[8.15] Permissions for alert suppression in machine learning rules (backport #5819) (#5934)

mergify[bot] · joepeeples · github-actions[bot] · web-flow · commit 044379471117 · 2024-10-16T14:22:32.000Z
* Permissions for alert suppression in machine learning rules (#5819) * Update ESS docs: ML rule req for alert suppression * Update serverless docs, and align with ESS (cherry picked from commit 632deff) # Conflicts: # docs/serverless/advanced-entity-analytics/ml-requirements.mdx # docs/serverless/alerts/alert-suppression.mdx * Delete docs/serverless directory and its contents --------- Co-authored-by: Joe Peeples <joe.peeples@elastic.co> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
diff --git a/docs/advanced-entity-analytics/ml-req.asciidoc b/docs/advanced-entity-analytics/ml-req.asciidoc
@@ -7,6 +7,10 @@ To run and create {ml} jobs and rules, you need all of these:
 * There must be at least one {ml} node in your cluster
 * The `machine_learning_admin` user role
 
+Additionally, to configure <<alert-suppression,alert suppression>> for {ml} rules, your role needs the following {kibana-ref}/kibana-role-management.html#adding_index_privileges[index privilege]:
+
+* `read` permission for the `.ml-anomalies-*` index
+
 For more information, go to {ml-docs}/setup.html[Set up {ml-features}].
 
 [IMPORTANT]
diff --git a/docs/detections/alert-suppression.asciidoc b/docs/detections/alert-suppression.asciidoc
@@ -4,7 +4,9 @@
 .Requirements and notices
 [sidebar]
 --
-Alert suppression requires a https://www.elastic.co/pricing[Platinum or higher subscription].
+* Alert suppression requires a https://www.elastic.co/pricing[Platinum or higher subscription].
+
+* {ml-cap} rules have <<ml-requirements,additional requirements>> for alert suppression.
 
 preview::["Alert suppression is in technical preview for threshold, indicator match, event correlation, and new terms rules. The functionality may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features."]
 --
@@ -17,7 +19,7 @@ Alert suppression allows you to reduce the number of repeated or duplicate detec
 * <<create-eql-rule,Event correlation>> (non-sequence queries only)
 * <<create-new-terms-rule,New terms>>  
 * <<create-esql-rule,{esql}>>
-* <<create-ml-rule,{ml-app}>>
+* <<create-ml-rule,{ml-cap}>>
 
 Normally, when a rule meets its criteria repeatedly, it creates multiple alerts, one for each time the rule's criteria are met. When alert suppression is configured, duplicate qualifying events are grouped, and only one alert is created for each group. Depending on the rule type, you can configure alert suppression to create alerts each time the rule runs, or once within a specified time window. You can also specify multiple fields to group events by unique combinations of values.
 
