[DOCS] Attack surface reduction / credential hardening (elastic#2266) (…

…elastic#2325)

* First draft and screenshot

* Add to page jump list, minor edit

* Smol edit

* Apply suggestions from Nastasha's review

Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>

Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
(cherry picked from commit 035c975)

Co-authored-by: Joe Peeples <joe.peeples@elastic.co>

docs/getting-started/configure-integration-policy.asciidoc

@@ -20,6 +20,7 @@ To configure an integration policy:
 * <<ransomware-protection>>
 * <<memory-protection>>
 * <<behavior-protection>>
+* <<attack-surface-reduction>>
 * <<event-collection>>
 * <<register-as-antivirus>>
 * <<adv-policy-settings>>
@@ -140,6 +141,17 @@ TIP: Platinum and Enterprise customers can customize these notifications using t
 [role="screenshot"]
 image::images/install-endpoint/behavior-protection.png[Detail of behavior protection section.]
 
+[discrete]
+[[attack-surface-reduction]]
+== Attack surface reduction
+
+This section helps you reduce vulnerabilities that attackers can target on Windows endpoints.
+
+* *Credential hardening*: Prevents attackers from stealing credentials stored in Windows system process memory. Turn on the toggle to remove any overly permissive access rights that aren't required for standard interaction with the Local Security Authority Subsystem Service (LSASS). This feature enforces the principle of least privilege without interfering with benign system activity that is related to LSASS.
+
+[role="screenshot"]
+image::images/install-endpoint/attack-surface-reduction.png[Detail of attack surface reduction section.]
+
 [discrete]
 [[event-collection]]
 == Event collection