Fixes toc and introduces images

nastasha-solomon · nastasha-solomon · commit 2d6d74acff39 · 2024-10-27T16:55:59.000-04:00
diff --git a/docs/detections/alerts-view-details.asciidoc b/docs/detections/alerts-view-details.asciidoc
@@ -290,3 +290,13 @@ The **Response** section is located on the **Overview** tab in the right panel.
 image::images/response-action-rp.png[Response section of the Overview tab, 50%]
 
 
+[discrete]
+[[expanded-notes-view]]
+== Notes tab
+
+The **Notes** tab (located in the left panel) shows all notes attached to the alert, in addition to the user who created them and when they were created. Use the tab to add new notes to the alert or delete existing ones.
+
+TIP: Go to the **Notes** <<manage-notes,page>> to find notes that were added to other alerts.
+
+[role="screenshot"]
+image::images/notes-tab-lp.png[Notes tab in the left panel, 70%]
diff --git a/docs/detections/images/notes-tab-lp.png b/docs/detections/images/notes-tab-lp.png
diff --git a/docs/events/add-manage-notes.asciidoc b/docs/events/add-manage-notes.asciidoc
@@ -3,31 +3,38 @@
 
 Incorporate notes into your investigative workflows to coordinate responses, conduct threat hunting, and share investigative findings. You can attach notes to individual alerts and events, and leave notes on saved Timelines. You can then manage notes from the **Notes** page, or from individual alerts, events, or Timelines.
 
-== Add notes 
+[discrete]
+[[add-notes-documents]]
+== Add notes to alerts and events
 
-To add a note to an alert: 
+From the Alerts or Events tables, click the image:images/add-note-icon.png[Add note,15,15] icon to create a new note for an alert or event. Alternatively, use the **Notes** tab in the left panel of the event or alert details flyout, or click the **Add note** image:images/add-note.png[Add note,15,15] icon in the right panel (only available for alerts).
 
-. Find **Alerts** in the main menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
-. Scroll down to the Alerts table, go to the alert you want to add a note to, then click the notes icon. The **Notes** tab in the alert details flyout opens.
-. Enter a note into the text box, then click **Add note**.
+NOTE: Notes that you add to alerts or events in Timeline are automatically attached to the current Timeline. Deselecting the **Attach to current Timeline** option ensures thats notes are added to the alert or event only. 
 
-To add a note to an event: 
+[discrete]
+[[add-notes-timelines]]
+== Create notes for Timelines
 
-. Find **Explore** in the main menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], then go to **Hosts**, **Users**, **Network**.
-. Scroll down to the **Events** tab, go to the event you want to add a note to, then click the notes icon. The **Notes** tab in the events details flyout opens.
-. Enter a note into the text box, then click **Add note**.
+From Timeline, go to the **Notes** tab to create a new note for the entire Timeline. If you haven't saved the Timeline yet, save it, then go back to the **Notes** tab to create the note. 
 
-To add a note to a saved Timeline:
+[discrete]
+[[manage-notes]]
+== Find and manage notes 
 
-. Do one of the following:
-** Find **Timeline** in the main menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], then click a Timeline's title. 
-** Go to the Timeline bar, click the image:images/add-new-timeline-button.png[Click the add new button,20,20] button, then click **Open Timeline**. Click a Timeline's title to open it.
-. Go to the **Notes** tab.
-. Enter a note into the text box, then click **Add note**.
+//Security solution view nav: Investigations -> Notes
+//Classic nav view: Manage -> Investigations -> Notes 
 
-== Manage notes 
-
-To manage notes....
+The **Notes** page allows you to view and interact with all existing notes. From the table, you can:
 
+* Search for specific notes or filter notes by:
+** The user who created them
+** The type of object that they're attached to (notes can be attached to alerts, events, Timelines, or nothing)
+* Examine the contents of a note by clicking on the text in the **Note content** column  
+* Delete individual or multiple notes 
+* Preview the alert or event that a note is attached to
+* Open the note in Timeline (this option is only available for alerts or events with notes attached to a saved Timeline) 
 
+[role="screenshot"]
+image::images/notes-management-page.png[Notes management page, 80%]
 
+TIP: You can also manage notes for individual alerts, events, and Timelines from the **Notes** tab in the event or alert details flyout or Timeline.
diff --git a/docs/events/images/add-note-icon.png b/docs/events/images/add-note-icon.png
diff --git a/docs/events/timeline-ui-overview.asciidoc b/docs/events/timeline-ui-overview.asciidoc
@@ -72,7 +72,7 @@ You can also modify a Timeline's display in other ways:
 * Copy a column name or values to a clipboard 
 * Change how the name, value, and description of a field are displayed in Timeline
 * View the Timeline in full screen mode
-* Add or delete notes on alerts, events, or Timeline
+* Add or delete <<add-manage-notes,notes>> attached to alerts, events, or Timeline
 * Pin interesting events to the Timeline
 
 [discrete]
diff --git a/docs/getting-started/advanced-setting.asciidoc b/docs/getting-started/advanced-setting.asciidoc
@@ -178,9 +178,9 @@ The `securitySolution:alertTags` field determines which options display in the a
 
 [discrete]
 [[max-notes-alerts-events]]
-== Specify the maximum number of notes for alerts or events 
+== Set the maximum notes limit for alerts or events 
 
-The `securitySolution:maxUnassociatedNotes` field determines the maximum number of notes that you can attach to an alert or event. The maximum limit and default value is 1000. 
+The `securitySolution:maxUnassociatedNotes` field determines the maximum number of <<add-manage-notes,notes>> that you can attach to alerts and events. The maximum limit and default value is 1000. 
 
 [discrete]
 [[exclude-cold-frozen-data-rule-executions]]
diff --git a/docs/serverless/alerts/view-alert-details.mdx b/docs/serverless/alerts/view-alert-details.mdx
@@ -278,3 +278,15 @@ The expanded Prevalence view provides the following details:
 The **Response** section is located on the **Overview** tab in the right panel. It shows <DocLink slug="/serverless/security/rules-create">response actions</DocLink> that were added to the rule associated with the alert. Click **Response** to display the response action's results in the left panel.
 
 <DocImage size="l" url="../images/view-alert-details/-detections-response-action-rp.png" alt="Response section of the Overview tab"/>
+
+<div id="expanded-notes-view"></div>
+
+## Notes tab
+
+The **Notes** tab (located in the left panel) shows all notes attached to the alert, in addition to the user who created them and when they were created. Use the tab to add new notes to the alert or delete existing ones.
+
+<DocCallOut title="Tip">
+Go to the **Notes** <DocLink slug="/serverless/security/add-manage-notes" section="manage-notes">page</DocLink> to find notes that were added to other alerts.
+</DocCallOut>
+
+<DocImage size="l" url="../images/view-alert-details/-detections-notes-tab-lp.png" alt="Notes tab in the left panel"/>
diff --git a/docs/serverless/images/notes/-notes-management-page.png b/docs/serverless/images/notes/-notes-management-page.png
diff --git a/docs/serverless/images/view-alert-details/-detections-notes-tab-lp.png b/docs/serverless/images/view-alert-details/-detections-notes-tab-lp.png
diff --git a/docs/serverless/investigate/add-manage-notes.mdx b/docs/serverless/investigate/add-manage-notes.mdx
@@ -10,31 +10,42 @@ tags: ["serverless","security","how-to","manage"]
 
 Incorporate notes into your investigative workflows to coordinate responses, conduct threat hunting, and share investigative findings. You can attach notes to individual alerts and events, and leave notes on saved Timelines. You can then manage notes from the **Notes** page, or from individual alerts, events, or Timelines.
 
-## Add notes 
+<div id="add-notes-documents"></div>
 
-To add a note to an alert: 
+## Add notes to alerts and events 
 
-1. Find **Alerts** in the main menu or by using the [global search field](((kibana-ref))/introduction.html#kibana-navigation-search).
-1. Scroll down to the Alerts table, go to the alert you want to add a note to, then click the notes icon. The **Notes** tab in the alert details flyout opens.
-1. Enter a note into the text box, then click **Add note**.
+From the Alerts or Events tables, click the **Add note** (<DocIcon type="editorComment" title="The icon that lets you to add a new note" />) icon to create a new note for an alert or event. Alternatively, use the **Notes** tab in the left panel of the event or alert details flyout, or click the **Add note** (<DocIcon type="plusInCircle" title="The icon that lets you to add a new note" />) icon in the right panel (only available for alerts).
 
-To add a note to an event: 
+<DocCallOut title="Note">
+ Notes that you add to alerts or events in Timeline are automatically attached to the current Timeline. Deselecting the **Attach to current Timeline** option ensures thats notes are added to the alert or event only. 
+</DocCallOut>
 
-1. Find **Explore** in the main menu or by using the [global search field](((kibana-ref))/introduction.html#kibana-navigation-search), then go to **Hosts**, **Users**, **Network**.
-1. Scroll down to the **Events** tab, go to the event you want to add a note to, then click the notes icon. The **Notes** tab in the events details flyout opens.
-1. Enter a note into the text box, then click **Add note**.
+<div id="add-notes-timelines"></div>
 
-To add a note to a saved Timeline:
+## Create notes for Timelines
 
-1. Do one of the following:
-    * Find **Timeline** in the main menu or by using the [global search field](((kibana-ref))/introduction.html#kibana-navigation-search), then click a Timeline's title. 
-    * Go to the Timeline bar, click the image:images/add-new-timeline-button.png[Click the add new button,20,20] button, then click **Open Timeline**. Click a Timeline's title to open it.
-1. Go to the **Notes** tab.
-1. Enter a note into the text box, then click **Add note**.
+From Timeline, go to the **Notes** tab to create a new note for the entire Timeline. If you haven't saved the Timeline yet, save it, then go back to the **Notes** tab to create the note. 
+
+<div id="manage-notes"></div>
 
 ## Manage notes 
 
-To manage notes....
+{/* Security solution view nav: Investigations -> Notes */}
+
+The **Notes** page allows you to view and interact with all existing notes. From the table, you can:
+* Search for specific notes or filter notes by:
+   * The user who created them
+   * The type of object that they're attached to (notes can be attached to alerts, events, Timelines, or nothing)
+* Examine the contents of a note by clicking on the text in the **Note content** column  
+* Delete individual or multiple notes 
+* Preview the alert or event that a note is attached to
+* Open the note in Timeline (this option is only available for alerts or events with notes attached to a saved Timeline) 
+
+<DocImage size="l" url="../images/notes/-notes-management-page.png" alt="Notes management page"/>
+
+<DocCallOut title="Tip">
+You can manage notes for individual alerts, events, and Timelines from the **Notes** tab in the event or alert details flyout or Timeline.
+</DocCallOut>
 
 
 
diff --git a/docs/serverless/investigate/timelines-ui.mdx b/docs/serverless/investigate/timelines-ui.mdx
@@ -78,7 +78,7 @@ You can also modify a Timeline's display in other ways:
 * Copy a column name or values to a clipboard 
 * Change how the name, value, or description of a field are displayed in Timeline
 * View the Timeline in full screen mode
-* Add or delete notes on alerts, events, or Timeline
+* Add or delete <DocLink slug="/serverless/security/add-manage-notes">notes</DocLink> attached to alerts, events, or Timeline
 * Pin interesting events to the Timeline
 
 <div id="add-remove-timeline-fields"></div>
diff --git a/docs/serverless/serverless-security.docnav.json b/docs/serverless/serverless-security.docnav.json
@@ -662,6 +662,7 @@
               "slug": "/serverless/security/cases-settings", 
               "classic-sources": [ "enSecurityCasesSettings" ]
             },
+        },            
         {
           "slug": "/serverless/security/add-manage-notes",
           "classic-sources": [ "enSecurityAddManageNotes" ]
diff --git a/docs/serverless/settings/advanced-settings.mdx b/docs/serverless/settings/advanced-settings.mdx
@@ -132,9 +132,9 @@ The `securitySolution:enableAssetCriticality` setting determines whether asset c
 
 <div id="max-notes-alerts-events"></div>
 
-## Specify the maximum number of notes for alerts or events 
+## Set the maximum notes limit for alerts or events 
 
-The `securitySolution:maxUnassociatedNotes` field determines the maximum number of notes that you can attach to an alert or event. The maximum limit and default value is 1000. 
+The `securitySolution:maxUnassociatedNotes` field determines the maximum number of <DocLink slug="/serverless/security/add-manage-notes">notes</DocLink> that you can attach to alerts and events. The maximum limit and default value is 1000. 
 
 ## Exclude cold and frozen tier data from analyzer queries
 
