[DOCS]: Endpoint Rule for endpoint alerts

[dontcallmesherryli]

Description

Meta Issue: https://github.com/elastic/siem-team/issues/641
No Mock, UI changes scoped out of 7.9

Enable Users to add all Endpoint and 3rd party alerts to the SIEM Unified Alert View of the Elastic Security App

Acceptance Test Criteria

Documentation required to let user know of the pre-built Endpoint Rule (internally known as Promotion Rule) that is turned on by default with 7.9 release. The rule ensures that all Elastic Endpoint alerts populates inside the SIEM.

Promotion rule cannot be edited by users, but can be turned on or off and deleted by users inside Rules Management page.

Notes

• Add the "Team:Docs" label to new issues.
• Be sure to add any necessary screenshots for clarity.
• Include any conditions or caveats that may affect customers.

[dontcallmesherryli]

Depending on where @spong is at by Thursday feature freeze, we may or may not have an onboarding UI to go with this. I'll update this ticket by then.

[dontcallmesherryli]

Onboarding modal will not be in the 7.9 UI. This ticket is up to date.