From 9262730c9455c3af33c3625cf04026fcd8750c59 Mon Sep 17 00:00:00 2001
From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com>
Date: Fri, 26 Jan 2024 14:37:43 -0500
Subject: [PATCH] [Request][ESS] Expand requirements for Osquery actions
 (#4663)

(cherry picked from commit 8ba39b4a308f1aa859212a593776e722566b6a66)
---
 docs/osquery/osquery-response-action.asciidoc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/osquery/osquery-response-action.asciidoc b/docs/osquery/osquery-response-action.asciidoc
index 4a138c2a75..240c7adf31 100644
--- a/docs/osquery/osquery-response-action.asciidoc
+++ b/docs/osquery/osquery-response-action.asciidoc
@@ -16,6 +16,7 @@ Osquery Response Actions allow you to add live queries to custom query rules so
 * The {kibana-ref}/manage-osquery-integration.html[Osquery manager integration] must be installed.
 * {agent}'s {fleet-guide}/monitor-elastic-agent.html[status] must be `Healthy`. Refer to {fleet-guide}/fleet-troubleshooting.html[{fleet} Troubleshooting] if it isn't.
 * Your role must have {kibana-ref}/osquery.html[Osquery feature privileges].
+* You can only add Osquery Response Actions to custom query rules.
 --
 
 [role="screenshot"]