Skip to content

[Internal]: Document new advanced setting for max cases per rule run (Cases alert action) #5867

Merged
nastasha-solomon merged 7 commits into
mainfrom
issue-5737-sec
Apr 29, 2026
Merged

[Internal]: Document new advanced setting for max cases per rule run (Cases alert action) #5867
nastasha-solomon merged 7 commits into
mainfrom
issue-5737-sec

Conversation

@nastasha-solomon
Copy link
Copy Markdown
Member

@nastasha-solomon nastasha-solomon commented Apr 11, 2026
edited
Loading

Summary

⚠️ Don't merge this doc PR until after elastic/kibana#264070 is merged ⚠️

Fixes #5737 by adding a section for the new maxOpenCasesPerRuleRun advanced setting. The section covers the following:

  • What the setting controls (the maximum cases created per rule run)
  • The default value (20) and allowed range (1–1000)
  • Practical guidance for high-volume environments
  • A note that Attack Discovery keeps its own case-creation limit and is unaffected

Corresponding Kibana PR: elastic/kibana#263876

Generative AI disclosure

  1. Did you use a generative AI (GenAI) tool to assist in creating this contribution?
  • Yes
  • No

Cursor + Composer

@nastasha-solomon nastasha-solomon self-assigned this Apr 11, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 11, 2026
edited
Loading

🔍 Preview links for changed docs

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 11, 2026
edited
Loading

✅ Vale Linting Results

No issues found on modified lines!

The Vale linter checks documentation changes against the Elastic Docs style guide.

To use Vale locally or report issues, refer to Elastic style guide for Vale.

@nastasha-solomon nastasha-solomon marked this pull request as ready for review April 16, 2026 01:33
@nastasha-solomon nastasha-solomon requested review from a team as code owners April 16, 2026 01:33
@nastasha-solomon nastasha-solomon mentioned this pull request Apr 16, 2026
Closed
janmonschke
janmonschke approved these changes Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown

@janmonschke janmonschke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Docs lgtm!

@janmonschke
Copy link
Copy Markdown

janmonschke commented Apr 20, 2026

@nastasha-solomon The serverless config PR has been merged

@nastasha-solomon
Copy link
Copy Markdown
Member Author

nastasha-solomon commented Apr 21, 2026

Still promoting to prod non canary. Will check back EOD and merge this PR if this advanced setting is available in the UI.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 29, 2026

Elastic Docs AI PR menu

Check the box to run an AI review for this pull request.

  • Review docs changes (docs-review). Status: not started.

Powered by GitHub Agentic Workflows and docs-actions. For more information, reach out to the docs team.

@nastasha-solomon
Copy link
Copy Markdown
Member Author

nastasha-solomon commented Apr 29, 2026

✅ ✅ ✅
Screenshot 2026-04-28 at 8 52 14 PM

@nastasha-solomon nastasha-solomon merged commit 707ed09 into main Apr 29, 2026
12 checks passed
@nastasha-solomon nastasha-solomon deleted the issue-5737-sec branch April 29, 2026 17:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@janmonschke janmonschke janmonschke approved these changes

@mdbirnstiehl mdbirnstiehl mdbirnstiehl approved these changes

Assignees

@nastasha-solomon nastasha-solomon

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Internal]: Document new advanced setting for max cases per rule run (Cases alert action)

3 participants

@nastasha-solomon @janmonschke @mdbirnstiehl