Process descendant filtering in event filters [ESS] (#5626)

* Update screenshot: Add event filter flyout

* First draft

* Revise

* Edit

* Testing out "added" tag

* Apply feedback from Gabriel

docs/management/admin/event-filters.asciidoc

@@ -36,12 +36,18 @@ For example, in the KQL search bar, enter the following query to find endpoint n
 --
 +
 [role="screenshot"]
-image::images/event-filter.png[]
+image::images/event-filter.png[Add event filter flyout, 80%]
 . Fill in these fields in the **Details** section:
   .. `Name`: Enter a name for the event filter.
   .. `Description`: Enter a filter description (optional).
 . In the **Conditions** section, depending which page you're using to create the filter, either modify the pre-populated conditions or add new conditions to define how {elastic-sec} will filter events. Use these settings:
   .. `Select operating system`: Select the appropriate operating system.
+  .. Select which kind of event filter you'd like to create: added:[8.15.0,Coming to {serverless-full}.]
+    * `Events`: Create a generic event filter that can match any event type. All matching events are excluded.
+    * `Process Descendants`: Create a filter that suppresses the descendant activity of a specified process. Events from the matched process will be ingested, but events from its descendant processes will be excluded.
++
+This option adds the condition `event.category is process` to narrow the filter to process-type events. You can add more conditions to identify the process whose descendants you want to exclude.
+
   .. `Field`: Select a field to identify the event being filtered.
   .. `Operator`: Select an operator to define the condition. Available options are:
     * `is`