Skip to content

[Enhancement]: Improve examples of detection rule exceptions using wildcards #5334

Open
Open
[Enhancement]: Improve examples of detection rule exceptions using wildcards#5334
Assignees
dhurley14
Labels
Team: Detection EngineenhancementNew feature or requestsdh-linkedAssociated to SDH
@dhurley14

Description

@dhurley14
dhurley14
opened on Jun 6, 2024

Description

Exceptions with wildcards are tricky to implement for users because the users' expectations do not always match up with the result of the exception because of the type of data mapped to the field they want to "except" on. I believe adding clearer and more examples of what will and what will not match with a given wildcard exception would be beneficial for customers and reduce the number of support cases we receive.

Related links / assets

Related SDH's:

https://github.com/elastic/sdh-security-team/issues/981

https://github.com/elastic/sdh-security-team/issues/887

Which documentation set needs improvement?

ESS and serverless

Software version

8.4

Introduced in this PR: elastic/kibana#136147

Collaborators

PM: @approksiu
Designer:
Developer:
Others (if applicable): @yctercero

Timeline / deliverables

I think within the 8.15 release would be preferable.

Metadata

Metadata

Assignees

Labels

Team: Detection EngineenhancementNew feature or requestsdh-linkedAssociated to SDH

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions