[Serverless]: Security – Monitor and troubleshoot rule executions (#6384)

* Removed outdated content

* Fixed conflict

Author: nastasha-solomon

docs/serverless/rules/alerts-ui-monitor.asciidoc

@@ -97,7 +97,6 @@ missing. There are a number of ways to try to resolve this issue:
 
 * <<troubleshoot-gaps,Troubleshoot gaps>>
 * <<troubleshoot-ingestion-pipeline-delay,Troubleshoot ingestion pipeline delay>>
-* <<ml-job-compatibility,Troubleshoot missing alerts for {ml} jobs>>
 
 You can also use Task Manager in {kib} to troubleshoot background tasks and processes that may be related to missing alerts:
 
@@ -158,77 +157,4 @@ You can reduce the number of missed alerts due to ingestion pipeline delay by sp
 For example, say an event occurred at 10:00 but wasn't ingested into {es} until 10:10 due to an ingestion pipeline delay. If you created a rule to detect that event with an interval + additional look-back time of 6 minutes, and the rule executes at 10:12, it would still detect the event because the `event.ingested` timestamp was from 10:10, only 2 minutes before the rule executed and well within the rule's 6-minute interval + additional look-back time.
 
 [role="screenshot"]
-image::images/alerts-ui-monitor/-detections-timestamp-override.png[]
-
-[discrete]
-[[ml-job-compatibility]]
-=== Troubleshoot missing alerts for {ml} jobs
-
-{ml-cap} detection rules use {ml} jobs that have dependencies on data fields populated by the {beats} and {agent} integrations. In {stack} version 8.3, new {ml} jobs (prefixed with `v3`) were released to operate on the ECS fields available at that time.
-
-If you're using 8.2 or earlier versions of {beats} or {agent} with {stack} version 8.3 or later, you may need to duplicate prebuilt rules or create new custom rules _before_ you update the Elastic prebuilt rules. Once you update the prebuilt rules, they will only use `v3` {ml} jobs. Duplicating the relevant prebuilt rules before updating them ensures continued coverage by allowing you to keep using `v1` or `v2` jobs (in the duplicated rules) while also running the new `v3` jobs (in the updated prebuilt rules).
-
-[IMPORTANT]
-====
-* Duplicated rules may result in duplicate anomaly detections and alerts.
-* Ensure that the relevant `v3` {ml} jobs are running before you update the Elastic prebuilt rules.
-====
-
-* If you only have **8.3 or later versions of {beats} and {agent}**: You can download or update your prebuilt rules and use the latest `v3` {ml} jobs. No additional action is required.
-* If you only have **8.2 or earlier versions of {beats} or {agent}**, or **a mix of old and new versions**: To continue using the `v1` and `v2` {ml} jobs specified by pre-8.3 prebuilt detection rules, you must duplicate affected prebuilt rules _before_ updating them to the latest rule versions. The duplicated rules can continue using the same `v1` and `v2` {ml} jobs, and the updated prebuilt {ml} rules will use the new `v3` {ml} jobs.
-* If you have **a non-Elastic data shipper that gathers ECS-compatible events**: You can use the latest `v3` {ml} jobs with no additional action required, as long as your data shipper uses the latest ECS specifications. However, if you're migrating from {ml} rules using `v1`/`v2` jobs, ensure that you start the relevant `v3` jobs before updating the Elastic prebuilt rules.
-
-The following Elastic prebuilt rules use the new `v3` {ml} jobs to generate alerts. Duplicate their associated `v1`/`v2` prebuilt rules _before_ updating them if you need continued coverage from the `v1`/`v2` {ml} jobs:
-
-////
-/* {/* Links to prebuilt rule pages temporarily removed for initial serverless docs. We can renable links once
-we add prebuilt rule pages to the serverless docs.*/
-////
-
-////
-/*
-* <DocLink id="serverlessSecurityUnusualLinuxNetworkPortActivity">Unusual Linux Network Port Activity</DocLink>: `v3_linux_anomalous_network_port_activity`
-
-* <DocLink id="serverlessSecurityAnomalousProcessForALinuxPopulation">Anomalous Process For a Linux Population</DocLink>: `v3_linux_anomalous_process_all_hosts`
-
-* <DocLink id="serverlessSecurityUnusualLinuxUsername">Unusual Linux Username</DocLink>: `v3_linux_anomalous_user_name`
-
-* <DocLink id="serverlessSecurityUnusualLinuxProcessCallingTheMetadataService">Unusual Linux Process Calling the Metadata Service</DocLink>: `v3_linux_rare_metadata_process`
-
-* <DocLink id="serverlessSecurityUnusualLinuxUserCallingTheMetadataService">Unusual Linux User Calling the Metadata Service</DocLink>: `v3_linux_rare_metadata_user`
-
-* <DocLink id="serverlessSecurityUnusualProcessForALinuxHost">Unusual Process For a Linux Host</DocLink>: `v3_rare_process_by_host_linux`
-
-* <DocLink id="serverlessSecurityUnusualProcessForAWindowsHost">Unusual Process For a Windows Host</DocLink>: `v3_rare_process_by_host_windows`
-
-* <DocLink id="serverlessSecurityUnusualWindowsNetworkActivity">Unusual Windows Network Activity</DocLink>: `v3_windows_anomalous_network_activity`
-
-* <DocLink id="serverlessSecurityUnusualWindowsPathActivity">Unusual Windows Path Activity</DocLink>: `v3_windows_anomalous_path_activity`
-
-* <DocLink id="serverlessSecurityAnomalousWindowsProcessCreation">Anomalous Windows Process Creation</DocLink>: `v3_windows_anomalous_process_creation`
-
-* <DocLink id="serverlessSecurityAnomalousProcessForAWindowsPopulation">Anomalous Process For a Windows Population</DocLink>: `v3_windows_anomalous_process_all_hosts`
-
-* <DocLink id="serverlessSecurityUnusualWindowsUsername">Unusual Windows Username</DocLink>: `v3_windows_anomalous_user_name`
-
-* <DocLink id="serverlessSecurityUnusualWindowsProcessCallingTheMetadataService">Unusual Windows Process Calling the Metadata Service</DocLink>: `v3_windows_rare_metadata_process`
-
-* <DocLink id="serverlessSecurityUnusualWindowsUserCallingTheMetadataService">Unusual Windows User Calling the Metadata Service</DocLink>: `v3_windows_rare_metadata_user`
-*/
-////
-
-* Unusual Linux Network Port Activity: `v3_linux_anomalous_network_port_activity`
-* Unusual Linux Network Connection Discovery: `v3_linux_anomalous_network_connection_discovery`
-* Anomalous Process For a Linux Population: `v3_linux_anomalous_process_all_hosts`
-* Unusual Linux Username: `v3_linux_anomalous_user_name`
-* Unusual Linux Process Calling the Metadata Service: `v3_linux_rare_metadata_process`
-* Unusual Linux User Calling the Metadata Service: `v3_linux_rare_metadata_user`
-* Unusual Process For a Linux Host: `v3_rare_process_by_host_linux`
-* Unusual Process For a Windows Host: `v3_rare_process_by_host_windows`
-* Unusual Windows Network Activity: `v3_windows_anomalous_network_activity`
-* Unusual Windows Path Activity: `v3_windows_anomalous_path_activity`
-* Anomalous Windows Process Creation: `v3_windows_anomalous_process_creation`
-* Anomalous Process For a Windows Population: `v3_windows_anomalous_process_all_hosts`
-* Unusual Windows Username: `v3_windows_anomalous_user_name`
-* Unusual Windows Process Calling the Metadata Service: `v3_windows_rare_metadata_process`
-* Unusual Windows User Calling the Metadata Service: `v3_windows_rare_metadata_user`
+image::images/alerts-ui-monitor/-detections-timestamp-override.png[]