elastic · nastasha-solomon · Jul 17, 2025 · Jul 18, 2025
@@ -90,6 +90,21 @@ NOTE: Rule actions won't run during a {kibana-ref}/maintenance-windows.html[main
 +
 NOTE: Edited prebuilt rules have the `Modified` badge on their details' pages and in the Rules table.
 
+
+NOTE: Modified fields on prebuilt rules are marked with the **Modified** badge. From the rule's details page, click the badge to view the changed fields. Changes are displayed in a side-by-side comparison of the original Elastic version and the modified version. Deleted characters are highlighted in red; added characters are highlighted in green. You can also view this comparison by clicking the **Modified Elastic rule** badge under the rule's name on the rule's details page.
+
+[float]
+[[revert-rule-changes]]
+=== Revert modifications to prebuilt rules
+
+After modifying a prebuilt rule, you can restore it's original version. To do this:
+
+1. Open the rule's details page, click the **All actions** menu, then **Revert to Elastic version**.
+2. In the flyout, review the modified fields. Deleted characters are highlighted in red; added characters are highlighted in green.
+3. Click **Revert** to restore the modified fields to their original versions. 
+
+NOTE: If you haven’t updated the rule in a while, its original version might be unavailable for comparison. You can avoid this by regularly updating prebuilt rules.
+
 [float]
 [[manage-rules-ui]]
 === Manage rules