elastic
diff --git a/‎docs/detections/building-block-rule.asciidoc
Lines changed: 4 additions & 4 deletions b/‎docs/detections/building-block-rule.asciidoc
Lines changed: 4 additions & 4 deletions
diff --git a/‎docs/detections/detection-engine-intro.asciidoc
Lines changed: 1 addition & 1 deletion b/‎docs/detections/detection-engine-intro.asciidoc
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/detections/detections-ui-exceptions.asciidoc
Lines changed: 8 additions & 3 deletions b/‎docs/detections/detections-ui-exceptions.asciidoc
Lines changed: 8 additions & 3 deletions
diff --git a/‎docs/detections/images/add-exception-ui.png
-95.1 KB b/‎docs/detections/images/add-exception-ui.png
-95.1 KB
diff --git a/‎docs/detections/images/alert-indices-ui.png
-148 KB b/‎docs/detections/images/alert-indices-ui.png
-148 KB
diff --git a/‎docs/detections/images/detections-ui.png
-23.8 KB b/‎docs/detections/images/detections-ui.png
-23.8 KB
diff --git a/‎docs/detections/images/exception-histogram.png
25.7 KB b/‎docs/detections/images/exception-histogram.png
25.7 KB
diff --git a/‎docs/detections/images/more-action-button.png
15.5 KB b/‎docs/detections/images/more-action-button.png
15.5 KB
diff --git a/‎docs/detections/rules-ui-create.asciidoc
Lines changed: 1 addition & 1 deletion b/‎docs/detections/rules-ui-create.asciidoc
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/management/admin/admin-pg-ov.asciidoc
Lines changed: 7 additions & 7 deletions b/‎docs/management/admin/admin-pg-ov.asciidoc
Lines changed: 7 additions & 7 deletions
diff --git a/‎docs/management/admin/images/admin-pg.png
-61.3 KB b/‎docs/management/admin/images/admin-pg.png
-61.3 KB
@@ -23,9 +23,9 @@ image::images/alert-indices-ui.png[]
 
 === View building-block alerts in the UI
 
-. Go to *Security* -> *Detections*
-. In the Alert table, select _Additional filters_ ->
-_Include building-block alerts_.
+. Go to *Security* -> *Detections*.
+. In the Alerts table, select *Additional filters* ->
+*Include building-block alerts*, located on the far-right.
 
 NOTE: On a building-block Rule details page, the rule's alerts are displayed (by
-default, _Include building-block alerts_ is selected).
+default, *Include building-block alerts* is selected).
@@ -1,7 +1,7 @@
 [[detection-engine-overview]]
 [role="xpack"]
 
-= Detections and Alerts (beta)
+= Detections and Alerts
 
 beta[]
 
 
@@ -93,13 +93,18 @@ specific event in the sequence, update the rule's EQL statement. For example:
 exception (*Security* -> *Detections* -> *Manage detection rules* ->
 <rule name>).
 .. Scroll down to the *Trend* histogram and select the *Exceptions* tab.
++
+[role="screenshot"]
+image::images/exception-histogram.png[]
 .. Click *Add new exception*.
 . To add an exception via the Alerts table:
 .. Go to Detections (*Security* -> *Detections*).
-.. Scroll down to the Alerts table and click the more actions icon, and then
-select *Add exception*.
+.. Scroll down to the Alerts table and click the *More Actions* button, then select *Add rule exception*.
++
+[role="screenshot"]
+image::images/more-action-button.png[]
 +
-The *Add Exception* window opens (via Alerts table).
+The *Add Rule Exception* window opens (via Alerts table).
 +
 [role="screenshot"]
 image::images/add-exception-ui.png[]
 
@@ -181,7 +181,7 @@ sequence by process.entity_id
   [network
     where event.type == "connection"
     and process.name == "msxsl.exe"
-    and network.direction == "outgoing"`
+    and network.direction == "outgoing"]
 ----
 +
 Searches the `winlogbeat-*` indices for sequences of a `msxsl.exe` process start
 
@@ -17,7 +17,7 @@ NOTE: {fleet} must be enabled in a Kibana Space for administrative actions to fu
 
 The *Endpoints list* lists all hosts running {elastic-sec} and their relevant integration details. Endpoints appear in chronological order, with newly added endpoints at the top. The Endpoints list provides the following data:
 
-* *Hostname:* The system hostname. Click the link to view host details in a flyout panel, where you can also reassign an agent configuration.
+* *Hostname:* The system hostname. Click the link to view host details in a flyout panel, where you can also reassign a Policy.
 
 * *Agent Status:* The current status of the Elastic Agent, which is one of the following:
 
@@ -31,7 +31,7 @@ The *Endpoints list* lists all hosts running {elastic-sec} and their relevant in
 
 * *Integration Policy:* The name of the associated Policy when the agent was installed. Click the link to view the Integration Policy page.
 
-* *Policy Status:* Lists whether the Policy configuration was a success or failure. Click the link to view configuration response details in a flyout panel.
+* *Policy Status:* Lists whether the Policy application was a success or failure. Click the link to view response details in a flyout panel.
 
 * *Operating System:* The associated operating system.
 
@@ -56,7 +56,7 @@ image::images/admin-pg.png[Admin page]
 
 *Hostname details*
 
-Click a *Hostname* link to display host details in a flyout panel. This panel also provides shortcut links to view the associated Policy, view the configuration response details, and reassign the Policy if needed.
+Click a *Hostname* link to display host details in a flyout panel. This panel also provides shortcut links to view the associated Policy, view the response details, and reassign the Policy if needed.
 
 [role="screenshot"]
 image::images/host-flyout.png[Admin page]
@@ -65,22 +65,22 @@ image::images/host-flyout.png[Admin page]
 
 To view the Integration Policy page, click the link in the *Integration Policy* column. If you are viewing host details, you can also click the *Integration Policy* link on the flyout panel.
 
-On this page, you can view and configure endpoint protection and event collection settings. In the upper-right corner are Key Performance Indicators (KPIs) that provide current endpoint status. If you need to update the Policy configuration, make changes as appropriate, then click the *Save* button to apply the new changes.
+On this page, you can view and configure endpoint protection and event collection settings. In the upper-right corner are Key Performance Indicators (KPIs) that provide current endpoint status. If you need to update the Policy, make changes as appropriate, then click the *Save* button to apply the new changes.
 
 NOTE: Users must have permission to read/write to Fleet APIs to make changes to the configuration.
 
 [role="screenshot"]
 image::images/integration-pg.png[Integration page]
 
-*Configuration status*
+*Policy status*
 
-The status of the Policy configuration appears in the *Policy Status* column and displays one of the following possibilities:
+The status of the Policy application appears in the *Policy Status* column and displays one of the following possibilities:
 
 * *Success:* The Policy applied successfully.
 
 * *Warning or Partially Applied:* The Policy is pending application, or the Policy was not applied in its entirety.
 
-NOTE: In some cases, some actions taken on the endpoint may fail during the configuration application but are not recognized as a critical failure - meaning there may be a failure, but the endpoints are still protected. In this case, the configuration status will display as "Partially Applied."
+NOTE: In some cases, some actions taken on the endpoint may fail during the Policy application but are not recognized as a critical failure - meaning there may be a failure, but the endpoints are still protected. In this case, the Policy status will display as "Partially Applied."
 
 * *Failure:* The Policy did not apply correctly. As such, endpoints are not protected.
Original file line number	Diff line number	Diff line change
`@@ -181,7 +181,7 @@ sequence by process.entity_id`
`181`	`181`	`[network`
`182`	`182`	`where event.type == "connection"`
`183`	`183`	`and process.name == "msxsl.exe"`
`184`		- and network.direction == "outgoing"`
	`184`	`+ and network.direction == "outgoing"]`
`185`	`185`	`----`
`186`	`186`	`+`
`187`	`187`	Searches the `winlogbeat-*` indices for sequences of a `msxsl.exe` process start