[DOC] Update security analytics detector creation to include data streams and aliases

[jowg-amazon]

What do you want to do?
In 2.12 security analytics now officially supports detectors to be configured on data streams and index aliases. Previously we only officially supported detectors to run against index patterns but they can now be configured using data streams and index aliases as well. We want to add documentation in the creating detectors page to include the fact that they can define a Data source as a data stream or an index alias now.

When a detector is configured on an alias or a data stream, the detector only considers the current write index. Aliases may be searchable or writable aliases. If the detector is configured against a searchable alias, the detectors will not run on any data. We also want to mention in the documentation that if a detector is configured on an alias, they should ingest data via the alias and not the concrete index directly.

It may be helpful to also point them to existing documentation about Index alias and data streams:

• https://opensearch.org/docs/latest/im-plugin/index-alias/
• https://opensearch.org/docs/latest/im-plugin/data-streams/

Related PR:

• optimize doc-level monitor execution workflow for datastreams alerting#1302

• Request a change to existing documentation

• Add new documentation

• Report a technical problem with the documentation

• Other

Tell us about your request. Provide a summary of the request and all versions that are affected.

What other resources are available? Provide links to related issues, POCs, steps for testing, etc.