diff --git a/docs/events/add-manage-notes.asciidoc b/docs/events/add-manage-notes.asciidoc index 42e0649aa1..da7902816e 100644 --- a/docs/events/add-manage-notes.asciidoc +++ b/docs/events/add-manage-notes.asciidoc @@ -3,7 +3,7 @@ Incorporate notes into your investigative workflows to coordinate responses, conduct threat hunting, and share investigative findings. You can attach notes to alerts, events, and Timelines and manage them from the **Notes** page. -NOTE: Configure the `securitySolution:maxUnassociatedNotes` <> to specify the maximum number of notes that you can attach to alerts and events. +NOTE: You can attach up to 100 notes to alerts and events. The number of notes you can attach to Timelines is unlimited. [discrete] [[notes-privileges]] diff --git a/docs/getting-started/advanced-setting.asciidoc b/docs/getting-started/advanced-setting.asciidoc index 6782d7b050..9ad498984d 100644 --- a/docs/getting-started/advanced-setting.asciidoc +++ b/docs/getting-started/advanced-setting.asciidoc @@ -177,12 +177,6 @@ By default, Elastic prebuilt rules in the *Rules* and *Rule Monitoring* tables i The `securitySolution:alertTags` field determines which options display in the alert tag menu. The default alert tag options are `Duplicate`, `False Positive`, and `Further investigation required`. You can update the alert tag menu by editing these options or adding more. To learn more about using alert tags, refer to <>. -[discrete] -[[max-notes-alerts-events]] -== Set the maximum notes limit for alerts and events - -The `securitySolution:maxUnassociatedNotes` field determines the maximum number of <> that you can attach to alerts and events. The maximum limit and default value is 10000. - [discrete] [[exclude-cold-frozen-data-rule-executions]] == Exclude cold and frozen data from rules