[DOCS] Adds info for ML auditbeat module (#28969)

docs/ml/creating-jobs.asciidoc

@@ -20,19 +20,28 @@ than running multiple jobs against the same data.
 
 A _population job_ detects activity that is unusual compared to the behavior of
 the population. For more information, see
-{stack-ov}/ml-configuring-pop.html[Performing Population Analysis].
+{stack-ov}/ml-configuring-pop.html[Performing population analysis].
 
 An _advanced job_ can contain multiple detectors and enables you to configure all
 job settings.
 
 {kib} can also recognize certain types of data and provide specialized wizards
-for that context.  For example, if you use {filebeat-ref}/index.html[Filebeat]
+for that context.  For example, if you use {filebeat-ref}/index.html[{filebeat}]
 to ship access logs from your
 http://nginx.org/[Nginx] and https://httpd.apache.org/[Apache] HTTP servers to
 {es}, the following wizards appear:
 
 [role="screenshot"]
-image::ml/images/ml-data-recognizer.jpg[A screenshot of the Apache and NGINX job creation wizards]
+image::ml/images/ml-data-recognizer-filebeat.jpg[A screenshot of the {filebeat} job creation wizards]
+
+Likewise, if you use {auditbeat-ref}/index.html[{auditbeat}] to audit process
+activity on your systems, the following wizards appear:
+
+[role="screenshot"]
+image::ml/images/ml-data-recognizer-auditbeat.jpg[A screenshot of the {auditbeat} job creation wizards]
+
+These wizards create {ml} jobs, dashboards, searches, and visualizations that
+are customized to help you analyze your {auditbeat} and {filebeat} data.
 
 If you are not certain which type of job to create, you can use the
 *Data Visualizer* to learn more about your data and to identify possible fields