Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] Change max_signals limit warning to informational #192162

Closed
approksiu opened this issue Sep 5, 2024 · 2 comments
Closed

[Security Solution] Change max_signals limit warning to informational #192162

approksiu opened this issue Sep 5, 2024 · 2 comments
Labels
Team:Detection Rule Management Security Detection Rule Management Team

Comments

@approksiu
Copy link

Epics/Issues:
#179680
#173593

Summary

If a detection rule has a max_signal setting set to a number higher than xpack.alerting.rules.run.alerts.max, we show a warning that there is a mismatch.

We need to change the severity of this notice to informational.

  • While the mismatch is there, it does not necessarily mean that the rule will hit the limit.
  • Users don't necessarily need to take any action.
  • In case the rule hits the limit - we generate other warning, and it makes sense to action it then.

To do
@approksiu approksiu added the Team:Detection Rule Management Security Detection Rule Management Team label Sep 5, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

@approksiu
Copy link
Author

This issue will be superseeded.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Team:Detection Rule Management Security Detection Rule Management Team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@elasticmachine @approksiu