Removes main

Author: nastasha-solomon

docs/detections/add-exceptions.asciidoc

@@ -38,24 +38,24 @@ specific event in the sequence, update the rule's EQL statement. For example:
 +
 --
 * To add an exception from the rule details page:
-.. Go to the *Rules* page. To access it, find **Detection rules (SIEM)** in the main navigation menu menu or look for “Detection rules (SIEM)” using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]. 
+.. Go to the *Rules* page. To access it, find **Detection rules (SIEM)** in the navigation menu or look for “Detection rules (SIEM)” using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]. 
 .. Search for the rule that you want to add an exception to, then click its name to open the rule details.
 .. Scroll down the rule details page, select the *Rule exceptions* tab, then click *Add rule exception*.
 +
 [role="screenshot"]
 image::images/rule-exception-tab.png[Detail of rule exceptions tab]
 
 * To add an exception from the Alerts table:
-.. Find **Alerts** in the main navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
+.. Find **Alerts** in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
 .. Scroll down to the Alerts table, go to the alert you want to create an exception for, click the *More Actions* menu (*...*), then select *Add rule exception*.
 
 * To add an exception from the alert details flyout:
-.. Find **Alerts** in the main navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
+.. Find **Alerts** in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
 .. Click the *View details* button from the Alerts table. 
 .. In the alert details flyout, click *Take action -> Add rule exception*. 
 
 * To add an exception from the Shared Exception Lists page:
-.. Go to the *Shared exception lists* page. Find **Detection rules (SIEM)** in the main navigation menu or look for “Detection rules (SIEM)” using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], then go to *Shared exception lists*.
+.. Find the **Shared exception lists** page in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
 .. Click *Create shared exception list* -> *Create exception item*. 
 --
 
@@ -157,17 +157,17 @@ Additionally, to add an Endpoint exception to the Endpoint Security rule, there
 --
 
 * To add an Endpoint exception from the rule details page:
-.. Go to the *Rules* page. To access it, find **Detection rules (SIEM)** in the main navigation menu or look for “Detection rules (SIEM)” using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]. 
+.. Go to the *Rules* page. To access it, find **Detection rules (SIEM)** in the navigation menu or look for “Detection rules (SIEM)” using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]. 
 .. Search for and select the Elastic *Endpoint Security* rule.
 .. Scroll down the rule details page, select the *Endpoint exceptions* tab, then click *Add endpoint exception*.
 
 * To add an Endpoint exception from the Alerts table:
-.. Find **Alerts** in the main navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
+.. Find **Alerts** in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
 .. Scroll down to the Alerts table, and from an {elastic-endpoint}
 alert, click the *More actions* menu (*...*), then select *Add Endpoint exception*.
 
 * To add an Endpoint exception from Shared Exception Lists page:
-.. Go to the *Shared exception lists* page. Find **Detection rules (SIEM)** in the main navigation menu or look for “Detection rules (SIEM)” using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], then go to *Shared exception lists*.
+.. Find the *Shared exception lists* page in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
 .. Expand the Endpoint Security Exception List or click the list name to open the list's details page. Next, click *Add endpoint exception*. 
 +
 NOTE: The Endpoint Security Exception List is automatically created. By default, it's associated with the Endpoint Security rule and any rules with the <<rule-ui-advanced-params, *{elastic-endpoint} exceptions*>> option selected.
@@ -267,7 +267,7 @@ image::images/nested-exp.png[]
 
 To view a rule's exceptions:
 
-. Open the rule's details page. To do this, find **Detection rules (SIEM)** in the main navigation menu or look for “Detection rules (SIEM)” using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], search for the rule that you want to examine, then click the rule's name to open its details.
+. Open the rule's details page. To do this, find **Detection rules (SIEM)** in the navigation menu or look for “Detection rules (SIEM)” using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], search for the rule that you want to examine, then click the rule's name to open its details.
 . Scroll down and select the *Rule exceptions* or *Endpoint exceptions* tab. All exceptions that belong to the rule will display in a list. 
 +
 From the list, you can filter, edit, and delete exceptions. You can also toggle between *Active exceptions* and *Expired exceptions*.

docs/detections/building-block-rule.asciidoc

@@ -25,7 +25,7 @@ image::images/alert-indices-ui.png[]
 By default, building block alerts are excluded from the Overview and Alerts pages.
 You can choose to include building block alerts on the Alerts page, which expands the number of alerts.
 
-. Find **Alerts** in the main navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
+. Find **Alerts** in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
 . In the Alerts table, select *Additional filters* ->
 *Include building block alerts*, located on the far-right.
 

docs/detections/prebuilt-rules-management.asciidoc

@@ -27,7 +27,7 @@ Follow these guidelines to start using the {security-app}'s <<prebuilt-rules, pr
 [[load-prebuilt-rules]]
 === Install and enable Elastic prebuilt rules
 
-. Go to the *Rules* page. To access it, find **Detection rules (SIEM)** in the main navigation menu or look for “Detection rules (SIEM)” using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]. 
+. Go to the *Rules* page. To access it, find **Detection rules (SIEM)** in the navigation menu or look for “Detection rules (SIEM)” using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]. 
 +
 The badge next to *Add Elastic rules* shows the number of prebuilt rules available for installation. 
 +
@@ -83,7 +83,7 @@ Each prebuilt rule includes several tags identifying the rule's purpose, detecti
 [[select-all-prebuilt-rules]]
 === Select and duplicate all prebuilt rules
 
-. Go to the *Rules* page. To access it, find **Detection rules (SIEM)** in the main navigation menu or look for “Detection rules (SIEM)” using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]. 
+. Go to the *Rules* page. To access it, find **Detection rules (SIEM)** in the navigation menu or look for “Detection rules (SIEM)” using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]. 
 . From the *Rules* page, select the *Elastic rules* filter.
 . Click *Select all _x_ rules* above the rules table.
 . Click *Bulk actions* -> *Duplicate*.
@@ -97,7 +97,7 @@ You can then modify the duplicated rules and, if required, delete the prebuilt o
 
 Elastic regularly updates prebuilt rules to optimize their performance and ensure they detect the latest threats and techniques. When updated versions are available for your installed prebuilt rules, the *Rule Updates* tab appears on the *Rules* page, allowing you to update your installed rules with the latest versions.
 
-. Go to the *Rules* page. To access it, find **Detection rules (SIEM)** in the main navigation menu or look for “Detection rules (SIEM)” using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]. 
+. Go to the *Rules* page. To access it, find **Detection rules (SIEM)** in the navigation menu or look for “Detection rules (SIEM)” using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]. 
 . From the *Rules* page, select the *Rule Updates* tab.
 +
 NOTE: The *Rule Updates* tab doesn't appear if all your installed prebuilt rules are up to date.

docs/detections/prebuilt-rules/tune-rule-signals.asciidoc

@@ -35,7 +35,7 @@ add an exception for the required application.
 For example, to prevent the <<unusual-process-execution-path-alternate-data-stream>> rule from
 producing alerts for an in-house application named `myautomatedbuild`:
 
-. Go to the *Rules* page. To access it, find **Detection rules (SIEM)** in the main navigation menu or look for “Detection rules (SIEM)” using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]. 
+. Go to the *Rules* page. To access it, find **Detection rules (SIEM)** in the navigation menu or look for “Detection rules (SIEM)” using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]. 
 . Search for and then click on the *Unusual Process Execution Path - Alternate Data Stream* rule.
 +
 The *Unusual Process Execution Path - Alternate Data Stream* rule details page is displayed.

docs/detections/rules-coverage.asciidoc

@@ -10,7 +10,7 @@ The **MITRE ATT&CK® coverage** page shows which https://attack.mitre.org[MITRE
 
 Mirroring the MITRE ATT&CK® framework, columns represent major tactics, and cells within each column represent a tactic's related techniques. Cells are darker when a technique has more rules matching the current filters, as indicated in the **Legend** at the top.
 
-To access the **MITRE ATT&CK® coverage** page, find **Detection rules (SIEM)** in the main navigation menu or look for “Detection rules (SIEM)” using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], then go to **MITRE ATT&CK® coverage**.
+To access the **MITRE ATT&CK® coverage** page, find **Detection rules (SIEM)** in the navigation menu or look for “Detection rules (SIEM)” using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], then go to **MITRE ATT&CK® coverage**.
 
 [NOTE]
 ====

docs/detections/rules-cross-cluster-search.asciidoc

@@ -66,7 +66,7 @@ To update a rule's API key, log into the local cluster as a user with the privil
 
 * Edit and save the rule.
 * Update the rule's API key manually:
-. Find **Stack Management** in the main navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], then go to 
+. Find **Stack Management** in the navigation menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], then go to 
 *Rules*.
 . Use the search box and filters to find the rules you want to update. For example, use the *Type* filter to find rules under the *Security* category.
 . Select the rule's actions menu (*...*), then *Update API key*.

docs/detections/rules-ui-create.asciidoc

@@ -42,7 +42,7 @@ To create or edit {ml} rules, you must have the https://www.elastic.co/subscript
 {ess-trial}[cloud deployment]. Additionally, you must have the {ref}/built-in-roles.html[`machine_learning_admin`] user
 role, and the selected {ml} job must be running for the rule to function correctly.
 ==============
-. Go to the *Rules* page. To access it, find **Detection rules (SIEM)** in the main navigation menu or look for “Detection rules (SIEM)” using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
+. Go to the *Rules* page. To access it, find **Detection rules (SIEM)** in the navigation menu or look for “Detection rules (SIEM)” using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
 . To create a rule based on a {ml} anomaly threshold, select *Machine Learning* on the *Create new rule*, then select:
 .. The required {ml} jobs. 
 +
@@ -67,7 +67,7 @@ in the step or its sub-steps, apply the change to the other rule types, too.
 [discrete]
 [[create-custom-rule]]
 === Create a custom query rule
-. Go to the *Rules* page. To access it, find **Detection rules (SIEM)** in the main navigation menu or look for “Detection rules (SIEM)” using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
+. Go to the *Rules* page. To access it, find **Detection rules (SIEM)** in the navigation menu or look for “Detection rules (SIEM)” using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
 . To create a rule based on a KQL or Lucene query, select *Custom query* on the *Create new rule* page, then:
 .. Define which {es} indices or data view the rule searches for alerts.
 .. Use the filter and query fields to create the criteria used for detecting
@@ -117,7 +117,7 @@ in these steps or sub-steps, apply the change to the other rule types, too.
 [discrete]
 [[create-threshold-rule]]
 === Create a threshold rule
-. Go to the *Rules* page. To access it, find **Detection rules (SIEM)** in the main navigation menu or look for “Detection rules (SIEM)” using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
+. Go to the *Rules* page. To access it, find **Detection rules (SIEM)** in the navigation menu or look for “Detection rules (SIEM)” using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
 . To create a rule based on a source event field threshold, select *Threshold* on the *Create new rule* page, then:
 .. Define which {es} indices the rule analyzes for alerts.
 .. Use the filter and query fields to create the criteria used for detecting
@@ -157,7 +157,7 @@ in these steps or sub-steps, apply the change to the other rule types, too.
 [discrete]
 [[create-eql-rule]]
 === Create an event correlation rule
-. Go to the *Rules* page. To access it, find **Detection rules (SIEM)** in the main navigation menu or look for “Detection rules (SIEM)” using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
+. Go to the *Rules* page. To access it, find **Detection rules (SIEM)** in the navigation menu or look for “Detection rules (SIEM)” using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
 . To create an event correlation rule using EQL, select *Event Correlation* on the *Create new rule* page, then:
 . To create an event correlation rule using EQL, select *Event Correlation*, then:
 .. Define which {es} indices or data view the rule searches when querying for events.
@@ -224,7 +224,7 @@ in these steps or sub-steps, apply the change to the other rule types, too.
 
 NOTE: {elastic-sec} provides limited support for indicator match rules. See <<support-indicator-rules>> for more information.
 
-. Go to the *Rules* page. To access it, find **Detection rules (SIEM)** in the main navigation menu or look for “Detection rules (SIEM)” using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
+. Go to the *Rules* page. To access it, find **Detection rules (SIEM)** in the navigation menu or look for “Detection rules (SIEM)” using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
 . To create a rule that searches for events whose specified field value matches the specified indicator field value in the indicator index patterns, select *Indicator Match* on the *Create new rule* page, then fill in the following fields:
 .. *Source*: The individual index patterns or data view that specifies what data to search.
 .. *Custom query*: The query and filters used to retrieve the required results from
@@ -311,7 +311,7 @@ image::images/indicator_value_list.png[]
 [[create-new-terms-rule]]
 === Create a new terms rule
 
-. Go to the *Rules* page. To access it, find **Detection rules (SIEM)** in the main navigation menu or look for “Detection rules (SIEM)” using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
+. Go to the *Rules* page. To access it, find **Detection rules (SIEM)** in the navigation menu or look for “Detection rules (SIEM)” using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
 . To create a rule that searches for each new term detected in source documents, select *New Terms* on the *Create new rule* page, then:
 .. Specify what data to search by entering individual {es} index patterns or selecting an existing data view.
 .. Use the filter and query fields to create the criteria used for detecting
@@ -351,7 +351,7 @@ Use {ref}/esql.html[{esql}] to query your source events and aggregate event data
 
 To create an {esql} rule:
 
-. Go to the *Rules* page. To access it, find **Detection rules (SIEM)** in the main navigation menu or look for “Detection rules (SIEM)” using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
+. Go to the *Rules* page. To access it, find **Detection rules (SIEM)** in the navigation menu or look for “Detection rules (SIEM)” using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
 . Select **{esql}**, then write a query.
 +
 NOTE: Refer to the sections below to learn more about <<esql-rule-query-types,{esql} query types>>, <<esql-query-design,query design considerations>>, and <<esql-rule-limitations,rule limitations>>.