Skip to content

Commit

Permalink
[8.7] [Enhancement][ESS] Only open or acknowledged alerts are conside…
Browse files Browse the repository at this point in the history
…red for alert suppression (backport #5122) (#5246)

* First draft

* Update docs/detections/alert-suppression.asciidoc

(cherry picked from commit 9d4209c)

Co-authored-by: Nastasha Solomon <[email protected]>
  • Loading branch information
mergify[bot] and nastasha-solomon authored May 20, 2024
1 parent 48b778b commit 3ab6527
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions docs/detections/alert-suppression.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,8 @@ TIP: Use the *Rule preview* before saving the rule to visualize how alert suppre

The {security-app} displays several indicators of whether a detection alert was created with alert suppression enabled, and how many duplicate alerts were suppressed.

IMPORTANT: After an alert is moved to the `Closed` status, it will no longer suppress new alerts. To prevent interruptions or unexpected changes in suppression, avoid closing alerts before the suppression interval ends.

* *Alerts* table — Icon in the *Rule* column. Hover to display the number of suppressed alerts:
+
[role="screenshot"]
Expand Down

0 comments on commit 3ab6527

Please sign in to comment.