Rules table UX enhancements for 8.7 (#2998) (#3048)

* Add description of Clear filters option * Update screenshots * Mention persistent URL * Include preset filters (not prev doc'd) * Li'l edit * Explain skipped rules in bulk edits * Minor rewording for grammar * Eh, edit again (sorry grammar) (cherry picked from commit 48bc919) Co-authored-by: Joe Peeples <[email protected]>
elastic · Mar 9, 2023 · 46a1726 · 46a1726
1 parent 05f1b5f
commit 46a1726
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 2 deletions.
diff --git a/docs/detections/images/all-rules.png b/docs/detections/images/all-rules.png
diff --git a/docs/detections/images/monitor-table.png b/docs/detections/images/monitor-table.png
diff --git a/docs/detections/rules-ui-manage.asciidoc b/docs/detections/rules-ui-manage.asciidoc
@@ -34,6 +34,10 @@ To filter the rules list, enter a search term in the search bar and press **Retu
 
 NOTE: Searches for index patterns and MITRE ATT&CK tactics and techniques must match exactly, are case sensitive, and do _not_ support wildcards. For example, to find rules using the `filebeat-*` index pattern, the search term `filebeat-*` is valid, but `filebeat` and `file*` are not because they don't exactly match the index pattern. Likewise, the MITRE ATT&CK tactic `Defense Evasion` is valid, but `Defense`, `defense evasion`, and `Defense*` are not.
 
+You can also filter the rules list by selecting the *Tags*, *Elastic rules*, *Custom rules*, *Enabled rules*, and *Disabled rules* filters next to the search bar.
+
+The rules list retains your sorting and filtering settings when you navigate away and return to the page. These settings are also preserved when you copy the page's URL and paste into another browser. Select *Clear filters* above the table to revert to the default view.
+
 [float]
 [[rule-status]]
 === Check the current status of rules
@@ -120,9 +124,9 @@ You can edit an existing rule's settings, and can bulk edit settings for multipl
 
 [NOTE]
 ====
-For prebuilt Elastic rules, you can't modify most settings. You can only edit <<rule-schedule, rule actions>> and <<add-exceptions, add exceptions>>.
+For prebuilt Elastic rules, you can't modify most settings. You can only edit <<rule-schedule, rule actions>> and <<add-exceptions, add exceptions>>. If you try to bulk edit with both prebuilt and custom rules selected, the action will affect only the rules that can be modified.
 
-If you try to bulk edit with both prebuilt and custom rules selected, the action will affect only the rules that can be modified.
+Similarly, rules will be skipped if they can't be modified by a bulk edit. For example, if you try to apply a tag to rules that already have that tag, or apply an index pattern to rules that use data views.
 ====
 
 . Go to *Manage* -> *Rules*.