Revision round two

Author: nastasha-solomon

docs/detections/alerts-ui-manage.asciidoc

@@ -150,7 +150,7 @@ From the Alerts table or the alert details flyout, you can:
 * <<alerts-run-osquery, Run Osquery against an alert>>
 * <<signals-to-timelines>>
 * <<visual-event-analyzer,Visually analyze an alert's process relationships>>
-* <<add-notes-documents,Add notes to alerts>>
+* <<notes-alerts-events,Add notes to alerts>>
 
 [float]
 [[detection-alert-status]]

docs/events/add-manage-notes.asciidoc

@@ -1,49 +1,33 @@
 [[add-manage-notes]]
 = Notes
 
-Incorporate notes into your investigative workflows to coordinate responses, conduct threat hunting, and share investigative findings. You can attach notes to alerts, events, and Timeline and manage them from the **Notes** page. 
+Incorporate notes into your investigative workflows to coordinate responses, conduct threat hunting, and share investigative findings. You can attach notes to alerts, events, and Timelines and manage them from the **Notes** page. 
 
 NOTE: Configure the `securitySolution:maxUnassociatedNotes` <<max-notes-alerts-events,advanced setting>> to specify the maximum number of notes that you can attach to alerts and events. 
 
 [discrete]
-[[add-notes-documents]]
-== Add notes to alerts and events
+[[notes-alerts-events]]
+== View and notes to alerts and events
 
-Open the alert or event details flyout to access the **Notes** tab, where you can add notes to alerts and events. To quickly open the tab, use the **Add note** action (image:images/create-note-icon.png[Add note action,15,15]) in the Alerts or Events table. Then, enter a note into the text box, and click **Add note** to create it.
+Open the alert or event details flyout to access the **Notes** tab, where you can view existing notes and add new ones. To quickly open the tab, click the **Add note** action (image:images/create-note-icon.png[Add note action,15,15]) in the Alerts or Events table. Then, enter a note into the text box, and click **Add note** to create it.
 
-[role="screenshot"]
-image::images/create-new-note.png[Creating a new note]
-
-In the alert details flyout, the new note displays on the **Notes** tab. The alert's summary also updates and shows how many notes are attached to the alert. In the event details flyout, the new note displays on the **Notes** tab only.
-
-[role="screenshot"]
-image::images/new-note-added-flyout.png[New note added to an alert]
-
-[discrete]
-[[find-documents-with-notes]]
-=== Find alerts and events with notes
-
-To find alerts and events with notes, use the <<manage-notes,**Notes** page>>. Alternatively, go to the Alerts or Events tables, and look for alerts and events with a notification dot over the **Add note** action (image:images/create-note-icon.png[Add note action,15,15]). Click the action to open the **Notes** tab, which displays all notes that are attached to the alert or event.
+After notes are created, the **Add note** icon displays a notification dot. In the details flyout for alerts, the summary in the right panel also shows how many notes are attached to the alert.
 
 [role="screenshot"]
-image::images/notes-notification.png[Notes notification dot on Alerts page]
+image::images/new-note-alert-event.png[New note added to an alert]
 
 [discrete]
-[[add-notes-timelines]]
-== Add notes to Timelines
+[[notes-timelines]]
+== View and add notes to Timelines
 
 IMPORTANT: You can only add notes to saved Timelines.  
 
-There are two ways to add notes to a saved Timeline: 
+Open the **Notes** Timeline tab, where you can view existing notes for the Timeline and add new ones. Alternatively, use the details flyout for alerts and events that you're investigating from Timeline. Notes added this way are automatically attached to the alert or event and the Timeline unless you deselect the **Attach to current Timeline** option. 
 
-* Open the Timeline, go to the **Notes** tab, and create a new note.
-* Open the details flyout for alerts and events that you're investigating from Timeline, and create a new note. Be aware that notes are automatically attached to the Timeline unless you deselect the **Attach to current Timeline** option.
+After notes are created, the **Notes** Timelines tab displays the total number of notes attached to the Timelines. 
 
-[discrete]
-[[find-timelines-with-notes]]
-=== Find Timelines with notes
-
-To find Timelines with notes, use the <<manage-notes,**Notes** page>>. Alternatively, go to the **Timelines** page (find **Timelines** in the main navigation or look for “Timelines” using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field]), open the appropriate Timeline, and click the **Notes** tab. The tab displays all notes that are attached to the Timeline.
+[role="screenshot"]
+image::images/new-note-timeline-tab.png[New note added to a Timeline]
 
 [discrete]
 [[manage-notes]]

docs/events/images/create-new-note.png

@@ -148,7 +148,7 @@ From the Alerts table or the alert details flyout, you can:
 * <DocLink slug="/serverless/security/alerts-run-osquery">Run Osquery against an alert</DocLink>
 * <DocLink slug="/serverless/security/alerts-manage" section="view-alerts-in-timeline">View alerts in Timeline</DocLink>
 * <DocLink slug="/serverless/security/visual-event-analyzer">Visually analyze an alert's process relationships</DocLink>
-* <DocLink slug="/serverless/security/add-manage-notes" section="add-notes-document">Add notes to alerts</DocLink>
+* <DocLink slug="/serverless/security/add-manage-notes" section="notes-alerts-events">Add notes to alerts</DocLink>
 
 <div id="detection-alert-status"></div>