Add updates to creating a detector UX (#5176)

* detector draft

Signed-off-by: Heather Halter <[email protected]>

* updated screen shots and fixed links

Signed-off-by: Heather Halter <[email protected]>

* fix links

Signed-off-by: Heather Halter <[email protected]>

* remove strange character

Signed-off-by: Heather Halter <[email protected]>

* Update _security-analytics/index.md

Co-authored-by: Naarcha-AWS <[email protected]>
Signed-off-by: Heather Halter <[email protected]>

* Update _security-analytics/usage/findings.md

Co-authored-by: Naarcha-AWS <[email protected]>
Signed-off-by: Heather Halter <[email protected]>

* Update _security-analytics/sec-analytics-config/detectors-config.md

Co-authored-by: Nathan Bower <[email protected]>
Signed-off-by: Heather Halter <[email protected]>

* Update _security-analytics/sec-analytics-config/detectors-config.md

Co-authored-by: Nathan Bower <[email protected]>
Signed-off-by: Heather Halter <[email protected]>

* Update _security-analytics/usage/findings.md

Co-authored-by: Nathan Bower <[email protected]>
Signed-off-by: Heather Halter <[email protected]>

* fixed substep formatting problem

Signed-off-by: Heather Halter <[email protected]>

* Update _security-analytics/sec-analytics-config/detectors-config.md

Co-authored-by: Nathan Bower <[email protected]>
Signed-off-by: Heather Halter <[email protected]>

---------

Signed-off-by: Heather Halter <[email protected]>
Signed-off-by: Heather Halter <[email protected]>
Co-authored-by: Naarcha-AWS <[email protected]>
Co-authored-by: Nathan Bower <[email protected]>

_security-analytics/index.md

@@ -61,7 +61,7 @@ To learn more about findings, see [Working with findings]({{site.url}}{{site.bas
 
 When defining a detector, you can specify certain conditions that will trigger an alert. When an event triggers an alert, the system sends a notification to a preferred channel, such as Amazon Chime, Slack, or email. The alert can be triggered when the detector matches one or multiple rules. Further conditions can be set by rule severity and tags. You can also create a notification message with a customized subject line and message body.
 
-For information about setting up alerts, see [Step 4. Set up alerts]({{site.url}}{{site.baseurl}}/security-analytics/sec-analytics-config/detectors-config/#step-4-set-up-alerts) in the detector creation documentation. For information about managing alerts in the Alerts window, see [Working with alerts]({{site.url}}{{site.baseurl}}/security-analytics/usage/alerts/).
+For information about setting up alerts, see [Creating detectors]({{site.url}}{{site.baseurl}}/security-analytics/sec-analytics-config/detectors-config/). For information about managing alerts in the Alerts window, see [Working with alerts]({{site.url}}{{site.baseurl}}/security-analytics/usage/alerts/).
 
 
 ### Correlation engine

_security-analytics/usage/detectors.md

@@ -53,3 +53,5 @@ Threat detector actions allow you to stop and start detectors or delete a detect
 1. Select **Delete** in the dropdown list. The Delete detector popup window opens and asks you to verify that you want to delete the detector or detectors.
 1. Select **Cancel** to decline the action. Select **Delete detector** to delete the detector or detectors permanently from the list.
 
+## Related articles
+[Creating detectors]({{site.url}}{{site.baseurl}}/security-analytics/sec-analytics-config/detectors-config/)

_security-analytics/usage/findings.md

@@ -52,7 +52,7 @@ Use the **Rule severity** dropdown list to filter the list of findings by severi
 The **Actions** column includes two options for each finding:
 * The diagonal arrow provides a way to open the [**Finding details**](#finding-details) pane, which describes the finding according to parameters defined when creating the detector and includes the document that generated the finding.
 * The bell icon allows you to open the **Create detector alert trigger** pane, where you can quickly set up an alert for the specific finding and modify rules and their conditions as required.
-For information about setting up alerts, see [Step 4. Set up alerts]({{site.url}}{{site.baseurl}}/security-analytics/sec-analytics-config/detectors-config/#step-4-set-up-alerts) in the detector creation documentation.
+For information about setting up alerts, see [Step 2. Set up alerts]({{site.url}}{{site.baseurl}}/security-analytics/sec-analytics-config/detectors-config/#step-2-set-up-alerts) in the detector creation documentation.
 
 ### Finding details
 
@@ -69,7 +69,7 @@ The **Finding details** pane contains specific information about the finding, in
 
     <img src="{{site.url}}{{site.baseurl}}/images/Security/findings2.png" alt="popup window prompting users to create an index pattern" width="60%">
 
-1. In the **Create index pattern to view documents** window, the index pattern name is automatically populated. Enter the appropriate time field from the log index used to determine the timing for log events. For information on mapping log fields to detector fields, see [Step 2. Create field mappings]({{site.url}}{{site.baseurl}}/security-analytics/sec-analytics-config/detectors-config/#step-2-create-field-mappings). Choose **Create index pattern**. The **Create index pattern to view documents** confirmation window opens.
+1. In the **Create index pattern to view documents** window, the index pattern name is automatically populated. Enter the appropriate time field from the log index used to determine the timing for log events. Choose **Create index pattern**. The **Create index pattern to view documents** confirmation window opens.
 1. Select **View surrounding documents** in the confirmation window. The **Discover** panel opens, as shown in the following image.
 
     <img src="{{site.url}}{{site.baseurl}}/images/Security/findings4.png" alt="Discover panel with surrounding documents" width="85%">