[Integrations] Draft Alerting Rule Template common page

[alaudazzi]

Summary

This PR proposes an initial draft of the Alerting Rule Templates page that should serve as a centralized doc page with an explanation of what the alert rule templates are and how to use them. This page is going to be referenced from the individual integration pages.

The current location of the page should be changed to make it more visible.

Relates to #3678 (comment).

Generative AI disclosure

1. Did you use a generative AI (GenAI) tool to assist in creating this contribution?

• Yes
• No

Cursor with gpt5

[github-actions]

Vale Linting Results

Summary: 3 suggestions found

💡 Suggestions (3)

File	Line	Rule	Message
reference/fleet/alerting-rule-templates.md	11	Elastic.Capitalization	'Alerting Rule Templates [alerting-rule-templates]' should use sentence-style capitalization.
reference/fleet/alerting-rule-templates.md	20	Elastic.WordChoice	Consider using 'can, might' instead of 'may', unless the term is in the UI.
reference/fleet/alerting-rule-templates.md	20	Elastic.Wordiness	Consider using 'too many' instead of 'excessive number'.

[github-actions]

🔍 Preview links for changed docs

• reference/fleet/alerting-rule-templates.md
• reference/fleet/alert-templates.md

[daniela-elastic]

Made minor comments and also question on the correct stack version. Approving in principal but please review the comments.

[tommyers-elastic]

i think this is a good start, but i think it could be a little better organised.

currently there's information about what the templates are and how to use them kinda sprinkled throughout. e.g. "open a prefilled rule creation form you can adjust and enable", and later, "When you click a template, you get a prefilled ..." etc.

i think it could be useful to split the information into sections targeted to specific things users might want to know/do

e.g. "what is an alert rule template?", "where do i find the templates"?, "how do i use the templates?", "how do i know when a rule was created from a template?", "how do i update a rule created from a template?" etc etc

i think we should also make it really clear that the whilst the alerts can be used without modification, thresholds should always be considered in the context of your own environment. the consquence of blindly installing alerts with the predefined thresholds could be many many alerts firing at ocne which would consitute a bad UX.

[tommyers-elastic]

• Ensure the relevant data stream is enabled and ingesting data for the template you plan to use.

i think our naming conventions for the template names makes it fairly clear which data the rule is targeting, but there's no well defined way to find the 'relevant data stream'.

[alaudazzi]

I defer to @muthu-mps here.

[alaudazzi]

@tommyers-elastic @daniela-elastic
Your comments have been addressed. Please have a final review before I can merge.

[alaudazzi]

@tommyers-elastic I added the following note as you suggested:

Although the alerts can be used as provided, threshold values should always be evaluated in the context of your specific environment. Applying the predefined thresholds without adjustment may result in an excessive number of alerts.