[Redo][8.4] Highlight that rule exceptions are case-sensitive (#4837)

elastic · Feb 20, 2024 · a44753f · a44753f
1 parent 13ffb52
commit a44753f
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/docs/detections/detections-ui-exceptions.asciidoc b/docs/detections/detections-ui-exceptions.asciidoc
@@ -119,6 +119,8 @@ The *Add Rule Exception* flyout opens (the example below was opened from the Ale
 image::images/add-exception-ui.png[]
 . Use the following settings to add conditions that define when the exception prevents alerts. In the example above, the exception prevents the rule from generating alerts when the
 `svchost.exe` process runs on agent hostname `siem-kibana`.
++
+IMPORTANT: Rule exceptions are case-sensitive, which means that any character that's entered as an uppercase or lowercase letter will be treated as such. In the event you _don't_ want a field evaluated as case-sensitive, some ECS fields have a `.caseless` version that you can use.
 
   .. *Field*: Select a field to identify the event being filtered.
 
@@ -204,6 +206,8 @@ The *Add Endpoint Exception* flyout opens, from either the rule details page or
 image::images/endpoint-add-exp.png[]
 . If required, modify the conditions.
 +
+IMPORTANT: Rule exceptions are case-sensitive, which means that any character that's entered as an uppercase or lowercase letter will be treated as such. In the event you _don't_ want a field evaluated as case-sensitive, some ECS fields have a `.caseless` version that you can use.
++
 NOTE: Refer to <<ex-nested-conditions>> for more information on when nested conditions are required.
 
 . You can select any of the following: