adds promoted endpoint events

Author: Ben Skelker

docs/siem/detections/detection-engine-intro.asciidoc

@@ -30,6 +30,12 @@ There are two special prebuilt rules you need to know about:
 Elastic Endpoint alerts. To receive Elastic Endpoint alerts, you must install
 the Endpoint agent on your hosts (BEN: see xref).
 +
+When this rule is enabled, the following Endpoint events are displayed as
+detection alerts:
++
+** Malware Prevention Alert
+** Malware Detection Alert
++
 NOTE: When you load the prebuilt rules, this is the only rule that is enabled
 by default.