[7.x] [Docs][SIEM]General doc improvements (#957)

docs/en/siem/index-api-overview.asciidoc

@@ -44,7 +44,7 @@ Creates a signal index. The naming convention for the index is
 
 ===== Request URL
 
-`POST  /api/detection_engine/index`
+`POST  <kibana host>:<port>/api/detection_engine/index`
 
 ====== Example request
 
@@ -67,7 +67,7 @@ Gets the signal index name if it exists.
 
 ===== Request URL
 
-`GET /api/detection_engine/index`
+`GET <kibana host>:<port>/api/detection_engine/index`
 
 ====== Example request
 
@@ -114,7 +114,7 @@ Deletes the signal index.
 
 ===== Request URL
 
-`DELETE /api/detection_engine/index`
+`DELETE <kibana host>:<port>/api/detection_engine/index`
 
 ====== Example request
 

docs/en/siem/installation.asciidoc

@@ -20,6 +20,16 @@ Elastic Cloud. The {es} Service is available on both AWS and GCP.
 Service for free].
 ==============
 
+For information on how to perform cross-cluster searches on {siem-soln}
+indices, see:
+
+* {ref}/modules-cross-cluster-search.html[Search across cluster]
+(for on-premises {stack} deployments)
+* {cloud}/ec-enable-ccs.html[Enable cross-cluster search] (for hosted deployments)
+
+[float]
+=== Ingest data
+
 To ingest data, you can use:
 
 * *{beats}* shippers (version 7.x or later) installed for each system you want 

docs/en/siem/privileges-api-overview.asciidoc

@@ -14,7 +14,7 @@ Returns user privileges for the {kib} space.
 
 ===== Request URL
 
-`GET /api/detection_engine/privileges`
+`GET <kibana host>:<port>/api/detection_engine/privileges`
 
 ====== Example requests
 

docs/en/siem/rules-api-bulk-actions.asciidoc

@@ -10,7 +10,7 @@ Creates new rules.
 
 ===== Request URL
 
-`POST /api/detection_engine/rules/_bulk_create`
+`POST <kibana host>:<port>/api/detection_engine/rules/_bulk_create`
 
 ===== Request body
 
@@ -82,7 +82,7 @@ Deletes multiple rules.
 
 ===== Request URL
 
-`DELETE  /api/detection_engine/rules/_bulk_delete`
+`DELETE  <kibana host>:<port>/api/detection_engine/rules/_bulk_delete`
 
 ===== Request body
 
@@ -124,9 +124,9 @@ You can use `PUT` or `PATCH` methods to bulk update rules, where:
 
 ===== Request URL
 
-`PUT  /api/detection_engine/rules/_bulk_update`
+`PUT  <kibana host>:<port>/api/detection_engine/rules/_bulk_update`
 
-`PATCH /api/detection_engine/rules/_bulk_update`
+`PATCH <kibana host>:<port>/api/detection_engine/rules/_bulk_update`
 
 ===== Request body
 

docs/en/siem/rules-api-create.asciidoc

@@ -5,7 +5,7 @@ Creates a new signal detection rule.
 
 ==== Request URL
 
-`POST /api/detection_engine/rules`
+`POST <kibana host>:<port>/api/detection_engine/rules`
 
 ==== Request body
 

docs/en/siem/rules-api-delete.asciidoc

@@ -5,7 +5,7 @@ Deletes a single rule using the `rule_id` or `id` field.
 
 ==== Request URL
 
-`DELETE /api/detection_engine/rules`
+`DELETE <kibana host>:<port>/api/detection_engine/rules`
 
 ===== URL query parameters
 

docs/en/siem/rules-api-export.asciidoc

@@ -7,7 +7,7 @@ NOTE: You cannot export prepackaged rules.
 
 ==== Request URL
 
-`POST /api/detection_engine/rules/_export`
+`POST <kibana host>:<port>/api/detection_engine/rules/_export`
 
 
 ===== URL query parameters

docs/en/siem/rules-api-find.asciidoc

@@ -5,7 +5,7 @@ Retrieves a paginated subset of signal detection rules. By default, the first pa
 
 ==== Request URL
 
-`GET /api/detection_engine/rules/_find`
+`GET <kibana host>:<port>/api/detection_engine/rules/_find`
 
 ===== URL query parameters
 

docs/en/siem/rules-api-get.asciidoc

@@ -5,7 +5,7 @@ Retrieves a single rule using the `rule_id` or `id` field.
 
 ==== Request URL
 
-`GET /api/detection_engine/rules`
+`GET <kibana host>:<port>/api/detection_engine/rules`
 
 ===== URL query parameters
 

docs/en/siem/rules-api-import.asciidoc

@@ -5,7 +5,7 @@ Imports rules from an ndjson file.
 
 ==== Request URL
 
-`POST /api/detection_engine/rules/_import`
+`POST <kibana host>:<port>/api/detection_engine/rules/_import`
 
 The request must include:
 

docs/en/siem/rules-api-overview.asciidoc

@@ -12,20 +12,24 @@ and alerts, see <<det-engine-terminology, detections terminology>>.
 
 The API has these endpoints:
 
-* `<kibana URL>/api/detection_engine/rules` - Signal detection rules CRUD 
-functions 
-* `<kibana URL>/api/detection_engine/index` - Signal index operations
-* `<kibana URL>/api/detection_engine/tags` - Aggregates and returns rule tags
-* `<kibana URL>/api/detection_engine/_import` - Imports rules from an ndjson 
-file
-* `<kibana URL>/api/detection_engine/_export` - Exports rules to an ndjson file
-* `<kibana URL>/api/detection_engine/privileges` - Returns the user's 
+* `<kibana host>:<port>/api/detection_engine/rules` - Signal detection rules
+CRUD functions
+* `<kibana host>:<port>/api/detection_engine/index` - Signal index operations
+* `<kibana host>:<port>/api/detection_engine/tags` - Aggregates and returns
+rule tags
+* `<kibana host>:<port>/api/detection_engine/_import` - Imports rules from an
+ndjson file
+* `<kibana host>:<port>/api/detection_engine/_export` - Exports rules to an
+ndjson file
+* `<kibana host>:<port>/api/detection_engine/privileges` - Returns the user's
 {kib} space and signal index permissions, and whether the user is authenticated
-* `<kibana URL>/api/detection_engine/signals` - Aggregates, queries, and
+* `<kibana host>:<port>/api/detection_engine/signals` - Aggregates, queries, and
 returns signals, and updates their statuses
-* `<kibana URL>/api/detection_engine/prepackaged` - Loads and retrieves the status of Elastic <<prebuilt-rules, prebuilt rules>>
+* `<kibana host>:<port>/api/detection_engine/prepackaged` - Loads and retrieves
+the status of Elastic <<prebuilt-rules, prebuilt rules>>
 
-Where `<kibana URL>` is the URL and port number of your Kibana instance.
+Where `<kibana host>` is the host name and `<port>` is the port of your {kib}
+instance.
 
 NOTE: In dev mode, the Kibana server runs behind a proxy which adds a random 
 path component to its URL.
@@ -38,7 +42,7 @@ how to work with and disable the random path component.
 If you are making calls to a {kib} space *other than* the `Default` space, the 
 space identifier is part of the endpoint's URL:
 
-`<kibana URL>/s/<space URL>/api/detection_engine/rules`
+`<kibana host>:<port>/s/<space URL>/api/detection_engine/rules`
 
 Where `<space URL>` is the URL identifier for the space.
 
@@ -79,6 +83,6 @@ from the {kib} `siem` space:
 
 [source,js]
 --------------------------------------------------
-curl -X GET "<kibana URL>/s/siem/api/detection_engine/rules/_find"
+curl -X GET "<kibana host>:<port>/s/siem/api/detection_engine/rules/_find"
 -H 'kbn-xsrf: kibana' -u <username>:<password>
 --------------------------------------------------

docs/en/siem/rules-api-prebuilt.asciidoc

@@ -13,7 +13,7 @@ NOTE: By default, all loaded prebuilt rules are disabled.
 
 ===== Request URL
 
-`PUT /api/detection_engine/rules/prepackaged`
+`PUT <kibana host>:<port>/api/detection_engine/rules/prepackaged`
 
 ====== Example request
 
@@ -48,7 +48,7 @@ Returns rule statuses.
 
 ===== Request URL
 
-`GET /api/detection_engine/rules/prepackaged/_status`
+`GET <kibana host>:<port>/api/detection_engine/rules/prepackaged/_status`
 
 ====== Example request
 

docs/en/siem/rules-api-update.asciidoc

@@ -10,9 +10,9 @@ You can use `PUT` or `PATCH` methods to update rules, where:
 
 ==== Request URL
 
-`PUT /api/detection_engine/rules`
+`PUT <kibana host>:<port>/api/detection_engine/rules`
 
-`PATCH /api/detection_engine/rules`
+`PATCH <kibana host>:<port>/api/detection_engine/rules`
 
 ==== Request body
 

docs/en/siem/signals-api-overview.asciidoc

@@ -16,7 +16,7 @@ Aggregates and returns signals.
 
 ===== Request URL
 
-`POST /api/detection_engine/signals/search`
+`POST <kibana host>:<port>/api/detection_engine/signals/search`
 
 ===== Request body
 
@@ -116,7 +116,7 @@ Sets the status of one or more signals.
 
 ===== Request URL
 
-`POST /api/detection_engine/signals/status`
+`POST <kibana host>:<port>/api/detection_engine/signals/status`
 
 ===== Request body
 

docs/en/siem/tags-api-overview.asciidoc

@@ -10,7 +10,7 @@ Aggregates and returns all unique tags from all rules.
 
 ===== Request URL
 
-`GET /api/detection_engine/tags`
+`GET <kibana host>:<port>/api/detection_engine/tags`
 
 ====== Example request