diff --git a/solutions/security/detect-and-alert.md b/solutions/security/detect-and-alert.md
index d35ac2efc6..b585f3f3ed 100644
--- a/solutions/security/detect-and-alert.md
+++ b/solutions/security/detect-and-alert.md
@@ -53,7 +53,7 @@ Cold [data tiers](/manage-data/lifecycle/data-tiers.md) store time series data t
 ### Best practices [best-practices-data-tiers]
 
 * **Retention in hot tier**: We recommend keeping data in the hot tier ({{ilm-cap}} hot phase) for at least 24 hours. {{ilm-cap}} policies that move ingested data from the hot phase to another phase (for example, cold or frozen) in less than 24 hours may cause performance issues and/or rule execution errors.
-* **Replicas for mission-critical data**: Your data should have replicas if it must be highly available. Since frozen tiers don't support replicas, shard unavailability can cause partial rule run failures. Shard unavailability may be also encountered during or after {{stack}} upgrades. If this happens, you can [manually rerun](/solutions/security/detect-and-alert/manage-detection-rules.md#manually-run-rules) rules over the affected time period once the shards are available.
+* **Replicas for mission-critical data**: Your data should have replicas if it must be highly available. Since frozen tiers don't have replicas by default, shard unavailability can cause partial rule run failures. Shard unavailability may be also encountered during or after {{stack}} upgrades. If this happens, you can [manually rerun](/solutions/security/detect-and-alert/manage-detection-rules.md#manually-run-rules) rules over the affected time period once the shards are available.
 
 ### Limitations [limitations-data-tiers]