From 470e497f3c76905dfd87d345a19aff0e44c7cc2a Mon Sep 17 00:00:00 2001
From: Joe Peeples <joe.peeples@elastic.co>
Date: Fri, 1 Nov 2024 16:14:57 -0400
Subject: [PATCH 1/2] Remove statement on rule type limitations

---
 docs/management/admin/automated-response-actions.asciidoc        | 1 -
 .../endpoint-response-actions/automated-response-actions.mdx     | 1 -
 2 files changed, 2 deletions(-)

diff --git a/docs/management/admin/automated-response-actions.asciidoc b/docs/management/admin/automated-response-actions.asciidoc
index ec339f1731..aade5888d5 100644
--- a/docs/management/admin/automated-response-actions.asciidoc
+++ b/docs/management/admin/automated-response-actions.asciidoc
@@ -14,7 +14,6 @@ Add {elastic-defend}'s <<response-actions,response actions>> to detection rules
 * Automated response actions require an https://www.elastic.co/pricing[Enterprise subscription].
 * Hosts must have {agent} installed with the {elastic-defend} integration.
 * Your user role must have the ability to create detection rules and the privilege to perform <<response-action-commands,specific response actions>> (for example, the **Host Isolation** privilege to isolate hosts).
-* You can only add automated response actions to <<create-custom-rule,custom query>>, <<create-eql-rule,event correlation (EQL)>>, <<create-new-terms-rule,new terms>>, and <<create-esql-rule,{esql}>> type rules.
 --
 
 To add automated response actions to a new or existing rule:
diff --git a/docs/serverless/endpoint-response-actions/automated-response-actions.mdx b/docs/serverless/endpoint-response-actions/automated-response-actions.mdx
index a110dfaaf0..34b6a83074 100644
--- a/docs/serverless/endpoint-response-actions/automated-response-actions.mdx
+++ b/docs/serverless/endpoint-response-actions/automated-response-actions.mdx
@@ -15,7 +15,6 @@ Add ((elastic-defend))'s <DocLink slug="/serverless/security/response-actions">r
 - Automated response actions require the Endpoint Protection Complete <DocLink slug="/serverless/elasticsearch/manage-project">project feature</DocLink>.
 - Hosts must have ((agent)) installed with the ((elastic-defend)) integration.
 - Your user role must have the ability to create detection rules and the privilege to perform <DocLink slug="/serverless/security/response-actions" section="response-action-commands">specific response actions</DocLink> (for example, custom roles require the **Host Isolation** privilege to isolate hosts).
-- You can only add automated response actions to <DocLink slug="/serverless/security/rules-create" section="create-custom-rule">custom query</DocLink>, <DocLink slug="/serverless/security/rules-create" section="create-eql-rule">event correlation (EQL)</DocLink>, <DocLink slug="/serverless/security/rules-create" section="create-new-terms-rule">new terms</DocLink>, and <DocLink slug="/serverless/security/rules-create" section="create-esql-rule">((esql))</DocLink> type rules.
 
 </DocCallOut>
 

From 5c27a0a109f51261958c7bf1e31aef01c01ef78f Mon Sep 17 00:00:00 2001
From: Colleen McGinnis <colleen.mcginnis@elastic.co>
Date: Tue, 5 Nov 2024 16:12:23 -0600
Subject: [PATCH 2/2] update serverless asciidoc file instead of mdx file

---
 .../automated-response-actions.asciidoc                          | 1 -
 .../endpoint-response-actions/automated-response-actions.mdx     | 1 +
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/serverless/endpoint-response-actions/automated-response-actions.asciidoc b/docs/serverless/endpoint-response-actions/automated-response-actions.asciidoc
index 80ee3fad9c..c3085b9344 100644
--- a/docs/serverless/endpoint-response-actions/automated-response-actions.asciidoc
+++ b/docs/serverless/endpoint-response-actions/automated-response-actions.asciidoc
@@ -14,7 +14,6 @@ Add {elastic-defend}'s <<security-response-actions,response actions>> to detecti
 * Automated response actions require the Endpoint Protection Complete <<elasticsearch-manage-project,project feature>>.
 * Hosts must have {agent} installed with the {elastic-defend} integration.
 * Your user role must have the ability to create detection rules and the privilege to perform <<response-action-commands,specific response actions>> (for example, custom roles require the **Host Isolation** privilege to isolate hosts).
-* You can only add automated response actions to <<create-custom-rule,custom query>>, <<create-eql-rule,event correlation (EQL)>>, <<create-new-terms-rule,new terms>>, and <<create-esql-rule,{esql}>> type rules.
 ====
 
 To add automated response actions to a new or existing rule:
diff --git a/docs/serverless/endpoint-response-actions/automated-response-actions.mdx b/docs/serverless/endpoint-response-actions/automated-response-actions.mdx
index 34b6a83074..a110dfaaf0 100644
--- a/docs/serverless/endpoint-response-actions/automated-response-actions.mdx
+++ b/docs/serverless/endpoint-response-actions/automated-response-actions.mdx
@@ -15,6 +15,7 @@ Add ((elastic-defend))'s <DocLink slug="/serverless/security/response-actions">r
 - Automated response actions require the Endpoint Protection Complete <DocLink slug="/serverless/elasticsearch/manage-project">project feature</DocLink>.
 - Hosts must have ((agent)) installed with the ((elastic-defend)) integration.
 - Your user role must have the ability to create detection rules and the privilege to perform <DocLink slug="/serverless/security/response-actions" section="response-action-commands">specific response actions</DocLink> (for example, custom roles require the **Host Isolation** privilege to isolate hosts).
+- You can only add automated response actions to <DocLink slug="/serverless/security/rules-create" section="create-custom-rule">custom query</DocLink>, <DocLink slug="/serverless/security/rules-create" section="create-eql-rule">event correlation (EQL)</DocLink>, <DocLink slug="/serverless/security/rules-create" section="create-new-terms-rule">new terms</DocLink>, and <DocLink slug="/serverless/security/rules-create" section="create-esql-rule">((esql))</DocLink> type rules.
 
 </DocCallOut>