[8.12] [Enhancement][ESS] Only open or acknowledged alerts are considered for alert suppression (backport #5122) (#5241)

mergify[bot] · nastasha-solomon · web-flow · commit 8c8b7b43da60 · 2024-05-20T16:10:12.000-04:00
* First draft * Update docs/detections/alert-suppression.asciidoc (cherry picked from commit 9d4209c) Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com>
diff --git a/docs/detections/alert-suppression.asciidoc b/docs/detections/alert-suppression.asciidoc
@@ -56,6 +56,8 @@ TIP: Use the *Rule preview* before saving the rule to visualize how alert suppre
 
 The {security-app} displays several indicators of whether a detection alert was created with alert suppression enabled, and how many duplicate alerts were suppressed.
 
+IMPORTANT: After an alert is moved to the `Closed` status, it will no longer suppress new alerts. To prevent interruptions or unexpected changes in suppression, avoid closing alerts before the suppression interval ends.
+
 * *Alerts* table — Icon in the *Rule* column. Hover to display the number of suppressed alerts:
 +
 [role="screenshot"]

Original file line number	Diff line number	Diff line change
`@@ -56,6 +56,8 @@ TIP: Use the Rule preview before saving the rule to visualize how alert suppre`
`56`	`56`
`57`	`57`	`The {security-app} displays several indicators of whether a detection alert was created with alert suppression enabled, and how many duplicate alerts were suppressed.`
`58`	`58`
	`59`	+IMPORTANT: After an alert is moved to the `Closed` status, it will no longer suppress new alerts. To prevent interruptions or unexpected changes in suppression, avoid closing alerts before the suppression interval ends.
	`60`	`+`
`59`	`61`	`* Alerts table — Icon in the Rule column. Hover to display the number of suppressed alerts:`
`60`	`62`	`+`
`61`	`63`	`[role="screenshot"]`