Background:

This issue is focused on documenting the functionality of timeline templates as well as is generally focused on documentation of behavior for the timeline templates including:

1. How does the import/export behavior currently work for timeline templates
2. How should query overrides work when tied with a rule
3. What areas need to be tested

In addition there are the below issues that have come up around timeline templates:

• [Security Solution] Adding notes to a Timeline template (where notes are not applicable) prevents the template from being saved #123493
• [Security Solution] Alert investigated on default timeline when the rule has a custom timeline template attached #123300
• [Security Solution] Innacurate generic timeline template #123370
• [Security Solution][Timeline][Bug] Creating note first doesn't leverage existing draft #112293

Details:

• This work should involve documenting the timeline template functionality, fixing the above bugs, and adding any tests.

Background:

• [SIEM] [Detection Engine] [Meta] Create Detection Engine UI #50405
• Enhancement for timeline templates #69972
• [SIEM] Add scripts for on boarding prepackage timeline #67496

Acceptance Criteria

• Explicit documentation of the behavior around timeline templates