[DOC] Updates for Security Analytics plugin 2.5 documentation

[AWSHurneyt]

What do you want to do?

• Request a change to existing documentation
• Add new documentation
• Report a technical problem with the documentation
• Other

Tell us about your request. Provide a summary of the request and all versions that are affected.

1. Changes to existing documentation:

1. “You can also create alerts for the detector at this stage, although there are options to create alerts in other areas of the interface” - https://opensearch.org/docs/latest/security-analytics/sec-analytics-config/detectors-config/#step-1-define-the-detector
   1. Could we remove this? Alerts cannot be configured on the detector definition page. They can either be created during the “set up alerts” step, or from the findings table page.
2. https://opensearch.org/docs/latest/security-analytics/sec-analytics-config/detectors-config/#step-2-make-field-mappings
   1. We'd like to better explain the functionality of this step as field mappings are not required, and we've separate the single table view from the plugin's experimental version into two tables, Pending field mappings and Default mapped fields.
      1. We'd like to better call out that users are not required to provide mappings for all fields; but findings will not be generated for fields which do not have a mapping.
      2. Pending field mappings refer to fields that are known to be associated with the log type selected for the detector, but have not been mapped to document fields yet in the user's data sources (e.g., the indices selected for the detector). This table includes fields for which our backend logic was not able to determine a matching field with in the index documents.
      3. Default mapped fields refer to mappings which the security analytics backend logic was able to determine an appropriate match between the rule field name and log field name within the index documents.
3. https://opensearch.org/docs/latest/security-analytics/sec-analytics-config/detectors-config/#step-3-set-up-alerts
   1. Could we clarify in this step that at least 1 alert condition is required in order for a detector to generate findings?
4. https://opensearch.org/docs/latest/security-analytics/usage/overview/#overview-and-getting-started
   1. The getting started windows has been updated with a 4th step, "View security alerts." This step is very similar to the "view findings" step.
   2. “Top” alerts/findings, are now just referred to as “recent”

2. New features introduced in 2.5.

1. As discussed offline, the experimental tag can be removed for this plugin.
2. YAML editor view when defining a new rule - YAML Rule Editor Support security-analytics-dashboards-plugin#201
   1. A new view is available when creating/editing a rule. The view allows the user to configure the rule using a YAML editor instead of clicking through the various UX elements of the visual editor.

What other resources are available? Provide links to related issues, POCs, steps for testing, etc.

[AWSHurneyt]

@cwillum I've updated the request above with some wording for the Pending field mappings and Default mapped fields tables.

[cwillum]

Documentation for 1.2 in Comments (field mapping) is covered in PR #2422.
Documentation for 1.1, 1.3, and 1.4 in Comments (updates to existing docs) is covered in PR #2408.
Documentation for 2.2 in Comments (YAML editor view) is covered in PR #2407.
Documentation for 2.1 in Comments (Remove note from the Security Analytics landing page indicating experimental status for the plugin) is covered in PR #2401.

[cwillum]

Opening this back up to address some alert setup changes that didn't make it in for some unknown reason.