Skip to content

Automatic backfills for rule execution gaps #3407

New issue
New issue
Open
Open
Automatic backfills for rule execution gaps#3407
Assignees
approksiunastasha-solomonARWNightingale
Labels
Team:ExperienceIssues owned by the Experience Docs Team
@ARWNightingale

Description

@ARWNightingale
ARWNightingale
opened on Oct 7, 2025

Description

This feature introduces automatic detection and remediation of rule execution gaps in Elastic Security. When a rule fails to run during a time interval, the system automatically backfills the missing detections—reducing manual effort, maintaining detection coverage, and preventing alert duplication. Users can view and monitor the scheduler to understand when automated gap run have been scheduled.

Background & resources

Epic - https://github.com/elastic/security-team/issues/6097

PM: @approksiu
Designer: @ARWNightingale
Developer: @yctercero

Design Flows for Docs info

User flow 🏄 - 1.  Enable / Disable Auto Gap Fill

User flow 🏄 2 - View Gaps and Fill Status

User flow 🏄 3 - View Scheduler

User flow 🏄 4 - Lower licence

Copy Required:

AUTO FILL INFO: copy for tooltip explaining what Auto fill is, Plus the copy for the toast.

Image

CALLOUTS: 4 call out info required, see below image for each one.

Image

Which documentation set does this change impact?

ESS and serverless

ESS release

9.3

Serverless release

Once ready - TBC

Feature differences

Licence level- TBC

API docs impact

None

Prerequisites, privileges, feature flags

No response

Metadata

Metadata

Assignees

Labels

Team:ExperienceIssues owned by the Experience Docs Team

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions