updates create and update api docs

docs/detections/api/rules/rules-api-create.asciidoc

@@ -348,6 +348,10 @@ relevant information about the rule. Defaults to an empty array.
 is converted from a third-party security solution. Automatically created when
 it is not provided.
 
+|setup |String |Instructions on rule prerequisites such as required
+integrations, configuration steps, and anything else needed for the rule to
+work correctly.
+
 |tags |String[] |String array containing words and phrases to help categorize,
 filter, and search rules. Defaults to an empty array.
 
@@ -914,6 +918,7 @@ POST api/detection_engine/rules
   "interval": "5m",
   "name": "Anomalous Linux network activity",
   "note": "Shut down the internet.",
+  "setup": "This rule requires data coming in from Elastic Defend."
   "severity": "high",
   "tags": [
    "machine learning",
@@ -1178,10 +1183,10 @@ Example response for a query rule:
   "language": "kuery",
   "related_integrations": [],       <1>
   "required_fields": [],            <1>
-  "setup": ""                       <1>
+  "setup": ""
 }
 --------------------------------------------------
-<1> dev:[] These fields are under development and their usage may change: `related_integrations`, `required_fields`, and `setup`.
+<1> dev:[] These fields are under development and their usage may change: `related_integrations` and `required_fields`.
 
 
 Example response for a {ml} job rule:
@@ -1236,10 +1241,10 @@ Example response for a {ml} job rule:
   "machine_learning_job_id": "linux_anomalous_network_activity_ecs",
   "related_integrations": [],       <1>
   "required_fields": [],            <1>
-  "setup": ""                       <1>
+  "setup": ""
 }
 --------------------------------------------------
-<1> dev:[] These fields are under development and their usage may change: `related_integrations`, `required_fields`, and `setup`.
+<1> dev:[] These fields are under development and their usage may change: `related_integrations` and `required_fields`.
 
 Example response for a threshold rule:
 
@@ -1317,10 +1322,10 @@ Example response for a threshold rule:
   },
   "related_integrations": [],       <1>
   "required_fields": [],            <1>
-  "setup": ""                       <1>
+  "setup": ""
 }
 --------------------------------------------------
-<1> dev:[] These fields are under development and their usage may change: `related_integrations`, `required_fields`, and `setup`.
+<1> dev:[] These fields are under development and their usage may change: `related_integrations` and `required_fields`.
 
 Example response for an EQL rule:
 
@@ -1362,10 +1367,10 @@ Example response for an EQL rule:
   "language": "eql",
   "related_integrations": [],       <1>
   "required_fields": [],            <1>
-  "setup": ""                       <1>
+  "setup": ""
 }
 --------------------------------------------------
-<1> dev:[] These fields are under development and their usage may change: `related_integrations`, `required_fields`, and `setup`.
+<1> dev:[] These fields are under development and their usage may change: `related_integrations` and `required_fields`.
 
 Example response for an indicator match rule:
 
@@ -1434,10 +1439,10 @@ Example response for an indicator match rule:
   ],
   "related_integrations": [],       <1>
   "required_fields": [],            <1>
-  "setup": ""                       <1>
+  "setup": ""
 }
 --------------------------------------------------
-<1> dev:[] These fields are under development and their usage may change: `related_integrations`, `required_fields`, and `setup`.
+<1> dev:[] These fields are under development and their usage may change: `related_integrations` and `required_fields`.
 
 Example response for a new terms rule:
 
@@ -1479,10 +1484,10 @@ Example response for a new terms rule:
   "history_window_start": "now-30d",
   "related_integrations": [],       <1>
   "required_fields": [],            <1>
-  "setup": ""                       <1>
+  "setup": ""
 }
 --------------------------------------------------
-<1> dev:[] These fields are under development and their usage may change: `related_integrations`, `required_fields`, and `setup`.
+<1> dev:[] These fields are under development and their usage may change: `related_integrations` and `required_fields`.
 
 Example response for an {esql} rule:
 
@@ -1519,10 +1524,10 @@ Example response for an {esql} rule:
   "immutable": false,
   "related_integrations": [],     <1>
   "required_fields": [],          <1>
-  "setup": "",                    <1>
+  "setup": "",
   "type": "esql",
   "language": "esql",
   "query": "from auditbeat-8.10.2 [metadata _id] | where process.parent.name == \"EXCEL.EXE\""
 }
 --------------------------------------------------
-<1> dev:[] These fields are under development and their usage may change: `related_integrations`, `required_fields`, and `setup`.
+<1> dev:[] These fields are under development and their usage may change: `related_integrations` and `required_fields`.

docs/detections/api/rules/rules-api-update.asciidoc

@@ -244,6 +244,10 @@ single execution. Defaults to `100`.
 |references |String[] |Array containing notes about or references to
 relevant information about the rule. Defaults to an empty array.
 
+|setup |String |Instructions on rule prerequisites such as required
+integrations, configuration steps, and anything else needed for the rule to
+work correctly.
+
 |tags |String[] |String array containing words and phrases to help categorize,
 filter, and search rules. Defaults to an empty array.
 
@@ -629,7 +633,7 @@ Example response:
   ],
   "related_integrations": [],       <1>
   "required_fields": [],            <1>
-  "setup": "",                      <1>
+  "setup": "",
   "type": "query",
   "threat": [
     {
@@ -665,4 +669,4 @@ Example response:
 }
 --------------------------------------------------
 
-<1> dev:[] These fields are under development and their usage or schema may change: `related_integrations`, `required_fields`, `setup`, and `execution_summary`.
+<1> dev:[] These fields are under development and their usage or schema may change: `related_integrations`, `required_fields`, and `execution_summary`.