Skip to content

Commit

Permalink
Update docs/detections/alert-suppression.asciidoc
Browse files Browse the repository at this point in the history 
Co-authored-by: Benjamin Ironside Goldstein <[email protected]>
  • Loading branch information
@nastasha-solomon @benironside
nastasha-solomon and benironside authored Mar 12, 2024
1 parent f733223 commit ffe3b63
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion docs/detections/alert-suppression.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,5 +101,5 @@ image::images/timeline-button.png[Investigate in timeline button, 200]

Some rule types have a maximum number of alerts that can be suppressed (custom query rules don't have a suppression limit):

* **Threshold** - The maximum number of is the value specified for the <<opt-fields-all,`max_signals`>> setting, which is `100` by default.
* **Threshold** - The maximum number of alerts is the value specified for the <<opt-fields-all,`max_signals`>> setting, which is `100` by default.
* **Indicator match** - The maximum number is five times the value specified for the <<opt-fields-all,`max_signals`>> setting. The default `max_signals` value is `100`, which means the default maximum limit for indicator match rules is `500`.

0 comments on commit ffe3b63

Please sign in to comment.