sentinel_one: document alert data stream environment limitation

packages/sentinel_one/_dev/build/docs/README.md

@@ -21,6 +21,8 @@ To collect data from SentinelOne APIs, you must have an API token. To create an
 
 The API token generated by the user is time-limited. To rotate a new token, log in with the dedicated admin account.
 
+The **alert** data stream depends on STAR Custom Rules. STAR Custom Rules are supported in Cloud environments, but are not supported in on-premises environments. Because of this, the **alert** data stream is not supported in on-premises environments.
+
 ## Logs
 
 ### activity

packages/sentinel_one/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.25.1"
+  changes:
+    - description: Document limitation for using the alert data stream in on-premises environments.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/11036
 - version: "1.25.0"
   changes:
     - description: Add agent.* to alerts data.

packages/sentinel_one/docs/README.md

@@ -21,6 +21,8 @@ To collect data from SentinelOne APIs, you must have an API token. To create an
 
 The API token generated by the user is time-limited. To rotate a new token, log in with the dedicated admin account.
 
+The **alert** data stream depends on STAR Custom Rules. STAR Custom Rules are supported in Cloud environments, but are not supported in on-premises environments. Because of this, the **alert** data stream is not supported in on-premises environments.
+
 ## Logs
 
 ### activity

packages/sentinel_one/manifest.yml

@@ -1,7 +1,7 @@
 format_version: "3.0.2"
 name: sentinel_one
 title: SentinelOne
-version: "1.25.0"
+version: "1.25.1"
 description: Collect logs from SentinelOne with Elastic Agent.
 type: integration
 categories: