[8.16] [Request][Serverless][8.16] GA-ing alert suppression for IM rule, Threshold rule, ML rule, ES|QL rule and New Terms rule (backport #5926) (#5971)

mergify[bot] · nastasha-solomon · github-actions[bot] · web-flow · commit b21f92fe8299 · 2024-10-22T23:49:16.000-04:00
* [Request][Serverless][8.16] GA-ing alert suppression for IM rule, Threshold rule, ML rule, ES|QL rule and New Terms rule (#5926) * Updates label * Updates create rule docs * Fixed note (cherry picked from commit d154348) # Conflicts: # docs/serverless/alerts/alert-suppression.mdx # docs/serverless/rules/rules-ui-create.mdx * Delete docs/serverless directory and its contents --------- Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
diff --git a/docs/detections/alert-suppression.asciidoc b/docs/detections/alert-suppression.asciidoc
@@ -8,7 +8,7 @@
 
 * {ml-cap} rules have <<ml-requirements,additional requirements>> for alert suppression.
 
-preview::["Alert suppression is in technical preview for threshold, indicator match, event correlation, and new terms rules. The functionality may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features."]
+preview::["Alert suppression is in technical preview for event correlation rules. The functionality may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features."]
 --
 
 Alert suppression allows you to reduce the number of repeated or duplicate detection alerts created by these detection rule types:
diff --git a/docs/detections/api/rules/rules-api-create.asciidoc b/docs/detections/api/rules/rules-api-create.asciidoc
@@ -505,7 +505,7 @@ a detection rule exception (`detection`) or an endpoint exception (`endpoint`).
 [[opt-fields-alert-suppression-create]]
 ===== Optional alert suppression fields for query, indicator match, threshold, event correlation (non-sequence queries only), new terms, {esql}, and {ml} rules
 
-preview::["Alert suppression is in technical preview for threshold, indicator match, event correlation, new terms, {ml}, and {esql} rules. The functionality may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features."]
+preview::["Alert suppression is in technical preview for event correlation rules. The functionality may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features."]
 
 ====== Query, indicator match, event correlation (non-sequence queries only), new terms, {esql}, and {ml} rules
 
diff --git a/docs/detections/api/rules/rules-api-update.asciidoc b/docs/detections/api/rules/rules-api-update.asciidoc
@@ -534,7 +534,7 @@ in the UI (*Rules* -> *Detection rules (SIEM)* -> *_Rule name_*).
 [[opt-fields-alert-suppression-update]]
 ===== Optional alert suppression fields for query, indicator match, threshold, event correlation (non-sequence queries only), new terms, {esql}, and {ml} rules
 
-preview::["Alert suppression is in technical preview for threshold, indicator match, event correlation, new terms, {ml}, and {esql} rules. The functionality may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features."]
+preview::["Alert suppression is in technical preview for event correlation rules. The functionality may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features."]
 
 ====== Query, indicator match, event correlation (non-sequence queries only), new terms, {esql}, and {ml} rules
 
diff --git a/docs/detections/rules-ui-create.asciidoc b/docs/detections/rules-ui-create.asciidoc
@@ -50,7 +50,7 @@ then select:
 NOTE: If a required job isn't currently running, it will automatically start when you finish configuring and enable the rule.
 .. The anomaly score threshold above which alerts are created.
 +
-. preview:[] (Optional, https://www.elastic.co/pricing[Platinum or higher subscription] required) Use *Suppress alerts by* to reduce the number of repeated or duplicate alerts created by the rule. Refer to <<alert-suppression>> for more information.
+. (Optional, https://www.elastic.co/pricing[Platinum or higher subscription] required) Use *Suppress alerts by* to reduce the number of repeated or duplicate alerts created by the rule. Refer to <<alert-suppression>> for more information.
 +
 NOTE: Because {ml} rules generate alerts from anomalies, which don't contain source event fields, you can only use anomaly fields when configuring alert suppression.
 +
@@ -139,7 +139,7 @@ You can also leave the *Group by* field undefined. The rule then creates an aler
 +
 IMPORTANT: Alerts created by threshold rules are synthetic alerts that do not resemble the source documents. The alert itself only contains data about the fields that were aggregated over (the *Group by* fields). Other fields are omitted, because they can vary across all source documents that were counted toward the threshold. Additionally, you can reference the actual count of documents that exceeded the threshold from the `kibana.alert.threshold_result.count` field.
 
-. preview:[] (Optional, https://www.elastic.co/pricing[Platinum or higher subscription] required) Select *Suppress alerts* to reduce the number of repeated or duplicate alerts created by the rule. Refer to <<alert-suppression>> for more information.
+. (Optional, https://www.elastic.co/pricing[Platinum or higher subscription] required) Select *Suppress alerts* to reduce the number of repeated or duplicate alerts created by the rule. Refer to <<alert-suppression>> for more information.
 +
 
 ////
@@ -269,7 +269,7 @@ they can be selected here. When alerts generated by the rule are investigated
 in the Timeline, Timeline query values are replaced with their corresponding alert
 field values.
 +
-. preview:[] (Optional, https://www.elastic.co/pricing[Platinum or higher subscription] required) Select *Suppress alerts* to reduce the number of repeated or duplicate alerts created by the rule. Refer to <<alert-suppression>> for more information.
+. (Optional, https://www.elastic.co/pricing[Platinum or higher subscription] required) Select *Suppress alerts* to reduce the number of repeated or duplicate alerts created by the rule. Refer to <<alert-suppression>> for more information.
 +
 
 ////
@@ -328,7 +328,7 @@ IMPORTANT: When checking multiple fields, each unique combination of values from
 +
 For example, if a rule has an interval of 5 minutes, no additional look-back time, and a history window size of 7 days, a term will be considered new only if the time it appears within the last 7 days is also within the last 5 minutes. Configure the rule interval and additional look-back time when you <<rule-schedule, set the rule's schedule>>.
 
-. preview:[] (Optional, https://www.elastic.co/pricing[Platinum or higher subscription] required) Use *Suppress alerts by* to reduce the number of repeated or duplicate alerts created by the rule. Refer to <<alert-suppression>> for more information.
+. (Optional, https://www.elastic.co/pricing[Platinum or higher subscription] required) Use *Suppress alerts by* to reduce the number of repeated or duplicate alerts created by the rule. Refer to <<alert-suppression>> for more information.
 +
 
 ////
@@ -361,7 +361,7 @@ NOTE: Refer to the sections below to learn more about <<esql-rule-query-types,{e
 TIP: Click the help icon (image:images/esql-help-ref-button.png[Click the ES|QL help icon,20,20]) to open the in-product reference documentation for all {esql} commands and functions.
 +
 
-. preview:[] (Optional, https://www.elastic.co/pricing[Platinum or higher subscription] required) Use *Suppress alerts by* to reduce the number of repeated or duplicate alerts created by the rule. Refer to <<alert-suppression>> for more information.
+. (Optional, https://www.elastic.co/pricing[Platinum or higher subscription] required) Use *Suppress alerts by* to reduce the number of repeated or duplicate alerts created by the rule. Refer to <<alert-suppression>> for more information.
 +
 
 ////

Original file line number	Diff line number	Diff line change
`@@ -50,7 +50,7 @@ then select:`
`50`	`50`	`NOTE: If a required job isn't currently running, it will automatically start when you finish configuring and enable the rule.`
`51`	`51`	`.. The anomaly score threshold above which alerts are created.`
`52`	`52`	`+`
`53`		`-. preview:[] (Optional, https://www.elastic.co/pricing[Platinum or higher subscription] required) Use Suppress alerts by to reduce the number of repeated or duplicate alerts created by the rule. Refer to <<alert-suppression>> for more information.`
	`53`	`+. (Optional, https://www.elastic.co/pricing[Platinum or higher subscription] required) Use Suppress alerts by to reduce the number of repeated or duplicate alerts created by the rule. Refer to <<alert-suppression>> for more information.`
`54`	`54`	`+`
`55`	`55`	`NOTE: Because {ml} rules generate alerts from anomalies, which don't contain source event fields, you can only use anomaly fields when configuring alert suppression.`
`56`	`56`	`+`
`@@ -139,7 +139,7 @@ You can also leave the Group by field undefined. The rule then creates an aler`
`139`	`139`	`+`
`140`	`140`	IMPORTANT: Alerts created by threshold rules are synthetic alerts that do not resemble the source documents. The alert itself only contains data about the fields that were aggregated over (the Group by fields). Other fields are omitted, because they can vary across all source documents that were counted toward the threshold. Additionally, you can reference the actual count of documents that exceeded the threshold from the `kibana.alert.threshold_result.count` field.
`141`	`141`
`142`		`-. preview:[] (Optional, https://www.elastic.co/pricing[Platinum or higher subscription] required) Select Suppress alerts to reduce the number of repeated or duplicate alerts created by the rule. Refer to <<alert-suppression>> for more information.`
	`142`	`+. (Optional, https://www.elastic.co/pricing[Platinum or higher subscription] required) Select Suppress alerts to reduce the number of repeated or duplicate alerts created by the rule. Refer to <<alert-suppression>> for more information.`
`143`	`143`	`+`
`144`	`144`
`145`	`145`	`////`
`@@ -269,7 +269,7 @@ they can be selected here. When alerts generated by the rule are investigated`
`269`	`269`	`in the Timeline, Timeline query values are replaced with their corresponding alert`
`270`	`270`	`field values.`
`271`	`271`	`+`
`272`		`-. preview:[] (Optional, https://www.elastic.co/pricing[Platinum or higher subscription] required) Select Suppress alerts to reduce the number of repeated or duplicate alerts created by the rule. Refer to <<alert-suppression>> for more information.`
	`272`	`+. (Optional, https://www.elastic.co/pricing[Platinum or higher subscription] required) Select Suppress alerts to reduce the number of repeated or duplicate alerts created by the rule. Refer to <<alert-suppression>> for more information.`
`273`	`273`	`+`
`274`	`274`
`275`	`275`	`////`
`@@ -328,7 +328,7 @@ IMPORTANT: When checking multiple fields, each unique combination of values from`
`328`	`328`	`+`
`329`	`329`	`For example, if a rule has an interval of 5 minutes, no additional look-back time, and a history window size of 7 days, a term will be considered new only if the time it appears within the last 7 days is also within the last 5 minutes. Configure the rule interval and additional look-back time when you <<rule-schedule, set the rule's schedule>>.`
`330`	`330`
`331`		`-. preview:[] (Optional, https://www.elastic.co/pricing[Platinum or higher subscription] required) Use Suppress alerts by to reduce the number of repeated or duplicate alerts created by the rule. Refer to <<alert-suppression>> for more information.`
	`331`	`+. (Optional, https://www.elastic.co/pricing[Platinum or higher subscription] required) Use Suppress alerts by to reduce the number of repeated or duplicate alerts created by the rule. Refer to <<alert-suppression>> for more information.`
`332`	`332`	`+`
`333`	`333`
`334`	`334`	`////`
`@@ -361,7 +361,7 @@ NOTE: Refer to the sections below to learn more about <<esql-rule-query-types,{e`
`361`	`361`	`TIP: Click the help icon (image:images/esql-help-ref-button.png[Click the ES\|QL help icon,20,20]) to open the in-product reference documentation for all {esql} commands and functions.`
`362`	`362`	`+`
`363`	`363`
`364`		`-. preview:[] (Optional, https://www.elastic.co/pricing[Platinum or higher subscription] required) Use Suppress alerts by to reduce the number of repeated or duplicate alerts created by the rule. Refer to <<alert-suppression>> for more information.`
	`364`	`+. (Optional, https://www.elastic.co/pricing[Platinum or higher subscription] required) Use Suppress alerts by to reduce the number of repeated or duplicate alerts created by the rule. Refer to <<alert-suppression>> for more information.`
`365`	`365`	`+`
`366`	`366`
`367`	`367`	`////`