[9.0 & Serverless] Change upper limit for max unassociated notes (elastic#940)

nastasha-solomon · web-flow · commit 6f7a1d0fbc50 · 2025-03-27T17:53:21.000-04:00
### Description Partially addresses elastic#915 by updating docs for 8.16-8.18. Twin 8.x PR is at: elastic/security-docs#6671 ### Preview [Configure advanced settings | Set the maximum notes limit for alerts and events](https://docs-v3-preview.elastic.dev/elastic/docs-content/pull/940/solutions/security/get-started/configure-advanced-settings#max-notes-alerts-events): The updated maximum limit and default value is 10,000.
diff --git a/solutions/security/get-started/configure-advanced-settings.md b/solutions/security/get-started/configure-advanced-settings.md
@@ -15,7 +15,7 @@ The advanced settings determine:
 * Which indices {{elastic-sec}} uses to retrieve data
 * {{ml-cap}} anomaly score display threshold
 * The navigation menu style used throughout the {{security-app}}
-* Whether the news feed is displayed on the [*Overview dashboard*](/solutions/security/dashboards/overview-dashboard.md)
+* Whether the news feed is displayed on the [Overview dashboard](/solutions/security/dashboards/overview-dashboard.md)
 * The default time interval used to filter {{elastic-sec}} pages
 * The default {{elastic-sec}} pages refresh time
 * Which IP reputation links appear on [IP detail](/solutions/security/explore/network-page.md) pages
@@ -38,7 +38,7 @@ Modifying advanced settings can affect Kibana performance and cause problems tha
 
 ## Access advanced settings [security-advanced-settings-access-advanced-settings]
 
-To access advanced settings, go to **Stack Management** → **Advanced Settings**, then scroll down to **Security Solution** settings.
+To access advanced settings, go to **Stack Management** → **Advanced Settings** in {{stack}} or **Project Settings** → **Stack Management** → **Advanced Settings** in {{serverless-short}}, then scroll down to **Security Solution** settings.
 
 :::{image} /solutions/images/security-solution-advanced-settings.png
 :alt: solution advanced settings
@@ -75,7 +75,7 @@ If you leave the `-*elastic-cloud-logs-*` index pattern selected, all Elastic cl
 
 
 ::::{important}
-{{elastic-sec}} requires [ECS-compliant data](https://www.elastic.co/guide/en/ecs/current). If you use third-party data collectors to ship data to {{es}}, the data must be mapped to ECS. [*Elastic Security ECS field reference*](/reference/security/fields-and-object-schemas/siem-field-reference.md) lists ECS fields used in {{elastic-sec}}.
+{{elastic-sec}} requires [ECS-compliant data](https://www.elastic.co/guide/en/ecs/current). If you use third-party data collectors to ship data to {{es}}, the data must be mapped to ECS. [Elastic Security ECS field reference](/reference/security/fields-and-object-schemas/siem-field-reference.md) lists ECS fields used in {{elastic-sec}}.
 ::::
 
 
@@ -191,7 +191,7 @@ The `securitySolution:alertTags` field determines which options display in the a
 
 ## Set the maximum notes limit for alerts and events [max-notes-alerts-events]
 
-The `securitySolution:maxUnassociatedNotes` field determines the maximum number of [notes](/solutions/security/investigate/notes.md) that you can attach to alerts and events. The maximum limit and default value is 1000.
+The `securitySolution:maxUnassociatedNotes` field determines the maximum number of [notes](/solutions/security/investigate/notes.md) that you can attach to alerts and events. The maximum limit and default value is 10000.
 
 
 ## Exclude cold and frozen data from rules [exclude-cold-frozen-data-rule-executions]
