[Security Solution][Detections] Add Endpoint Exception modal on Detection Rule page does not allow choosing OS #78604
Labels
Feature:Detection Rules
Security Solution rules and Detection Engine
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Team:SIEM
Comments
marshallmain
added
Team:SIEM
Feature:Detection Rules
|
Pinging @elastic/siem (Team:SIEM) |
MindyRS
added
the
Team: SecuritySolution
|
This is fixed by #103404 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The "Add Endpoint Exception" modal does not mention that the exception will only be sent to endpoints of the same os family (windows, linux, or mac) as the endpoint that an alert came from, nor is there a way to choose the OS when adding an endpoint exception from the Detection Rule page (i.e. without an alert to base the exception on). Instead the OS defaults to Windows and macOS. Endpoint exceptions are OS specific so this should be clear in the UI and selectable if creating an endpoint exception from scratch.
The text was updated successfully, but these errors were encountered: