From 36ba8a1c95c1aee8ad6855958e8e856e919fbdd5 Mon Sep 17 00:00:00 2001
From: Benjamin Ironside Goldstein
 <91905639+benironside@users.noreply.github.com>
Date: Wed, 31 Jan 2024 12:59:04 -0500
Subject: [PATCH 1/3] Documents how to change the default security index
 (#4695)

* First draft

* incorporates feedback

* Update docs/getting-started/data-views-in-sec.asciidoc

Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com>

* Update docs/getting-started/data-views-in-sec.asciidoc

Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com>

---------

Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com>
(cherry picked from commit 225f3c8d8733403093095daeda9cdcc66d54db08)

# Conflicts:
#	docs/getting-started/data-views-in-sec.asciidoc
---
 docs/getting-started/data-views-in-sec.asciidoc | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/docs/getting-started/data-views-in-sec.asciidoc b/docs/getting-started/data-views-in-sec.asciidoc
index 56092e58ab..eb0dae533e 100644
--- a/docs/getting-started/data-views-in-sec.asciidoc
+++ b/docs/getting-started/data-views-in-sec.asciidoc
@@ -18,14 +18,21 @@ image::images/dataview-button-highlighted.png[image highlighting how to open the
 [discrete]
 == Create or modify a {data-source}
 
+<<<<<<< HEAD
 You can temporarily modify the active {data-source} from the *{data-source-cap}* menu by clicking *Advanced settings*, then adding or removing index patterns.
+=======
+To learn how to modify the default **Security Default Data View**, refer to <<update-sec-indices, Update default {elastic-sec} indices>>.
+
+To learn how to modify, create, or delete another {data-source} refer to {apm-app-ref}/data-views.html[{kib} {data-sources-cap}].
+
+You can also temporarily modify the active {data-source} from the *{data-source-cap}* menu by clicking *Advanced options*, then adding or removing index patterns.
+>>>>>>> 225f3c8d (Documents how to change the default security index (#4695))
 
 image::images/dataview-filter-example.gif[video showing how to filter the active data view]
 
 This only allows you to add index patterns that match indices that currently contain data (other index patterns are unavailable). Note that any changes made are saved in the current browser window and won't persist if you open a new tab.
 
-To permanently modify a {data-source}, delete an existing {data-source} or create a new one, you need the required permissions.
-To learn more, refer to {apm-app-ref}/data-views.html[{kib} {data-sources-cap}].
+NOTE: You cannot update the data view for the Alerts page. It always shows data from `.alerts-security.alerts-default`.
 
 [discrete]
 [[default-data-view-security]]

From b1e967daa797e9f6dc2b848fd06b69110f261c80 Mon Sep 17 00:00:00 2001
From: Benjamin Ironside Goldstein
 <91905639+benironside@users.noreply.github.com>
Date: Wed, 31 Jan 2024 12:47:06 -0800
Subject: [PATCH 2/3] Update docs/getting-started/data-views-in-sec.asciidoc

---
 docs/getting-started/data-views-in-sec.asciidoc | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/docs/getting-started/data-views-in-sec.asciidoc b/docs/getting-started/data-views-in-sec.asciidoc
index eb0dae533e..b12975223e 100644
--- a/docs/getting-started/data-views-in-sec.asciidoc
+++ b/docs/getting-started/data-views-in-sec.asciidoc
@@ -18,9 +18,6 @@ image::images/dataview-button-highlighted.png[image highlighting how to open the
 [discrete]
 == Create or modify a {data-source}
 
-<<<<<<< HEAD
-You can temporarily modify the active {data-source} from the *{data-source-cap}* menu by clicking *Advanced settings*, then adding or removing index patterns.
-=======
 To learn how to modify the default **Security Default Data View**, refer to <<update-sec-indices, Update default {elastic-sec} indices>>.
 
 To learn how to modify, create, or delete another {data-source} refer to {apm-app-ref}/data-views.html[{kib} {data-sources-cap}].

From 66ab8293cc044be3b6bcd771d9e17baa61cf05e7 Mon Sep 17 00:00:00 2001
From: Benjamin Ironside Goldstein
 <91905639+benironside@users.noreply.github.com>
Date: Wed, 31 Jan 2024 12:47:17 -0800
Subject: [PATCH 3/3] Update docs/getting-started/data-views-in-sec.asciidoc

---
 docs/getting-started/data-views-in-sec.asciidoc | 1 -
 1 file changed, 1 deletion(-)

diff --git a/docs/getting-started/data-views-in-sec.asciidoc b/docs/getting-started/data-views-in-sec.asciidoc
index b12975223e..50d4248761 100644
--- a/docs/getting-started/data-views-in-sec.asciidoc
+++ b/docs/getting-started/data-views-in-sec.asciidoc
@@ -23,7 +23,6 @@ To learn how to modify the default **Security Default Data View**, refer to <<up
 To learn how to modify, create, or delete another {data-source} refer to {apm-app-ref}/data-views.html[{kib} {data-sources-cap}].
 
 You can also temporarily modify the active {data-source} from the *{data-source-cap}* menu by clicking *Advanced options*, then adding or removing index patterns.
->>>>>>> 225f3c8d (Documents how to change the default security index (#4695))
 
 image::images/dataview-filter-example.gif[video showing how to filter the active data view]