Merge pull request #939 from hlxsites/runtime-fixes-1

Fix minor issues in the Compute admin guide

docs/en/compute-edition/33/admin-guide/welcome/releases.adoc

@@ -4,10 +4,7 @@ In general, you should stay on the latest major release unless you require a fea
 We recommend that you upgrade to new major releases as they become available.
 For more information, see the xref:../welcome/support-lifecycle.adoc[Prisma Cloud support lifecycle].
 
-The bell icon in Console automatically notifies you when new releases are available:
-
-image::update_bell.png[width=800]
-
+The bell icon in the Console shows a notification when a new release is available. 
 
 [.task]
 === Downloading the software [[download]]

docs/en/compute-edition/33/admin-guide/welcome/security-assurance-policy.adoc

@@ -47,15 +47,7 @@ Yes, security vulnerabilities are addressed in both the editions.
 *Do I have to upgrade my console/defender to get security updates?*
 
 If security fixes are released, you may be required to upgrade either or both the Console and Defender. We recommend that all security releases are adopted immediately. 
-For the full details of which vulnerabilities were fixed in a release, refer to the 
-
-ifdef::compute_edition[]
-https://docs.paloaltonetworks.com/prisma/prisma-cloud/22-01/prisma-cloud-compute-edition-release-notes/release-information.html[release notes].
-endif::compute_edition[]
-
-ifdef::prisma_cloud[]
-https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-release-notes/prisma-cloud-compute-release-information.html[release notes].
-endif::prisma_cloud[]
+For the full details of which vulnerabilities were fixed in a release, refer to the  xref:../../rn/release-information/release-notes-33-01.adoc[release notes].
 
 *What is the minimum severity for vulnerabilities to warrant a security release?*
 

docs/en/enterprise-edition/content-collections/runtime-security/runtime-defense/runtime-audits.adoc

@@ -6,15 +6,17 @@ This document summarizes all the runtime audits (detections) that are available
 [.section]
 === Runtime detections for processes
 
-[cols="15%, 40%a, 25%a, 10%, 15%", options="header"]
+[cols="20%, 25%a, 15%a, 10%, 30%a", options="header"]
 |===
 |Detection  |Context  |Audit message  |Triggers an incident  |Workloads
 
 |Unexpected Process
 |Indicates when a process that is not part of the runtime model was spawned.
 
 * Avoid audits for specific known and allowed processes, by adding the process name to the runtime rules processes *Allowed* list.
+
 * In order to add the processes to the model, navigate to the relevant model under *Monitor > Runtime > Container* models, then click on *...* and select *Extend learning*
+
 |
 * <process> launched but is not found in the runtime model
 * <process> launched from <parent process> but is not found in the runtime model
@@ -42,6 +44,7 @@ App-embedded
 |Indicates a modified process was spawned. A modified process is a process whose binary was created or modified after the container was started.
 
 * Enable and disable this detection via the *Processes started from modified binaries* toggle, under the Runtime rule Processes tab
+
 * Avoid audits on specific known and allowed processes, by adding process names to the runtime rules processes *Allowed* list.
 
 |A modified executable <process>  was launched
@@ -54,6 +57,7 @@ App-embedded
 |Indicates that a package binary file was replaced during image build. This detection will generate an audit when a process is started from an altered binary.
 
 * Enable and disable this detection via the *Processes started from modified binaries* toggle, under the Runtime rule Processes tab
+
 * Avoid audits on specific known and allowed processes, by adding process names to the runtime rules processes *Allowed* list.
 
 |<process path> launched and is detected as an altered or corrupted package binary. The file metadata doesn't match what’s reported by the package manager.
@@ -66,6 +70,7 @@ App-embedded
 |Indicates a process that is identified as a crypto miner was spawned.
 
 * Enable and disable this detection via the *Crypto miners* toggle, under the Runtime rule Processes / Anti-malware tab.
+
 * Avoid audits on specific known and allowed processes, by adding process names to the runtime rules processes *Allowed* list.
 
 |<process> launched and is identified as a crypto miner. Full command: <path>
@@ -80,6 +85,7 @@ App-embedded
 |Indicates a process that is used for lateral movement was spawned.
 
 * Enable and disable this detection via the *Processes used for lateral movement* toggle, under the Runtime rule Processes tab.
+
 * Avoid audits on specific known and allowed processes, by adding process names to the runtime rules processes *Allowed* list.
 
 |<process> launched and is identified as a process used for lateral movement. Full command: <path>
@@ -91,6 +97,7 @@ Containers
 |Indicates that a process is running from a temporary file system.
 
 * Enable and disable this detection via the *Processes running from temporary storage* toggle, under the Runtime rule Anti-malware tab.
+
 * Avoid audits on specific known and allowed processes, by adding process names to the runtime rules processes *Allowed* list.
 
 |<process> launched from a temporary file storage, which usually indicates malicious activity.
@@ -109,6 +116,7 @@ Hosts
 |Indicates that a process was identified as running a reverse shell
 
 * Enable and disable this detection via the *Reverse shell attacks* toggle, under the Runtime rule Processes / Anti-malware tab.
+
 * Avoid audits on specific known and allowed processes, by adding process names to the runtime rules processes *Allowed* list.
 
 |<processes> is a reverse shell. Full command: <path>