[Security Solution] Allow editing alert suppression settings independently of source data #207244
Open
Labels
enhancement
New value added to drive a business result
Feature:Prebuilt Detection Rules
Security Solution Prebuilt Detection Rules area
Feature:Rule Creation
Security Solution Detection Rule Creation workflow
Feature:Rule Edit
Security Solution Detection Rule Editing workflow
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Comments
approksiu
added
Team: SecuritySolution
|
@approksiu Not sure I'm following what's written in the description. As far as I remember (could be wrong), we made a decision to exclude the alert suppression settings from the upgrade workflow - we always update them to the current version. We don't show them in the flyout. What's expected instead of that? |
|
@banderror This is about rules customization (on the rule editing page), not in the upgrade workflow. It is possible to modify the query and accept validation errors due to missing data, but the suppression settings are blocked. |
banderror
added
Feature:Rule Creation
banderror
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Epic: #179907
Summary
To help users customize rules on the environments where the required data is missing, and align the experience with editing of query fields and required fields field, we want to allow users setting suppression fields even if the source data is missing while editing a rule.
Acceptance criteria
On the Rule Creation and Rule Editing pages:
The text was updated successfully, but these errors were encountered: