Update copy as per docs team feedback

These were discussed in elastic/security-docs#4977
WafaaNasr · Apr 5, 2024 · c52ebb7 · c52ebb7
1 parent fe1dad5
commit c52ebb7
Show file tree

Hide file tree

Showing 4 changed files with 5 additions and 5 deletions.
diff --git a/...ion/public/detection_engine/rule_creation_ui/components/step_define_rule/translations.tsx b/...ion/public/detection_engine/rule_creation_ui/components/step_define_rule/translations.tsx
@@ -221,13 +221,13 @@ export const getEnableThresholdSuppressionLabel = (fields: string[] | undefined)
 export const EQL_SEQUENCE_SUPPRESSION_DISABLE_TOOLTIP = i18n.translate(
   'xpack.securitySolution.detectionEngine.createRule.stepDefineRule.eqlSequenceSuppressionDisableText',
   {
-    defaultMessage: 'Suppression is not enabled for EQL sequence queries',
+    defaultMessage: 'Suppression is not supported for EQL sequence queries.',
   }
 );
 
 export const EQL_SEQUENCE_SUPPRESSION_GROUPBY_VALIDATION_TEXT = i18n.translate(
   'xpack.securitySolution.detectionEngine.createRule.stepDefineRule.eqlSequenceSuppressionDisableText',
   {
-    defaultMessage: `${EQL_SEQUENCE_SUPPRESSION_DISABLE_TOOLTIP}, please reset the suppression fields`,
+    defaultMessage: `${EQL_SEQUENCE_SUPPRESSION_DISABLE_TOOLTIP} Change the EQL query to a non-sequence query, or remove the suppression fields.`,
   }
 );
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/eql/eql.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/eql/eql.test.ts
@@ -115,7 +115,7 @@ describe('eql_executor', () => {
         });
 
         expect(result.warningMessages).toContain(
-          'Alert suppression does not currently support EQL sequences. The rule will execute without alert suppression.'
+          'Suppression is not supported for EQL sequence queries. The rule will proceed without suppression.'
         );
       });
     });

diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/eql/eql.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/eql/eql.ts
@@ -147,7 +147,7 @@ export const eqlExecutor = async ({
     } else if (sequences) {
       if (isAlertSuppressionActive && completeRule.ruleParams.alertSuppression) {
         result.warningMessages.push(
-          'Alert suppression does not currently support EQL sequences. The rule will execute without alert suppression.'
+          'Suppression is not supported for EQL sequence queries. The rule will proceed without suppression.'
         );
       }
       newSignals = wrapSequences(sequences, buildReasonMessageForEqlAlert);

diff --git a/...ule_execution_logic/trial_license_complete_tier/execution_logic/eql_alert_suppresssion.ts b/...ule_execution_logic/trial_license_complete_tier/execution_logic/eql_alert_suppresssion.ts
@@ -1554,7 +1554,7 @@ export default ({ getService }: FtrProviderContext) => {
         const [{ warnings }] = logs;
 
         expect(warnings).toContain(
-          'Alert suppression does not currently support EQL sequences. The rule will execute without alert suppression.'
+          'Suppression is not supported for EQL sequence queries. The rule will proceed without suppression.'
         );
       });
     });
-Original file line number
+Diff line change
@@ Expand Up / @@ -115,7 +115,7 @@ describe('eql_executor', () => { @@
             });
             expect(result.warningMessages).toContain(
-              'Alert suppression does not currently support EQL sequences. The rule will execute without alert suppression.'
+              'Suppression is not supported for EQL sequence queries. The rule will proceed without suppression.'
             );
           });
         });
@@ Expand Down @@