When adding rule exceptions from existing alerts, it would be great if it auto copied the attributes from the alert into the proposed exception. Right now, I copy down all the relevant attributes into a notebook, and then add them in manually. If its a ton of attributes, its easier to delete the unneeded ones than it is to add them all by hand.
Hey there @yak990 -- appreciate the feedback!
Looks like we've got this enhancement request logged as part of [Security Solution] - "Add Rule Exception" Enhancement - Automatic Populate Fields and Values from a Detection · Issue #88633 · elastic/kibana · GitHub, so please follow that issue for any updates.
While we can't mention any target releases for features like this, we have been working through quite a few UX QoL (quality of life) enhancements as of late, so it would be great to get this feature out to everyone in a near-term release. I'll add a comment to that issue about another community request and hopefully it can get picked up in the next cycle.
Cheers, and thanks again!
Garrett
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.