Hi there,
I am looking to see if it there are plans to close detection alerts after adding exceptions (while the detection alert is still open) - specifically for my use-case below?
My initial thought was to filter for the field first to have a quick look at a bunch of alerts under a detection rule, but it appears that I was not able to filter for anything related to winlog.event_data. I think this also had to do with how I was not able to click on the checkbox which says Close all alerts that match this exception and were generated by this rule.
Specifically, it was mentioned that Lists and non-ECS fields are not supported. I think my use-case falls under non-ECS fields - and there would be quite a number of circumstances where the above feature would be great if there were plans to have it implemented.
Thank you so much!