[8.3] [DOCS] Add session ID to highlighted fields section in alert de…

…tails flyout (backport #2067) (#2147)

Co-authored-by: benironside <[email protected]>
Co-authored-by: Joe Peeples <[email protected]>
Co-authored-by: nastasha-solomon <[email protected]>

docs/detections/alerts-ui-manage.asciidoc

@@ -99,17 +99,19 @@ The *Overview* tab provides an overview of the alert and shows relevant threat i
 The *Overview* tab has three main sections: the alert summary, *Highlighted Fields*, and *Enriched data*. The alert summary and *Highlighted Fields* sections are standard for every alert. The *Enriched data* section only displays for alerts with intelligence data.
 
 [role="screenshot"]
-image::images/alert-details-flyout.png[Shows the alert details flyout]
+image::images/alert-details-flyout.png[Shows the Alert details flyout]
 
 The alert summary section provides general alert details such as the alert's status, the severity of the alert, the alert's calculated risk score, and a link to the rule that produced the alert. These details are provided for all alerts regardless of the alert type.
 
 The alert's reason statement is under the alert summary. The reason statement describes what generated the alert and provides general alert details. You can use this information to understand the alert's origin and determine if the alert is relevant to your investigation.
 
-The alert details flyout also lists the number and names of cases to which the alert has been added. Click a case's names to open its details.
+The Alert details flyout also lists the number and names of cases to which the alert has been added. Click a case's names to open its details.
 
 The *Highlighted Fields* section displays the most relevant fields for the alert type. Use this section to inform your triage efforts as you investigate the alert.
 
-The *Alert prevalence* column shows the total number of alerts within the selected timeframe that have identical values. For example, an alert with an alert prevalence of 3 for the `host.name` field means three alerts with the same `host.name` value exist within the given timeframe. Alert prevalence data can help you investigate relationships with other alerts and gain more context about the event producing the alert.
+NOTE: The *Session ID* field provides a unique ID for tracking a given Linux session and is stored in the `process.entry_leader.entity_id` field in the alert's document. To collect the session ID and other session data, you must enable the *Include session data* setting on your {endpoint-cloud-sec} integration policy. Refer to <<enable-session-view, Enable Session View data>> for more information.
+
+The *Alert prevalence* column shows the total number of alerts within the selected time frame that have identical values. For example, an alert with an alert prevalence of 3 for the `host.name` field means three alerts with the same `host.name` value exist within the given time frame. Alert prevalence data can help you investigate relationships with other alerts and gain more context about the event producing the alert.
 
 The *Enriched data* section displays available threat indicator matches and threat intelligence data. Click the info icon to learn more about what data is collected.
 
@@ -233,7 +235,7 @@ image::images/add-alert-to-new-case.png[Shows how to add an alert to an existing
 To add alerts to an existing case:
 
 . Do one of the following:
-** To add a single alert to a case, select the *More actions* menu (*...*) in the Alerts table or **Take action** in the Alert details flyout, then select **Add to existing case**. 
+** To add a single alert to a case, select the *More actions* menu (*...*) in the Alerts table or **Take action** in the Alert details flyout, then select **Add to existing case**.
 ** To add multiple alerts, select the alerts, then select *Add to an existing case* from the *Bulk actions* menu.
 . From the **Select case** dialog box, select the case to which you want to attach the alert. A confirmation message is displayed with an option to view the updated case. Click the link in the notification or go to the Cases page to view the case's details.
 +