revert edits to non-serverless files

Author: colleenmcginnis

docs/advanced-entity-analytics/behavioral-detection-use-cases.asciidoc

@@ -1,11 +1,11 @@
 [[behavioral-detection-use-cases]]
 = Behavioral detection use cases
 
-Behavioral detection identifies potential internal and external threats based on user and host activity. It uses a threat-centric approach to flag suspicious activity by analyzing patterns, anomalies, and context enrichment.
+Behavioral detection identifies potential internal and external threats based on user and host activity. It uses a threat-centric approach to flag suspicious activity by analyzing patterns, anomalies, and context enrichment. 
 
 The behavioral detection feature is built on {elastic-sec}'s foundational SIEM detection capabilities, leveraging {ml} algorithms to enable proactive threat detection and hunting.
 
-[discrete]
+[float]
 [[ml-integrations]]
 === Elastic {integrations} for behavioral detection use cases
 

docs/advanced-entity-analytics/machine-learning.asciidoc

@@ -14,15 +14,15 @@ offer the ability to drag and drop details of the anomaly to Timeline, such as
 the `Entity` itself, or any of the associated `Influencers`.
 
 
-[discrete]
+[float]
 [[manage-jobs]]
 == Manage {ml} jobs
 If you have the `machine_learning_admin` role, you can use the *ML job settings* interface on the *Alerts*, *Rules*, and *Rule Exceptions* pages to view, start, and stop {elastic-sec} {ml} jobs.
 
 [role="screenshot"]
 image::images/ml-ui.png[ML job settings UI on the Alerts page]
 
-[discrete]
+[float]
 [[manage-ml-rules]]
 === Manage {ml} detection rules
 
@@ -39,7 +39,7 @@ image::images/rules-table-ml-job-error.png[Rules table {ml} job error]
 image::images/rules-ts-ml-job-stopped.png[Rule details page with ML job stopped]
 
 
-[discrete]
+[float]
 [[included-jobs]]
 === Prebuilt jobs
 
@@ -71,7 +71,7 @@ prior to the time they are enabled. After jobs are enabled, they continuously
 analyze incoming data. When jobs are stopped and restarted within the two-week
 time frame, previously analyzed data is not processed again.
 
-[discrete]
+[float]
 [[view-anomalies]]
 == View detected anomalies
 To view the `Anomalies` table widget and `Max Anomaly Score By Job` details,

docs/advanced-entity-analytics/tune-anomaly-results.asciidoc

@@ -1,12 +1,12 @@
 [[tuning-anomaly-results]]
 = Optimizing anomaly results
 
-To gain clearer insights into real threats, you can tune the anomaly results. The following procedures help to reduce the number of false positives:
+To gain clearer insights into real threats, you can tune the anomaly results. The following procedures help to reduce the number of false positives: 
 
 * <<rarely-used-processes, Tune results for rare applications and processes>>
 * <<define-rule-threshold>>
 
-[discrete]
+[float]
 [[rarely-used-processes]]
 == Filter out anomalies from rarely used applications and processes
 
@@ -20,7 +20,7 @@ For example, to filter out results from a housekeeping process, named
 . <<add-job-filter>>
 . <<clone-job, Clone and rerun the job>> (optional)
 
-[discrete]
+[float]
 [[create-fiter-list]]
 === Create a filter list
 
@@ -40,7 +40,7 @@ image::filter-add-item.png[]
 +
 The new filter appears in the Filter List and can be added to relevant jobs.
 
-[discrete]
+[float]
 [[add-job-filter]]
 === Add the filter to the relevant job
 
@@ -68,7 +68,7 @@ TIP: For more information, see
 NOTE: Changes to rules only affect new results. All anomalies found by the job
 before the filter was added are still displayed.
 
-[discrete]
+[float]
 [[clone-job]]
 === Clone and rerun the job
 
@@ -106,24 +106,24 @@ image::start-job-window.png[]
 +
 After a while, results will start to appear on the *Anomaly Explorer* page.
 
-[discrete]
+[float]
 [[define-rule-threshold]]
 == Define an anomaly threshold for a job
 
-Certain jobs use a high-count function to look for unusual spikes in
+Certain jobs use a high-count function to look for unusual spikes in 
 process events. For some processes, a burst of activity is a normal, such as
 automation and housekeeping jobs running on server fleets. However, sometimes a
 high-delta event count is unlikely to be the result of routine behavior. In
 these cases, you can define a minimum threshold for when a high-event count is
 considered an anomaly.
 
-Depending on your anomaly detection results, you may want to set a
+Depending on your anomaly detection results, you may want to set a 
 minimum event count threshold for the `packetbeat_dns_tunneling` job:
 
 
 . Go to *Machine Learning* -> *Anomaly Detection* -> *Anomaly Explorer*.
-. Navigate to the job results for the `packetbeat_dns_tunneling` job. If the
-job results are not listed, click *Edit job selection* and select
+. Navigate to the job results for the `packetbeat_dns_tunneling` job. If the 
+job results are not listed, click *Edit job selection* and select 
 `packetbeat_dns_tunneling`.
 . In the *actions* column, click the gear icon and then select
 _Configure rules_.
@@ -132,7 +132,7 @@ The *Create Rule* window is displayed.
 +
 [role="screenshot"]
 image::ml-rule-threshold.png[]
-. Select _Add numeric conditions for when the rule applies_ and the following
+. Select _Add numeric conditions for when the rule applies_ and the following 
 `when` statement:
 +
 _WHEN actual IS GREATER THAN <X>_

docs/cases/cases-manage-settings.asciidoc

@@ -1,8 +1,8 @@
 [[cases-manage-settings]]
 == Configure case settings
 :frontmatter-description: Change the default behavior of cases by adding connectors, custom fields, templates, and closure options.
-:frontmatter-tags-products: [security]
-:frontmatter-tags-content-type: [how-to]
+:frontmatter-tags-products: [security] 
+:frontmatter-tags-content-type: [how-to] 
 :frontmatter-tags-user-goals: [analyze]
 
 To change case closure options and add custom fields, templates, and connectors for external incident management systems, go to *Cases* -> *Settings*.
@@ -13,15 +13,15 @@ image::images/cases-settings.png[Shows the case settings page]
 
 NOTE: To view and change case settings, you must have the appropriate {kib} feature privileges. Refer to <<case-permissions>>.
 
-[discrete]
+[float]
 [[close-sent-cases]]
 === Case closures
 
 If you close cases in your external incident management system, the cases will remain open in {elastic-sec} until you close them manually.
 
 To close cases when they are sent to an external system, select *Automatically close cases when pushing new incident to external system*.
 
-[discrete]
+[float]
 [[cases-ui-integrations]]
 === External incident management systems
 
@@ -61,7 +61,7 @@ To change the settings of an existing connector:
 
 To change the default connector used to send cases to external systems, select the required connector from the incident management system list.
 
-[discrete]
+[float]
 [[mapped-case-fields]]
 ==== Mapped case fields
 
@@ -76,7 +76,7 @@ When you push updates to external systems, mapped fields are either overwritten
 
 Retrieving data from external systems is not supported.
 
-[discrete]
+[float]
 [[cases-ui-custom-fields]]
 === Custom fields
 
@@ -98,7 +98,7 @@ In existing cases, new custom text fields initially have null values.
 
 You can subsequently remove or edit custom fields on the **Settings** page.
 
-[discrete]
+[float]
 [[cases-templates]]
 === Templates
 

docs/cases/cases-manage.asciidoc

@@ -2,12 +2,12 @@
 = Open and manage cases
 :frontmatter-description: Create a case in {elastic-sec}, configure email notifications, and add files and visualizations.
 :frontmatter-tags-products: [security]
-:frontmatter-tags-content-type: [how-to]
+:frontmatter-tags-content-type: [how-to] 
 :frontmatter-tags-user-goals: [analyze]
 
 You can create and manage cases using the UI or the <<cases-api-overview>>.
 
-[discrete]
+[float]
 [[cases-ui-open]]
 == Open a new case
 
@@ -43,7 +43,7 @@ NOTE: If you've selected a connector for the case, the case is automatically pus
 image::images/cases-ui-open.png[Shows an open case]
 // NOTE: This is an autogenerated screenshot. Do not edit it directly.
 
-[discrete]
+[float]
 [[cases-ui-notifications]]
 == Add email notifications
 
@@ -75,7 +75,7 @@ must configure the {kibana-ref}/settings.html#server-publicBaseUrl[server.public
 
 When you subsequently add assignees to cases, they receive an email.
 
-[discrete]
+[float]
 [[cases-ui-manage]]
 == Manage existing cases
 
@@ -99,12 +99,12 @@ TIP: Comments can contain Markdown. For syntax help, click the Markdown icon (im
 * Examine <<cases-examine-alerts,alerts>> and <<review-indicator-in-case,indicators>> attached to the case
 * <<cases-add-files>>
 * <<cases-lens-visualization>>
-* Modify the case's description, assignees, category, severity, status, and tags.
+* Modify the case's description, assignees, category, severity, status, and tags. 
 * <<cases-ui-integrations,Manage connectors>> and send updates to external systems (if you've added a connector to the case)
 * <<cases-copy-case-uuid>>
 * Refresh the case to retrieve the latest updates
 
-[discrete]
+[float]
 [[cases-summary]]
 === Review the case summary
 
@@ -122,15 +122,15 @@ Click on an existing case to access its summary. The case summary, located under
 [role="screenshot"]
 image::images/cases-summary.png[Shows you a summary of the case]
 
-[discrete]
+[float]
 [[cases-manage-comments]]
 === Manage case comments
 To edit, delete, or quote a comment, select the appropriate option from the *More actions* menu (*…​*).
 
 [role="screenshot"]
 image::images/cases-manage-comments.png[Shows you a summary of the case]
 
-[discrete]
+[float]
 [[cases-examine-alerts]]
 === Examine alerts attached to a case
 
@@ -141,7 +141,7 @@ image::images/cases-alert-tab.png[Shows you the Alerts tab]
 
 NOTE: Each case can have a maximum of 1,000 alerts.
 
-[discrete]
+[float]
 [[cases-add-files]]
 === Add files
 
@@ -159,7 +159,7 @@ The available hash functions are MD5, SHA-1, and SHA-256.
 When you add a file, a comment is added to the case activity log.
 To view an image, click its name in the activity or file list.
 
-[discrete]
+[float]
 [[cases-lens-visualization]]
 === Add a Lens visualization
 
@@ -194,7 +194,7 @@ After a visualization has been added to a case, you can modify or interact with
 [role="screenshot"]
 image::images/cases-open-vis.png[Shows where the Open Visualization option is]
 
-[discrete]
+[float]
 [[cases-copy-case-uuid]]
 === Copy the case UUID
 
@@ -203,15 +203,15 @@ Each case has a universally unique identifier (UUID) that you can copy and share
 [role="screenshot"]
 image::images/cases-copy-case-id.png[Copy Case ID option in More actions menu 40%,40%]
 
-[discrete]
+[float]
 [[cases-export-import]]
 == Export and import cases
 
 Cases can be <<cases-export, exported>> and <<cases-import, imported>> as saved objects using the {kib} {kibana-ref}/managing-saved-objects.html[Saved Objects] UI.
 
 IMPORTANT: Before importing Lens visualizations, Timelines, or alerts into a space, ensure their data is present. Without it, they won't work after being imported.
 
-[discrete]
+[float]
 [[cases-export]]
 === Export a case
 Use the *Export* option to move cases between different Kibana instances. When you export a case, the following data is exported to a newline-delimited JSON (`.ndjson`) file:
@@ -243,7 +243,7 @@ TIP: Keep the *Include related objects* option enabled to ensure connectors are
 [role="screenshot"]
 image::images/cases-export-button.png[Shows the export saved objects workflow]
 
-[discrete]
+[float]
 [[cases-import]]
 === Import a case
 

docs/cloud-native-security/session-view.asciidoc

@@ -24,7 +24,7 @@ Session View has the following features:
 
 NOTE: To view Linux session data from your Kubernetes infrastructure, you'll need to set up the <<kubernetes-dashboard,Kubernetes dashboard>>.
 
-[discrete]
+[float]
 [[enable-session-view]]
 == Enable Session View data
 Session View uses process data collected by the {elastic-defend} integration,
@@ -42,7 +42,7 @@ fields collected when this setting is enabled, refer to the https://github.com/e
 
 
 
-[discrete]
+[float]
 [[open-session-view]]
 == Open Session View
 Session View is accessible from the **Hosts**, **Alerts**, and **Timelines** pages, as well as the alert details flyout and the **Kubernetes** dashboard.