[Suggestion] Add example of excluding cold/frozen data from Indicator Match rule queries

docs/detections/detection-engine-intro.asciidoc

@@ -86,7 +86,7 @@ Indicator match rules provide a powerful capability to search your security data
 
 In addition, the following support restrictions are in place:
 
-* {elastic-sec} does not support the use of either cold or frozen {ref}/data-tiers.html[tier data] with indicator match rules.
+* {elastic-sec} does not support the use of either cold or frozen {ref}/data-tiers.html[tier data] with indicator match rules. However, the rule will search cold and frozen data tiers if they exist. To prevent this, configure the `excludedDataTiersForRuleExecution` <<exclude-cold-frozen-data-rule-executions,advanced setting>> (which applies to all rules in a space), or add a <<exclude-cold-frozen-data-individual-rules,Query DSL filter>> to individual rules. 
 * Indicator match rules with an additional look-back time value greater than 24 hours are not supported.
 
 [float]