[8.16] [Request][Serverless][8.16] Visualizations in alert flyout - technical preview + advanced setting (backport #5963) (#6024)

* [Request][Serverless][8.16] Visualizations in alert flyout - technical preview + advanced setting (#5963)

* First draft

* Fixed headings

* Updates admonition type

* anotha draft

* removed extra chars

* Fixing size

* Minor fixes

* Fixed session view name

* Update docs/detections/alerts-view-details.asciidoc

Co-authored-by: natasha-moore-elastic <[email protected]>

* Update docs/detections/alerts-view-details.asciidoc

Co-authored-by: natasha-moore-elastic <[email protected]>

* Update docs/detections/alerts-view-details.asciidoc

* Update docs/detections/visual-event-analyzer.asciidoc

Co-authored-by: natasha-moore-elastic <[email protected]>

* Update docs/getting-started/advanced-setting.asciidoc

Co-authored-by: natasha-moore-elastic <[email protected]>

* Update docs/getting-started/advanced-setting.asciidoc

Co-authored-by: natasha-moore-elastic <[email protected]>

* Adds link

---------

Co-authored-by: natasha-moore-elastic <[email protected]>
(cherry picked from commit e673098)

# Conflicts:
#	docs/serverless/alerts/view-alert-details.mdx
#	docs/serverless/alerts/visual-event-analyzer.mdx
#	docs/serverless/settings/advanced-settings.mdx

* Delete docs/serverless directory and its contents

---------

Co-authored-by: Nastasha Solomon <[email protected]>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

Author: 3 people

docs/detections/alerts-view-details.asciidoc

@@ -124,10 +124,32 @@ image::images/visualizations-section-rp.png[Visualizations section of the Overvi
 
 Click **Visualizations** to display the following previews:
 
-* **Session view preview**: Shows a preview of <<session-view,session view>> data. Click **Session viewer preview** to open the **Session View** tab in Timeline. 
+* **Session viewer preview**: Shows a preview of <<session-view,Session View>> data. Click **Session viewer preview** to open the **Session View** tab in Timeline. 
 
 * **Analyzer preview**: Shows a preview of the <<visual-event-analyzer,visual analyzer graph>>. The preview displays up to three levels of the analyzed event's ancestors and up to three levels of the event's descendants and children. The ellipses symbol (**`...`**) indicates the event has more ancestors and descendants to examine. Click **Analyzer preview** to open the **Event Analyzer** tab in Timeline.
 
+[discrete]
+[[expanded-visualizations-view]]
+=== Expanded visualizations view
+
+preview::[]
+
+.Requirements
+[sidebar]
+--
+To use the **Visualize** tab, you must turn on the `securitySolution:enableVisualizationsInFlyout` <<visualizations-in-flyout,advanced setting>>. 
+--
+
+The **Visualize** tab allows you to maintain the context of the Alerts table, while providing a more detailed view of alerts that you're investigating in the event analyzer or Session View. To open the tab, click **Session viewer preview** or **Analyzer preview** from the right panel. 
+
+[role="screenshot"]
+image::images/visualize-tab-lp.png[Expanded view of visualization details, 80%]
+
+As you examine the alert's related processes, you can also preview the alerts and events which are associated with those processes. Then, if you want to learn more about a particular alert or event, you can click **Show full alert details** to open the full details flyout.
+
+[role="screenshot"]
+image::images/visualize-tab-lp-alert-details.gif[Examine alert details from event analyzer, 80%] 
+
 [discrete]
 [[insights-section]]
 == Insights 

docs/detections/images/visualize-tab-lp-alert-details.gif

@@ -29,7 +29,9 @@ Or
 +
 ** `agent.type:"winlogbeat" and event.module: "sysmon" and process.entity_id : *`
 
-. Events that can be visually analyzed are denoted by a cubical **Analyze event** icon. Select this option to open the event in the visual analyzer. Alternatively, open the alert details flyout, go to the Visualizations section, then click **Analyzer preview**. This opens the **Analyzer** tab in Timeline.
+. Events that can be visually analyzed are denoted by a cubical **Analyze event** icon. Select this option to open the event in the visual analyzer. The event analyzer is accessible from the **Hosts**, **Alerts**, and **Timelines** pages, as well as the alert details flyout. 
++
+TIP: Turn on the `securitySolution:enableVisualizationsInFlyout` <<visualizations-in-flyout,advanced setting>> to access the event analyzer from the **Visualize** tab in the alert or event details flyout.
 
 +
 [role="screenshot"]

docs/detections/images/visualize-tab-lp.png

@@ -113,6 +113,14 @@ The `securitySolution:enableAssetCriticality` setting determines whether asset c
 
 Including data from cold and frozen {ref}/data-tiers.html[data tiers] in <<visual-event-analyzer, visual event analyzer>> queries may result in performance degradation. The `securitySolution:excludeColdAndFrozenTiersInAnalyzer` setting allows you to exclude this data from analyzer queries. This setting is turned off by default.
 
+[discrete]
+[[visualizations-in-flyout]]
+== Access the event analyzer and Session View from the event or alert details flyout
+
+preview::[]
+
+The `securitySolution:enableVisualizationsInFlyout` setting allows you to access the event analyzer and Session View in the **Visualize** <<expanded-visualizations-view,tab>> on the alert or event details flyout. This setting is turned off by default. 
+
 [discrete]
 == Change the default search interval and data refresh time