elastic · karenzone · Oct 17, 2025 · Oct 20, 2025 · Oct 20, 2025
@@ -0,0 +1,40 @@
+---
+mapped_pages:
+  - https://www.elastic.co/guide/en/fleet/current/data-streams.html
+applies_to:
+  stack: ga 9.2
+  serverless: ga
+products:
+  - id: fleet
+  - id: elastic-agent
+navigation_title: Built-in alerts and templates
+---
+
+# Built-in alerts and templates [built-in-alerts]
+
+## {{agent}} out-of-the-box alert rules [ea-alert-rules]
+
+When you install or upgrade {{agent}}, a new alert rule is created automatically. You can configure and customize out-of-the-box alerts to get them up and running quickly. 
+
+::::{note}
+The built-in alerts feature for {{agent}} requires a valid Enterprise license or Enterprise trial license. Be sure that the license is in place before you install or upgrade {{agent}}. 
+
+Check the [subscription information](https://www.elastic.co/subscriptions) for more details about managing licenses.
+::::
+
+In {{kib}}, you can enable out-of-the-box rules pre-configured with reasonable defaults to provide immediate value for managing agents.
+You can use [ES|QL](/explore-analyze/discover/try-esql.md) to author conditions for each rule.
+
+Connectors are not added to rules automatically, but you can attach a connector to route alerts to your platform of choice -- Slack or email, for example.
+In addition, you can add filters for policies, tags, or hostnames to scope alerts to specific sets of agents  
+
+You can find these rules in **Stack Management** > **Alerts and Insights** > **Rules**.
+
+
+## Alert templates assets for integrations [alert-templates]
+
+Some integration packages include alerting rule template assets that provide pre-made definitions of alerting rules. You can use the templates to create your own custom alerting rules that you can enable and fine tune. 
+
+When you click a template, you get a pre-filled rule creation form. You can define and adjust values, set up connectors, and define rule actions to create your custom alerting rule.
+
+You can see available templates in the **integrations/detail/<package>/assets** view. 
@@ -9,29 +9,26 @@ products:
 
 # Manage {{agent}} integrations [integrations]
 
-
-::::{admonition}
-Integrations are available for a wide array of popular services and platforms. To see the full list of available integrations, go to the **Integrations** page in {{kib}}, or visit [Elastic Integrations](integration-docs://reference/index.md).
-
 {{agent}} integrations provide a simple, unified way to collect data from popular apps and services, and protect systems from security threats.
+Integrations are available for a wide array of popular services and platforms. To see the full list, go to the **Integrations** page in {{kib}}, or visit [Elastic Integrations](integration-docs://reference/index.md). 
 
-Each integration comes prepackaged with assets that support all of your observability needs:
+Each integration comes prepackaged with assets that support your observability needs:
 
 * Data ingestion, storage, and transformation rules
 * Configuration options
+* Alert templates to enable users to quickly set up custom alerting rules (available in some integrations) {applies_to}`stack: ga 9.2`
 * Pre-built, custom dashboards and visualizations
 * Documentation
 
-::::
-
+Note that the **Integrations** app in {{kib}} needs access to the public {{package-registry}} to discover integrations. If your deployment has network restrictions, you can [deploy your own self-managed {{package-registry}}](/reference/fleet/air-gapped.md#air-gapped-diy-epr).
 
 ::::{note}
-Be aware that some integrations may function differently across different spaces. Also, some might only work in the default space. We recommend reviewing the specific integration documentation for any space-related considerations.
-
+Some integrations may function differently across different spaces, with some working only in the default space. Review the documentation specific to your integration for any space-related considerations.
 ::::
 
+## Work with integrations [work-with-integrations]
 
-The following table shows the main actions you can perform in the **Integrations** app in {{kib}}. You can perform some of these actions from other places in {{kib}}, too.
+You can perform a variety of actions in the **Integrations** app in {{kib}}. Some of these actions are also available from other places in {{kib}}.
 
 | User action | Result |
 | --- | --- |
@@ -42,11 +39,6 @@ The following table shows the main actions you can perform in the **Integrations
 | [View integration assets](/reference/fleet/view-integration-assets.md) | View the {{kib}} assets installed for a specific integration. |
 | [Upgrade an integration](/reference/fleet/upgrade-integration.md) | Upgrade an integration to the latest version. |
 
-::::{note}
-The **Integrations** app in {{kib}} needs access to the public {{package-registry}} to discover integrations. If your deployment has network restrictions, you can [deploy your own self-managed {{package-registry}}](/reference/fleet/air-gapped.md#air-gapped-diy-epr).
-
-::::
+## Customize integrations [customize-integrations]
 
-:::{tip}
-Once you've started using integrations to ingest data, you can customize how that data is managed over time. Refer to [Index lifecycle management](/reference/fleet/data-streams.md#data-streams-ilm) to learn more.
-:::
+After you've started using integrations to ingest data, you can customize how the data is managed over time. Refer to [Index lifecycle management](/reference/fleet/data-streams.md#data-streams-ilm) to learn more.
@@ -159,6 +159,7 @@ toc:
               - file: data-streams-scenario4.md
           - file: data-streams-pipeline-tutorial.md
           - file: data-streams-advanced-features.md
+      - file: alert-templates.md
   - file: agent-command-reference.md
   - file: agent-processors.md
     children: