Update the ML requirements in the prebuilt rules reference page

[sodhikirti07]

Description

The prebuilt rules reference page lacks some of the necessary requirements for running ML-based prebuilt rules. To prevent any confusion, it should include the same requirements outlined in the Machine learning jobs and rules requirements page.

The requirements should be something like below:

To run and create machine learning rules in serverless, you need the appropriate user role. In Elastic Stack, you need all of these:

• The appropriate license
• There must be at least one machine learning node in your cluster
• The machine_learning_admin user role

Additionally, to configure alert suppression for machine learning rules, your role needs the following index privilege:

• read permission for the .ml-anomalies-* index
  For more information, go to Set up machine learning features.

Related Issue:

• https://github.com/elastic/security-ml/issues/695

[jmikell821]

Note

This also needs to be updated in prebuilt rules for 9.0 and we should backport the asciidoc changes for 8.x and 8.18.

[nastasha-solomon]

@sodhikirti07 this seems to be a more appropriate page for letting users know about the requirements for running ML-based prebuilt rules and setting up ML rule alert suppression in Elastic Stack and Serverless. What do you think?

[sodhikirti07]

@nastasha-solomon Yes, but this should also be reflected on the prebuilt rule reference page, as most users are unlikely to refer back to the ML requirements page. Similar confusion happened with a customer in this slack conversation. If not the whole text, can we add a note linking back to the requirements page?

[nastasha-solomon]

If not the whole text, can we add a note linking back to the requirements page?

Yes, of course!

[nastasha-solomon]

8.18 docs are updated at https://www.elastic.co/guide/en/security/8.18/prebuilt-rules.html.