From 2c6358fc16da51ce4011b29d70c8e11e48f3160c Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Thu, 17 Jul 2025 17:45:34 -0400 Subject: [PATCH 1/2] First draft --- docs/detections/rules-ui-manage.asciidoc | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/docs/detections/rules-ui-manage.asciidoc b/docs/detections/rules-ui-manage.asciidoc index a0a2710eeb..35402e7945 100644 --- a/docs/detections/rules-ui-manage.asciidoc +++ b/docs/detections/rules-ui-manage.asciidoc @@ -90,6 +90,19 @@ NOTE: Rule actions won't run during a {kibana-ref}/maintenance-windows.html[main + NOTE: Edited prebuilt rules have the `Modified` badge on their details' pages and in the Rules table. + +NOTE: Modified fields on prebuilt rules are marked with the **Modified** badge. From the rule's details page, click the badge to view the changed fields. Changes are displayed in a side-by-side comparison of the original Elastic version and the modified version. Deleted characters are highlighted in red; added characters are highlighted in green. You can also view this comparison by clicking the **Modified Elastic rule** badge under the rule's name on the rule's details page. + +[float] +[[revert-rule-changes]] +=== Revert modifications to prebuilt rules + +After modifying a prebuilt rule, you can restore it's original version. To do this: + +1. Open the rule's details page, click the **All actions** menu, then **Revert to Elastic version**. +2. In the flyout, review the modified fields. Deleted characters are highlighted in red; added characters are highlighted in green. +3. Click **Revert** to restore the modified fields to their original versions. + [float] [[manage-rules-ui]] === Manage rules From 96821e2bb50dc0870e92fdcfe89196e3596233f2 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Thu, 17 Jul 2025 20:33:19 -0400 Subject: [PATCH 2/2] Davis' input --- docs/detections/rules-ui-manage.asciidoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/detections/rules-ui-manage.asciidoc b/docs/detections/rules-ui-manage.asciidoc index 35402e7945..6a05139917 100644 --- a/docs/detections/rules-ui-manage.asciidoc +++ b/docs/detections/rules-ui-manage.asciidoc @@ -103,6 +103,8 @@ After modifying a prebuilt rule, you can restore it's original version. To do th 2. In the flyout, review the modified fields. Deleted characters are highlighted in red; added characters are highlighted in green. 3. Click **Revert** to restore the modified fields to their original versions. +NOTE: If you haven’t updated the rule in a while, its original version might be unavailable for comparison. You can avoid this by regularly updating prebuilt rules. + [float] [[manage-rules-ui]] === Manage rules