infrastructure data, an anomaly in the memory usage metric might help you uncover early signs of a system failure.
 
 It can be challenging to discover anomalies using conventional methods such as creating visualizations and dashboards. You could configure an alert based on a static threshold, but this requires prior domain knowledge and isn't adaptive to data that exhibits organic growth or seasonal behavior.
 
@@ -29,7 +29,7 @@ A detector is an individual anomaly detection task. You can define multiple dete
 1. Add in the detector details.
    - Enter a name and brief description. Make sure the name is unique and descriptive enough to help you to identify the purpose of the detector.
 1. Specify the data source.   
-   - For **Data source**, choose one or more indexes to use as the data source. Alternatively, you can use an alias or index patterns to choose multiple indexes. 
+   - For **Data source**, choose one or more indexes to use as the data source. Alternatively, you can use an alias or index pattern to choose multiple indexes. 
    - Detectors can use remote indexes. You can access them using the `cluster-name:index-name` pattern, as used in [cross-cluster search]({{site.url}}{{site.baseurl}}/search-plugins/cross-cluster-search/). Alternatively, you can select clusters and indexes in OpenSearch Dashboards 2.17 or later. For more information about configuring remote indexes with the Security plugin enabled, see [here]({{site.url}}{{site.baseurl}}/observing-your-data/ad/security/#selecting-remote-indexes-with-fine-grained-access-control).
    - (Optional) For **Data filter**, filter the index you chose as the data source. From the **Data filter** menu, choose **Add data filter**, and then design your filter query by selecting **Field**, **Operator**, and **Value**, or choose **Use query DSL** and add your own JSON filter query. Only [Boolean queries]({{site.url}}{{site.baseurl}}/query-dsl/compound/bool/) are supported for query domain-specific language (DSL).
 
diff --git a/_observing-your-data/ad/security.md b/_observing-your-data/ad/security.md
index ede391bac50..8342531f9f3 100644
--- a/_observing-your-data/ad/security.md
+++ b/_observing-your-data/ad/security.md
@@ -25,8 +25,8 @@ The Security plugin has two built-in roles that cover most anomaly detection use
 
 If you are using OpenSearch Dashboards to create your anomaly detectors, you may experience issues even with `anomaly_full_access`. This has been mitigated in OpenSearch 2.17. In order to mitigate this issue in prior versions, you should add these additional permissions:
 
-- `indices:data/read/search` - You need the search permission because the Anomaly Detection plugin needs to search the data source in order to validate if there is enough data to train the model.
-- `indices:admin/mappings/fields/get` and `indices:admin/mappings/fields/get*` - You need field mapping permissions since as part of detector creation we validate if the given data source has a valid timestamp field and categorical field (in case of creating a high cardinality detector)
+- `indices:data/read/search` -- You need this permission because the Anomaly Detection plugin needs to search the data source in order to validate whether there is enough data to train the model.
+- `indices:admin/mappings/fields/get` and `indices:admin/mappings/fields/get*` -- You need these permissions to validate whether the given data source has a valid timestamp field and categorical field (in the case of creating a high-cardinality detector).
 
 If these roles don't meet your needs, mix and match individual anomaly detection [permissions]({{site.url}}{{site.baseurl}}/security/access-control/permissions/) to suit your use case. Each action corresponds to an operation in the REST API. For example, the `cluster:admin/opensearch/ad/detector/delete` permission lets you delete detectors.
 
@@ -36,35 +36,41 @@ When a trigger generates an alert, the detector and monitor configurations, the
 
 To reduce the chances of unintended users viewing metadata that could describe an index, we recommend that administrators enable role-based access control and keep these kinds of design elements in mind when assigning permissions to the intended group of users. See [Limit access by backend role](#advanced-limit-access-by-backend-role) for details.
 
-
 ### Selecting remote indexes with fine-grained access control
 
-In order to specify a remote index as the data source for a detector you must follow similar instruction as mentioned in the cross-cluster search [documentation]({{site.url}}{{site.baseurl}}/search-plugins/cross-cluster-search/#authentication-flow). By utilizing a role that exists in the both the remote and local cluster.The remote cluster will need to have the mapping between the chosen role and the same user name as in the local cluster. 
+To use a remote index as a data source for a detector, see [Authentication flow]({{site.url}}{{site.baseurl}}/search-plugins/cross-cluster-search/#authentication-flow) in [Cross-cluster search]({{site.url}}{{site.baseurl}}/search-plugins/cross-cluster-search/). You must use a role that exists in both the remote and local clusters. The remote cluster must map the chosen role to the same username as in the local cluster.
+
+---
 
-For example:
+#### Example: Create new user on local cluster
 
-Create a new user on the local cluster from which you’ll create detectors from:
+1. Create a new user on the local cluster to use for creating detectors:
 
 ```
 curl -XPUT -k -u 'admin:<custom-admin-password>' 'https://localhost:9200/_plugins/_security/api/internalusers/anomalyuser' -H 'Content-Type: application/json' -d '{"password":"password"}'
 ```
+{% include copy-curl.html %}
 
-Map the new user to the `anomaly_full_access` role:
+2. Map the new user to the `anomaly_full_access` role:
 
 ```
 curl -XPUT -k -u 'admin:<custom-admin-password>' -H 'Content-Type: application/json' 'https://localhost:9200/_plugins/_security/api/rolesmapping/anomaly_full_access' -d '{"users" : ["anomalyuser"]}'
 ```
+{% include copy-curl.html %}
 
-On the remote cluster, create the same user and map `anomaly_full_access` to that role:
+3. On the remote cluster, create the same user and map `anomaly_full_access` to that role:
 
 ```
 curl -XPUT -k -u 'admin:<custom-admin-password>' 'https://localhost:9250/_plugins/_security/api/internalusers/anomalyuser' -H 'Content-Type: application/json' -d '{"password":"password"}'
 curl -XPUT -k -u 'admin:<custom-admin-password>' -H 'Content-Type: application/json' 'https://localhost:9250/_plugins/_security/api/rolesmapping/anomaly_full_access' -d '{"users" : ["anomalyuser"]}'
 ```
+{% include copy-curl.html %}
+
+---
 
 ### Custom results index
 
-In order to use a custom results index, users need additional permissions that aren't included in the default roles provided by the OpenSearch Security plugin. Users need to add additional permissions, as mentioned in the custom result index setup step in [define detector]({{site.url}}{{site.baseurl}}/observing-your-data/ad/index/#step-1-define-a-detector).
+To use a custom results index, you need additional permissions not included in the default roles provided by the OpenSearch Security plugin. To add these permission, see [Step 1: Define a detector]({{site.url}}{{site.baseurl}}/observing-your-data/ad/index/#step-1-define-a-detector) of the [Anomaly detection]({{site.url}}{{site.baseurl}}/observing-your-data/ad/index/) documentation.
 
 ## (Advanced) Limit access by backend role
 

From 7f76d59957035b3241dae70ea59aa1afd7deb4d5 Mon Sep 17 00:00:00 2001
From: Melissa Vagi <vagimeli@amazon.com>
Date: Wed, 11 Sep 2024 10:00:07 -0600
Subject: [PATCH 17/24] doc review new content and address editorial review
 comments

Signed-off-by: Melissa Vagi <vagimeli@amazon.com>
---
 _observing-your-data/ad/security.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_observing-your-data/ad/security.md b/_observing-your-data/ad/security.md
index 8342531f9f3..527721d3b42 100644
--- a/_observing-your-data/ad/security.md
+++ b/_observing-your-data/ad/security.md
@@ -23,7 +23,7 @@ As an admin user, you can use the Security plugin to assign specific permissions
 
 The Security plugin has two built-in roles that cover most anomaly detection use cases: `anomaly_full_access` and `anomaly_read_access`. For descriptions of each, see [Predefined roles]({{site.url}}{{site.baseurl}}/security/access-control/users-roles#predefined-roles).
 
-If you are using OpenSearch Dashboards to create your anomaly detectors, you may experience issues even with `anomaly_full_access`. This has been mitigated in OpenSearch 2.17. In order to mitigate this issue in prior versions, you should add these additional permissions:
+If you use OpenSearch Dashboards to create your anomaly detectors, you may experience permission issues even with `anomaly_full_access`. This issue has been resolved in OpenSearch 2.17, but for earlier versions, the following additional permissions need to be added: 
 
 - `indices:data/read/search` -- You need this permission because the Anomaly Detection plugin needs to search the data source in order to validate whether there is enough data to train the model.
 - `indices:admin/mappings/fields/get` and `indices:admin/mappings/fields/get*` -- You need these permissions to validate whether the given data source has a valid timestamp field and categorical field (in the case of creating a high-cardinality detector).

From b278b1d7acd2ba701a7804947e2301eb1f96ada6 Mon Sep 17 00:00:00 2001
From: Melissa Vagi <vagimeli@amazon.com>
Date: Wed, 11 Sep 2024 10:03:44 -0600
Subject: [PATCH 18/24] Update _observing-your-data/ad/security.md

Signed-off-by: Melissa Vagi <vagimeli@amazon.com>
---
 _observing-your-data/ad/security.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_observing-your-data/ad/security.md b/_observing-your-data/ad/security.md
index 527721d3b42..7ec0bd4d8a9 100644
--- a/_observing-your-data/ad/security.md
+++ b/_observing-your-data/ad/security.md
@@ -42,7 +42,7 @@ To use a remote index as a data source for a detector, see [Authentication flow]
 
 ---
 
-#### Example: Create new user on local cluster
+#### Example: Create a new user on local cluster
 
 1. Create a new user on the local cluster to use for creating detectors:
 

From ab43ebf03127b3c344baabcd0a9e9e6974a7ec43 Mon Sep 17 00:00:00 2001
From: Melissa Vagi <vagimeli@amazon.com>
Date: Wed, 11 Sep 2024 10:05:45 -0600
Subject: [PATCH 19/24] Update _observing-your-data/ad/security.md

Signed-off-by: Melissa Vagi <vagimeli@amazon.com>
---
 _observing-your-data/ad/security.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_observing-your-data/ad/security.md b/_observing-your-data/ad/security.md
index 7ec0bd4d8a9..b1a11f77742 100644
--- a/_observing-your-data/ad/security.md
+++ b/_observing-your-data/ad/security.md
@@ -38,7 +38,7 @@ To reduce the chances of unintended users viewing metadata that could describe a
 
 ### Selecting remote indexes with fine-grained access control
 
-To use a remote index as a data source for a detector, see [Authentication flow]({{site.url}}{{site.baseurl}}/search-plugins/cross-cluster-search/#authentication-flow) in [Cross-cluster search]({{site.url}}{{site.baseurl}}/search-plugins/cross-cluster-search/). You must use a role that exists in both the remote and local clusters. The remote cluster must map the chosen role to the same username as in the local cluster.
+To use a remote index as a data source for a detector, see the setup steps in [Authentication flow]({{site.url}}{{site.baseurl}}/search-plugins/cross-cluster-search/#authentication-flow) in [Cross-cluster search]({{site.url}}{{site.baseurl}}/search-plugins/cross-cluster-search/). You must use a role that exists in both the remote and local clusters. The remote cluster must map the chosen role to the same username as in the local cluster.
 
 ---
 

From 52382a550dba81ce494c8725fd729b86b9085a3a Mon Sep 17 00:00:00 2001
From: Melissa Vagi <vagimeli@amazon.com>
Date: Wed, 11 Sep 2024 11:10:06 -0600
Subject: [PATCH 20/24] doc review new content and address editorial review
 comments

Signed-off-by: Melissa Vagi <vagimeli@amazon.com>
---
 _observing-your-data/ad/index.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_observing-your-data/ad/index.md b/_observing-your-data/ad/index.md
index f846153f893..f565ca6e319 100644
--- a/_observing-your-data/ad/index.md
+++ b/_observing-your-data/ad/index.md
@@ -30,7 +30,7 @@ A detector is an individual anomaly detection task. You can define multiple dete
    - Enter a name and brief description. Make sure the name is unique and descriptive enough to help you to identify the purpose of the detector.
 1. Specify the data source.   
    - For **Data source**, choose one or more indexes to use as the data source. Alternatively, you can use an alias or index pattern to choose multiple indexes. 
-   - Detectors can use remote indexes. You can access them using the `cluster-name:index-name` pattern, as used in [cross-cluster search]({{site.url}}{{site.baseurl}}/search-plugins/cross-cluster-search/). Alternatively, you can select clusters and indexes in OpenSearch Dashboards 2.17 or later. For more information about configuring remote indexes with the Security plugin enabled, see [here]({{site.url}}{{site.baseurl}}/observing-your-data/ad/security/#selecting-remote-indexes-with-fine-grained-access-control).
+   - Detectors can use remote indexes. You can access them using the `cluster-name:index-name` pattern. See [Cross-cluster search]({{site.url}}{{site.baseurl}}/search-plugins/cross-cluster-search/) for more information. Alternatively, you can select clusters and indexes in OpenSearch Dashboards 2.17 or later. To learn about configuring remote indexes with the Security plugin enabled, see [Selecting remote indexes with fine-grained access control]({{site.url}}{{site.baseurl}}/observing-your-data/ad/security/#selecting-remote-indexes-with-fine-grained-access-control) in the [Anomaly detection security](observing-your-data/ad/security/) documentation.
    - (Optional) For **Data filter**, filter the index you chose as the data source. From the **Data filter** menu, choose **Add data filter**, and then design your filter query by selecting **Field**, **Operator**, and **Value**, or choose **Use query DSL** and add your own JSON filter query. Only [Boolean queries]({{site.url}}{{site.baseurl}}/query-dsl/compound/bool/) are supported for query domain-specific language (DSL).
 
 

From 93dc9486b47c9682d08694389fc56d0d2c2820c3 Mon Sep 17 00:00:00 2001
From: Melissa Vagi <vagimeli@amazon.com>
Date: Fri, 13 Sep 2024 13:20:26 -0600
Subject: [PATCH 21/24] Update _observing-your-data/ad/security.md

Co-authored-by: Nathan Bower <nbower@amazon.com>
Signed-off-by: Melissa Vagi <vagimeli@amazon.com>
---
 _observing-your-data/ad/security.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_observing-your-data/ad/security.md b/_observing-your-data/ad/security.md
index b1a11f77742..c7c656df8f0 100644
--- a/_observing-your-data/ad/security.md
+++ b/_observing-your-data/ad/security.md
@@ -42,7 +42,7 @@ To use a remote index as a data source for a detector, see the setup steps in [A
 
 ---
 
-#### Example: Create a new user on local cluster
+#### Example: Create a new user on the local cluster
 
 1. Create a new user on the local cluster to use for creating detectors:
 

From f89eb555c3e0a539e5675383ee9bdbd0c26c0e19 Mon Sep 17 00:00:00 2001
From: Melissa Vagi <vagimeli@amazon.com>
Date: Fri, 13 Sep 2024 13:20:35 -0600
Subject: [PATCH 22/24] Update _observing-your-data/ad/security.md

Co-authored-by: Nathan Bower <nbower@amazon.com>
Signed-off-by: Melissa Vagi <vagimeli@amazon.com>
---
 _observing-your-data/ad/security.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_observing-your-data/ad/security.md b/_observing-your-data/ad/security.md
index c7c656df8f0..690477ee9ce 100644
--- a/_observing-your-data/ad/security.md
+++ b/_observing-your-data/ad/security.md
@@ -70,7 +70,7 @@ curl -XPUT -k -u 'admin:<custom-admin-password>' -H 'Content-Type: application/j
 
 ### Custom results index
 
-To use a custom results index, you need additional permissions not included in the default roles provided by the OpenSearch Security plugin. To add these permission, see [Step 1: Define a detector]({{site.url}}{{site.baseurl}}/observing-your-data/ad/index/#step-1-define-a-detector) of the [Anomaly detection]({{site.url}}{{site.baseurl}}/observing-your-data/ad/index/) documentation.
+To use a custom results index, you need additional permissions not included in the default roles provided by the OpenSearch Security plugin. To add these permissions, see [Step 1: Define a detector]({{site.url}}{{site.baseurl}}/observing-your-data/ad/index/#step-1-define-a-detector) in the [Anomaly detection]({{site.url}}{{site.baseurl}}/observing-your-data/ad/index/) documentation.
 
 ## (Advanced) Limit access by backend role
 

From c2cf1c03fd8a71b372b692a1beeec636a39c29a8 Mon Sep 17 00:00:00 2001
From: Melissa Vagi <vagimeli@amazon.com>
Date: Fri, 13 Sep 2024 13:20:44 -0600
Subject: [PATCH 23/24] Update _observing-your-data/ad/security.md

Co-authored-by: Nathan Bower <nbower@amazon.com>
Signed-off-by: Melissa Vagi <vagimeli@amazon.com>
---
 _observing-your-data/ad/security.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_observing-your-data/ad/security.md b/_observing-your-data/ad/security.md
index 690477ee9ce..c30fa942411 100644
--- a/_observing-your-data/ad/security.md
+++ b/_observing-your-data/ad/security.md
@@ -44,7 +44,7 @@ To use a remote index as a data source for a detector, see the setup steps in [A
 
 #### Example: Create a new user on the local cluster
 
-1. Create a new user on the local cluster to use for creating detectors:
+1. Create a new user on the local cluster to use for detector creation:
 
 ```
 curl -XPUT -k -u 'admin:<custom-admin-password>' 'https://localhost:9200/_plugins/_security/api/internalusers/anomalyuser' -H 'Content-Type: application/json' -d '{"password":"password"}'

From 60de517363bb30fd0bfcfd32b2b804870f5835e3 Mon Sep 17 00:00:00 2001
From: Melissa Vagi <vagimeli@amazon.com>
Date: Fri, 13 Sep 2024 13:22:37 -0600
Subject: [PATCH 24/24] Update _observing-your-data/ad/security.md

Signed-off-by: Melissa Vagi <vagimeli@amazon.com>
---
 _observing-your-data/ad/security.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_observing-your-data/ad/security.md b/_observing-your-data/ad/security.md
index c30fa942411..e4816cec468 100644
--- a/_observing-your-data/ad/security.md
+++ b/_observing-your-data/ad/security.md
@@ -23,7 +23,7 @@ As an admin user, you can use the Security plugin to assign specific permissions
 
 The Security plugin has two built-in roles that cover most anomaly detection use cases: `anomaly_full_access` and `anomaly_read_access`. For descriptions of each, see [Predefined roles]({{site.url}}{{site.baseurl}}/security/access-control/users-roles#predefined-roles).
 
-If you use OpenSearch Dashboards to create your anomaly detectors, you may experience permission issues even with `anomaly_full_access`. This issue has been resolved in OpenSearch 2.17, but for earlier versions, the following additional permissions need to be added: 
+If you use OpenSearch Dashboards to create your anomaly detectors, you may experience access issues even with `anomaly_full_access`. This issue has been resolved in OpenSearch 2.17, but for earlier versions, the following additional permissions need to be added: 
 
 - `indices:data/read/search` -- You need this permission because the Anomaly Detection plugin needs to search the data source in order to validate whether there is enough data to train the model.
 - `indices:admin/mappings/fields/get` and `indices:admin/mappings/fields/get*` -- You need these permissions to validate whether the given data source has a valid timestamp field and categorical field (in the case of creating a high-cardinality detector).