Adds more images and content

Author: nastasha-solomon

docs/detections/alerts-view-details.asciidoc

@@ -294,7 +294,7 @@ image::images/response-action-rp.png[Response section of the Overview tab, 50%]
 [[expanded-notes-view]]
 == Notes tab
 
-The **Notes** tab (located in the left panel) shows all notes attached to the alert, in addition to the user who created them and when they were created. Use the tab to add new notes to the alert or delete existing ones.
+The **Notes** tab (located in the left panel) shows all notes attached to the alert, in addition to the user who created them and when they were created. Use the tab to add new notes or delete existing ones.
 
 TIP: Go to the **Notes** <<manage-notes,page>> to find notes that were added to other alerts.
 

docs/detections/images/add-note.png renamed to docs/detections/images/add-note-icon.png

@@ -7,34 +7,48 @@ Incorporate notes into your investigative workflows to coordinate responses, con
 [[add-notes-documents]]
 == Add notes to alerts and events
 
-From the Alerts or Events tables, click the image:images/add-note-icon.png[Add note,15,15] icon to create a new note for an alert or event. Alternatively, use the **Notes** tab in the left panel of the event or alert details flyout, or click the **Add note** image:images/add-note.png[Add note,15,15] icon in the right panel (only available for alerts).
+. Go to the Alerts or Events tables:
+** **Alerts table:** Find **Alerts** in the main menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].
+** **Events table:** Find **Explore** in the main menu or by using the {kibana-ref}/introduction.html#kibana-navigation-search[global search field], then go to **Hosts**, **Users**, **Network**. Scroll down to find the Events table.
+. Click the **Add note** icon (image:images/create-note-icon.png[Add note,15,15]). The **Notes** tab in the alert or events details flyout opens. 
+. Enter a note, then click **Add note**.
++
+[role="screenshot"]
+image::images/create-new-note.png[Creating a new note]
+
+Alerts and events with notes have a notification marker on the **Add note** icon (image:images/create-note-icon.png[Add note,15,15]). Hover over the icon to view the total number of notes attached to the alert or event.
 
-NOTE: Notes that you add to alerts or events in Timeline are automatically attached to the current Timeline. Deselecting the **Attach to current Timeline** option ensures thats notes are added to the alert or event only. 
+[role="screenshot"]
+image::images/notes-notification.png[Notes notification marker on Alerts page]
 
 [discrete]
 [[add-notes-timelines]]
 == Add notes to Timelines
 
 From Timeline, go to the **Notes** tab to create a new note for the entire Timeline. If you haven't saved the Timeline yet, save it, then go back to the **Notes** tab to create the note. 
 
+NOTE: Notes that you add to alerts or events in Timeline are automatically attached to the Timeline. Deselect the **Attach to current Timeline** option to only add the note to the alert or event. 
+
 [discrete]
 [[manage-notes]]
 == Find and manage notes 
 
 //Security solution view nav: Investigations -> Notes
 //Classic nav view: Manage -> Investigations -> Notes 
 
-The **Notes** page allows you to view and interact with all existing notes. From the table, you can:
+The **Notes** page allows you to view and interact with all existing notes. To access the page, find **Investigations** in the main menu or look for “Investigations” using the {kibana-ref}/introduction, then go to **Notes**.
 
-* Search for specific notes or filter notes by:
-** The user who created them
-** The type of object that they're attached to (notes can be attached to alerts, events, Timelines, or nothing)
+[role="screenshot"]
+image::images/notes-management-page.png[Notes management page]
+
+From the Notes table, you can:
+
+* Search for specific notes or filter them by:
+** The user who created the notes
+** The type of object that notes are attached to (notes can be attached to alerts, events, Timelines, or nothing)
 * Examine the contents of a note by clicking on the text in the **Note content** column  
 * Delete individual or multiple notes 
-* Preview the alert or event that a note is attached to
+* Examine the alert or event that a note is attached to
 * Open the note in Timeline (this option is only available for alerts or events with notes attached to a saved Timeline) 
 
-[role="screenshot"]
-image::images/notes-management-page.png[Notes management page, 80%]
-
-TIP: You can also manage notes for individual alerts, events, and Timelines from the **Notes** tab in the event or alert details flyout or Timeline.
+TIP: You can also manage notes for individual alerts, events, and Timelines from the **Notes** tab in the details flyout or Timeline.

docs/events/add-manage-notes.asciidoc

@@ -178,7 +178,7 @@ The `securitySolution:alertTags` field determines which options display in the a
 
 [discrete]
 [[max-notes-alerts-events]]
-== Set the maximum notes limit for alerts or events 
+== Set the maximum notes limit for alerts and events 
 
 The `securitySolution:maxUnassociatedNotes` field determines the maximum number of <<add-manage-notes,notes>> that you can attach to alerts and events. The maximum limit and default value is 1000. 
 

docs/events/images/add-note-icon.png

@@ -283,7 +283,7 @@ The **Response** section is located on the **Overview** tab in the right panel.
 
 ## Notes tab
 
-The **Notes** tab (located in the left panel) shows all notes attached to the alert, in addition to the user who created them and when they were created. Use the tab to add new notes to the alert or delete existing ones.
+The **Notes** tab (located in the left panel) shows all notes attached to the alert, in addition to the user who created them and when they were created. Use the tab to add new notes or delete existing ones.
 
 <DocCallOut title="Tip">
 Go to the **Notes** <DocLink slug="/serverless/security/add-manage-notes" section="manage-notes">page</DocLink> to find notes that were added to other alerts.