Skip to content

Commit

Permalink
[BUG][7.17-8.5]Fix note that describes how exceptions work with EQL r…
Browse files Browse the repository at this point in the history
…ules (#4759)

(cherry picked from commit 7d74705)

# Conflicts:
#	docs/detections/detections-ui-exceptions.asciidoc
  • Loading branch information
nastasha-solomon authored and mergify[bot] committed Feb 6, 2024
1 parent b92ab2f commit 235ece8
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions docs/detections/detections-ui-exceptions.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,11 @@ IMPORTANT: To ensure an exception is successfully applied, make sure that the f
==============
Be careful when adding exceptions to event correlation rules. Exceptions are evaluated against every event in the sequence, and when the exception matches _all_ event(s) in the sequence, alerts _are not_ generated. If the exception only matches _some_ of the events in the sequence, alerts _are_ generated.
<<<<<<< HEAD
=======
* Be careful when adding exceptions to <<create-eql-rule,event correlation>> rules. Exceptions are evaluated against every event in the sequence, and if an exception matches any events that are necessary to complete the sequence, alerts are not created.
+
>>>>>>> 7d74705 ([BUG][7.17-8.5]Fix note that describes how exceptions work with EQL rules (#4759))
To exclude values from a
specific event in the sequence, update the rule's EQL statement. For example:

Expand Down

0 comments on commit 235ece8

Please sign in to comment.