diff --git a/docs/siem/detections/detection-engine-intro.asciidoc b/docs/siem/detections/detection-engine-intro.asciidoc
index 35dd24d09a..9968e24c92 100644
--- a/docs/siem/detections/detection-engine-intro.asciidoc
+++ b/docs/siem/detections/detection-engine-intro.asciidoc
@@ -30,6 +30,12 @@ There are two special prebuilt rules you need to know about:
 Elastic Endpoint alerts. To receive Elastic Endpoint alerts, you must install
 the Endpoint agent on your hosts (BEN: see xref).
 +
+When this rule is enabled, the following Endpoint events are displayed as
+detection alerts:
++
+** Malware Prevention Alert
+** Malware Detection Alert
++
 NOTE: When you load the prebuilt rules, this is the only rule that is enabled
 by default.