[8.9] [Enhancement][ESS] Only open or acknowledged alerts are considered for alert suppression (backport #5122) (#5244)

mergify[bot] · nastasha-solomon · web-flow · commit 30e85a25c70c · 2024-05-20T16:11:09.000-04:00
* First draft * Update docs/detections/alert-suppression.asciidoc (cherry picked from commit 9d4209c) Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com>
diff --git a/docs/detections/alert-suppression.asciidoc b/docs/detections/alert-suppression.asciidoc
@@ -47,6 +47,8 @@ TIP: Use the *Rule preview* before saving the rule to visualize how alert suppre
 
 The {security-app} displays several indicators of whether a detection alert was created with alert suppression enabled, and how many duplicate alerts were suppressed.
 
+IMPORTANT: After an alert is moved to the `Closed` status, it will no longer suppress new alerts. To prevent interruptions or unexpected changes in suppression, avoid closing alerts before the suppression interval ends.
+
 * *Alerts* table — Icon in the *Rule* column. Hover to display the number of suppressed alerts:
 +
 [role="screenshot"]

Original file line number	Diff line number	Diff line change
`@@ -47,6 +47,8 @@ TIP: Use the Rule preview before saving the rule to visualize how alert suppre`
`47`	`47`
`48`	`48`	`The {security-app} displays several indicators of whether a detection alert was created with alert suppression enabled, and how many duplicate alerts were suppressed.`
`49`	`49`
	`50`	+IMPORTANT: After an alert is moved to the `Closed` status, it will no longer suppress new alerts. To prevent interruptions or unexpected changes in suppression, avoid closing alerts before the suppression interval ends.
	`51`	`+`
`50`	`52`	`* Alerts table — Icon in the Rule column. Hover to display the number of suppressed alerts:`
`51`	`53`	`+`
`52`	`54`	`[role="screenshot"]`