[Security Content] Small tweaks on the setup guides (#3308)

* [Security Content] Small tweaks on the setup guides

* Additional Fixes

* Avoid touching deprecated rules

rules/linux/execution_potential_hack_tool_executed.toml

@@ -20,7 +20,7 @@ license = "Elastic License v2"
 name = "Potential Linux Hack Tool Launched"
 risk_score = 47
 rule_id = "1df1152b-610a-4f48-9d7a-504f6ee5d9da"
-setup = """
+setup = """## Setup
 
 This rule requires data coming in from Elastic Defend.
 
@@ -45,7 +45,6 @@ For more details on Elastic Agent configuration settings, refer to the [helper g
 - Click "Save and Continue".
 - To complete the integration, select "Add Elastic Agent to your hosts" and continue to the next section to install the Elastic Agent on your hosts.
 For more details on Elastic Defend refer to the [helper guide](https://www.elastic.co/guide/en/security/current/install-endpoint.html).
-
 """
 severity = "medium"
 timestamp_override = "event.ingested"