[Enhancement][ESS] Only open or acknowledged alerts are considered for alert suppression (#5122)

nastasha-solomon · web-flow · commit 9d4209c8581b · 2024-05-20T15:41:34.000-04:00
* First draft

* Update docs/detections/alert-suppression.asciidoc
diff --git a/docs/detections/alert-suppression.asciidoc b/docs/detections/alert-suppression.asciidoc
@@ -81,6 +81,8 @@ NOTE: These options are not available for threshold rules.
 
 The {security-app} displays several indicators of whether a detection alert was created with alert suppression enabled, and how many duplicate alerts were suppressed.
 
+IMPORTANT: After an alert is moved to the `Closed` status, it will no longer suppress new alerts. To prevent interruptions or unexpected changes in suppression, avoid closing alerts before the suppression interval ends.
+
 * *Alerts* table — Icon in the *Rule* column. Hover to display the number of suppressed alerts:
 +
 [role="screenshot"]

Original file line number	Diff line number	Diff line change
`@@ -81,6 +81,8 @@ NOTE: These options are not available for threshold rules.`
`81`	`81`
`82`	`82`	`The {security-app} displays several indicators of whether a detection alert was created with alert suppression enabled, and how many duplicate alerts were suppressed.`
`83`	`83`
	`84`	+IMPORTANT: After an alert is moved to the `Closed` status, it will no longer suppress new alerts. To prevent interruptions or unexpected changes in suppression, avoid closing alerts before the suppression interval ends.
	`85`	`+`
`84`	`86`	`* Alerts table — Icon in the Rule column. Hover to display the number of suppressed alerts:`
`85`	`87`	`+`
`86`	`88`	`[role="screenshot"]`