[Integrations] Alerting Rule Template common page (#4072)

alaudazzi · muthu-mps · theletterf · web-flow · commit e087b292e759 · 2025-11-29T18:48:18.000+01:00
## Summary This PR adds a new Alerting Rule Templates page that should serve as a centralized doc page with an explanation of what the alert rule templates are and how to use them. This page is going to be referenced from the individual integration pages. The current location of the page will be changed and made more visible in a further iteration. Relates to #3678 (comment). ## Generative AI disclosure  1. Did you use a generative AI (GenAI) tool to assist in creating this contribution? - [x] Yes - [ ] No Cursor with gpt5 --------- Co-authored-by: muthu-mps <101238137+muthu-mps@users.noreply.github.com> Co-authored-by: Fabrizio Ferri-Benedetti <fabri.ferribenedetti@elastic.co>
diff --git a/reference/fleet/alert-templates.md b/reference/fleet/alert-templates.md
@@ -8,7 +8,7 @@ products:
 navigation_title: Built-in alerts and templates
 ---
 
-# Built-in alerts and templates [built-in-alerts]
+# Elastic Agent built-in alerts [built-in-alerts]
 
 ## {{agent}} out-of-the-box alert rules [ea-alert-rules]
 
@@ -39,11 +39,3 @@ You can find these rules in **Stack Management** > **Alerts and Insights** > **R
 
 **Connectors** are not added to rules automatically, but you can attach a connector to route alerts to your Slack, email, or other notification platforms.
 In addition, you can add filters for policies, tags, or hostnames to scope alerts to specific sets of agents.  
-
-## Alert template assets for integrations [alert-templates]
-
-Some integration packages include alerting rule template assets that provide pre-made definitions of alerting rules. You can use the templates to create your own custom alerting rules that you can enable and fine-tune. 
-
-When you click a template, you get a pre-filled rule creation form. You can define and adjust values, set up connectors, and define rule actions to create your custom alerting rule.
-
-You can see available templates in the **integrations/detail/<package>/assets** view. 
diff --git a/reference/fleet/alerting-rule-templates.md b/reference/fleet/alerting-rule-templates.md
@@ -0,0 +1,69 @@
+---
+applies_to:
+  stack: ga 9.2.1
+  serverless: ga
+products:
+  - id: fleet
+  - id: elastic-agent
+navigation_title: Alerting rule templates
+---
+
+# Alerting rule templates [alerting-rule-templates]
+
+Alerting rule templates are out-of-the-box alert definitions that come bundled with [Elastic integrations](integration-docs://reference/index.md)), enabling users to quickly set up monitoring without writing queries from scratch. 
+
+Templates help you start monitoring in minutes by providing curated {{esql}} queries and recommended thresholds tailored to each integration. 
+
+After the integration is installed, these templates are automatically available in Kibana's alerting interface with a prefilled rule creation form that you can adapt to your needs.
+
+Although these templates are managed by Elastic, any alert created from them is owned by the customer and will not be modified by Elastic, even if the templates change.
+
+:::{important}
+Although the alerts can be used as provided, threshold values should always be evaluated in the context of your specific environment. Depending on how you adjust the thresholds, you may either generate too many alerts or fail to trigger alerts when expected.
+:::
+
+## Prerequisites
+	
+- Install or upgrade to the latest version of the integration that includes alerting rule templates.
+- Ensure the data collection is enabled for the metrics or events that you plan to use.
+- {{stack}} 9.2.1 or later.
+- Appropriate {{kib}} role privileges to create and manage rules.
+
+## How to use the Alerting rule templates
+
+Alerting rule templates come with recommended, pre-populated values. To use them:
+
+1. In {{kib}}, go to **{{manage-app}}** > **{{integrations}}**.
+1. Find and open the integration.
+1. On the integration page, open the **Assets** tab and expand **Alerting rule templates** to view all available templates for that integration.
+
+    :::{note}
+    You can find the Alerting rule template option only when the integration adds template support for alerting rules.
+    :::
+
+1. Select a template to open a prefilled **Create rule** form.
+
+    You can use the template to create your own custom alerting rule by adjusting values, setting up connectors, and defining rule actions.
+
+1. Review and (optionally) customize the prefilled settings, then save and enable the rule.
+
+   The rule created from the template gets listed in the **Observability** → **Alerts** → **Manage Rules** page.
+
+To update the rule you have created from the template, go to **Observability** → **Alerts** → **Manage Rules**, select the rule and click **Actions**.
+
+The preconfigured defaults include:
+
+- **{{esql}} query**
+:   A curated, text-based query that evaluates your data and triggers when matches are found during the latest run.
+- **Recommended threshold**
+:   A suggested threshold embedded in the {{esql}} `WHERE` clause. You can tune the threshold to fit your environment.
+- **Time window (look-back)**
+:   The length of time the rule analyzes for data (for example, the last 5 minutes).
+- **Rule schedule**
+:   How frequently the rule checks alert conditions (for example, every minute).
+- **Alert delay (alert suppression)**
+:   The number of consecutive runs for which conditions must be met before an alert is created.
+
+For details about fields in the Create rule form and how the rule evaluates data, refer to the [{{es}} query rule type](/explore-analyze/alerts-cases/alerts/rule-type-es-query.md).
+
+
diff --git a/reference/fleet/toc.yml b/reference/fleet/toc.yml
@@ -150,6 +150,7 @@ toc:
           - file: data-streams-pipeline-tutorial.md
           - file: data-streams-advanced-features.md
       - file: alert-templates.md
+      - file: alerting-rule-templates.md
   - file: agent-command-reference.md
   - file: providers.md
     children:
