From a0672d458d70adc80636e6f987eff5a3891c678e Mon Sep 17 00:00:00 2001
From: Lisa Cawley <lcawley@elastic.co>
Date: Tue, 9 Apr 2024 11:17:13 -0700
Subject: [PATCH] Add limit for number of alerts per case (#5062)

(cherry picked from commit 65928c3cd58a1ad7fa9cf6e609619a4027be8b30)
---
 docs/cases/cases-manage.asciidoc             | 2 ++
 docs/detections/alerts-add-to-cases.asciidoc | 6 +++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/docs/cases/cases-manage.asciidoc b/docs/cases/cases-manage.asciidoc
index 2581895c62..ac30f11b2b 100644
--- a/docs/cases/cases-manage.asciidoc
+++ b/docs/cases/cases-manage.asciidoc
@@ -173,6 +173,8 @@ To explore the alerts attached to a case, click the *Alerts* tab. In the table,
 [role="screenshot"]
 image::images/cases-alert-tab.png[Shows you the Alerts tab]
 
+NOTE: Each case can have a maximum of 1,000 alerts.
+
 [float]
 [[cases-add-files]]
 === Add files
diff --git a/docs/detections/alerts-add-to-cases.asciidoc b/docs/detections/alerts-add-to-cases.asciidoc
index 1364646d8d..75fcb9932e 100644
--- a/docs/detections/alerts-add-to-cases.asciidoc
+++ b/docs/detections/alerts-add-to-cases.asciidoc
@@ -7,7 +7,11 @@
 
 From the Alerts table, you can attach one or more alerts to a <<signals-to-new-cases,new case>> or <<signals-to-existing-cases,an existing one>>. Alerts from any rule type can be added to a case.
 
-NOTE: Once you've added an alert to a case, you can only remove it through the <<cases-api-overview,Elastic Security Cases API>>.
+[NOTE]
+===============================
+* After you add an alert to a case, you can remove it from the case activity under the alert summary or by using the <<cases-api-overview,Elastic Security Cases API>>.
+* Each case can have a maximum of 1,000 alerts.
+===============================
 
 [role="screenshot"]
 image::images/add-alert-to-case.gif[width=50%][height=50%][Animation of adding an alert to a case]