[BUG] Adds missing timeline templates (#3534) (#3539)

(cherry picked from commit 78ce561) Co-authored-by: natasha-moore-elastic <[email protected]>
elastic · Jul 7, 2023 · d993af0 · d993af0
1 parent a2d8dc8
commit d993af0
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/docs/events/timeline-templates.asciidoc b/docs/events/timeline-templates.asciidoc
@@ -24,6 +24,8 @@ NOTE: For information on how to add Timeline templates to rules, refer to <<crea
 
 When you load {elastic-sec} prebuilt rules, {elastic-sec} also loads a selection of prebuilt Timeline templates, which you can attach to detection rules. *Generic* templates use broad KQL queries to retrieve event data, and *Comprehensive* templates use detailed KQL queries to retrieve additional information. The following prebuilt templates appear by default:
 
+* *Alerts Involving a Single Host Timeline*: Investigate detection alerts involving a single host.
+* *Alerts Involving a Single User Timeline*: Investigate detection alerts involving a single user.
 * *Generic Endpoint Timeline*: Investigate {elastic-endpoint} detection alerts.
 * *Generic Network Timeline*: Investigate network-related detection alerts.
 * *Generic Process Timeline*: Investigate process-related detection alerts.