[DOCS] Timeline Updates in 7.9

[dontcallmesherryli]

Description

Meta Issues: https://github.com/elastic/siem-team/issues/528 and elastic/kibana#68580

In 7.9, the Timeline feature will have the following updates:

• User ability to add a Timeline to existing Case
• Timeline Template

Acceptance Test Criteria

Docs are needed for the 2 enhancements to Timeline

User ability to add a Timeline to existing Case

User can add a Timeline to an existing Case now. Gif is included in issue ticket.

Timeline Template

User can create a new template or convert an existing timeline into a template to use for future investigations.

Workflow below helps show how timeline templates are created, and how they can be used for Detection Rules.
Timeline.Template.Workflow.1.pdf

Use case: When users open up alerts in the Timeline, it would be nice to have each of those Timeline pre-configured and populated with all the relevant fields in the relevant order. User can create templates which they can pre-configured fields and link them to the Detection Rule that will produce alert types that they want to use the Timeline Template for.

For example, if a user write a Detection Rule to seek out malicious file events in the environment, they would definitely want to see fields such as file name, file path, file size, username, and file hash. They can make a timeline template that has all of these fields set as the default view, and add it to the Detection Rule. When an alert is triggered on that rule, user opens up the alert in timeline, the timeline will show file name, file path, file size, username, and file hash fields on default.

Notes

• Add the "Team:Docs" label to new issues.
• Be sure to add any necessary screenshots for clarity.
• Include any conditions or caveats that may affect customers.

[benskelker]

API PR: #50

[benskelker]

Related to: #19