Address feedback

natasha-moore-elastic · natasha-moore-elastic · commit 22760ce6888a · 2024-11-19T13:44:12.000Z
diff --git a/docs/detections/add-exceptions.asciidoc b/docs/detections/add-exceptions.asciidoc
@@ -129,12 +129,7 @@ Closes all alerts that match the exception's conditions and were generated only
 [[endpoint-rule-exceptions]]
 === Add {elastic-endpoint} exceptions
 
-Like detection rule exceptions, you can add {elastic-endpoint} exceptions either by editing the <<endpoint-protection-rules, endpoint protection rules>> or by adding exceptions as actions on alerts generated by endpoint protection rules. These alerts, known as {elastic-endpoint} alerts, have the following fields:
-
-* `kibana.alert.original_event.module:endpoint`
-* `kibana.alert.original_event.kind:alert`
-
-You can also add Endpoint exceptions to rules that are associated with {elastic-endpoint} rule exceptions. To associate rules when creating or editing a rule, select the <<rule-ui-advanced-params, *{elastic-endpoint} exceptions*>> option.
+Like detection rule exceptions, you can add {elastic-endpoint} exceptions by adding exceptions to <<endpoint-protection-rules, endpoint protection rules>>. You can also add Endpoint exceptions to rules that are associated with {elastic-endpoint} rule exceptions. To associate rules when creating or editing a rule, select the <<rule-ui-advanced-params, *{elastic-endpoint} exceptions*>> option.
 
 Endpoint exceptions are added to the endpoint protection rules *and* the {elastic-endpoint} on your hosts.
 
diff --git a/docs/management/admin/endpoint-protection-rules.asciidoc b/docs/management/admin/endpoint-protection-rules.asciidoc
@@ -3,18 +3,20 @@
 
 Endpoint protection rules are <<prebuilt-rules-management, prebuilt rules>> designed to help you manage and respond to alerts generated by {elastic-endpoint}, the installed component that performs {elastic-defend}'s threat monitoring and prevention. These rules include the <<endpoint-security, {elastic-defend}>> rule as well as additional detection and prevention rules for different {elastic-defend} protection features.
 
-IMPORTANT: To receive {elastic-endpoint} alerts, you must install {agent} and the {elastic-defend} integration  on your hosts (see <<install-endpoint>>).
+IMPORTANT: To receive {elastic-endpoint} alerts, you must install {agent} and the {elastic-defend} integration  on your hosts (refer to <<install-endpoint>>).
+
+When endpoint protection rules are triggered, {elastic-endpoint} alerts are displayed as detection alerts in the {security-app}. The detection alert name is taken from the {elastic-endpoint} alert message and overwrites the prebuilt rule name in the Alerts table. For example, for malware protection, the following {elastic-endpoint} alerts are displayed as detection alerts:
+
+** Malware Prevention Alert
+** Malware Detection Alert
 
 [discrete]
 [[defend-rule]]
 == {elastic-defend} rule
 
-The {elastic-defend} rule automatically creates an alert from all incoming {elastic-endpoint} alerts. When this rule is enabled, the following Endpoint events are displayed as detection alerts:
-
-** Malware Prevention Alert
-** Malware Detection Alert
+The {elastic-defend} rule automatically creates an alert from all incoming {elastic-endpoint} alerts. 
 
-NOTE: When you load the prebuilt rules, this is the only rule that is enabled by default.
+NOTE: When you install Elastic prebuilt rules, the {elastic-defend} is enabled by default.
 
 [discrete]
 [[feature-protection-rules]]
diff --git a/docs/serverless/edr-manage/endpoint-protection-rules.asciidoc b/docs/serverless/edr-manage/endpoint-protection-rules.asciidoc
@@ -3,18 +3,20 @@
 
 Endpoint protection rules are <<security-prebuilt-rules-management, prebuilt rules>> designed to help you manage and respond to alerts generated by {elastic-endpoint}, the installed component that performs {elastic-defend}'s threat monitoring and prevention. These rules include the {elastic-defend} rule as well as additional detection and prevention rules for different {elastic-defend} protection features.
 
-IMPORTANT: To receive {elastic-endpoint} alerts, you must install {agent} and the {elastic-defend} integration on your hosts (see <<security-install-edr>>).
+IMPORTANT: To receive {elastic-endpoint} alerts, you must install {agent} and the {elastic-defend} integration on your hosts (refer to <<security-install-edr>>).
+
+When endpoint protection rules are triggered, {elastic-endpoint} alerts are displayed as detection alerts in the {security-app}. The detection alert name is taken from the {elastic-endpoint} alert message and overwrites the prebuilt rule name in the Alerts table. For example, for malware protection, the following {elastic-endpoint} alerts are displayed as detection alerts:
+
+** Malware Prevention Alert
+** Malware Detection Alert
 
 [discrete]
 [[defend-rule]]
 == {elastic-defend} rule
 
-The {elastic-defend} rule automatically creates an alert from all incoming {elastic-endpoint} alerts. When this rule is enabled, the following Endpoint events are displayed as detection alerts:
-
-** Malware Prevention Alert
-** Malware Detection Alert
+The {elastic-defend} rule automatically creates an alert from all incoming {elastic-endpoint} alerts.
 
-NOTE: When you load the prebuilt rules, this is the only rule that is enabled by default.
+NOTE: When you install Elastic prebuilt rules, the {elastic-defend} rule that is enabled by default.
 
 [discrete]
 [[feature-protection-rules]]
diff --git a/docs/serverless/rules/add-exceptions.asciidoc b/docs/serverless/rules/add-exceptions.asciidoc
@@ -136,12 +136,7 @@ is only available when adding exceptions from the Alerts table.
 [[endpoint-rule-exceptions]]
 == Add {elastic-endpoint} exceptions
 
-Like detection rule exceptions, you can add {elastic-endpoint} exceptions either by editing the <<endpoint-protection-rules, endpoint protection rules>> or by adding exceptions as actions on alerts generated by endpoint protection rules. These alerts, known as {elastic-endpoint} alerts, have the following fields:
-
-* `kibana.alert.original_event.module:endpoint`
-* `kibana.alert.original_event.kind:alert`
-
-You can also add Endpoint exceptions to rules that are associated with {elastic-endpoint} rule exceptions. To associate rules when creating or editing a rule, select the <<rule-ui-advanced-params,**{elastic-endpoint} exceptions**>> option.
+Like detection rule exceptions, you can add {elastic-endpoint} exceptions by adding exceptions to <<endpoint-protection-rules, endpoint protection rules>>. You can also add Endpoint exceptions to rules that are associated with {elastic-endpoint} rule exceptions. To associate rules when creating or editing a rule, select the <<rule-ui-advanced-params,**{elastic-endpoint} exceptions**>> option.
 
 Endpoint exceptions are added to the endpoint protection rules **and** the {elastic-endpoint} on your hosts.
 
