Skip to content

[Security][9.2 & Serverless]: New advanced setting that controls suppression window behavior #2735

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 47 commits into from
Oct 8, 2025
Merged

[Security][9.2 & Serverless]: New advanced setting that controls suppression window behavior #2735

merged 47 commits into from
Oct 8, 2025

Conversation

@nastasha-solomon
Copy link
Contributor

@nastasha-solomon nastasha-solomon commented Aug 27, 2025
edited
Loading

NOTE TO SELF (09/10/25): Sync with @denar50 about feature flag when I'm back.

Contributes to #2526 by documenting the new securitySolution:suppressionBehaviorOnAlertClosure advanced setting. (preview)

Also made the following changes:

  • Moved pre-reqs for using alert suppression to the section that has instructions for using it. This placement seems more appropriate. Also made light revisions to wordy steps. (preview)
  • Moved that giant note about suppressing fields with multiple values to a dedicated section with the goal of streamlining the instructions for configuring suppression. (preview)
  • Added a new section that explained the impact of closing alerts that were generated by alert suppression. (preview)
  • Resized a few images that looked disproportionately large.

NOTE: Made the same content improvements to the 8.x suppression docs in elastic/security-docs#7083

@nastasha-solomon nastasha-solomon self-assigned this Aug 27, 2025
@github-actions
Copy link

github-actions bot commented Aug 27, 2025
edited
Loading

🔍 Preview links for changed docs

@nastasha-solomon nastasha-solomon marked this pull request as ready for review August 28, 2025 03:41
@nastasha-solomon nastasha-solomon requested review from a team as code owners August 28, 2025 03:41
approksiu
approksiu requested changes Aug 28, 2025
View reviewed changes
approksiu
approksiu approved these changes Aug 29, 2025
View reviewed changes
Copy link
Contributor

@approksiu approksiu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome work!

@nastasha-solomon nastasha-solomon changed the title [Security][9.2 & Serverless]: New advanced setting that allows the suppression window [Security][9.2 & Serverless]: New advanced setting that controls suppression window behavior Sep 1, 2025
denar50
denar50 approved these changes Sep 2, 2025
View reviewed changes
Copy link

@denar50 denar50 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@nastasha-solomon nastasha-solomon mentioned this pull request Oct 3, 2025
Closed
@nastasha-solomon
Copy link
Contributor Author

nastasha-solomon commented Oct 8, 2025

Checked the Serverless prod project and verified the advanced setting was available. Merging PR now.

@nastasha-solomon nastasha-solomon merged commit b53db63 into main Oct 8, 2025
8 checks passed
@nastasha-solomon nastasha-solomon deleted the issue-2526-suppression-adv-setting-9.2-serv branch October 8, 2025 16:10
@nastasha-solomon nastasha-solomon mentioned this pull request Oct 10, 2025
Merged
@mergify mergify bot mentioned this pull request Oct 10, 2025
Merged
rhr323 pushed a commit to rhr323/docs-content that referenced this pull request Oct 27, 2025
@nastasha-solomon @mdbirnstiehl @rhr323
[Security][9.2 & Serverless]: New advanced setting that controls supp…
25600a8 
…ression window behavior (elastic#2735)

NOTE TO SELF (09/10/25): Sync with @denar50 about feature flag when I'm
back.

Contributes to elastic#2526 by
documenting the new `securitySolution:suppressionBehaviorOnAlertClosure`
advanced setting.
[(preview)](https://docs-v3-preview.elastic.dev/elastic/docs-content/pull/2735/solutions/security/get-started/configure-advanced-settings#suppression-window-behavior)

Also made the following changes:
- Moved pre-reqs for using alert suppression to the section that has
instructions for using it. This placement seems more appropriate. Also
made light revisions to wordy steps.
([preview](https://docs-v3-preview.elastic.dev/elastic/docs-content/pull/2735/solutions/security/detect-and-alert/suppress-detection-alerts#security-alert-suppression-configure-alert-suppression))
- Moved that giant note about suppressing fields with multiple values to
a dedicated section with the goal of streamlining the instructions for
configuring suppression.
[(preview)](https://docs-v3-preview.elastic.dev/elastic/docs-content/pull/2735/solutions/security/detect-and-alert/suppress-detection-alerts#security-alert-suppression-fields-with-multiple-values)
- Added a new section that explained the impact of closing alerts that
were generated by alert suppression.
[(preview)](https://docs-v3-preview.elastic.dev/elastic/docs-content/pull/2735/solutions/security/detect-and-alert/suppress-detection-alerts#security-alert-suppression-impact-close-alerts)
- Resized a few images that looked disproportionately large.

**NOTE:** Made the same content improvements to the 8.x suppression docs
in elastic/security-docs#7083

---------

Co-authored-by: Mike Birnstiehl <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bmorelli25 bmorelli25 bmorelli25 left review comments

@denar50 denar50 denar50 approved these changes

@approksiu approksiu approksiu approved these changes

@mdbirnstiehl mdbirnstiehl mdbirnstiehl approved these changes

Assignees

@nastasha-solomon nastasha-solomon

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@nastasha-solomon @bmorelli25 @denar50 @approksiu @mdbirnstiehl