Image ref

Author: nastasha-solomon

solutions/security/detect-and-alert/install-manage-elastic-prebuilt-rules.md

@@ -106,7 +106,7 @@ Each prebuilt rule includes several tags identifying the rule’s purpose, detec
 
 % Need serverless product tier reqs
 
-Without an https://www.elastic.co/subscriptions/cloud[Enterprise] subscription, you can't modify most settings on Elastic prebuilt rules. You can only edit [rule actions](/solutions/security/detect-and-alert/create-detection-rule.md#rule-schedule) and [add exceptions](/solutions/security/detect-and-alert/add-manage-exceptions.md). If you want to modify other settings on a prebuilt rule, you must first duplicate it, then make your changes to the duplicated rule. Note that your customized rule is entirely separate from the original prebuilt rule, and will not get updates from Elastic if the prebuilt rule is updated.
+Without an [Enterprise subscription](https://www.elastic.co/pricing) subscription, you can't modify most settings on Elastic prebuilt rules. You can only edit [rule actions](/solutions/security/detect-and-alert/create-detection-rule.md#rule-schedule) and [add exceptions](/solutions/security/detect-and-alert/add-manage-exceptions.md). If you want to modify other settings on a prebuilt rule, you must first duplicate it, then make your changes to the duplicated rule. Note that your customized rule is entirely separate from the original prebuilt rule, and will not get updates from Elastic if the prebuilt rule is updated.
 
 1. Find **Detection rules (SIEM)** in the navigation menu or by using the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md).
 2. In the **Rules** table, select the **Elastic rules** filter.
@@ -122,7 +122,7 @@ You can then modify the duplicated rules and, if required, delete the prebuilt o
 % Need serverless product tier reqs
 
 ::::{important}
-The following steps are only applicable if you have an https://www.elastic.co/subscriptions/cloud[Platinum] subscription subscription or lower. If you have an Enterprise subscription, follow the guidelines in <prebuilt-rules-update-modified-unmodified> instead. 
+The following steps are only applicable if you have an https://www.elastic.co/subscriptions/cloud[Platinum] subscription subscription or lower. If you have an Enterprise subscription, follow the guidelines in [Update modified and unmodified Elastic prebuilt rules](/solutions/security/detect-and-alert/prebuilt-rules-update-modified-unmodified.md) instead. 
 ::::
 
 Elastic regularly updates prebuilt rules to optimize their performance and ensure they detect the latest threats and techniques. When updated versions are available for your installed prebuilt rules, the **Rule Updates** tab appears on the **Rules** page, allowing you to update your installed rules with the latest versions.

solutions/security/detect-and-alert/manage-detection-rules.md

@@ -66,6 +66,9 @@ For {{ml}} rules, an indicator icon (![Error icon from rules table](/solutions/i
 ::::{admonition} Requirements
 
 * You can edit custom rules and bulk-modify them with any [{{stack}} subscription](https://www.elastic.co/pricing) or [{{serverless-short}} project tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md). Editing [rule notifications](/solutions/security/detect-and-alert/create-detection-rule.md#rule-notifications) (notifications and response actions) for prebuilt rules can also be done with any {{stack}} subscription or {{serverless-short}} project tier.
+
+% Need serverless req
+
 * You must have an [Enterprise subscription](https://www.elastic.co/pricing) to edit all prebuilt rule settings (except for the **Author** and **License** fields) and bulk-modify them. 
 
 ::::
@@ -179,6 +182,7 @@ You can snooze rule notifications from the **Installed Rules** tab, the rule det
 
 :::{image} /solutions/images/security-rule-snoozing.png
 :alt: Rules snooze options
+:width: 75%
 :screenshot:
 :::
 

solutions/security/detect-and-alert/prebuilt-rules-update-modified-unmodified.md

@@ -51,7 +51,7 @@ To update rules:
     Elastic updates containing a rule type change cannot be edited. Before updating the rule, duplicate it if you need to record changes that you made to the rule fields.  
     ::::
 
-    :::{image} /solutions/images/prebuilt-rules-update-diff-advanced.png
+    :::{image} /solutions/images/security-prebuilt-rules-update-diff-advanced.png
     :alt: Prebuilt rule comparison
     :screenshot:
     :::