[Enhancement][ESS] Only open or acknowledged alerts are considered for alert suppression (#5122)

nastasha-solomon · mergify[bot] · commit e6b3f75a4a93 · 2024-05-20T19:45:28.000Z
* First draft * Update docs/detections/alert-suppression.asciidoc (cherry picked from commit 9d4209c)
diff --git a/docs/detections/alert-suppression.asciidoc b/docs/detections/alert-suppression.asciidoc
@@ -43,6 +43,8 @@ TIP: Use the *Rule preview* before saving the rule to visualize how alert suppre
 
 The {security-app} displays several indicators of whether a detection alert was created with alert suppression enabled, and how many duplicate alerts were suppressed.
 
+IMPORTANT: After an alert is moved to the `Closed` status, it will no longer suppress new alerts. To prevent interruptions or unexpected changes in suppression, avoid closing alerts before the suppression interval ends.
+
 * *Alerts* table — Icon in the *Rule* column. Hover to display the number of suppressed alerts:
 +
 [role="screenshot"]

Original file line number	Diff line number	Diff line change
`@@ -43,6 +43,8 @@ TIP: Use the Rule preview before saving the rule to visualize how alert suppre`
`43`	`43`
`44`	`44`	`The {security-app} displays several indicators of whether a detection alert was created with alert suppression enabled, and how many duplicate alerts were suppressed.`
`45`	`45`
	`46`	+IMPORTANT: After an alert is moved to the `Closed` status, it will no longer suppress new alerts. To prevent interruptions or unexpected changes in suppression, avoid closing alerts before the suppression interval ends.
	`47`	`+`
`46`	`48`	`* Alerts table — Icon in the Rule column. Hover to display the number of suppressed alerts:`
`47`	`49`	`+`
`48`	`50`	`[role="screenshot"]`