[8.7] [Redo][8.6-8.13] Highlight that rule exceptions are case-sensit…

…ive (backport #4805) (#4831) * [Redo][8.6-8.13] Highlight that rule exceptions are case-sensitive (#4805) (cherry picked from commit 4d78e77) # Conflicts: # docs/detections/add-exceptions.asciidoc * Resolved conflict * Updated note * Fixed order --------- Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Co-authored-by: nastasha.solomon <nastasha.solomon@elastic.co>
elastic · Feb 19, 2024 · 2884ab9 · 2884ab9
1 parent 9ec644e
commit 2884ab9
Showing 1 changed file with 11 additions and 4 deletions.
diff --git a/docs/detections/add-exceptions.asciidoc b/docs/detections/add-exceptions.asciidoc
@@ -62,9 +62,11 @@ image::images/add-exception-ui.png[]
 
 +
 Add conditions that define when the exception prevents alerts:
++  
+IMPORTANT: Rule exceptions are case-sensitive, which means that any character that's entered as an uppercase or lowercase letter will be treated as such. In the event you _don't_ want a field evaluated as case-sensitive, some ECS fields have a `.caseless` version that you can use.
 
   .. *Field*: Select a field to identify the event being filtered.
-+  
++
 [NOTE] 
 =======
 Fields with conflicts are marked with a warning icon (image:images/field-warning-icon.png[Field conflict warning icon,13,13]). Using these fields and might cause unexpected exceptions behavior. For more information, refer to <<rule-exceptions-field-conflicts,Troubleshooting type conflicts and unmapped fields>>.
@@ -168,10 +170,15 @@ The *Add Endpoint Exception* flyout opens.
 image::images/endpoint-add-exp.png[]
 
 . If required, modify the conditions.
++  
+IMPORTANT: Rule exceptions are case-sensitive, which means that any character that's entered as an uppercase or lowercase letter will be treated as such. In the event you _don't_ want a field evaluated as case-sensitive, some ECS fields have a `.caseless` version that you can use.
 +
-NOTE: Refer to <<ex-nested-conditions>> for more information on when nested conditions are required.
-+
-NOTE: Fields with conflicts are marked with a warning icon (image:images/field-warning-icon.png[Field conflict warning icon,13,13]). Using these fields might cause unexpected exceptions behavior. For more information, refer to <<rule-exceptions-field-conflicts, Troubleshooting type conflicts and unmapped fields>>.
+[NOTE]
+=======
+
+* Refer to <<ex-nested-conditions>> for more information on when nested conditions are required.
+* Fields with conflicts are marked with a warning icon (image:images/field-warning-icon.png[Field conflict warning icon,13,13]). Using these fields might cause unexpected exceptions behavior. For more information, refer to <<rule-exceptions-field-conflicts, Troubleshooting type conflicts and unmapped fields>>.
+=======
 
 . You can select any of the following: