Adding rule exceptions

When adding rule exceptions from existing alerts, it would be great if it auto copied the attributes from the alert into the proposed exception. Right now, I copy down all the relevant attributes into a notebook, and then add them in manually. If its a ton of attributes, its easier to delete the unneeded ones than it is to add them all by hand.

Hey there @yak990 -- appreciate the feedback! :slightly_smiling_face:

Looks like we've got this enhancement request logged as part of [Security Solution] - "Add Rule Exception" Enhancement - Automatic Populate Fields and Values from a Detection · Issue #88633 · elastic/kibana · GitHub, so please follow that issue for any updates.

While we can't mention any target releases for features like this, we have been working through quite a few UX QoL (quality of life) enhancements as of late, so it would be great to get this feature out to everyone in a near-term release. I'll add a comment to that issue about another community request and hopefully it can get picked up in the next cycle.

Cheers, and thanks again!

1 Like