Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[8.x] [Serverless][8.18] EQL Sequence alert suppression (backport #6291) #6381

Merged
merged 2 commits into from
Dec 27, 2024
Merged

[8.x] [Serverless][8.18] EQL Sequence alert suppression (backport #6291) #6381

merged 2 commits into from
Dec 27, 2024

Conversation

mergify[bot]
Copy link
Contributor

@mergify mergify bot commented Dec 23, 2024

Fixes #5886

ESS

  • Alert suppression - Made the following changes:
    • Removed the second bullet in the requirements note at the start of the page since alert suppression for EQL rules will be GA in 8.18.
    • Updated the note after step 1 that explains how suppression fields with multiple values are handled. Added a third bullet for event correlation rules using sequence queries.
  • Create a detection rule | Create an event correlation rule - Removes the tech preview label from step 6, which lets users know that they can suppress alerts from this rule type.

Serverless

NOTE: Suppression for EQL rules in Serverless will go GA around the same time that 8.18 GAs. I'll open a separate PR to update the Serverless docs once that date approaches.

This is an automatic backport of pull request #6291 done by [Mergify](https://mergify.com).

@nastasha-solomon @mergify
[Serverless][8.18] EQL Sequence alert suppression (#6291)
2e2427d 
* First draft

* draft 1

* Update docs/detections/alert-suppression.asciidoc

* fix it?

* Moves info

* updating ref

* Update docs/detections/building-block-rule.asciidoc

* Update docs/serverless/rules/building-block-rule.asciidoc

* Removing empty lines

* Removes tech preview label for 8.18

* updates note about reqs

* Re-adds +

* Fixes Serverless note

* Fixes numebring

(cherry picked from commit ed389ce)

# Conflicts:
#	docs/serverless/alerts/alert-suppression.asciidoc
@mergify mergify bot requested a review from a team as a code owner December 23, 2024 15:32
@mergify Mergify
Copy link
Contributor Author

mergify bot commented Dec 23, 2024

Cherry-pick of ed389ce has failed:

On branch mergify/bp/8.x/pr-6291
Your branch is up to date with 'origin/8.x'.

You are currently cherry-picking commit ed389cef.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Changes to be committed:
	modified:   docs/detections/alert-suppression.asciidoc
	modified:   docs/detections/rules-ui-create.asciidoc

Unmerged paths:
  (use "git add/rm <file>..." as appropriate to mark resolution)
	deleted by us:   docs/serverless/alerts/alert-suppression.asciidoc

To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally

@github-actions GitHub Actions
Copy link

A documentation preview will be available soon.

Request a new doc build by commenting
  • Rebuild this PR: run docs-build
  • Rebuild this PR and all Elastic docs: run docs-build rebuild

run docs-build is much faster than run docs-build rebuild. A rebuild should only be needed in rare situations.

If your PR continues to fail for an unknown reason, the doc build pipeline may be broken. Elastic employees can check the pipeline status here.

@benironside
Copy link
Contributor

run docs-build

@benironside benironside merged commit 90bbcfc into 8.x Dec 27, 2024
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@benironside benironside benironside approved these changes

Assignees

@nastasha-solomon nastasha-solomon

Labels
backport conflicts
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@benironside @nastasha-solomon