diff --git a/solutions/security/endpoint-response-actions.md b/solutions/security/endpoint-response-actions.md
index a60000d96a..7a9f703523 100644
--- a/solutions/security/endpoint-response-actions.md
+++ b/solutions/security/endpoint-response-actions.md
@@ -40,6 +40,11 @@ Launch the response console from any of the following places in {{elastic-sec}}:
 * **Endpoints** page → **Actions** menu (**…**) → **Respond**
 * Endpoint details flyout → **Take action** → **Respond**
 * Alert details flyout → **Take action** → **Respond**
+
+  ::::{note}
+  In {{serverless-short}}, you can also launch the response console from the event details flyout (event details flyout → **Take action** → **Respond**).
+  ::::
+  
 * Host details page → **Respond**
 
 To perform an action on the endpoint, enter a [response action command](/solutions/security/endpoint-response-actions.md#response-action-commands) in the input area at the bottom of the console, then press **Return**. Output from the action is displayed in the console.
diff --git a/solutions/security/endpoint-response-actions/isolate-host.md b/solutions/security/endpoint-response-actions/isolate-host.md
index 15ec18313a..9477ff65cf 100644
--- a/solutions/security/endpoint-response-actions/isolate-host.md
+++ b/solutions/security/endpoint-response-actions/isolate-host.md
@@ -49,9 +49,9 @@ All actions executed on a host are tracked in the host’s response actions hist
 
 ## Isolate a host [isolate-a-host]
 
-::::{dropdown} Isolate a host from a detection alert
-1. Open a detection alert:
-
+::::{dropdown} Isolate a host from an event (Serverless only) or a detection alert
+1. Open an event ({{serverless-short}} only) or a detection alert:
+    * From the event analyzer view: Click an event. ({{serverless-short}} only)
     * From the Alerts table or Timeline: Click **View details** (![View details icon](/solutions/images/security-view-details-icon.png "title =20x20")).
     * From a case with an attached alert: Click **Show alert details** (**>**).
 
@@ -120,9 +120,9 @@ After the host is successfully isolated, an **Isolated** status is added to the
 
 ## Release a host [release-a-host]
 
-::::{dropdown} Release a host from a detection alert
-1. Open a detection alert:
-
+::::{dropdown} Release a host from an event (Serverless only) or detection alert
+1. Open an event ({{serverless-short}} only) or a detection alert:
+    * From the event analyzer view: Click an event. ({{serverless-short}} only)
     * From the Alerts table or Timeline: Click **View details** (![View details icon](/solutions/images/security-view-details-icon.png "title =20x20")).
     * From a case with an attached alert: Click **Show alert details** (**>**).