From 5df715dd9e457aeed90fe691a3cf830ba8dc10f9 Mon Sep 17 00:00:00 2001
From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com>
Date: Fri, 29 Sep 2023 16:29:10 +0100
Subject: [PATCH] Modifies description of (#3994) (#4001)

(cherry picked from commit 2eeb1dad02fd0523f39170d59e7aaae8f85bce29)

Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>
---
 docs/detections/api/rules/rules-api-create.asciidoc | 6 +++---
 docs/detections/api/rules/rules-api-update.asciidoc | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/docs/detections/api/rules/rules-api-create.asciidoc b/docs/detections/api/rules/rules-api-create.asciidoc
index 572aed55fb..c42d753089 100644
--- a/docs/detections/api/rules/rules-api-create.asciidoc
+++ b/docs/detections/api/rules/rules-api-create.asciidoc
@@ -255,7 +255,7 @@ uses both `and` and `or` logic.
 |==============================================
 |Name |Type |Description
 
-|new_terms_fields |String[] |Fields to monitor for new values. Must contain 1–3 field names.
+|new_terms_fields |String[] |Fields to monitor for new values. Must contain 1 field name.
 
 |history_window_start |String |Start date to use when checking if a term has been seen before.
 Supports relative dates – for example, `now-30d` will search the last 30 days of data when checking if a term
@@ -833,7 +833,7 @@ POST api/detection_engine/rules
   "type": "new_terms",
   "language": "kuery",
   "query": "*",
-  "new_terms_fields": ["user.id", "source.ip"],
+  "new_terms_fields": ["user.id"],
   "history_window_start": "now-30d",
   "index": ["auditbeat*"]
 }
@@ -1196,7 +1196,7 @@ Example response for a new terms rule:
   ],
   "query": "*",
   "language": "kuery",
-  "new_terms_fields": ["user.id", "source.ip"],
+  "new_terms_fields": ["user.id"],
   "history_window_start": "now-30d",
   "related_integrations": [],       <1>
   "required_fields": [],            <1>
diff --git a/docs/detections/api/rules/rules-api-update.asciidoc b/docs/detections/api/rules/rules-api-update.asciidoc
index 0b2b47d266..128ed67279 100644
--- a/docs/detections/api/rules/rules-api-update.asciidoc
+++ b/docs/detections/api/rules/rules-api-update.asciidoc
@@ -173,7 +173,7 @@ uses both `and` and `or` logic.
 |==============================================
 |Name |Type |Description
 
-|new_terms_fields |String[] |Fields to monitor for new values. Must contain 1–3 field names.
+|new_terms_fields |String[] |Fields to monitor for new values. Must contain 1 field name.
 
 |history_window_start |String |Start date to use when checking if a term has been seen before.
 Supports relative dates – for example, `now-30d` will search the last 30 days of data when checking if a term