Skip to content

Commit cfc842f

Browse files
[SECURITY][9.1 & Serverless] Bulk-apply and remove alert suppression (#2174)
Contributes to #1719 by adding a new section to the alert suppression page about bulk-applying and removing suppression from rules. [Preview](https://docs-v3-preview.elastic.dev/elastic/docs-content/pull/2174/solutions/security/detect-and-alert/suppress-detection-alerts#security-alert-suppression-bulk-apply) **Corresponding 8.19 docs**: elastic/security-docs#6936
1 parent 3d18d9e commit cfc842f

File tree

1 file changed

+8
-0
lines changed

1 file changed

+8
-0
lines changed

solutions/security/detect-and-alert/suppress-detection-alerts.md

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -147,3 +147,11 @@ Some rule types have a maximum number of alerts that can be suppressed (custom q
147147

148148
* **Threshold, event correlation, {{esql}}, and {{ml}}:** The maximum number of alerts is the value you choose for the rule’s **Max alerts per run** [advanced setting](/solutions/security/detect-and-alert/create-detection-rule.md#rule-ui-advanced-params), which is `100` by default.
149149
* **Indicator match and new terms:** The maximum number is five times the value you choose for the rule’s **Max alerts per run** [advanced setting](/solutions/security/detect-and-alert/create-detection-rule.md#rule-ui-advanced-params). The default value is `100`, which means the default maximum limit for indicator match rules and new terms rules is `500`.
150+
151+
## Bulk apply and remove alert suppression [security-alert-suppression-bulk-apply]
152+
153+
```{applies_to}
154+
stack: ga 9.1
155+
```
156+
157+
From the Rules table, use the **Bulk actions** menu to apply or remove alert suppression to multiple rules. The **Apply alert suppression** option can be used for all rules types except for the threshold rule type. To bulk-apply alert suppression to threshold rules, use the bulk menu option that's labeled for threshold rules only.

0 commit comments

Comments
 (0)