[9.0] CCS and ES|QL rule reqs (#828)

nastasha-solomon · web-flow · commit 75f24600a5d3 · 2025-03-19T12:35:40.000-04:00
Partially addresses #346 by adding a note describing the reqs for using CCS with ES|QL rules. Preview: [Cross-cluster search and detection rules](https://docs-v3-preview.elastic.dev/elastic/docs-content/pull/828/solutions/security/detect-and-alert/cross-cluster-search-detection-rules) Corresponding 8.18 docs: elastic/security-docs#6640
diff --git a/solutions/security/detect-and-alert/cross-cluster-search-detection-rules.md b/solutions/security/detect-and-alert/cross-cluster-search-detection-rules.md
@@ -9,6 +9,11 @@ applies_to:
 
 [Cross-cluster search](../../search/cross-cluster-search.md) is an {{es}} feature that allows one cluster (the *local* cluster) to query data in a separate cluster (the *remote* cluster). {{elastic-sec}}'s detection rules can perform a cross-cluster search to query data in remote clusters.
 
+::::{admonition} Requirements
+* To learn about the requirements for using cross-cluster search in the {{stack}}, refer to [Cross-cluster search](../../search/cross-cluster-search.md). 
+* Using cross-cluster search for {{esql}} rules in the {{stack}} requires an [Enterprise subscription](https://www.elastic.co/pricing). 
+
+::::
 
 ## Set up cross-cluster search in detection rules [set-up-ccs-rules]
 
