Open nkhristinin opened 1 year ago
Currently, when you create an exception in the Indicator Match rule, it applies both to the source index and threat index.
This behaviour can be not so clear for the user. We probably have several options here
Pinging @elastic/security-detections-response (Team:Detections and Resp)
Make it more clear that the Indicator Match rule apply exception also for the threat index
Currently, when you create an exception in the Indicator Match rule, it applies both to the source index and threat index.
This behaviour can be not so clear for the user. We probably have several options here