Update add-manage-exceptions.md

solutions/security/detect-and-alert/add-manage-exceptions.md

@@ -78,6 +78,10 @@ You can add exceptions to a rule from the rule details page, the Alerts table, t
     When you create a new exception from an alert, exception conditions are auto-populated with relevant alert data. Data from custom highlighted fields is listed first. A comment that describes the auto-generated exception conditions is also added to the **Add comments** section.
     ::::
 
+    ::::{note}
+    When using ES|QL, it is possible to append new fields with commands such as eval.  It is NOT possible to apply exceptions to these appended fields.  The excpetions are only applied to the index source fields.
+    * eval - https://www.elastic.co/docs/reference/query-languages/esql/commands/eval
+    ::::
 
     1. **Field**: Select a field to identify the event being filtered.
 
@@ -125,9 +129,9 @@ You can add exceptions to a rule from the rule details page, the Alerts table, t
         :screenshot:
         :::
 
-4. Click **AND** or **OR** to create multiple conditions and define their relationships.
-5. Click **Add nested condition** to create conditions using nested fields. This is only required for [these nested fields](#nested-field-list). For all other fields, nested conditions should not be used.
-6. Choose to add the exception to a rule or a shared exception list.
+5. Click **AND** or **OR** to create multiple conditions and define their relationships.
+6. Click **Add nested condition** to create conditions using nested fields. This is only required for [these nested fields](#nested-field-list). For all other fields, nested conditions should not be used.
+7. Choose to add the exception to a rule or a shared exception list.
 
     ::::{note}
     If you are creating an exception from the Shared Exception Lists page, you can add the exception to multiple rules.
@@ -138,14 +142,14 @@ You can add exceptions to a rule from the rule details page, the Alerts table, t
     If a shared exception list doesn’t exist, you can [create one](create-manage-shared-exception-lists.md) from the Shared Exception Lists page.
     ::::
 
-7. (Optional) Enter a comment describing the exception.
-8. (Optional) Enter a future expiration date and time for the exception.
-9. Select one of the following alert actions:
+8. (Optional) Enter a comment describing the exception.
+9. (Optional) Enter a future expiration date and time for the exception.
+10. Select one of the following alert actions:
 
     * **Close this alert**: Closes the alert when the exception is added. This option is only available when adding exceptions from the Alerts table.
     * **Close all alerts that match this exception and were generated by this rule**: Closes all alerts that match the exception’s conditions and were generated only by the current rule.
 
-10. Click **Add rule exception**.
+11. Click **Add rule exception**.
 
 
 ## Add {{elastic-endpoint}} exceptions [endpoint-rule-exceptions]