From d0293fc42e55d872c4668bdcdde4a5bdd4938a8e Mon Sep 17 00:00:00 2001
From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com>
Date: Mon, 20 May 2024 16:10:02 -0400
Subject: [PATCH] [8.13] [Enhancement][ESS] Only open or acknowledged alerts
 are considered for alert suppression (backport #5122) (#5240)

* First draft

* Update docs/detections/alert-suppression.asciidoc

(cherry picked from commit 9d4209c8581bbfbc84cc6ee62a144257ecf9a5b0)

Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com>
---
 docs/detections/alert-suppression.asciidoc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/detections/alert-suppression.asciidoc b/docs/detections/alert-suppression.asciidoc
index 21cac47320..4b8663be3f 100644
--- a/docs/detections/alert-suppression.asciidoc
+++ b/docs/detections/alert-suppression.asciidoc
@@ -71,6 +71,8 @@ image::images/alert-suppression-options.png[Alert suppression options,400]
 
 The {security-app} displays several indicators of whether a detection alert was created with alert suppression enabled, and how many duplicate alerts were suppressed.
 
+IMPORTANT: After an alert is moved to the `Closed` status, it will no longer suppress new alerts. To prevent interruptions or unexpected changes in suppression, avoid closing alerts before the suppression interval ends.
+
 * *Alerts* table — Icon in the *Rule* column. Hover to display the number of suppressed alerts:
 +
 [role="screenshot"]