From 96f153c0bc9ed52823216f8c7a15af2f003eacc8 Mon Sep 17 00:00:00 2001
From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com>
Date: Fri, 26 Jan 2024 15:39:35 -0500
Subject: [PATCH] [8.12] [Request][ESS] Expand requirements for Osquery actions
 (backport #4663) (#4686)

(cherry picked from commit 8ba39b4a308f1aa859212a593776e722566b6a66)

Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com>
---
 docs/osquery/osquery-response-action.asciidoc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/osquery/osquery-response-action.asciidoc b/docs/osquery/osquery-response-action.asciidoc
index f51f72d085..4f5fac0bff 100644
--- a/docs/osquery/osquery-response-action.asciidoc
+++ b/docs/osquery/osquery-response-action.asciidoc
@@ -16,6 +16,7 @@ Osquery Response Actions allow you to add live queries to custom query rules so
 * The {kibana-ref}/manage-osquery-integration.html[Osquery manager integration] must be installed.
 * {agent}'s {fleet-guide}/monitor-elastic-agent.html[status] must be `Healthy`. Refer to {fleet-guide}/fleet-troubleshooting.html[{fleet} Troubleshooting] if it isn't.
 * Your role must have {kibana-ref}/osquery.html[Osquery feature privileges].
+* You can only add Osquery Response Actions to custom query rules.
 --
 
 [role="screenshot"]