[8.7] [Enhancement][ESS] Only open or acknowledged alerts are considered for alert suppression (backport #5122) (#5246)

mergify[bot] · nastasha-solomon · web-flow · commit 3ab6527b1dd7 · 2024-05-20T16:11:24.000-04:00
* First draft * Update docs/detections/alert-suppression.asciidoc (cherry picked from commit 9d4209c) Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com>
diff --git a/docs/detections/alert-suppression.asciidoc b/docs/detections/alert-suppression.asciidoc
@@ -43,6 +43,8 @@ TIP: Use the *Rule preview* before saving the rule to visualize how alert suppre
 
 The {security-app} displays several indicators of whether a detection alert was created with alert suppression enabled, and how many duplicate alerts were suppressed.
 
+IMPORTANT: After an alert is moved to the `Closed` status, it will no longer suppress new alerts. To prevent interruptions or unexpected changes in suppression, avoid closing alerts before the suppression interval ends.
+
 * *Alerts* table — Icon in the *Rule* column. Hover to display the number of suppressed alerts:
 +
 [role="screenshot"]

Original file line number	Diff line number	Diff line change
`@@ -43,6 +43,8 @@ TIP: Use the Rule preview before saving the rule to visualize how alert suppre`
`43`	`43`
`44`	`44`	`The {security-app} displays several indicators of whether a detection alert was created with alert suppression enabled, and how many duplicate alerts were suppressed.`
`45`	`45`
	`46`	+IMPORTANT: After an alert is moved to the `Closed` status, it will no longer suppress new alerts. To prevent interruptions or unexpected changes in suppression, avoid closing alerts before the suppression interval ends.
	`47`	`+`
`46`	`48`	`* Alerts table — Icon in the Rule column. Hover to display the number of suppressed alerts:`
`47`	`49`	`+`
`48`	`50`	`[role="screenshot"]`