[8.13] [Enhancement][ESS] Only open or acknowledged alerts are consid…

…ered for alert suppression (backport #5122) (#5240) * First draft * Update docs/detections/alert-suppression.asciidoc (cherry picked from commit 9d4209c) Co-authored-by: Nastasha Solomon <[email protected]>
elastic · May 20, 2024 · d0293fc · d0293fc
1 parent 67044cf
commit d0293fc
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/docs/detections/alert-suppression.asciidoc b/docs/detections/alert-suppression.asciidoc
@@ -71,6 +71,8 @@ image::images/alert-suppression-options.png[Alert suppression options,400]
 
 The {security-app} displays several indicators of whether a detection alert was created with alert suppression enabled, and how many duplicate alerts were suppressed.
 
+IMPORTANT: After an alert is moved to the `Closed` status, it will no longer suppress new alerts. To prevent interruptions or unexpected changes in suppression, avoid closing alerts before the suppression interval ends.
+
 * *Alerts* table — Icon in the *Rule* column. Hover to display the number of suppressed alerts:
 +
 [role="screenshot"]