Rewords content about feature reqs

Author: nastasha-solomon

solutions/security/investigate/add-osquery-response-actions.md

@@ -14,8 +14,7 @@ This functionality is in technical preview and may be changed or removed in a fu
 Osquery Response Actions allow you to add live queries to custom query rules so you can automatically collect data on systems the rule is monitoring. Use this data to support your alert triage and investigation efforts.
 
 ::::{admonition} Requirements
-* In {{stack}}, Osquery Response Actions require a [Platinum or Enterprise subscription](https://www.elastic.co/pricing).
-* In {{serverless-short}}, Osquery Response Actions require the Endpoint Protection Complete [project feature](../../../deploy-manage/deploy/elastic-cloud/project-settings.md).
+* Ensure you have the appropriate [{{stack}}](https://www.elastic.co/pricing) subscription or [{{serverless-short}} project tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md).
 * The [Osquery manager integration](manage-integration.md) must be installed. 
 * {{agent}}'s [status](asciidocalypse://docs/docs-content/docs/reference/ingestion-tools/fleet/monitor-elastic-agent.md) must be `Healthy`. Refer to [{{fleet}} Troubleshooting](/troubleshoot/ingest/fleet/common-problems.md) if it isn’t.
 * Your role must have [Osquery feature privileges](/solutions/security/investigate/osquery.md).

solutions/security/investigate/run-osquery-from-alerts.md

@@ -11,8 +11,7 @@ Run live queries on hosts associated with alerts to learn more about your infras
 ::::{admonition} Requirements
 * The [Osquery manager integration](/solutions/security/investigate/manage-integration.md) must be installed.
 * {{agent}}'s [status](asciidocalypse://docs/docs-content/docs/reference/ingestion-tools/fleet/monitor-elastic-agent.md) must be `Healthy`. Refer to [{{fleet}} Troubleshooting](/troubleshoot/ingest/fleet/common-problems.md) if it isn’t.
-* In {{stack}}, your role must have [Osquery feature privileges](/solutions/security/investigate/osquery.md).
-* In {{serverless-short}}, you must have the appropriate user role to use this feature.
+* Your role must have the appropriate [feature privileges](osquery#required_osquery-privileges) in {{stack}} or [user role](/deploy-manage/users-roles/cloud-organization/user-roles.md) in {{serverless-short}}.
 
 ::::
 

solutions/security/investigate/timeline-templates.md

@@ -53,7 +53,7 @@ Regular Timeline filter
 
 
 Template filter
-:   :::{image} ../../../images/security-timeline-template-filter.png
+:::{image} ../../../images/security-timeline-template-filter.png
 :alt: timeline template filter
 :class: screenshot
 :::
@@ -74,7 +74,7 @@ To enable the filter, either specify a value or change it to a field’s existin
 1. Choose one of the following:
 
     * Find **Timelines** in the main menu or by using the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md). Next, select the **Templates** tab, then click **Create new Timeline template**.
-    * Go to the Timeline bar (which is at the bottom of most pages), click the ![Click the add new button](../../../images/security-add-new-timeline-button.png "") button, then click **Create new Timeline template**.
+    * Go to the Timeline bar (which is at the bottom of most pages), click the ![Click the add new button](../../../images/security-add-new-timeline-button.png "title =20x20") button, then click **Create new Timeline template**.
     * From an open Timeline  or Timeline template, click **New** → **New Timeline template**.
 
 2. To add filters, click **Add field**, and then select the required option: