From b5f7ea75b7e3801c39612a04fb76c74fd4b4cc99 Mon Sep 17 00:00:00 2001
From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com>
Date: Mon, 20 May 2024 15:41:34 -0400
Subject: [PATCH] [Enhancement][ESS] Only open or acknowledged alerts are
 considered for alert suppression (#5122)

* First draft

* Update docs/detections/alert-suppression.asciidoc

(cherry picked from commit 9d4209c8581bbfbc84cc6ee62a144257ecf9a5b0)
---
 docs/detections/alert-suppression.asciidoc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/detections/alert-suppression.asciidoc b/docs/detections/alert-suppression.asciidoc
index 21cac47320..4b8663be3f 100644
--- a/docs/detections/alert-suppression.asciidoc
+++ b/docs/detections/alert-suppression.asciidoc
@@ -71,6 +71,8 @@ image::images/alert-suppression-options.png[Alert suppression options,400]
 
 The {security-app} displays several indicators of whether a detection alert was created with alert suppression enabled, and how many duplicate alerts were suppressed.
 
+IMPORTANT: After an alert is moved to the `Closed` status, it will no longer suppress new alerts. To prevent interruptions or unexpected changes in suppression, avoid closing alerts before the suppression interval ends.
+
 * *Alerts* table — Icon in the *Rule* column. Hover to display the number of suppressed alerts:
 +
 [role="screenshot"]