Timeline templates

Author: nastasha-solomon

raw-migrated-files/docs-content/serverless/security-timeline-templates-ui.md

@@ -429,7 +429,6 @@ toc:
       - file: docs-content/serverless/security-session-view.md
       - file: docs-content/serverless/security-signals-to-cases.md
       - file: docs-content/serverless/security-third-party-actions.md
-      - file: docs-content/serverless/security-timeline-templates-ui.md
       - file: docs-content/serverless/security-triage-alerts-with-elastic-ai-assistant.md
       - file: docs-content/serverless/security-trusted-applications.md
       - file: docs-content/serverless/security-tune-detection-signals.md

raw-migrated-files/toc.yml

@@ -4,24 +4,7 @@ mapped_urls:
   - https://www.elastic.co/guide/en/serverless/current/security-timeline-templates-ui.html
 ---
 
-# Timeline templates
-
-% What needs to be done: Lift-and-shift
-
-% Use migrated content from existing pages that map to this page:
-
-% - [x] ./raw-migrated-files/security-docs/security/timeline-templates-ui.md
-% - [ ] ./raw-migrated-files/docs-content/serverless/security-timeline-templates-ui.md
-
-% Internal links rely on the following IDs being on this page (e.g. as a heading ID, paragraph ID, etc):
-
-$$$create-timeline-template$$$
-
-$$$import-export-timeline-templates$$$
-
-$$$man-templates-ui$$$
-
-$$$template-legend-ui$$$
+# Timeline templates [security-timeline-templates-ui]
 
 You can attach Timeline templates to detection rules. When attached, the rule’s alerts use the template when they are investigated in Timeline. This enables immediately viewing the alert’s most interesting fields when you start an investigation.
 
@@ -33,7 +16,7 @@ Templates can include two types of filters:
 For example, if you define the `host.name: "{host.name}"` template filter, when alerts generated by the rule are investigated in Timeline, the alert’s `host.name` value is used in the filter. If the alert’s `host.name` value is `Linux_stafordshire-061`, the Timeline filter is: `host.name: "Linux_stafordshire-061"`.
 
 ::::{note}
-For information on how to add Timeline templates to rules, refer to [*Create a detection rule*](/solutions/security/detect-and-alert/create-detection-rule.md).
+For information on how to add Timeline templates to rules, refer to [Create a detection rule](/solutions/security/detect-and-alert/create-detection-rule.md).
 ::::
 
 
@@ -64,7 +47,7 @@ Regular Timeline filter
 :   Clicking **Convert to template field** changes the filter to a template filter:
 
     :::{image} ../../../images/security-template-filter-value.png
-    :alt: template filter value
+    :alt: Timeline template filter value
     :class: screenshot
     :::
 
@@ -79,7 +62,7 @@ Template filter
 When you [convert a template to a Timeline](/solutions/security/investigate/timeline-templates.md#man-templates-ui), template filters with placeholders are disabled:
 
 :::{image} ../../../images/security-invalid-filter.png
-:alt: invalid filter
+:alt: Invalid events filter
 :class: screenshot
 :::
 
@@ -132,7 +115,7 @@ You can view, duplicate, export, delete, and create templates from existing Time
 1. Find **Timelines** in the main menu or by using the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md), then select the **Templates** tab.
 
     :::{image} ../../../images/security-all-actions-timeline-ui.png
-    :alt: all actions timeline ui
+    :alt: All actions Timeline UI
     :class: screenshot
     :::