Updated note

docs/assistant/security-assistant.asciidoc

@@ -185,6 +185,8 @@ The **Knowledge base** tab of the AI Assistant settings menu allows you to enabl
 [[rag-for-esql]]
 ==== Knowledge base for {esql}
 
+NOTE: {esql} features are turned on by default and are controlled by the {kibana-ref}/advanced-options.html#kibana-general-settings[`enableESQL`] advanced setting.
+
 IMPORTANT: {esql} queries generated by AI Assistant might require additional validation. To ensure they're correct, refer to the {ref}/esql-language.html[{esql} documentation]. 
 
 When this feature is enabled, AI Assistant can help you write an {esql} query for a particular use case, or answer general questions about {esql} syntax and usage. To enable AI Assistant to answer questions about {esql}:

docs/detections/about-rules.asciidoc

@@ -43,6 +43,8 @@ TIP: You can also use value lists as the indicator match index. See <<indicator-
 * <<create-new-terms-rule, *New terms*>>: Generates an alert for each new term detected in source documents within a specified time range. You can also detect a combination of up to three new terms (for example, a `host.ip` and `host.id` that have never been observed together before).
 
 * <<create-esql-rule, *ES|QL*>>: Searches the defined indices and creates an alert when results match an {ref}/esql.html[Elasticsearch Query Language (ES|QL)] query.
++
+NOTE: {esql} features are turned on by default and are controlled by the {kibana-ref}/advanced-options.html#kibana-general-settings[`enableESQL`] advanced setting.
 
 [role="screenshot"]
 image::images/all-rules.png[Shows the Rules page]

docs/detections/api/rules/rules-api-create.asciidoc

@@ -38,9 +38,6 @@ an event's `destination.ip` equals a value in the index. The index's field
 mappings should be {ecs-ref}[ECS-compliant].
 * *New terms*: Generates an alert for each new term detected in source documents within a specified time range.
 * *{esql}*: Uses {ref}/esql.html[Elasticsearch Query Language ({esql})] to find events and aggregate search results.
-+
-NOTE: The {esql} rule type is available by default. Turn it off by toggling the {kibana-ref}/advanced-options.html#kibana-general-settings[`enableESQL`] advanced setting off.
-
 * *{ml-cap} rules*: Creates an alert when a {ml} job discovers an anomaly above
 the defined threshold (see <<machine-learning>>).
 

docs/detections/rules-ui-create.asciidoc

@@ -266,8 +266,6 @@ For example, if a rule has an interval of 5 minutes, no additional look-back tim
 [[create-esql-rule]]
 === Create an {esql} rule
 
-NOTE: The {esql} rule type is available by default. Turn it off by toggling the {kibana-ref}/advanced-options.html#kibana-general-settings[`enableESQL`] advanced setting off.
-
 Use {ref}/esql.html[{esql}] to query your source events and aggregate event data. Query results are returned in a table with rows and columns. Each row becomes an alert.
 
 To create an {esql} rule:

docs/events/timeline-ui-overview.asciidoc

@@ -196,7 +196,7 @@ From the *Correlation* tab, you can also do the following:
 [[esql-in-timeline]]
 == Use {esql} to investigate events 
 
-NOTE: The **{esql}** Timeline tab is available by default. Turn it off by toggling the {kibana-ref}/advanced-options.html#kibana-general-settings[`enableESQL`] advanced setting off.
+NOTE: {esql} features are turned on by default and are controlled by the {kibana-ref}/advanced-options.html#kibana-general-settings[`enableESQL`] advanced setting.
 
 preview::["Do not use {esql} on production environments. This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features."]