[Epic][Security] Improvements to exception docs #1981
Description
Issue
Exceptions are a frequently-used feature among our customers. However, the docs lack practical guidance and examples, both which can help users understand how exceptions work and build better exceptions.
What's needed
- Better feature overview: The overview page needs to better explain what exceptions are, why they're valuable, and when to use them (as opposed to the other "noise-cancelling" features that we offer).
- More practical examples: Practical examples can help bridge the gap between abstract concepts and real-world application. They'd need to be added to docs for value lists, regular and endpoint exceptions, and exception "types" (shared and single).
- Best practices and or troubleshooting: There are a lot of nuances for users to consider when creating exceptions. This information is sprinkled throughout the exception docs and is often missed. Gathering information on a single page would make it more findable and visible.
- Add docs for creating exceptions based on runtime fields (TBD)
To take into account
- Need assistance from Dev and Product to create realistic examples.
- Testing value lists and exceptions requires a bit of manual work.
Existing related issues
- Create and Manage Value Lists doc should contain more examples of accepted IP addresses formats security-docs#3754
- [Enhancement]: Improve examples of detection rule exceptions using wildcards security-docs#5334
- [Suggestion] Update rule types list in the Note about Exceptions security-docs#5923
- [Enhancement]: Threshold rule exceptions constraints security-docs#4929
- [Suggestion] Update rule types list in the Note about Exceptions security-docs#5923
- [Security Solution] Document the procedure for creating detection rule exceptions based on runtime fields security-docs#5868