Apply suggestions from code review

nastasha-solomon · web-flow · commit be22d7dc4ea9 · 2025-11-14T15:54:06.000-05:00
Fixing more ref errors
diff --git a/solutions/security/detect-and-alert/about-detection-rules.md b/solutions/security/detect-and-alert/about-detection-rules.md
@@ -36,7 +36,7 @@ You can create the following types of rules:
 * [**Indicator match**](/solutions/security/detect-and-alert/rule-types/indicator-match.md): Creates an alert when {{elastic-sec}} index field values match field values defined in the specified indicator index patterns. For example, you can create an indicator index for IP addresses and use this index to create an alert whenever an event’s `destination.ip` equals a value in the index. Indicator index field mappings should be [ECS-compliant](ecs://reference/index.md). For information on creating {{es}} indices and field types, see [Index some documents](/manage-data/ingest.md), [Create index API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-indices-create), and [Field data types](elasticsearch://reference/elasticsearch/mapping-reference/field-data-types.md). If you have indicators in a standard file format, such as CSV or JSON, you can also use the Machine Learning Data Visualizer to import your indicators into an indicator index. See [Explore the data in {{kib}}](/explore-analyze/machine-learning/anomaly-detection/ml-getting-started.md#sample-data-visualizer) and use the **Import Data** option to import your indicators.
 
     ::::{tip}
-    You can also use value lists as the indicator match index. See [Use value lists with indicator match rules](solutions/security/detect-and-alert/rule-types/indicator-match.md#indicator-value-lists)  at the end of this topic for more information.
+    You can also use value lists as the indicator match index. See [Use value lists with indicator match rules](/solutions/security/detect-and-alert/rule-types/indicator-match.md#indicator-value-lists)  at the end of this topic for more information.
     ::::
 
 * [**New terms**](/solutions/security/detect-and-alert/create-detection-rule.md#create-new-terms-rule): Generates an alert for each new term detected in source documents within a specified time range. You can also detect a combination of up to three new terms (for example, a `host.ip` and `host.id` that have never been observed together before).
diff --git a/solutions/security/detect-and-alert/create-manage-value-lists.md b/solutions/security/detect-and-alert/create-manage-value-lists.md
@@ -25,7 +25,7 @@ Value lists are lists of items with the same {{es}} [data type](elasticsearch://
 After creating value lists, you can use `is in list` and `is not in list` operators to [define exceptions](add-manage-exceptions.md).
 
 ::::{tip}
-You can also use a value list as the [indicator match index](solutions/security/detect-and-alert/rule-types/indicator-match.md#indicator-value-lists) when creating an indicator match rule.
+You can also use a value list as the [indicator match index](/solutions/security/detect-and-alert/rule-types/indicator-match.md#indicator-value-lists) when creating an indicator match rule.
 ::::
 
 ## Create value lists [create-value-lists]
diff --git a/solutions/security/detect-and-alert/rule-types/custom-query.md b/solutions/security/detect-and-alert/rule-types/custom-query.md
@@ -96,7 +96,7 @@ Custom query rules search for events matching a KQL or Lucene query and create a
 **Configuration**:
 * **Index patterns**: `packetbeat-*,logs-network-*`
 * **Custom query**:
-  ```kql
+  ```console
   host.name: (web-server-* OR dmz-*) AND network.direction: outbound AND NOT destination.ip: (10.0.0.0/8 OR 172.16.0.0/12 OR 192.168.0.0/16) AND NOT destination.port: (80 OR 443 OR 53 OR 123)
   ```
 
