Removed duplicated content

Author: nastasha-solomon

solutions/security/detect-and-alert/create-detection-rule.md

@@ -120,81 +120,6 @@ Select a rule type below for detailed instructions:
 * **Never seen before** → New terms (e.g., "first time seeing this user/host combination")
 * **Complex analytics** → ES|QL (e.g., "aggregate and transform data beyond other query types")
 
-## Create a custom query rule [create-custom-rule]
-
-Refer to [Custom query rule documentation](/solutions/security/detect-and-alert/rule-types/custom-query.md) for complete instructions on creating custom query rules, including:
-
-* Step-by-step configuration
-* How to use saved queries and Timeline queries
-* Infrastructure-focused examples (SSH login detection, unusual outbound connections)
-* Testing and tuning guidance
-
-## Create a machine learning rule [create-ml-rule]
-
-Refer to [Machine learning rule documentation](/solutions/security/detect-and-alert/rule-types/machine-learning.md) for complete instructions on creating machine learning rules, including:
-
-* Requirements and prerequisites
-* ML job startup considerations and resource requirements
-* Baseline learning periods and production best practices
-* Alert suppression with anomaly fields
-
-## Create a threshold rule [create-threshold-rule]
-
-Refer to [Threshold rule documentation](/solutions/security/detect-and-alert/rule-types/threshold.md) for complete instructions on creating threshold rules, including:
-
-* Step-by-step configuration with Group by and Threshold fields
-* Understanding cardinality limits and risk levels
-* Testing cardinality before creating rules
-* Circuit breaker error troubleshooting
-* How threshold rule alerts differ from source documents
-
-
-## Create an event correlation rule [create-eql-rule]
-
-Refer to [Event correlation rule documentation](/solutions/security/detect-and-alert/rule-types/event-correlation.md) for complete instructions on creating event correlation rules, including:
-
-* Step-by-step configuration with EQL queries
-* How to detect sequences of related events
-* EQL settings configuration (event category, tiebreaker, timestamp fields)
-* Missing events syntax for sequence detection
-
-
-## Create an indicator match rule [create-indicator-rule]
-
-Refer to [Indicator match rule documentation](/solutions/security/detect-and-alert/rule-types/indicator-match.md) for complete instructions on creating indicator match rules, including:
-
-* Step-by-step configuration with threat indicator mapping
-* How to compare source events with threat intelligence feeds
-* Using value lists as indicator match indices
-* Performance considerations and best practices
-
-::::{note}
-{{elastic-sec}} provides [limited support](/solutions/security/detect-and-alert.md#support-indicator-rules) for indicator match rules.
-::::
-
-
-## Create a new terms rule [create-new-terms-rule]
-
-Refer to [New terms rule documentation](/solutions/security/detect-and-alert/rule-types/new-terms.md) for complete instructions on creating new terms rules, including:
-
-* Step-by-step configuration with field selection
-* How to detect first-time occurrences
-* Multi-field combination support (up to 3 fields)
-* History window size configuration
-* Important cardinality limits for field arrays
-
-
-## Create an {{esql}} rule [create-esql-rule]
-
-Refer to [ES|QL rule documentation](/solutions/security/detect-and-alert/rule-types/esql.md) for complete instructions on creating ES|QL rules, including:
-
-* Step-by-step configuration with query writing
-* Aggregating vs. non-aggregating query types
-* Alert deduplication configuration (METADATA fields)
-* Query design considerations (LIMIT, STATS...BY, sorting)
-* Rule limitations and workarounds
-* Custom highlighted fields guidance
-
 
 ## Configure basic rule settings [rule-ui-basic-params]