[8.14] [Enhancement][ESS] Only open or acknowledged alerts are consid…

…ered for alert suppression (backport #5122) (#5239) * First draft * Update docs/detections/alert-suppression.asciidoc (cherry picked from commit 9d4209c) Co-authored-by: Nastasha Solomon <[email protected]>
elastic · May 20, 2024 · b3d951c · b3d951c
1 parent 5fc4c4f
commit b3d951c
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/docs/detections/alert-suppression.asciidoc b/docs/detections/alert-suppression.asciidoc
@@ -81,6 +81,8 @@ NOTE: These options are not available for threshold rules.
 
 The {security-app} displays several indicators of whether a detection alert was created with alert suppression enabled, and how many duplicate alerts were suppressed.
 
+IMPORTANT: After an alert is moved to the `Closed` status, it will no longer suppress new alerts. To prevent interruptions or unexpected changes in suppression, avoid closing alerts before the suppression interval ends.
+
 * *Alerts* table — Icon in the *Rule* column. Hover to display the number of suppressed alerts:
 +
 [role="screenshot"]